From 9e0793c900bc0b03abadda43eb2bc54c7a9dc9ff Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 19 Oct 2005 22:57:32 +0000 Subject: update website to use only CVE references git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2459 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- website/DTSA/DTSA-1-1.html | 8 +++--- website/DTSA/DTSA-10-1.html | 2 +- website/DTSA/DTSA-11-1.html | 2 +- website/DTSA/DTSA-12-1.html | 2 +- website/DTSA/DTSA-13-1.html | 8 +++--- website/DTSA/DTSA-14-1.html | 38 ++++++++++++++-------------- website/DTSA/DTSA-15-1.html | 12 ++++----- website/DTSA/DTSA-16-1.html | 60 ++++++++++++++++++++++----------------------- website/DTSA/DTSA-17-1.html | 2 +- website/DTSA/DTSA-19-1.html | 8 +++--- website/DTSA/DTSA-2-1.html | 16 ++++++------ website/DTSA/DTSA-20-1.html | 4 +-- website/DTSA/DTSA-3-1.html | 20 +++++++-------- website/DTSA/DTSA-4-1.html | 20 +++++++-------- website/DTSA/DTSA-5-1.html | 12 ++++----- website/DTSA/DTSA-7-1.html | 4 +-- website/DTSA/DTSA-8-2.html | 50 ++++++++++++++++++------------------- website/DTSA/DTSA-9-1.html | 2 +- website/index.html | 4 +-- 19 files changed, 137 insertions(+), 137 deletions(-) (limited to 'website') diff --git a/website/DTSA/DTSA-1-1.html b/website/DTSA/DTSA-1-1.html index dba0909826..349f5cca08 100644 --- a/website/DTSA/DTSA-1-1.html +++ b/website/DTSA/DTSA-1-1.html @@ -50,19 +50,19 @@
No
CVE:
-CAN-2005-2626 -CAN-2005-2627 +CVE-2005-2626 +CVE-2005-2627

More information:
Multiple security holes have been discovered in kismet: 
 
-CAN-2005-2627 
+CVE-2005-2627 
 
Multiple integer underflows in Kismet allow remote attackers to execute 
arbitrary code via (1) kernel headers in a pcap file or (2) data frame 
dissection, which leads to heap-based buffer overflows. 
 
-CAN-2005-2626 
+CVE-2005-2626 
 
Unspecified vulnerability in Kismet allows remote attackers to have an 
unknown impact via unprintable characters in the SSID. 
diff --git a/website/DTSA/DTSA-10-1.html b/website/DTSA/DTSA-10-1.html index 8a3f9aabff..1c70b3db7c 100644 --- a/website/DTSA/DTSA-10-1.html +++ b/website/DTSA/DTSA-10-1.html @@ -50,7 +50,7 @@
No
CVE:
-CAN-2005-2491 +CVE-2005-2491

More information:
An integer overflow in pcre_compile.c in Perl Compatible Regular Expressions 
diff --git a/website/DTSA/DTSA-11-1.html b/website/DTSA/DTSA-11-1.html index 4e22012fb1..bc58324f0f 100644 --- a/website/DTSA/DTSA-11-1.html +++ b/website/DTSA/DTSA-11-1.html @@ -50,7 +50,7 @@
Yes
CVE:
-CAN-2005-2655 +CVE-2005-2655

More information:
The lockmail binary shipped with maildrop allows for an attacker to 
diff --git a/website/DTSA/DTSA-12-1.html b/website/DTSA/DTSA-12-1.html index 6f82bf0a16..5056265ead 100644 --- a/website/DTSA/DTSA-12-1.html +++ b/website/DTSA/DTSA-12-1.html @@ -50,7 +50,7 @@
No
CVE:
-CAN-2005-2368 +CVE-2005-2368

More information:
vim modelines allow files to execute arbitrary commands via shell 
diff --git a/website/DTSA/DTSA-13-1.html b/website/DTSA/DTSA-13-1.html index acbb505500..7c838cc89e 100644 --- a/website/DTSA/DTSA-13-1.html +++ b/website/DTSA/DTSA-13-1.html @@ -50,20 +50,20 @@
No
CVE:
-CAN-2005-2549 -CAN-2005-2550 +CVE-2005-2549 +CVE-2005-2550

More information:
Multiple vulnerabilities were discovered in evolution: 
 
-CAN-2005-2549 
+CVE-2005-2549 
 
Multiple format string vulnerabilities in Evolution allow remote attackers 
to cause a denial of service (crash) and possibly execute arbitrary code via 
(1) full vCard data, (2) contact data from remote LDAP servers, or (3) task 
list data from remote servers. 
 
-CAN-2005-2550 
+CVE-2005-2550 
 
Format string vulnerability in Evolution allows remote attackers to cause a 
denial of service (crash) and possibly execute arbitrary code via the 
diff --git a/website/DTSA/DTSA-14-1.html b/website/DTSA/DTSA-14-1.html index c4cb57c5df..94f72f44d3 100644 --- a/website/DTSA/DTSA-14-1.html +++ b/website/DTSA/DTSA-14-1.html @@ -50,16 +50,16 @@
No
CVE:
-CAN-2004-0718 -CAN-2005-1937 -CAN-2005-2260 -CAN-2005-2261 -CAN-2005-2263 -CAN-2005-2265 -CAN-2005-2266 -CAN-2005-2268 -CAN-2005-2269 -CAN-2005-2270 +CVE-2004-0718 +CVE-2005-1937 +CVE-2005-2260 +CVE-2005-2261 +CVE-2005-2263 +CVE-2005-2265 +CVE-2005-2266 +CVE-2005-2268 +CVE-2005-2269 +CVE-2005-2270

More information:
Several problems have been discovered in Mozilla. Since the usual praxis of 
@@ -68,49 +68,49 @@ basically version 1.7.10 with the version number rolled back, and hence still&nb named 1.7.8. The Common Vulnerabilities and Exposures project identifies the 
following problems: 
 
-CAN-2004-0718, CAN-2005-1937 
+CVE-2004-0718, CVE-2005-1937 
 
A vulnerability has been discovered in Mozilla that allows remote 
attackers to inject arbitrary Javascript from one page into the 
frameset of another site. 
 
-CAN-2005-2260 
+CVE-2005-2260 
 
The browser user interface does not properly distinguish between 
user-generated events and untrusted synthetic events, which makes 
it easier for remote attackers to perform dangerous actions that 
normally could only be performed manually by the user. 
 
-CAN-2005-2261 
+CVE-2005-2261 
 
XML scripts ran even when Javascript disabled. 
 
-CAN-2005-2263 
+CVE-2005-2263 
 
It is possible for a remote attacker to execute a callback 
function in the context of another domain (i.e. frame). 
 
-CAN-2005-2265 
+CVE-2005-2265 
 
Missing input sanitising of InstallVersion.compareTo() can cause 
the application to crash. 
 
-CAN-2005-2266 
+CVE-2005-2266 
 
Remote attackers could steal sensitive information such as cookies 
and passwords from web sites by accessing data in alien frames. 
 
-CAN-2005-2268 
+CVE-2005-2268 
 
It is possible for a Javascript dialog box to spoof a dialog box 
from a trusted site and facilitates phishing attacks. 
 
-CAN-2005-2269 
+CVE-2005-2269 
 
Remote attackers could modify certain tag properties of DOM nodes 
that could lead to the execution of arbitrary script or code. 
 
-CAN-2005-2270 
+CVE-2005-2270 
 
The Mozilla browser family does not properly clone base objects, 
which allows remote attackers to execute arbitrary code. 
diff --git a/website/DTSA/DTSA-15-1.html b/website/DTSA/DTSA-15-1.html index b3e9063a33..57d61d3d1f 100644 --- a/website/DTSA/DTSA-15-1.html +++ b/website/DTSA/DTSA-15-1.html @@ -50,9 +50,9 @@
No
CVE:
-CAN-2005-1751 -CAN-2005-1921 -CAN-2005-2498 +CVE-2005-1751 +CVE-2005-1921 +CVE-2005-2498

More information:
Several security related problems have been found in PHP4, the 
@@ -60,20 +60,20 @@ server-side, HTML-embedded scripting language. The Common 
Vulnerabilities and Exposures project identifies the following 
problems: 
 
-CAN-2005-1751 
+CVE-2005-1751 
 
Eric Romang discovered insecure temporary files in the shtool 
utility shipped with PHP that can exploited by a local attacker to 
overwrite arbitrary files. Only this vulnerability affects 
packages in oldstable. 
 
-CAN-2005-1921 
+CVE-2005-1921 
 
GulfTech has discovered that PEAR XML_RPC is vulnerable to a 
remote PHP code execution vulnerability that may allow an attacker 
to compromise a vulnerable server. 
 
-CAN-2005-2498 
+CVE-2005-2498 
 
Stefan Esser discovered another vulnerability in the XML-RPC 
libraries that allows injection of arbitrary PHP code into eval() 
diff --git a/website/DTSA/DTSA-16-1.html b/website/DTSA/DTSA-16-1.html index 103420c21b..0e2726b487 100644 --- a/website/DTSA/DTSA-16-1.html +++ b/website/DTSA/DTSA-16-1.html @@ -50,57 +50,57 @@
No
CVE:
-CAN-2005-2098 -CAN-2005-2099 -CAN-2005-2456 -CAN-2005-2617 -CAN-2005-1913 -CAN-2005-1761 -CAN-2005-2457 -CAN-2005-2458 -CAN-2005-2459 -CAN-2005-2548 -CAN-2004-2302 -CAN-2005-1765 -CAN-2005-1762 -CAN-2005-1761 -CAN-2005-2555 +CVE-2005-2098 +CVE-2005-2099 +CVE-2005-2456 +CVE-2005-2617 +CVE-2005-1913 +CVE-2005-1761 +CVE-2005-2457 +CVE-2005-2458 +CVE-2005-2459 +CVE-2005-2548 +CVE-2004-2302 +CVE-2005-1765 +CVE-2005-1762 +CVE-2005-1761 +CVE-2005-2555

More information:
Several security related problems have been found in version 2.6 of the 
linux kernel. The Common Vulnerabilities and Exposures project identifies 
the following problems: 
 
-CAN-2004-2302 
+CVE-2004-2302 
 
Race condition in the sysfs_read_file and sysfs_write_file functions in 
Linux kernel before 2.6.10 allows local users to read kernel memory and 
cause a denial of service (crash) via large offsets in sysfs files. 
 
-CAN-2005-1761 
+CVE-2005-1761 
 
Vulnerability in the Linux kernel allows local users to cause a 
denial of service (kernel crash) via ptrace. 
 
-CAN-2005-1762 
+CVE-2005-1762 
 
The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 
platform allows local users to cause a denial of service (kernel crash) via 
a "non-canonical" address. 
 
-CAN-2005-1765 
+CVE-2005-1765 
 
syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when 
running in 32-bit compatibility mode, allows local users to cause a denial 
of service (kernel hang) via crafted arguments. 
 
-CAN-2005-1913 
+CVE-2005-1913 
 
When a non group-leader thread called exec() to execute a different program 
while an itimer was pending, the timer expiry would signal the old group 
leader task, which did not exist any more. This caused a kernel panic. 
 
-CAN-2005-2098  
+CVE-2005-2098  
 
The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 
2.6.12.5 contains an error path that does not properly release the session 
@@ -109,7 +109,7 @@ CAN-2005-2098  
empty name string, (2) with a long name string, (3) with the key quota 
reached, or (4) ENOMEM. 
 
-CAN-2005-2099 
+CVE-2005-2099 
 
The Linux kernel before 2.6.12.5 does not properly destroy a keyring that 
is not instantiated properly, which allows local users or remote attackers 
@@ -117,7 +117,7 @@ CAN-2005-2099 
that is not empty, which causes the creation to fail, leading to a null 
dereference in the keyring destructor. 
 
-CAN-2005-2456 
+CVE-2005-2456 
 
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c 
in Linux kernel 2.6 allows local users to cause a denial of service (oops 
@@ -125,41 +125,41 @@ CAN-2005-2456 
larger than XFRM_POLICY_OUT, which is used as an index in the 
sock->sk_policy array. 
 
-CAN-2005-2457 
+CVE-2005-2457 
 
The driver for compressed ISO file systems (zisofs) in the Linux kernel 
before 2.6.12.5 allows local users and remote attackers to cause a denial 
of service (kernel crash) via a crafted compressed ISO file system. 
 
-CAN-2005-2458 
+CVE-2005-2458 
 
inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows 
remote attackers to cause a denial of service (kernel crash) via a 
compressed file with "improper tables". 
 
-CAN-2005-2459 
+CVE-2005-2459 
 
The huft_build function in inflate.c in the zlib routines in the Linux 
kernel before 2.6.12.5 returns the wrong value, which allows remote 
attackers to cause a denial of service (kernel crash) via a certain 
compressed file that leads to a null pointer dereference, a different 
- vulnerbility than CAN-2005-2458. 
+ vulnerbility than CVE-2005-2458. 
 
-CAN-2005-2548 
+CVE-2005-2548 
 
vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a denial 
of service (kernel oops from null dereference) via certain UDP packets that 
lead to a function call with the wrong argument, as demonstrated using 
snmpwalk on snmpd. 
 
-CAN-2005-2555 
+CVE-2005-2555 
 
Linux kernel 2.6.x does not properly restrict socket policy access to users 
with the CAP_NET_ADMIN capability, which could allow local users to conduct 
unauthorized activities via (1) ipv4/ip_sockglue.c and (2) 
ipv6/ipv6_sockglue.c. 
 
-CAN-2005-2617 
+CVE-2005-2617 
 
The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 
and later, on the amd64 architecture, does not check the return value of 
diff --git a/website/DTSA/DTSA-17-1.html b/website/DTSA/DTSA-17-1.html index 5ad4425568..33e9aea2e9 100644 --- a/website/DTSA/DTSA-17-1.html +++ b/website/DTSA/DTSA-17-1.html @@ -50,7 +50,7 @@
No
CVE:
-CAN-2005-2672 +CVE-2005-2672

More information:
Javier Fernández-Sanguino Peña discovered that a script included in 
diff --git a/website/DTSA/DTSA-19-1.html b/website/DTSA/DTSA-19-1.html index 8fa9a17838..491fe9dac8 100644 --- a/website/DTSA/DTSA-19-1.html +++ b/website/DTSA/DTSA-19-1.html @@ -50,17 +50,17 @@
No
CVE:
-CAN-2005-2919 -CAN-2005-2920 +CVE-2005-2919 +CVE-2005-2920

More information:
Multiple security holes were found in clamav: 
 
-CAN-2005-2919 
+CVE-2005-2919 
 
A possible infinate loop has been discovered in libclamav/fsg.c 
 
-CAN-2005-2920 
+CVE-2005-2920 
 
A possible buffer overflow has been found in libclamav/upx.c 
 
diff --git a/website/DTSA/DTSA-2-1.html b/website/DTSA/DTSA-2-1.html index 67378fc896..ffd77f9704 100644 --- a/website/DTSA/DTSA-2-1.html +++ b/website/DTSA/DTSA-2-1.html @@ -50,33 +50,33 @@
No
CVE:
-CAN-2005-2448 -CAN-2005-2370 -CAN-2005-2369 -CAN-2005-1914 +CVE-2005-2448 +CVE-2005-2370 +CVE-2005-2369 +CVE-2005-1914

More information:
centericq in testing is vulnerable to multiple security holes: 
 
-CAN-2005-2448 
+CVE-2005-2448 
 
Multiple endianness errors in libgadu, which is embedded in centericq, 
allow remote attackers to cause a denial of service (invalid behaviour in 
applications) on big-endian systems. 
 
-CAN-2005-2370 
+CVE-2005-2370 
 
Multiple memory alignment errors in libgadu, which is embedded in 
centericq, allows remote attackers to cause a denial of service (bus error) 
on certain architectures such as SPARC via an incoming message. 
 
-CAN-2005-2369 
+CVE-2005-2369 
 
Multiple integer signedness errors in libgadu, which is embedded in 
centericq, may allow remote attackers to cause a denial of service 
or execute arbitrary code. 
 
-CAN-2005-1914 
+CVE-2005-1914 
 
centericq creates temporary files with predictable file names, which 
allows local users to overwrite arbitrary files via a symlink attack. 
diff --git a/website/DTSA/DTSA-20-1.html b/website/DTSA/DTSA-20-1.html index 6c00538b7e..ce67a49b85 100644 --- a/website/DTSA/DTSA-20-1.html +++ b/website/DTSA/DTSA-20-1.html @@ -50,12 +50,12 @@
No
CVE:
-CAN-2005-2878 +CVE-2005-2878

More information:
A format string vulnerability has been discovered in Mailutils. 
 
-CAN-2005-2878 
+CVE-2005-2878 
A format string vulnerability in search.c in the imap4d server in GNU 
Mailutils 0.6 allows remote authenticated users to execute arbitrary code via 
format string specifiers in the SEARCH command. 
diff --git a/website/DTSA/DTSA-3-1.html b/website/DTSA/DTSA-3-1.html index 6051d99f47..166b913702 100644 --- a/website/DTSA/DTSA-3-1.html +++ b/website/DTSA/DTSA-3-1.html @@ -50,42 +50,42 @@
No
CVE:
-CAN-2005-2070 -CAN-2005-1923 -CAN-2005-2056 -CAN-2005-1922 -CAN-2005-2450 +CVE-2005-2070 +CVE-2005-1923 +CVE-2005-2056 +CVE-2005-1922 +CVE-2005-2450

More information:
Multiple security holes were found in clamav: 
 
-CAN-2005-2070 
+CVE-2005-2070 
 
The ClamAV Mail fILTER (clamav-milter), when used in Sendmail using long 
timeouts, allows remote attackers to cause a denial of service by keeping 
an open connection, which prevents ClamAV from reloading. 
 
-CAN-2005-1923 
+CVE-2005-1923 
 
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) allows remote 
attackers to cause a denial of service (CPU consumption by infinite loop) 
via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, 
which causes a zero-length read. 
 
-CAN-2005-2056 
+CVE-2005-2056 
 
The Quantum archive decompressor in Clam AntiVirus (ClamAV) allows remote 
attackers to cause a denial of service (application crash) via a crafted 
Quantum archive. 
 
-CAN-2005-1922 
+CVE-2005-1922 
 
The MS-Expand file handling in Clam AntiVirus (ClamAV) allows remote 
attackers to cause a denial of service (file descriptor and memory 
consumption) via a crafted file that causes repeated errors in the 
cli_msexpand function. 
 
-CAN-2005-2450 
+CVE-2005-2450 
 
Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file 
format processors in libclamav for Clam AntiVirus (ClamAV) allow remote 
diff --git a/website/DTSA/DTSA-4-1.html b/website/DTSA/DTSA-4-1.html index cc986a68d9..910fa05ece 100644 --- a/website/DTSA/DTSA-4-1.html +++ b/website/DTSA/DTSA-4-1.html @@ -50,38 +50,38 @@
No
CVE:
-CAN-2005-1916 -CAN-2005-1851 -CAN-2005-1850 -CAN-2005-1852 -CAN-2005-2448 +CVE-2005-1916 +CVE-2005-1851 +CVE-2005-1850 +CVE-2005-1852 +CVE-2005-2448

More information:
Multiple vulnerabilities were discovered in ekg: 
 
-CAN-2005-1916 
+CVE-2005-1916 
 
Eric Romang discovered insecure temporary file creation and arbitrary 
command execution in a contributed script that can be exploited by a local 
attacker. 
 
-CAN-2005-1851 
+CVE-2005-1851 
 
Marcin Owsiany and Wojtek Kaniewski discovered potential shell command 
injection in a contributed script. 
 
-CAN-2005-1850 
+CVE-2005-1850 
 
Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file 
creation in contributed scripts. 
 
-CAN-2005-1852 
+CVE-2005-1852 
 
Multiple integer overflows in libgadu, as used in ekg, allows remote 
attackers to cause a denial of service (crash) and possibly execute 
arbitrary code via an incoming message. 
 
-CAN-2005-2448 
+CVE-2005-2448 
 
Multiple endianness errors in libgadu in ekg allow remote attackers to 
cause a denial of service (invalid behaviour in applications) on 
diff --git a/website/DTSA/DTSA-5-1.html b/website/DTSA/DTSA-5-1.html index ceace6bdeb..07d90a7ac3 100644 --- a/website/DTSA/DTSA-5-1.html +++ b/website/DTSA/DTSA-5-1.html @@ -50,26 +50,26 @@
No
CVE:
-CAN-2005-2102 -CAN-2005-2370 -CAN-2005-2103 +CVE-2005-2102 +CVE-2005-2370 +CVE-2005-2103

More information:
Multiple security holes were found in gaim: 
 
-CAN-2005-2102 
+CVE-2005-2102 
 
The AIM/ICQ module in Gaim allows remote attackers to cause a denial of 
service (application crash) via a filename that contains invalid UTF-8 
characters. 
 
-CAN-2005-2370 
+CVE-2005-2370 
 
Multiple memory alignment errors in libgadu, as used in gaim and other 
packages, allow remote attackers to cause a denial of service (bus error) 
on certain architectures such as SPARC via an incoming message. 
 
-CAN-2005-2103 
+CVE-2005-2103 
 
Buffer overflow in the AIM and ICQ module in Gaim allows remote attackers 
to cause a denial of service (application crash) and possibly execute 
diff --git a/website/DTSA/DTSA-7-1.html b/website/DTSA/DTSA-7-1.html index 65541319f5..efc3726e1a 100644 --- a/website/DTSA/DTSA-7-1.html +++ b/website/DTSA/DTSA-7-1.html @@ -50,8 +50,8 @@
No
CVE:
-CAN-2004-0718 -CAN-2005-1937 +CVE-2004-0718 +CVE-2005-1937

More information:
A vulnerability has been discovered in Mozilla that allows remote attackers 
diff --git a/website/DTSA/DTSA-8-2.html b/website/DTSA/DTSA-8-2.html index 88d4ff4cbf..71fcce7a34 100644 --- a/website/DTSA/DTSA-8-2.html +++ b/website/DTSA/DTSA-8-2.html @@ -50,19 +50,19 @@
No
CVE:
-CAN-2004-0718 -CAN-2005-1937 -CAN-2005-2260 -CAN-2005-2261 -CAN-2005-2262 -CAN-2005-2263 -CAN-2005-2264 -CAN-2005-2265 -CAN-2005-2266 -CAN-2005-2267 -CAN-2005-2268 -CAN-2005-2269 -CAN-2005-2270 +CVE-2004-0718 +CVE-2005-1937 +CVE-2005-2260 +CVE-2005-2261 +CVE-2005-2262 +CVE-2005-2263 +CVE-2005-2264 +CVE-2005-2265 +CVE-2005-2266 +CVE-2005-2267 +CVE-2005-2268 +CVE-2005-2269 +CVE-2005-2270

More information:
We experienced that the update for Mozilla Firefox from DTSA-8-1 
@@ -74,65 +74,65 @@ text: 
 
Several problems were discovered in Mozilla Firefox: 
 
-CAN-2004-0718 CAN-2005-1937 
+CVE-2004-0718 CVE-2005-1937 
 
A vulnerability has been discovered in Mozilla Firefox that allows remote 
attackers to inject arbitrary Javascript from one page into the frameset of 
another site. 
 
-CAN-2005-2260 
+CVE-2005-2260 
 
The browser user interface does not properly distinguish between 
user-generated events and untrusted synthetic events, which makes it easier 
for remote attackers to perform dangerous actions that normally could only be 
performed manually by the user. 
 
-CAN-2005-2261 
+CVE-2005-2261 
 
XML scripts ran even when Javascript disabled. 
 
-CAN-2005-2262 
+CVE-2005-2262 
 
The user can be tricked to executing arbitrary JavaScript code by using a 
JavaScript URL as wallpaper. 
 
-CAN-2005-2263 
+CVE-2005-2263 
 
It is possible for a remote attacker to execute a callback function in the 
context of another domain (i.e. frame). 
 
-CAN-2005-2264 
+CVE-2005-2264 
 
By opening a malicious link in the sidebar it is possible for remote 
attackers to steal sensitive information. 
 
-CAN-2005-2265 
+CVE-2005-2265 
 
Missing input sanitising of InstallVersion.compareTo() can cause the 
application to crash. 
 
-CAN-2005-2266 
+CVE-2005-2266 
 
Remote attackers could steal sensitive information such as cookies and 
passwords from web sites by accessing data in alien frames. 
 
-CAN-2005-2267 
+CVE-2005-2267 
 
By using standalone applications such as Flash and QuickTime to open a 
javascript: URL, it is possible for a remote attacker to steal sensitive 
information and possibly execute arbitrary code. 
 
-CAN-2005-2268 
+CVE-2005-2268 
 
It is possible for a Javascript dialog box to spoof a dialog box from a 
trusted site and facilitates phishing attacks. 
 
-CAN-2005-2269 
+CVE-2005-2269 
 
Remote attackers could modify certain tag properties of DOM nodes that could 
lead to the execution of arbitrary script or code. 
 
-CAN-2005-2270 
+CVE-2005-2270 
 
The Mozilla browser family does not properly clone base objects, which allows 
remote attackers to execute arbitrary code. 
diff --git a/website/DTSA/DTSA-9-1.html b/website/DTSA/DTSA-9-1.html index 0bd05c0239..d578a54ff0 100644 --- a/website/DTSA/DTSA-9-1.html +++ b/website/DTSA/DTSA-9-1.html @@ -50,7 +50,7 @@
No
CVE:
-CAN-2005-2547 +CVE-2005-2547

More information:
A bug in bluez-utils allows remote attackers to execute arbitrary commands 
diff --git a/website/index.html b/website/index.html index 3367188c8f..79bae68284 100644 --- a/website/index.html +++ b/website/index.html @@ -92,7 +92,7 @@

The team maintains a database (actually some files) that contain - our notes about all CVEs, CANs, and DSAs. This database is available + our notes about all CVEs and DSAs. This database is available from subversion, and may be checked out from svn://svn.debian.org/secure-testing/. @@ -191,7 +191,7 @@ then check the log file and/or upgrade a test machine.

  • cd data/DTSA; ./sndadvisory DTSA-n-1
    • -
  • Edit CAN/list and DSA/list to list the version of the +
  • Edit CVE/list and DSA/list to list the version of the package that is in the secure-testing archive as fixing the holes. This is unfortunatly currently necessary for the fix to appear as a fix on the tracking page.
    • -- cgit v1.2.3