summaryrefslogtreecommitdiffstats
path: root/data/DTSA/advs
diff options
context:
space:
mode:
authorJoey Hess <joeyh@debian.org>2005-09-07 17:08:19 +0000
committerJoey Hess <joeyh@debian.org>2005-09-07 17:08:19 +0000
commit5655b78c936abf8a9c3711bcf48e6d833da26cc2 (patch)
tree23f955d72af1a4e0a3a2d1cc6f36649d41297504 /data/DTSA/advs
parent72b2ae9675950803edddb5a34e86d033aedf7c58 (diff)
add upgrade: field in advisory files, to get rid of the need to manually
edit that FIXME every time git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@1842 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs')
-rw-r--r--data/DTSA/advs/0-hotzenplotz.adv1
-rw-r--r--data/DTSA/advs/1-kismet.adv1
-rw-r--r--data/DTSA/advs/10-pcre.adv1
-rw-r--r--data/DTSA/advs/11-maildrop.adv1
-rw-r--r--data/DTSA/advs/12-vim.adv1
-rw-r--r--data/DTSA/advs/2-centericq.adv1
-rw-r--r--data/DTSA/advs/3-clamav.adv1
-rw-r--r--data/DTSA/advs/4-ekg.adv1
-rw-r--r--data/DTSA/advs/5-gaim.adv1
-rw-r--r--data/DTSA/advs/6-cgiwrap.adv1
-rw-r--r--data/DTSA/advs/7-mozilla.adv1
-rw-r--r--data/DTSA/advs/8-mozilla-firefox.adv1
-rw-r--r--data/DTSA/advs/9-bluez-utils.adv1
13 files changed, 13 insertions, 0 deletions
diff --git a/data/DTSA/advs/0-hotzenplotz.adv b/data/DTSA/advs/0-hotzenplotz.adv
index bd0b862d41..6a0475747e 100644
--- a/data/DTSA/advs/0-hotzenplotz.adv
+++ b/data/DTSA/advs/0-hotzenplotz.adv
@@ -9,6 +9,7 @@ cve: CAN-1978-0019
vendor-advisory: http://www.hotzenplotz.org/sec/buffer-overflow.html
testing-fix: 3.14-1ts1
sid-fix: 3.14-2
+upgrade: apt-get install hotzenplotz
User authentication in hotzenplotz does not verify the user name properly.
A buffer overflow can be exploited to execute arbitrary code with elevated
diff --git a/data/DTSA/advs/1-kismet.adv b/data/DTSA/advs/1-kismet.adv
index 24691ef93d..5d7c46e346 100644
--- a/data/DTSA/advs/1-kismet.adv
+++ b/data/DTSA/advs/1-kismet.adv
@@ -8,6 +8,7 @@ debian-specific: no
cve: CAN-2005-2626 CAN-2005-2627
testing-fix: 2005.08.R1-0.1etch1
sid-fix: 2005.08.R1-1
+upgrade: apt-get install kismet
Multiple security holes have been discovered in kismet:
diff --git a/data/DTSA/advs/10-pcre.adv b/data/DTSA/advs/10-pcre.adv
index 32067cb383..a4326beaac 100644
--- a/data/DTSA/advs/10-pcre.adv
+++ b/data/DTSA/advs/10-pcre.adv
@@ -8,6 +8,7 @@ debian-specific: no
cve: CAN-2005-2491
testing-fix: 6.3-0.1etch1
sid-fix: 6.3-1
+upgrade: apt-get install libpcre3
An integer overflow in pcre_compile.c in Perl Compatible Regular Expressions
(PCRE) allows attackers to execute arbitrary code via quantifier values in
diff --git a/data/DTSA/advs/11-maildrop.adv b/data/DTSA/advs/11-maildrop.adv
index 4d7d531370..97e1cb8259 100644
--- a/data/DTSA/advs/11-maildrop.adv
+++ b/data/DTSA/advs/11-maildrop.adv
@@ -8,6 +8,7 @@ debian-specific: yes
cve: CAN-2005-2655
testing-fix: 1.5.3-1.1etch1
sid-fix: 1.5.3-2
+upgrade: apt-get install maildrop
The lockmail binary shipped with maildrop allows for an attacker to
obtain an effective gid as group "mail". Debian ships the binary with its
diff --git a/data/DTSA/advs/12-vim.adv b/data/DTSA/advs/12-vim.adv
index 242da6ec38..45a1fdee78 100644
--- a/data/DTSA/advs/12-vim.adv
+++ b/data/DTSA/advs/12-vim.adv
@@ -8,6 +8,7 @@ debian-specifc: no
cve: CAN-2005-2368
testing-fix: 1:6.3-085+0.0etch1
sid-fix: 1:6.3-085+1
+upgrade: apt-get install vim
vim modelines allow files to execute arbitrary commands via shell
metacharacters in the glob or expand commands of a foldexpr expression
diff --git a/data/DTSA/advs/2-centericq.adv b/data/DTSA/advs/2-centericq.adv
index 1426620320..22926fe127 100644
--- a/data/DTSA/advs/2-centericq.adv
+++ b/data/DTSA/advs/2-centericq.adv
@@ -8,6 +8,7 @@ debian-specific: no
cve: CAN-2005-2448 CAN-2005-2370 CAN-2005-2369 CAN-2005-1914
testing-fix: 4.20.0-8etch1
sid-fix: 4.20.0-9
+upgrade: apt-get install centericq
centericq in testing is vulnerable to multiple security holes:
diff --git a/data/DTSA/advs/3-clamav.adv b/data/DTSA/advs/3-clamav.adv
index d6169b049e..313d9106b3 100644
--- a/data/DTSA/advs/3-clamav.adv
+++ b/data/DTSA/advs/3-clamav.adv
@@ -8,6 +8,7 @@ debian-specific: no
cve: CAN-2005-2070 CAN-2005-1923 CAN-2005-2056 CAN-2005-1922 CAN-2005-2450
testing-fix: 0.86.2-4etch1
sid-fix: 0.86.2-1
+upgrade: apt-get upgrade
Multiple security holes were found in clamav:
diff --git a/data/DTSA/advs/4-ekg.adv b/data/DTSA/advs/4-ekg.adv
index cca429a505..4c3f15401d 100644
--- a/data/DTSA/advs/4-ekg.adv
+++ b/data/DTSA/advs/4-ekg.adv
@@ -8,6 +8,7 @@ debian-specific: no
cve: CAN-2005-1916 CAN-2005-1851 CAN-2005-1850 CAN-2005-1852 CAN-2005-2448
testing-fix: 1:1.5+20050808+1.6rc3-0etch1
sid-fix: 1:1.5+20050808+1.6rc3-1
+upgrade: apt-get install libgadu3 ekg
Multiple vulnerabilities were discovered in ekg:
diff --git a/data/DTSA/advs/5-gaim.adv b/data/DTSA/advs/5-gaim.adv
index 52af5d7590..7c78d7e3c9 100644
--- a/data/DTSA/advs/5-gaim.adv
+++ b/data/DTSA/advs/5-gaim.adv
@@ -8,6 +8,7 @@ debian-specific: no
cve: CAN-2005-2102 CAN-2005-2370 CAN-2005-2103
testing-fix: 1:1.4.0-5etch2
sid-fix: 1:1.4.0-5
+upgrade: apt-get install gaim
Multiple security holes were found in gaim:
diff --git a/data/DTSA/advs/6-cgiwrap.adv b/data/DTSA/advs/6-cgiwrap.adv
index e390cdaf29..39da39e2be 100644
--- a/data/DTSA/advs/6-cgiwrap.adv
+++ b/data/DTSA/advs/6-cgiwrap.adv
@@ -8,6 +8,7 @@ debian-specific: no
cve:
testing-fix: 3.9-3.0etch1
sid-fix: 3.9-3.1
+upgrade: apt-get upgrade
Javier Fernández-Sanguino Peña discovered various vulnerabilities in cgiwrap:
diff --git a/data/DTSA/advs/7-mozilla.adv b/data/DTSA/advs/7-mozilla.adv
index 87cd96ccc0..108d543676 100644
--- a/data/DTSA/advs/7-mozilla.adv
+++ b/data/DTSA/advs/7-mozilla.adv
@@ -8,6 +8,7 @@ debian-specific: no
cve: CAN-2004-0718 CAN-2005-1937
testing-fix: 2:1.7.8-1sarge1
sid-fix: 2:1.7.10-1
+upgrade: apt-get install mozilla
A vulnerability has been discovered in Mozilla that allows remote attackers
to inject arbitrary Javascript from one page into the frameset of another
diff --git a/data/DTSA/advs/8-mozilla-firefox.adv b/data/DTSA/advs/8-mozilla-firefox.adv
index 97f2c8043d..6d5a77bc44 100644
--- a/data/DTSA/advs/8-mozilla-firefox.adv
+++ b/data/DTSA/advs/8-mozilla-firefox.adv
@@ -8,6 +8,7 @@ debian-specific: no
cve: CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270
testing-fix: 1.0.4-2sarge3
sid-fix: 1.0.6-3
+upgrade: apt-get install mozilla-firefox
We experienced that the update for Mozilla Firefox from DTSA-8-1
unfortunately was a regression in several cases. Since the usual
diff --git a/data/DTSA/advs/9-bluez-utils.adv b/data/DTSA/advs/9-bluez-utils.adv
index b91e1851e6..266f88911e 100644
--- a/data/DTSA/advs/9-bluez-utils.adv
+++ b/data/DTSA/advs/9-bluez-utils.adv
@@ -8,6 +8,7 @@ debian-specific: no
cve: CAN-2005-2547
testing-fix: 2.19-0.1etch1
sid-fix: 2.19-1
+upgrade: apt-get install bluez-utils
A bug in bluez-utils allows remote attackers to execute arbitrary commands
via shell metacharacters in the Bluetooth device name when invoking the PIN

© 2014-2024 Faster IT GmbH | imprint | privacy policy