update references to CANs to be CVEs and complete CVE transition

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2462 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2005-10-19 23:10:21 +0000
committer: Joey Hess <joeyh@debian.org> 2005-10-19 23:10:21 +0000
commit: 20cd29d934ef16cee0a9d683f5ac4233739c1a12 (patch)
tree: 0a755eecca326176394c24227671bdb9c379403c /data/DTSA/advs
parent: 42d226f0d20fb9aaf7c03c81e97c4a5d25e35e70 (diff)
21 files changed, 93 insertions, 93 deletions
diff --git a/data/DTSA/advs/1-kismet.adv b/data/DTSA/advs/1-kismet.adv
index 598a2fed20..3ed9ded250 100644
--- a/data/DTSA/advs/1-kismet.adv
+++ b/data/DTSA/advs/1-kismet.adv
@@ -4,20 +4,20 @@ author: Joey Hess
 vuln-type: various
 problem-scope: remote
 debian-specific: no
-cve: CAN-2005-2626 CAN-2005-2627
+cve: CVE-2005-2626 CVE-2005-2627
 testing-fix: 2005.08.R1-0.1etch1
 sid-fix: 2005.08.R1-1
 upgrade: apt-get install kismet
 
 Multiple security holes have been discovered in kismet:
 
-  CAN-2005-2627
+  CVE-2005-2627
 
   Multiple integer underflows in Kismet allow remote attackers to execute
   arbitrary code via (1) kernel headers in a pcap file or (2) data frame
   dissection, which leads to heap-based buffer overflows.
 
-  CAN-2005-2626
+  CVE-2005-2626
 
   Unspecified vulnerability in Kismet allows remote attackers to have an
   unknown impact via unprintable characters in the SSID.
diff --git a/data/DTSA/advs/10-pcre.adv b/data/DTSA/advs/10-pcre.adv
index 8eab16540c..e4d535aa8e 100644
--- a/data/DTSA/advs/10-pcre.adv
+++ b/data/DTSA/advs/10-pcre.adv
@@ -4,7 +4,7 @@ author: Joey Hess
 vuln-type: buffer overflow
 problem-scope: remote
 debian-specific: no
-cve: CAN-2005-2491
+cve: CVE-2005-2491
 testing-fix: 6.3-0.1etch1
 sid-fix: 6.3-1
 upgrade: apt-get install libpcre3
diff --git a/data/DTSA/advs/11-maildrop.adv b/data/DTSA/advs/11-maildrop.adv
index 5f82766c60..e5f203d17a 100644
--- a/data/DTSA/advs/11-maildrop.adv
+++ b/data/DTSA/advs/11-maildrop.adv
@@ -4,7 +4,7 @@ author: Andres Salomon
 vuln-type: local privilege escalation
 problem-scope: local
 debian-specific: yes
-cve: CAN-2005-2655
+cve: CVE-2005-2655
 testing-fix: 1.5.3-1.1etch1
 sid-fix: 1.5.3-2
 upgrade: apt-get install maildrop
diff --git a/data/DTSA/advs/12-vim.adv b/data/DTSA/advs/12-vim.adv
index 42aae07e69..93014157ce 100644
--- a/data/DTSA/advs/12-vim.adv
+++ b/data/DTSA/advs/12-vim.adv
@@ -4,7 +4,7 @@ author: Joey Hess
 vuln-type: modeline exploits
 problem-scope: local
 debian-specifc: no
-cve: CAN-2005-2368
+cve: CVE-2005-2368
 testing-fix: 1:6.3-085+0.0etch1
 sid-fix: 1:6.3-085+1
 upgrade: apt-get install vim
diff --git a/data/DTSA/advs/13-evolution.adv b/data/DTSA/advs/13-evolution.adv
index bd30fe5ec3..f709db2a80 100644
--- a/data/DTSA/advs/13-evolution.adv
+++ b/data/DTSA/advs/13-evolution.adv
@@ -4,21 +4,21 @@ author: Joey Hess
 vuln-type: format string vulnerabilities
 problem-scope: remote
 debian-specifc: no
-cve: CAN-2005-2549 CAN-2005-2550
+cve: CVE-2005-2549 CVE-2005-2550
 testing-fix: 2.2.3-2etch1
 sid-fix: 2.2.3-3
 upgrade: apt-get install evolution
 
 Multiple vulnerabilities were discovered in evolution:
 
-CAN-2005-2549
+CVE-2005-2549
 
 Multiple format string vulnerabilities in Evolution allow remote attackers
 to cause a denial of service (crash) and possibly execute arbitrary code via
 (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task 
 list data from remote servers.
 
-CAN-2005-2550
+CVE-2005-2550
 
 Format string vulnerability in Evolution allows remote attackers to cause a
 denial of service (crash) and possibly execute arbitrary code via the
diff --git a/data/DTSA/advs/14-mozilla.adv b/data/DTSA/advs/14-mozilla.adv
index 64f65a2bc9..c059327f4a 100644
--- a/data/DTSA/advs/14-mozilla.adv
+++ b/data/DTSA/advs/14-mozilla.adv
@@ -4,7 +4,7 @@ author: Joey Hess
 vuln-type: several
 problem-scope: remote
 debian-specifc: no
-cve: CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2263 CAN-2005-2265 CAN-2005-2266 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270
+cve: CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2263 CVE-2005-2265 CVE-2005-2266 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270
 testing-fix: 2:1.7.8-1sarge2
 sid-fix: 2:1.7.10-1
 upgrade: apt-get install mozilla
@@ -15,49 +15,49 @@ basically version 1.7.10 with the version number rolled back, and hence still
 named 1.7.8.  The Common Vulnerabilities and Exposures project identifies the
 following problems:
 
-CAN-2004-0718, CAN-2005-1937
+CVE-2004-0718, CVE-2005-1937
 
     A vulnerability has been discovered in Mozilla that allows remote
     attackers to inject arbitrary Javascript from one page into the
     frameset of another site.
 
-CAN-2005-2260
+CVE-2005-2260
 
     The browser user interface does not properly distinguish between
     user-generated events and untrusted synthetic events, which makes
     it easier for remote attackers to perform dangerous actions that
     normally could only be performed manually by the user.
 
-CAN-2005-2261
+CVE-2005-2261
 
     XML scripts ran even when Javascript disabled.
 
-CAN-2005-2263
+CVE-2005-2263
 
     It is possible for a remote attacker to execute a callback
     function in the context of another domain (i.e. frame).
 
-CAN-2005-2265
+CVE-2005-2265
 
     Missing input sanitising of InstallVersion.compareTo() can cause
     the application to crash.
 
-CAN-2005-2266
+CVE-2005-2266
 
     Remote attackers could steal sensitive information such as cookies
     and passwords from web sites by accessing data in alien frames.
 
-CAN-2005-2268
+CVE-2005-2268
 
     It is possible for a Javascript dialog box to spoof a dialog box
     from a trusted site and facilitates phishing attacks.
 
-CAN-2005-2269
+CVE-2005-2269
 
     Remote attackers could modify certain tag properties of DOM nodes
     that could lead to the execution of arbitrary script or code.
 
-CAN-2005-2270
+CVE-2005-2270
 
     The Mozilla browser family does not properly clone base objects,
     which allows remote attackers to execute arbitrary code.
diff --git a/data/DTSA/advs/15-php4.adv b/data/DTSA/advs/15-php4.adv
index 2b6d31ff99..0fdf486d6c 100644
--- a/data/DTSA/advs/15-php4.adv
+++ b/data/DTSA/advs/15-php4.adv
@@ -4,7 +4,7 @@ author: Neil McGovern
 vuln-type: several vulnerabilities
 problem-scope: remote/local
 debian-specifc: no
-cve: CAN-2005-1751 CAN-2005-1921 CAN-2005-2498
+cve: CVE-2005-1751 CVE-2005-1921 CVE-2005-2498
 vendor-advisory: 
 testing-fix: 4.3.10-16etch1
 sid-fix: 4.4.0-2
@@ -15,20 +15,20 @@ server-side, HTML-embedded scripting language.  The Common
 Vulnerabilities and Exposures project identifies the following
 problems:
 
-CAN-2005-1751
+CVE-2005-1751
 
     Eric Romang discovered insecure temporary files in the shtool
     utility shipped with PHP that can exploited by a local attacker to
     overwrite arbitrary files.  Only this vulnerability affects
     packages in oldstable.
 
-CAN-2005-1921
+CVE-2005-1921
 
     GulfTech has discovered that PEAR XML_RPC is vulnerable to a
     remote PHP code execution vulnerability that may allow an attacker
     to compromise a vulnerable server.
 
-CAN-2005-2498
+CVE-2005-2498
 
     Stefan Esser discovered another vulnerability in the XML-RPC
     libraries that allows injection of arbitrary PHP code into eval()
diff --git a/data/DTSA/advs/16-linux-2.6.adv b/data/DTSA/advs/16-linux-2.6.adv
index 1305adbda1..3b184b78e7 100644
--- a/data/DTSA/advs/16-linux-2.6.adv
+++ b/data/DTSA/advs/16-linux-2.6.adv
@@ -4,7 +4,7 @@ author: Joey Hess
 vuln-type: several holes
 problem-scope: remote
 debian-specifc: no
-cve: CAN-2005-2098 CAN-2005-2099 CAN-2005-2456 CAN-2005-2617 CAN-2005-1913 CAN-2005-1761 CAN-2005-2457 CAN-2005-2458 CAN-2005-2459 CAN-2005-2548 CAN-2004-2302 CAN-2005-1765 CAN-2005-1762 CAN-2005-1761 CAN-2005-2555
+cve: CVE-2005-2098 CVE-2005-2099 CVE-2005-2456 CVE-2005-2617 CVE-2005-1913 CVE-2005-1761 CVE-2005-2457 CVE-2005-2458 CVE-2005-2459 CVE-2005-2548 CVE-2004-2302 CVE-2005-1765 CVE-2005-1762 CVE-2005-1761 CVE-2005-2555
 testing-fix: 2.6.12-6
 sid-fix: 2.6.12-6
 upgrade: apt-get install linux-image-2.6-386; reboot
@@ -13,36 +13,36 @@ Several security related problems have been found in version 2.6 of the
 linux kernel. The Common Vulnerabilities and Exposures project identifies
 the following problems:
 
-CAN-2004-2302
+CVE-2004-2302
 
   Race condition in the sysfs_read_file and sysfs_write_file functions in
   Linux kernel before 2.6.10 allows local users to read kernel memory and
   cause a denial of service (crash) via large offsets in sysfs files.
 
-CAN-2005-1761
+CVE-2005-1761
 
   Vulnerability in the Linux kernel allows local users to cause a
   denial of service (kernel crash) via ptrace.
 
-CAN-2005-1762
+CVE-2005-1762
 
   The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64
   platform allows local users to cause a denial of service (kernel crash) via
   a "non-canonical" address.
 
-CAN-2005-1765
+CVE-2005-1765
 
   syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when
   running in 32-bit compatibility mode, allows local users to cause a denial
   of service (kernel hang) via crafted arguments.
 
-CAN-2005-1913
+CVE-2005-1913
 
   When a non group-leader thread called exec() to execute a different program
   while an itimer was pending, the timer expiry would signal the old group
   leader task, which did not exist any more. This caused a kernel panic.
 
-CAN-2005-2098 
+CVE-2005-2098 
 
   The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before
   2.6.12.5 contains an error path that does not properly release the session
@@ -51,7 +51,7 @@ CAN-2005-2098
   empty name string, (2) with a long name string, (3) with the key quota
   reached, or (4) ENOMEM.
 
-CAN-2005-2099
+CVE-2005-2099
 
   The Linux kernel before 2.6.12.5 does not properly destroy a keyring that
   is not instantiated properly, which allows local users or remote attackers
@@ -59,7 +59,7 @@ CAN-2005-2099
   that is not empty, which causes the creation to fail, leading to a null
   dereference in the keyring destructor.
 
-CAN-2005-2456
+CVE-2005-2456
 
   Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c
   in Linux kernel 2.6 allows local users to cause a denial of service (oops
@@ -67,41 +67,41 @@ CAN-2005-2456
   larger than XFRM_POLICY_OUT, which is used as an index in the
   sock->sk_policy array.
 
-CAN-2005-2457
+CVE-2005-2457
 
   The driver for compressed ISO file systems (zisofs) in the Linux kernel
   before 2.6.12.5 allows local users and remote attackers to cause a denial
   of service (kernel crash) via a crafted compressed ISO file system.
 
-CAN-2005-2458
+CVE-2005-2458
 
   inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows
   remote attackers to cause a denial of service (kernel crash) via a
   compressed file with "improper tables".
 
-CAN-2005-2459
+CVE-2005-2459
 
   The huft_build function in inflate.c in the zlib routines in the Linux
   kernel before 2.6.12.5 returns the wrong value, which allows remote
   attackers to cause a denial of service (kernel crash) via a certain
   compressed file that leads to a null pointer dereference, a different
-  vulnerbility than CAN-2005-2458.
+  vulnerbility than CVE-2005-2458.
 
-CAN-2005-2548
+CVE-2005-2548
 
   vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a denial
   of service (kernel oops from null dereference) via certain UDP packets that
   lead to a function call with the wrong argument, as demonstrated using
   snmpwalk on snmpd.
 
-CAN-2005-2555
+CVE-2005-2555
 
   Linux kernel 2.6.x does not properly restrict socket policy access to users
   with the CAP_NET_ADMIN capability, which could allow local users to conduct
   unauthorized activities via (1) ipv4/ip_sockglue.c and (2)
   ipv6/ipv6_sockglue.c.
 
-CAN-2005-2617
+CVE-2005-2617
 
   The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12
   and later, on the amd64 architecture, does not check the return value of
diff --git a/data/DTSA/advs/17-lm-sensors.adv b/data/DTSA/advs/17-lm-sensors.adv
index 3a0fcd9590..04351ff05a 100644
--- a/data/DTSA/advs/17-lm-sensors.adv
+++ b/data/DTSA/advs/17-lm-sensors.adv
@@ -4,7 +4,7 @@ author: Micah Anderson
 vuln-type: insecure temporary file
 problem-scope: local
 debian-specifc: no
-cve: CAN-2005-2672
+cve: CVE-2005-2672
 vendor-advisory: 
 testing-fix: 1:2.9.1-6etch1
 sid-fix: 1:2.9.1-7
diff --git a/data/DTSA/advs/18-thunderbird.adv b/data/DTSA/advs/18-thunderbird.adv
index 5ccce208f7..4e4c53d1aa 100644
--- a/data/DTSA/advs/18-thunderbird.adv
+++ b/data/DTSA/advs/18-thunderbird.adv
@@ -4,7 +4,7 @@ author: xxx
 vuln-type: multiple
 problem-scope: remote/local
 debian-specifc: yes/no
-cve: CAN-2005-2968, CAN-2005-2266, CAN-2005-2265, CAN-2005-2261, CAN-2005-1532, CAN-2005-1160, CAN-2005-1159, CAN-2005-0989
+cve: CVE-2005-2968, CVE-2005-2266, CVE-2005-2265, CVE-2005-2261, CVE-2005-1532, CVE-2005-1160, CVE-2005-1159, CVE-2005-0989
 vendor-advisory: 
 testing-fix: xxx
 sid-fix: xxx
@@ -12,37 +12,37 @@ upgrade: apt-get install xxx
 
 xxx multiline description here
 
-CAN-2005-2968
+CVE-2005-2968
   Thunderbird incorrectly escapes commands in input, fed to it through
   the --compose option, which could lead to execution of arbitrary
   shell commands.
 
-CAN-2005-2266
+CVE-2005-2266
   Child frames may access parental frames, even if these are in
   different access domains and may lead to information leakage of
   cookies or pass words.
 
-CAN-2005-2265
+CVE-2005-2265
   Incorrect type checks in InstallVersion.compareTo may lead to a
   denial-of-service attack or possibly execution of arbitrary code.
 
-CAN-2005-2261
+CVE-2005-2261
   XBL scripts are even run, if Javascript has been disabled.
 
-CAN-2005-1532
+CVE-2005-1532
   Javascript is inproperly limits its privileges to the calling
   context, which could lead to "non-DOM privilege override".
 
-CAN-2005-1160
+CVE-2005-1160
   Overriding properties/methods of DOM nodes could lead to execution
   of code with extended "chrome" privileges.
 
-CAN-2005-1159
+CVE-2005-1159
   Native function implementations are not verified, causing Javascript 
   execution at improper memory addresses allowing denial of service and 
   potentially arbitrary code execution
 
-CAN-2005-0989
+CVE-2005-0989
   The find_replen function in the Javascript engine allows remote
   attackers to read portions of heap memory in a Javascript string via
   the lambda replace method.
diff --git a/data/DTSA/advs/19-clamav.adv b/data/DTSA/advs/19-clamav.adv
index 35356bd0e4..2dc39870c1 100644
--- a/data/DTSA/advs/19-clamav.adv
+++ b/data/DTSA/advs/19-clamav.adv
@@ -4,18 +4,18 @@ author: Neil McGovern
 vuln-type: buffer overflow and infinate loop problems
 problem-scope: remote
 debian-specific: no
-cve: CAN-2005-2919 CAN-2005-2920
+cve: CVE-2005-2919 CVE-2005-2920
 testing-fix: 0.86.2-4etch2
 sid-fix: 0.87-1
 upgrade: apt-get upgrade
 
 Multiple security holes were found in clamav:
 
-CAN-2005-2919
+CVE-2005-2919
 
   A possible infinate loop has been discovered in libclamav/fsg.c
 
-CAN-2005-2920
+CVE-2005-2920
 
   A possible buffer overflow has been found in libclamav/upx.c
 
diff --git a/data/DTSA/advs/2-centericq.adv b/data/DTSA/advs/2-centericq.adv
index bf1a9fe0be..d16bbd0015 100644
--- a/data/DTSA/advs/2-centericq.adv
+++ b/data/DTSA/advs/2-centericq.adv
@@ -4,32 +4,32 @@ author: Joey Hess
 vuln-type: multiple vulnerabilities
 problem-scope: local and remote
 debian-specific: no
-cve: CAN-2005-2448 CAN-2005-2370 CAN-2005-2369 CAN-2005-1914
+cve: CVE-2005-2448 CVE-2005-2370 CVE-2005-2369 CVE-2005-1914
 testing-fix: 4.20.0-8etch1
 sid-fix: 4.20.0-9
 upgrade: apt-get install centericq
 
 centericq in testing is vulnerable to multiple security holes:
 
-CAN-2005-2448
+CVE-2005-2448
 
   Multiple endianness errors in libgadu, which is embedded in centericq,
   allow remote attackers to cause a denial of service (invalid behaviour in
   applications) on big-endian systems.
 
-CAN-2005-2370
+CVE-2005-2370
 
   Multiple memory alignment errors in libgadu, which is embedded in
   centericq, allows remote attackers to cause a denial of service (bus error)
   on certain architectures such as SPARC via an incoming message.
 
-CAN-2005-2369
+CVE-2005-2369
 
   Multiple integer signedness errors in libgadu, which is embedded in
   centericq, may allow remote attackers to cause a denial of service
   or execute arbitrary code.
 
-CAN-2005-1914
+CVE-2005-1914
 
   centericq creates temporary files with predictable file names, which
   allows local users to overwrite arbitrary files via a symlink attack.
diff --git a/data/DTSA/advs/20-mailutils.adv b/data/DTSA/advs/20-mailutils.adv
index 376f3d3b2e..02129dadb9 100644
--- a/data/DTSA/advs/20-mailutils.adv
+++ b/data/DTSA/advs/20-mailutils.adv
@@ -4,7 +4,7 @@ author: Neil McGovern
 vuln-type: Format string vulnerability
 problem-scope: remote
 debian-specifc: no
-cve: CAN-2005-2878
+cve: CVE-2005-2878
 vendor-advisory: http://savannah.gnu.org/patch/index.php?func=detailitem&item_id=4407
 testing-fix: 1:0.6.90-2.1etch1
 sid-fix: 1:0.6.90-3
@@ -12,7 +12,7 @@ upgrade: apt-get upgrade
 
 A format string vulnerability has been discovered in Mailutils.
 
-CAN-2005-2878
+CVE-2005-2878
   A format string vulnerability in search.c in the imap4d server in GNU
   Mailutils 0.6 allows remote authenticated users to execute arbitrary code via
   format string specifiers in the SEARCH command.
diff --git a/data/DTSA/advs/3-clamav.adv b/data/DTSA/advs/3-clamav.adv
index 141a38ea5e..1a92f84f5c 100644
--- a/data/DTSA/advs/3-clamav.adv
+++ b/data/DTSA/advs/3-clamav.adv
@@ -4,40 +4,40 @@ author: Joey Hess
 vuln-type: denial of service and privilege escalation
 problem-scope: remote
 debian-specific: no
-cve: CAN-2005-2070 CAN-2005-1923 CAN-2005-2056 CAN-2005-1922 CAN-2005-2450
+cve: CVE-2005-2070 CVE-2005-1923 CVE-2005-2056 CVE-2005-1922 CVE-2005-2450
 testing-fix: 0.86.2-4etch1
 sid-fix: 0.86.2-1
 upgrade: apt-get upgrade
 
 Multiple security holes were found in clamav:
 
-CAN-2005-2070
+CVE-2005-2070
 
   The ClamAV Mail fILTER (clamav-milter), when used in Sendmail using long
   timeouts, allows remote attackers to cause a denial of service by keeping
   an open connection, which prevents ClamAV from reloading.
 
-CAN-2005-1923
+CVE-2005-1923
 
   The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) allows remote
   attackers to cause a denial of service (CPU consumption by infinite loop)
   via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff,
   which causes a zero-length read.
 
-CAN-2005-2056
+CVE-2005-2056
 
   The Quantum archive decompressor in Clam AntiVirus (ClamAV) allows remote
   attackers to cause a denial of service (application crash) via a crafted
   Quantum archive.
 
-CAN-2005-1922
+CVE-2005-1922
 
   The MS-Expand file handling in Clam AntiVirus (ClamAV) allows remote
   attackers to cause a denial of service (file descriptor and memory
   consumption) via a crafted file that causes repeated errors in the
   cli_msexpand function.
 
-CAN-2005-2450
+CVE-2005-2450
 
   Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file
   format processors in libclamav for Clam AntiVirus (ClamAV) allow remote
diff --git a/data/DTSA/advs/4-ekg.adv b/data/DTSA/advs/4-ekg.adv
index 1c03064ab3..3139bb55d1 100644
--- a/data/DTSA/advs/4-ekg.adv
+++ b/data/DTSA/advs/4-ekg.adv
@@ -4,36 +4,36 @@ author: Joey Hess
 vuln-type: multiple vulnerabilities
 problem-scope: local and remote
 debian-specific: no
-cve: CAN-2005-1916 CAN-2005-1851 CAN-2005-1850 CAN-2005-1852 CAN-2005-2448
+cve: CVE-2005-1916 CVE-2005-1851 CVE-2005-1850 CVE-2005-1852 CVE-2005-2448
 testing-fix: 1:1.5+20050808+1.6rc3-0etch1
 sid-fix: 1:1.5+20050808+1.6rc3-1
 upgrade: apt-get install libgadu3 ekg
 
 Multiple vulnerabilities were discovered in ekg:
 
-CAN-2005-1916
+CVE-2005-1916
 
   Eric Romang discovered insecure temporary file creation and arbitrary
   command execution in a contributed script that can be exploited by a local
   attacker.
 
-CAN-2005-1851
+CVE-2005-1851
 
   Marcin Owsiany and Wojtek Kaniewski discovered potential shell command
   injection in a contributed script.
 
-CAN-2005-1850
+CVE-2005-1850
 
   Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file
   creation in contributed scripts.
 
-CAN-2005-1852
+CVE-2005-1852
 
   Multiple integer overflows in libgadu, as used in ekg, allows remote
   attackers to cause a denial of service (crash) and possibly execute
   arbitrary code via an incoming message.
 
-CAN-2005-2448
+CVE-2005-2448
 
   Multiple endianness errors in libgadu in ekg allow remote attackers to
   cause a denial of service (invalid behaviour in applications) on
diff --git a/data/DTSA/advs/44-kdelibs.adv b/data/DTSA/advs/44-kdelibs.adv
index 4b12cbd030..e3fd2d3b7d 100644
--- a/data/DTSA/advs/44-kdelibs.adv
+++ b/data/DTSA/advs/44-kdelibs.adv
@@ -4,7 +4,7 @@ author: Moritz Muehlenhoff
 vuln-type: insecure default permissions
 problem-scope: local
 debian-specifc: no
-cve: CAN-2005-1920
+cve: CVE-2005-1920
 vendor-advisory: 
 testing-fix: 4:3.3.2-6.1etch1
 sid-fix: 4:3.4.2-1
diff --git a/data/DTSA/advs/5-gaim.adv b/data/DTSA/advs/5-gaim.adv
index d87c1b77c9..3c65588af6 100644
--- a/data/DTSA/advs/5-gaim.adv
+++ b/data/DTSA/advs/5-gaim.adv
@@ -4,26 +4,26 @@ author: Joey Hess
 vuln-type: multiple remote vulnerabilities
 problem-scope: remote
 debian-specific: no
-cve: CAN-2005-2102 CAN-2005-2370 CAN-2005-2103
+cve: CVE-2005-2102 CVE-2005-2370 CVE-2005-2103
 testing-fix: 1:1.4.0-5etch2
 sid-fix: 1:1.4.0-5
 upgrade: apt-get install gaim
 
 Multiple security holes were found in gaim:
 
-CAN-2005-2102
+CVE-2005-2102
 
   The AIM/ICQ module in Gaim allows remote attackers to cause a denial of
   service (application crash) via a filename that contains invalid UTF-8
   characters.
 
-CAN-2005-2370
+CVE-2005-2370
 
   Multiple memory alignment errors in libgadu, as used in gaim and other
   packages, allow remote attackers to cause a denial of service (bus error)
   on certain architectures such as SPARC via an incoming message.
 
-CAN-2005-2103
+CVE-2005-2103
 
   Buffer overflow in the AIM and ICQ module in Gaim allows remote attackers
   to cause a denial of service (application crash) and possibly execute
diff --git a/data/DTSA/advs/7-mozilla.adv b/data/DTSA/advs/7-mozilla.adv
index b5d8d3d158..3dfa10bac5 100644
--- a/data/DTSA/advs/7-mozilla.adv
+++ b/data/DTSA/advs/7-mozilla.adv
@@ -4,7 +4,7 @@ author: Joey Hess
 vuln-type: frame injection spoofing
 problem-scope: remote
 debian-specific: no
-cve: CAN-2004-0718 CAN-2005-1937
+cve: CVE-2004-0718 CVE-2005-1937
 testing-fix: 2:1.7.8-1sarge1
 sid-fix: 2:1.7.10-1
 upgrade: apt-get install mozilla
diff --git a/data/DTSA/advs/8-mozilla-firefox.adv b/data/DTSA/advs/8-mozilla-firefox.adv
index 8aab984670..b105d6548a 100644
--- a/data/DTSA/advs/8-mozilla-firefox.adv
+++ b/data/DTSA/advs/8-mozilla-firefox.adv
@@ -4,7 +4,7 @@ author: Joey Hess
 vuln-type: several vulnerabilities (update)
 problem-scope: remote
 debian-specific: no
-cve: CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270
+cve: CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270
 testing-fix: 1.0.4-2sarge3
 sid-fix: 1.0.6-3
 upgrade: apt-get install mozilla-firefox
@@ -18,65 +18,65 @@ text:
 
 Several problems were discovered in Mozilla Firefox:
 
-CAN-2004-0718 CAN-2005-1937
+CVE-2004-0718 CVE-2005-1937
 
   A vulnerability has been discovered in Mozilla Firefox that allows remote
   attackers to inject arbitrary Javascript from one page into the frameset of
   another site.
 
-CAN-2005-2260
+CVE-2005-2260
 
   The browser user interface does not properly distinguish between
   user-generated events and untrusted synthetic events, which makes it easier
   for remote attackers to perform dangerous actions that normally could only be
   performed manually by the user.
 
-CAN-2005-2261
+CVE-2005-2261
 
   XML scripts ran even when Javascript disabled.
 
-CAN-2005-2262
+CVE-2005-2262
 
   The user can be tricked to executing arbitrary JavaScript code by using a
   JavaScript URL as wallpaper.
 
-CAN-2005-2263
+CVE-2005-2263
 
   It is possible for a remote attacker to execute a callback function in the
   context of another domain (i.e. frame).
 
-CAN-2005-2264
+CVE-2005-2264
 
   By opening a malicious link in the sidebar it is possible for remote
   attackers to steal sensitive information.
 
-CAN-2005-2265
+CVE-2005-2265
 
   Missing input sanitising of InstallVersion.compareTo() can cause the
   application to crash.
 
-CAN-2005-2266
+CVE-2005-2266
 
   Remote attackers could steal sensitive information such as cookies and
   passwords from web sites by accessing data in alien frames.
 
-CAN-2005-2267
+CVE-2005-2267
 
   By using standalone applications such as Flash and QuickTime to open a
   javascript: URL, it is possible for a remote attacker to steal sensitive
   information and possibly execute arbitrary code.
 
-CAN-2005-2268
+CVE-2005-2268
 
   It is possible for a Javascript dialog box to spoof a dialog box from a
   trusted site and facilitates phishing attacks.
 
-CAN-2005-2269
+CVE-2005-2269
 
   Remote attackers could modify certain tag properties of DOM nodes that could
   lead to the execution of arbitrary script or code.
 
-CAN-2005-2270
+CVE-2005-2270
 
   The Mozilla browser family does not properly clone base objects, which allows
   remote attackers to execute arbitrary code.
diff --git a/data/DTSA/advs/9-bluez-utils.adv b/data/DTSA/advs/9-bluez-utils.adv
index 8190518e0c..07540ceb42 100644
--- a/data/DTSA/advs/9-bluez-utils.adv
+++ b/data/DTSA/advs/9-bluez-utils.adv
@@ -4,7 +4,7 @@ author: Joey Hess
 vuln-type: bad device name escaping
 problem-scope: remote
 debian-specific: no
-cve: CAN-2005-2547
+cve: CVE-2005-2547
 testing-fix: 2.19-0.1etch1
 sid-fix: 2.19-1
 upgrade: apt-get install bluez-utils
diff --git a/data/DTSA/advs/nn-kernel-source-2.4.27.adv b/data/DTSA/advs/nn-kernel-source-2.4.27.adv
index e7a56a2521..0f37cc0a32 100644
--- a/data/DTSA/advs/nn-kernel-source-2.4.27.adv
+++ b/data/DTSA/advs/nn-kernel-source-2.4.27.adv
@@ -4,8 +4,8 @@ author: Micah Anderson
 vuln-type: various
 problem-scope: remote
 debian-specifc: no
-cve: CAN-2005-2458, CAN-2005-2459, CAN-2005-1767, CAN-2005-2456,
-CAN-2005-1768, CAN-2005-0756 CAN-2005-0757, CAN-2005-1762, CAN-2005-1768
+cve: CVE-2005-2458, CVE-2005-2459, CVE-2005-1767, CVE-2005-2456,
+CVE-2005-1768, CVE-2005-0756 CVE-2005-0757, CVE-2005-1762, CVE-2005-1768
 vendor-advisory: 
 testing-fix: 2.4.27-11
 sid-fix: 2.4.27-11
author	Joey Hess <joeyh@debian.org>	2005-10-19 23:10:21 +0000
committer	Joey Hess <joeyh@debian.org>	2005-10-19 23:10:21 +0000
commit	20cd29d934ef16cee0a9d683f5ac4233739c1a12 (patch)
tree	0a755eecca326176394c24227671bdb9c379403c /data/DTSA/advs
parent	42d226f0d20fb9aaf7c03c81e97c4a5d25e35e70 (diff)