diff options
author | Joey Hess <joeyh@debian.org> | 2005-09-07 17:08:19 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2005-09-07 17:08:19 +0000 |
commit | 5655b78c936abf8a9c3711bcf48e6d833da26cc2 (patch) | |
tree | 23f955d72af1a4e0a3a2d1cc6f36649d41297504 /data/DTSA/advs | |
parent | 72b2ae9675950803edddb5a34e86d033aedf7c58 (diff) |
add upgrade: field in advisory files, to get rid of the need to manually
edit that FIXME every time
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@1842 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs')
-rw-r--r-- | data/DTSA/advs/0-hotzenplotz.adv | 1 | ||||
-rw-r--r-- | data/DTSA/advs/1-kismet.adv | 1 | ||||
-rw-r--r-- | data/DTSA/advs/10-pcre.adv | 1 | ||||
-rw-r--r-- | data/DTSA/advs/11-maildrop.adv | 1 | ||||
-rw-r--r-- | data/DTSA/advs/12-vim.adv | 1 | ||||
-rw-r--r-- | data/DTSA/advs/2-centericq.adv | 1 | ||||
-rw-r--r-- | data/DTSA/advs/3-clamav.adv | 1 | ||||
-rw-r--r-- | data/DTSA/advs/4-ekg.adv | 1 | ||||
-rw-r--r-- | data/DTSA/advs/5-gaim.adv | 1 | ||||
-rw-r--r-- | data/DTSA/advs/6-cgiwrap.adv | 1 | ||||
-rw-r--r-- | data/DTSA/advs/7-mozilla.adv | 1 | ||||
-rw-r--r-- | data/DTSA/advs/8-mozilla-firefox.adv | 1 | ||||
-rw-r--r-- | data/DTSA/advs/9-bluez-utils.adv | 1 |
13 files changed, 13 insertions, 0 deletions
diff --git a/data/DTSA/advs/0-hotzenplotz.adv b/data/DTSA/advs/0-hotzenplotz.adv index bd0b862d41..6a0475747e 100644 --- a/data/DTSA/advs/0-hotzenplotz.adv +++ b/data/DTSA/advs/0-hotzenplotz.adv @@ -9,6 +9,7 @@ cve: CAN-1978-0019 vendor-advisory: http://www.hotzenplotz.org/sec/buffer-overflow.html testing-fix: 3.14-1ts1 sid-fix: 3.14-2 +upgrade: apt-get install hotzenplotz User authentication in hotzenplotz does not verify the user name properly. A buffer overflow can be exploited to execute arbitrary code with elevated diff --git a/data/DTSA/advs/1-kismet.adv b/data/DTSA/advs/1-kismet.adv index 24691ef93d..5d7c46e346 100644 --- a/data/DTSA/advs/1-kismet.adv +++ b/data/DTSA/advs/1-kismet.adv @@ -8,6 +8,7 @@ debian-specific: no cve: CAN-2005-2626 CAN-2005-2627 testing-fix: 2005.08.R1-0.1etch1 sid-fix: 2005.08.R1-1 +upgrade: apt-get install kismet Multiple security holes have been discovered in kismet: diff --git a/data/DTSA/advs/10-pcre.adv b/data/DTSA/advs/10-pcre.adv index 32067cb383..a4326beaac 100644 --- a/data/DTSA/advs/10-pcre.adv +++ b/data/DTSA/advs/10-pcre.adv @@ -8,6 +8,7 @@ debian-specific: no cve: CAN-2005-2491 testing-fix: 6.3-0.1etch1 sid-fix: 6.3-1 +upgrade: apt-get install libpcre3 An integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) allows attackers to execute arbitrary code via quantifier values in diff --git a/data/DTSA/advs/11-maildrop.adv b/data/DTSA/advs/11-maildrop.adv index 4d7d531370..97e1cb8259 100644 --- a/data/DTSA/advs/11-maildrop.adv +++ b/data/DTSA/advs/11-maildrop.adv @@ -8,6 +8,7 @@ debian-specific: yes cve: CAN-2005-2655 testing-fix: 1.5.3-1.1etch1 sid-fix: 1.5.3-2 +upgrade: apt-get install maildrop The lockmail binary shipped with maildrop allows for an attacker to obtain an effective gid as group "mail". Debian ships the binary with its diff --git a/data/DTSA/advs/12-vim.adv b/data/DTSA/advs/12-vim.adv index 242da6ec38..45a1fdee78 100644 --- a/data/DTSA/advs/12-vim.adv +++ b/data/DTSA/advs/12-vim.adv @@ -8,6 +8,7 @@ debian-specifc: no cve: CAN-2005-2368 testing-fix: 1:6.3-085+0.0etch1 sid-fix: 1:6.3-085+1 +upgrade: apt-get install vim vim modelines allow files to execute arbitrary commands via shell metacharacters in the glob or expand commands of a foldexpr expression diff --git a/data/DTSA/advs/2-centericq.adv b/data/DTSA/advs/2-centericq.adv index 1426620320..22926fe127 100644 --- a/data/DTSA/advs/2-centericq.adv +++ b/data/DTSA/advs/2-centericq.adv @@ -8,6 +8,7 @@ debian-specific: no cve: CAN-2005-2448 CAN-2005-2370 CAN-2005-2369 CAN-2005-1914 testing-fix: 4.20.0-8etch1 sid-fix: 4.20.0-9 +upgrade: apt-get install centericq centericq in testing is vulnerable to multiple security holes: diff --git a/data/DTSA/advs/3-clamav.adv b/data/DTSA/advs/3-clamav.adv index d6169b049e..313d9106b3 100644 --- a/data/DTSA/advs/3-clamav.adv +++ b/data/DTSA/advs/3-clamav.adv @@ -8,6 +8,7 @@ debian-specific: no cve: CAN-2005-2070 CAN-2005-1923 CAN-2005-2056 CAN-2005-1922 CAN-2005-2450 testing-fix: 0.86.2-4etch1 sid-fix: 0.86.2-1 +upgrade: apt-get upgrade Multiple security holes were found in clamav: diff --git a/data/DTSA/advs/4-ekg.adv b/data/DTSA/advs/4-ekg.adv index cca429a505..4c3f15401d 100644 --- a/data/DTSA/advs/4-ekg.adv +++ b/data/DTSA/advs/4-ekg.adv @@ -8,6 +8,7 @@ debian-specific: no cve: CAN-2005-1916 CAN-2005-1851 CAN-2005-1850 CAN-2005-1852 CAN-2005-2448 testing-fix: 1:1.5+20050808+1.6rc3-0etch1 sid-fix: 1:1.5+20050808+1.6rc3-1 +upgrade: apt-get install libgadu3 ekg Multiple vulnerabilities were discovered in ekg: diff --git a/data/DTSA/advs/5-gaim.adv b/data/DTSA/advs/5-gaim.adv index 52af5d7590..7c78d7e3c9 100644 --- a/data/DTSA/advs/5-gaim.adv +++ b/data/DTSA/advs/5-gaim.adv @@ -8,6 +8,7 @@ debian-specific: no cve: CAN-2005-2102 CAN-2005-2370 CAN-2005-2103 testing-fix: 1:1.4.0-5etch2 sid-fix: 1:1.4.0-5 +upgrade: apt-get install gaim Multiple security holes were found in gaim: diff --git a/data/DTSA/advs/6-cgiwrap.adv b/data/DTSA/advs/6-cgiwrap.adv index e390cdaf29..39da39e2be 100644 --- a/data/DTSA/advs/6-cgiwrap.adv +++ b/data/DTSA/advs/6-cgiwrap.adv @@ -8,6 +8,7 @@ debian-specific: no cve: testing-fix: 3.9-3.0etch1 sid-fix: 3.9-3.1 +upgrade: apt-get upgrade Javier Fernández-Sanguino Peña discovered various vulnerabilities in cgiwrap: diff --git a/data/DTSA/advs/7-mozilla.adv b/data/DTSA/advs/7-mozilla.adv index 87cd96ccc0..108d543676 100644 --- a/data/DTSA/advs/7-mozilla.adv +++ b/data/DTSA/advs/7-mozilla.adv @@ -8,6 +8,7 @@ debian-specific: no cve: CAN-2004-0718 CAN-2005-1937 testing-fix: 2:1.7.8-1sarge1 sid-fix: 2:1.7.10-1 +upgrade: apt-get install mozilla A vulnerability has been discovered in Mozilla that allows remote attackers to inject arbitrary Javascript from one page into the frameset of another diff --git a/data/DTSA/advs/8-mozilla-firefox.adv b/data/DTSA/advs/8-mozilla-firefox.adv index 97f2c8043d..6d5a77bc44 100644 --- a/data/DTSA/advs/8-mozilla-firefox.adv +++ b/data/DTSA/advs/8-mozilla-firefox.adv @@ -8,6 +8,7 @@ debian-specific: no cve: CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 testing-fix: 1.0.4-2sarge3 sid-fix: 1.0.6-3 +upgrade: apt-get install mozilla-firefox We experienced that the update for Mozilla Firefox from DTSA-8-1 unfortunately was a regression in several cases. Since the usual diff --git a/data/DTSA/advs/9-bluez-utils.adv b/data/DTSA/advs/9-bluez-utils.adv index b91e1851e6..266f88911e 100644 --- a/data/DTSA/advs/9-bluez-utils.adv +++ b/data/DTSA/advs/9-bluez-utils.adv @@ -8,6 +8,7 @@ debian-specific: no cve: CAN-2005-2547 testing-fix: 2.19-0.1etch1 sid-fix: 2.19-1 +upgrade: apt-get install bluez-utils A bug in bluez-utils allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN |