diff options
| author | Joey Hess <joeyh@debian.org> | 2005-10-19 23:10:21 +0000 |
|---|---|---|
| committer | Joey Hess <joeyh@debian.org> | 2005-10-19 23:10:21 +0000 |
| commit | 20cd29d934ef16cee0a9d683f5ac4233739c1a12 (patch) | |
| tree | 0a755eecca326176394c24227671bdb9c379403c /data | |
| parent | 42d226f0d20fb9aaf7c03c81e97c4a5d25e35e70 (diff) | |
update references to CANs to be CVEs and complete CVE transition
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2462 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
| -rw-r--r-- | data/DSA/list | 1480 | ||||
| -rw-r--r-- | data/DTSA/advs/1-kismet.adv | 6 | ||||
| -rw-r--r-- | data/DTSA/advs/10-pcre.adv | 2 | ||||
| -rw-r--r-- | data/DTSA/advs/11-maildrop.adv | 2 | ||||
| -rw-r--r-- | data/DTSA/advs/12-vim.adv | 2 | ||||
| -rw-r--r-- | data/DTSA/advs/13-evolution.adv | 6 | ||||
| -rw-r--r-- | data/DTSA/advs/14-mozilla.adv | 20 | ||||
| -rw-r--r-- | data/DTSA/advs/15-php4.adv | 8 | ||||
| -rw-r--r-- | data/DTSA/advs/16-linux-2.6.adv | 32 | ||||
| -rw-r--r-- | data/DTSA/advs/17-lm-sensors.adv | 2 | ||||
| -rw-r--r-- | data/DTSA/advs/18-thunderbird.adv | 18 | ||||
| -rw-r--r-- | data/DTSA/advs/19-clamav.adv | 6 | ||||
| -rw-r--r-- | data/DTSA/advs/2-centericq.adv | 10 | ||||
| -rw-r--r-- | data/DTSA/advs/20-mailutils.adv | 4 | ||||
| -rw-r--r-- | data/DTSA/advs/3-clamav.adv | 12 | ||||
| -rw-r--r-- | data/DTSA/advs/4-ekg.adv | 12 | ||||
| -rw-r--r-- | data/DTSA/advs/44-kdelibs.adv | 2 | ||||
| -rw-r--r-- | data/DTSA/advs/5-gaim.adv | 8 | ||||
| -rw-r--r-- | data/DTSA/advs/7-mozilla.adv | 2 | ||||
| -rw-r--r-- | data/DTSA/advs/8-mozilla-firefox.adv | 26 | ||||
| -rw-r--r-- | data/DTSA/advs/9-bluez-utils.adv | 2 | ||||
| -rw-r--r-- | data/DTSA/advs/nn-kernel-source-2.4.27.adv | 4 | ||||
| -rw-r--r-- | data/DTSA/list | 36 | ||||
| -rw-r--r-- | data/README | 2 |
24 files changed, 852 insertions, 852 deletions
diff --git a/data/DSA/list b/data/DSA/list index b497b8622d..c6d00abd79 100644 --- a/data/DSA/list +++ b/data/DSA/list @@ -1,2521 +1,2521 @@ [13 Oct 2005] DSA-865-1 hylafax - insecure temporary files - {CAN-2005-3069} + {CVE-2005-3069} - hylafax 1:4.2.2-1 NOTE: not fixed in testing at time of DSA (missing arm) [13 Oct 2005] DSA-864-1 ruby1.8 - programming error - {CAN-2005-2337} + {CVE-2005-2337} - ruby1.6 1.6.8-13 NOTE: not fixed in testing at time of DSA (RC bugs) [12 Oct 2005] DSA-863-1 xine-lib - format string vulnerability - {CAN-2005-2967} + {CVE-2005-2967} - xine-lib <unfixed> (bug #332919; medium) NOTE: not fixed in testing at time of DSA (unfixed in sid) [11 Oct 2005] DSA-862-1 ruby1.6 - programming error - {CAN-2005-2337} + {CVE-2005-2337} - ruby1.6 1.6.8-13 NOTE: fixed in testing at time of DSA [11 Oct 2005] DSA-861-1 up-imap - buffer overflow - {CAN-2005-2933} + {CVE-2005-2933} - uw-imap 7:2002edebian1-12 NOTE: not fixed in testing at time of DSA (unfixed in sid) [11 Oct 2005] DSA-860-1 ruby - programming error - {CAN-2005-2337} + {CVE-2005-2337} - ruby <removed> NOTE: fixed in testing at time of DSA (woody-only DSA) [10 Oct 2005] DSA-859-1 xli - buffer overflows - {CAN-2005-3178} + {CVE-2005-3178} - xli <unfixed> (medium) NOTE: not fixed in testing at time of DSA (unfixed in sid) [10 Oct 2005] DSA-858-1 xloadimage - buffer overflows - {CAN-2005-3178} + {CVE-2005-3178} - xloadimage 4.1-15 (bug #332524; medium) NOTE: not fixed in testing at time of DSA (too young) [10 Oct 2005] DSA-857-1 graphviz - insecure temporary file - {CAN-2005-2965} + {CVE-2005-2965} - graphviz 2.2.1-1sarge1 (low) NOTE: fixed in testing at time of DSA [10 Oct 2005] DSA-856-1 py2play - design error - {CAN-2005-2875} + {CVE-2005-2875} - py2play 0.1.8-1 (bug #326976; medium) NOTE: fixed in testing at time of DSA [10 Oct 2005] DSA-855-1 weex - format string vulnerability - {CAN-2005-3150} + {CVE-2005-3150} - weex 2.6.1-6sarge1 (bug #332424; medium) NOTE: not fixed in testing at time of DSA (DSA fix propagated to sid) [09 Oct 2005] DSA-854-1 tcpdump - infinite loop - {CAN-2005-1267} + {CVE-2005-1267} - tcpdump 3.9.0.cvs.20050614-1 NOTE: fixed in testing at time of DSA [09 Oct 2005] DSA-853-1 ethereal - several - {CAN-2005-2360 CAN-2005-2361 CAN-2005-2363 CAN-2005-2364 CAN-2005-2365 CAN-2005-2366 CAN-2005-2367} + {CVE-2005-2360 CVE-2005-2361 CVE-2005-2363 CVE-2005-2364 CVE-2005-2365 CVE-2005-2366 CVE-2005-2367} - ethereal 0.10.12-1 NOTE: not fixed in testing at time of DSA (not fixed in unstable) [08 Oct 2005] DSA-852-1 up-imapproxy - arbitrary code execution - {CAN-2005-2661} + {CVE-2005-2661} - up-imapproxy 1.2.4-2 NOTE: not fixed in testing at time of DSA (not fixed in unstable) [08 Oct 2005] DSA-851-1 openvpn - denial of service - {CAN-2005-2531 CAN-2005-2532 CAN-2005-2533 CAN-2005-2534} + {CVE-2005-2531 CVE-2005-2532 CVE-2005-2533 CVE-2005-2534} - openvpn 2.0.2-1 NOTE: fixed in testing at time of DSA [08 Oct 2005] DSA-850-1 tcpdump - denial of service - {CAN-2005-1279} + {CVE-2005-1279} - tcpdump 3.8.3-4 NOTE: fixed in testing at time of DSA (woody-only DSA) [08 Oct 2005] DSA-849-1 shorewall - programming error - {CAN-2005-2317} + {CVE-2005-2317} - shorewall 2.4.2-2 NOTE: fixed in testing at time of DSA [08 Oct 2005] DSA-848-1 masqmail - several - {CAN-2005-2662 CAN-2005-2663} + {CVE-2005-2662 CVE-2005-2663} - masqmail 0.2.20-1sarge1 NOTE: not fixed in testing at time of DSA (not fixed in unstable) [08 Oct 2005] DSA-847-1 dia - missing input sanitising - {CAN-2005-2966} + {CVE-2005-2966} - dia 0.94.0-15 (bug #330890; medium) NOTE: not fixed in testing at time of DSA, missing sparc build, gcc-4.0 [07 Oct 2005] DSA-846-1 cpio - several - {CAN-2005-1111 CAN-2005-1229} + {CVE-2005-1111 CVE-2005-1229} - cpio 2.6-6 NOTE: fixed in testing at time of DSA [06 Oct 2005] DSA-845-1 mason - programming error - {CAN-2005-3118} + {CVE-2005-3118} - mason 1.0.0-3 NOTE: fixed in testing at time of DSA [05 Oct 2005] DSA-844-1 mod-auth-shadow - programming error - {CAN-2005-2963} + {CVE-2005-2963} - mod-auth-shadow 1.4-2 NOTE: not fixed in testing at time of DSA (missing m68k) [05 Oct 2005] DSA-843-1 arc - insecure temporary file - {CAN-2005-2945 CAN-2005-2992} + {CVE-2005-2945 CVE-2005-2992} - arc 5.21m-1 NOTE: fixed in testing at time of DSA [04 Oct 2005] DSA-842-1 egroupware - missing input sanitising - {CAN-2005-2498} + {CVE-2005-2498} - egroupware 1.0.0.009.dfsg-1 NOTE: fixed in testing at time of DSA [04 Oct 2005] DSA-841-1 mailutils - format string vulnerability - {CAN-2005-2878} + {CVE-2005-2878} - mailutils 1:0.6.90-2.1etch1 NOTE: not fixed in testing at time of DSA (missing arm) [04 Jul 2005] DSA-840-1 drupal - missing input sanitising - {CAN-2005-2498} + {CVE-2005-2498} - drupal 4.5.5-1 NOTE: fixed in testing at time of DSA [04 Oct 2005] DSA-839-1 apachetop - insecure temporary file - {CAN-2005-2660} + {CVE-2005-2660} - apachetop 0.12.5-3 NOTE: not fixed in testing at time of DSA (not built on m68k, waiting on gcc-4) [03 Oct 2005] DSA-838-1 mozilla-firefox - multiple vulnerabilities - {CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704 CAN-2005-2705 CAN-2005-2706 CAN-2005-2707} + {CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706 CVE-2005-2707} - mozilla-firefox 1.0.7-1 NOTE: not fixed in testing at time of DSA (not built on arm, silly RC bugs) [02 Oct 2005] DSA-837-1 mozilla-firefox - buffer overflow - {CAN-2005-2871} + {CVE-2005-2871} - mozilla-firefox 1.0.6-5 (medium) NOTE: not fixed in testing at time of DSA (not built on arm, silly RC bugs) [01 Oct 2005] DSA-836-1 cfengine2 - insecure temporary files - {CAN-2005-2960 CAN-2005-3137} + {CVE-2005-2960 CVE-2005-3137} - cfengine2 <unfixed> NOTE: not fixed in testing at time of DSA (unfixed in sid) NOTE: No bug exists for this issue [01 Oct 2005] DSA-835-1 cfengine - insecure temporary files - {CAN-2005-2960 CAN-2005-3137} + {CVE-2005-2960 CVE-2005-3137} - cfengine <unfixed> NOTE: not fixed in testing at time of DSA (unfixed in sid) NOTE: No bug exists for this issue [01 Oct 2005] DSA-834-1 prozilla - buffer overflow - {CAN-2005-2961} + {CVE-2005-2961} NOTE: Prozilla has been removed before Sarge release [30 Sep 2005] DSA-832-1 gopher - buffer overflows - {CAN-2005-2772} + {CVE-2005-2772} - gopher 3.0.11 NOTE: fixed in testing at time of DSA [30 Sep 2005] DSA-831-1 mysql-dfsg-4.1 - several - {CAN-2005-2558} + {CVE-2005-2558} - mysql-dfsg-4.1 4.1.14-2 (medium) - mysql-dfsg-5.0 5.0.11beta-3 (medium) NOTE: not fixed in testing at time of DSA (waiting on gmp, missing builds) [30 Sep 2005] DSA-830-1 ntlmaps - wrong permissions - {CAN-2005-2962} + {CVE-2005-2962} - ntlmaps 0.9.9-4 NOTE: fixed in testing at time of DSA [30 Sep 2005] DSA-829-1 mysql - several - {CAN-2005-2558} + {CVE-2005-2558} - mysql-dfsg-4.1 4.1.14-2 (medium) - mysql-dfsg-5.0 5.0.11beta-3 (medium) NOTE: fixed in testing at time of DSA [30 Sep 2005] DSA-828-1 squid - several - {CAN-2005-2917} + {CVE-2005-2917} - squid 2.5.10-6 (medium) NOTE: fixed in testing at time of DSA [30 Sep 2005] DSA-809-2 squid - assertion error - {CAN-2005-2794} + {CVE-2005-2794} - squid 2.5.10-5 (medium) NOTE: fixed in testing at time of DSA [29 Sep 2005] DSA-827-1 backupninja - insecure temporary file creation - backupninja 0.8-2 (medium) NOTE: not fixed in testing at time of DSA (too young 1/2 days) [29 Sep 2005] DSA-826-1 helix-player - multiple - {CAN-2005-1766 CAN-2005-2710} + {CVE-2005-1766 CVE-2005-2710} - helix-player 1.0.6-1 (high) NOTE: not fixed in testing at time of DSA [29 Sep 2005] DSA-825-1 loop-aes-utils - privilege escalation - {CAN-2005-2876} + {CVE-2005-2876} - loop-aes-utils 2.12p-9 (medium) NOTE: fixed in testing at the time of the DSA [29 Sep 2005] DSA-823-1 util-linux - privilege escalation - {CAN-2005-2876} + {CVE-2005-2876} - util-linux 2.12p-8 (high) NOTE: not fixed in testing at time of DSA [29 Sep 2005] DSA-822-1 gtkdiskfree - insecure temporary file creation - {CAN-2005-2918} + {CVE-2005-2918} - gtkdiskfree 1.9.3-4sarge1 (medium) NOTE: not fixed even in unstable at time of DSA [29 Sep 2005] DSA-824-1 clamav - infinite loop, buffer overflow - {CAN-2005-2919 CAN-2005-2920} + {CVE-2005-2919 CVE-2005-2920} - clamav 0.87-1 (high) NOTE: not fixed in testing at time of DSA [28 Sep 2005] DSA-797-2 zsync - buffer overflow - {CAN-2005-1849 CAN-2005-2096} + {CVE-2005-1849 CVE-2005-2096} - zsync 0.3.3-1.sarge.1.2 (low) NOTE: An upload to fix a FTBS [28 Sep 2005] DSA-821-1 python2.3 - integer overflow - {CAN-2005-2491} + {CVE-2005-2491} - python2.3 2.3.5-8 (medium) NOTE: not fixed in testing at time of DSA (waiting on gmp) [24 Sep 2005] DSA-820-1 courier - missing input sanitising - {CAN-2005-2820} + {CVE-2005-2820} - courier 0.47-9 (medium) NOTE: fixed in testing at time of DSA [23 Sep 2005] DSA-819-1 python2.1 - integer overflow - {CAN-2005-2491} + {CVE-2005-2491} - python2.1 2.1.3dfsg-3 (medium) NOTE: not fixed in testing at time of DSA (waiting on gmp) [22 Sep 2005] DSA-818-1 kdeedu - insecure temporary files - {CAN-2005-2101} + {CVE-2005-2101} - kdeedu 4:3.4.2-1 NOTE: not fixed in testing at time of DSA [22 Sep 2005] DSA-817-1 python2.2 - integer overflow - {CAN-2005-2491} + {CVE-2005-2491} - python2.2 2.2.3dfsg-4 (medium) NOTE: not fixed in testing at time of DSA (waiting on gmp) [19 Sep 2005] DSA-816-1 xfree86 - integer overflow - {CAN-2005-2495} + {CVE-2005-2495} - xserver-xorg 6.8.2.dfsg.1-7 NOTE: not fixed in testing at time of DSA (waiting on gcc, which is waiting on gmp) [16 Sep 2005] DSA-815-1 kdebase - programming error - {CAN-2005-2494} + {CVE-2005-2494} - kdebase 4:3.4.2-3 (medium) NOTE: not fixed in testing at time of DSA (not even fixed in unstable) [15 Sep 2005] DSA-814-1 lm-sensors - insecure temporary file - {CAN-2005-2672} + {CVE-2005-2672} - lm-sensors 1:2.9.1-6etch1 NOTE: not fixed in testing at time of DSA (waiting on rrdtool, which is waiting on perl) [15 Sep 2005] DSA-813-1 centericq - several - {CAN-2005-2369 CAN-2005-2370 CAN-2005-2448} + {CVE-2005-2369 CVE-2005-2370 CVE-2005-2448} - centericq 4.20.0-9 NOTE: fixed in testing in time of DSA [15 Sep 2005] DSA-812-1 turqstat - buffer overflow - {CAN-2005-2658} + {CVE-2005-2658} - turqstat 2.2.4-1 (medium) NOTE: not fixed in testing at time of DSA (waiting on qt, borked on m68k) [14 Sep 2005] DSA-811-1 common-lisp-controller - design error - {CAN-2005-2657} + {CVE-2005-2657} - common-lisp-controller 4.18 (bug #328633; medium) NOTE: not fixed in testing at time of DSA (too young, sid fix not yet uploaded) [13 Sep 2005] DSA-810-1 mozilla - several - {CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2263 CAN-2005-2265 CAN-2005-2266 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270} + {CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2263 CVE-2005-2265 CVE-2005-2266 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270} - mozilla 2:1.7.8-1sarge2 (medium) NOTE: not fixed in testing at time of DSA (buggy and TBS) [13 Sep 2005] DSA-809-1 squid - several - {CAN-2005-2794 CAN-2005-2796} + {CVE-2005-2794 CVE-2005-2796} - squid 2.5.10-5 (medium) NOTE: not fixed in testing at time of DSA (too young) [12 Sep 2005] DSA-808-1 tdiary - design error - {CAN-2005-2411} + {CVE-2005-2411} - tdiary 2.0.2-1 (medium) NOTE: fixed in testing at time of DSA [12 Sep 2005] DSA-807-1 libapache-mod-ssl - acl restriction bypass - {CAN-2005-2700} + {CVE-2005-2700} - libapache-mod-ssl 2.8.24-1 (medium) NOTE: not fixed in testing at time of DSA (too young) [09 Sep 2005] DSA-806-1 gcvs - insecure temporary files - {CAN-2005-2693} + {CVE-2005-2693} - gcvs 1.0final-7 (low) NOTE: fixed in testing at time of DSA [08 Sep 2005] DSA-805-1 apache2 - several - {CAN-2005-1268 CAN-2005-2088 CAN-2005-2700 CAN-2005-2728} + {CVE-2005-1268 CVE-2005-2088 CVE-2005-2700 CVE-2005-2728} - apache2 2.0.54-5 (medium) NOTE: not fixed in testing at time of DSA (too young) [08 Sep 2005] DSA-804-1 kdelibs - insecure permissions - {CAN-2005-1920} + {CVE-2005-1920} - kdelibs 4:3.4.2-1 (medium) NOTE: not fixed in testing at time of DSA (kde transition) [07 Sep 2005] DSA-803-1 apache - programming error - {CAN-2005-2088} + {CVE-2005-2088} - apache 1.3.33-8 (medium) NOTE: not fixed in testing at time of DSA (too young) [07 Sep 2005] DSA-802-1 cvs - insecure temporary files - {CAN-2005-2693} + {CVE-2005-2693} - cvs 1:1.11.5-4 (low) NOTE: fixed in testing at time of DSA [05 Sep 2005] DSA-801-1 ntp - programming error - {CAN-2005-2496} + {CVE-2005-2496} - ntp 1:4.2.0a+stable-2sarge1 (medium) NOTE: not fixed in testing at time of DSA (RC bugs) [02 Sep 2005] DSA-800-1 pcre3 - integer overflow - {CAN-2005-2491} + {CVE-2005-2491} - pcre3 6.3-0.1etch1 (high) NOTE: not fixed in testing at time of DSA (glibc transition) NOTE: however, fixed in secure-testing archive [02 Sep 2005] DSA-799-1 webcalendar - input validation - {CAN-2005-2717} + {CVE-2005-2717} - webcalendar 0.9.45-7 (bug #326223; high) NOTE: not fixed in testing at time of DSA (coordinated disclosure) [02 Sep 2005] DSA-798-1 phpgroupware - several - {CAN-2005-2498 CAN-2005-2600 CAN-2005-2761} + {CVE-2005-2498 CVE-2005-2600 CVE-2005-2761} - phpgroupware 0.9.16.008-1 (high) NOTE: not fixed in testing at time of DSA (too young) [01 Sep 2005] DSA-797-1 zsync - buffer overflow - {CAN-2005-1849 CAN-2005-2096} + {CVE-2005-1849 CVE-2005-2096} - zsync 0.4.0-2 (medium) NOTE: fixed in testing at time of DSA [01 Sep 2005] DSA-796-1 affix - unsafe use of popen - {CAN-2005-2716} + {CVE-2005-2716} - affix 2.1.2-3 (medium) NOTE: not fixed in testing at time of DSA (glibc transition, builds) [01 Sep 2005] DSA-795-2 proftpd - format string error - {CAN-2005-2390} + {CVE-2005-2390} - proftpd 1.2.10-20 (medium) NOTE: fixed in testing at time of DSA NOTE: Initial -1 release had a build problem [01 Sep 2005] DSA-794-1 polygen - programming error - {CAN-2005-2656} + {CVE-2005-2656} - polygen 1.0.6-9 (low) NOTE: not fixed in testing at time of DSA (too young) [21 Aug 2005] DSA-779-2 mozilla-firefox - several NOTE: Essentially 1.0.6 with rolled-back version number, backported version had regressions - {CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270} + {CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270} - mozilla-firefox 1.0.4-2sarge3 (medium) NOTE: not fixed in testing at time of DSA (waiting on dependencies) NOTE: Fixed in DTSA, which will have the same regressions, should be checked/reverted [01 Sep 2005] DSA-793-1 courier - missing input sanitising - {CAN-2005-2724} + {CVE-2005-2724} - courier 0.47-8 (medium) NOTE: not fixed in testing at time of DSA (glibc transition, too young) [31 Aug 2005] DSA-792-1 pstotext - missing input sanitising - {CAN-2005-2536} + {CVE-2005-2536} - pstotext 1.9-2 (medium) NOTE: not fixed in testing at time of DSA (glibc transition, builds) [30 Aug 2005] DSA-791-1 maildrop - missing privilege release - {CAN-2005-2655} + {CVE-2005-2655} - maildrop 1.5.3-1.1etch1 (medium) NOTE: not fixed in testing at time of DSA (glibc transition) NOTE: but fixed in secure-testing repo [30 Aug 2005] DSA-790-1 phpldapadmin - programming error - {CAN-2005-2654} + {CVE-2005-2654} - phpldapadmin 0.9.6c-5 (medium) NOTE: fixed in testing at time of DSA [29 Aug 2005] DSA-789-1 php4 - several - {CAN-2005-1751 CAN-2005-1921 CAN-2005-2498} + {CVE-2005-1751 CVE-2005-1921 CVE-2005-2498} - php4 4:4.3.10-16etch1 (high) NOTE: not fixed in testing at time of DSA (not uploaded yet) [29 Aug 2005] DSA-788-1 kismet - several - {CAN-2005-2626 CAN-2005-2627} + {CVE-2005-2626 CVE-2005-2627} - kismet 2005.08.R1-1 (medium) NOTE: not fixed in testing at time of DSA (glibc transition) NOTE: but fixed in secure-testing repo [26 Aug 2005] DSA-787-1 backup-manager - insecure permissions and tempfile - {CAN-2005-1855 CAN-2005-1856} + {CVE-2005-1855 CVE-2005-1856} - backup-manager 0.5.8-2 (medium) NOTE: fixed in testing at time of DSA [26 Aug 2005] DSA-786-1 simpleproxy - format string vulnerability - {CAN-2005-1857} + {CVE-2005-1857} - simpleproxy 3.2-4 (medium) NOTE: not fixed in testing at time of DSA (embargoed disclosure) [25 Aug 2005] DSA-785-1 libpam-ldap - authentication bypass - {CAN-2005-2641 CAN-2005-2069} + {CVE-2005-2641 CVE-2005-2069} - libpam-ldap 178-1sarge1 (medium) NOTE: not fixed in testing at time of DSA (embargoed disclosure) [25 Aug 2005] DSA-784-1 courier - programming error - {CAN-2005-2151} + {CVE-2005-2151} - courier 0.47-6 (low) NOTE: not fixed in testing at time of DSA (glibc transition) [24 Aug 2005] DSA-783-1 mysql-dfsg-4.1 - insecure temporary file - {CAN-2005-1636} + {CVE-2005-1636} - mysql-dfsg-4.1 4.1.12 (medium; bug #319526) NOTE: not fixed in testing at time of DSA (glibc transition) - mysql-dfsg-5.0 5.0.11beta-3 (medium) NOTE: not fixed in testing at time of DSA (glibc transition) [23 Aug 2005] DSA-782-1 bluez-utils - missing input sanitising - {CAN-2005-2547} + {CVE-2005-2547} - bluez-utils 2.19-1 (high) NOTE: not fixed in testing at time of DSA (missing builds) [23 Aug 2005] DSA-781-1 mozilla-thunderbird - several - {CAN-2005-0989 CAN-2005-1159 CAN-2005-1160 CAN-2005-1532 CAN-2005-2261 CAN-2005-2265 CAN-2005-2266 CAN-2005-2269 CAN-2005-2270} + {CVE-2005-0989 CVE-2005-1159 CVE-2005-1160 CVE-2005-1532 CVE-2005-2261 CVE-2005-2265 CVE-2005-2266 CVE-2005-2269 CVE-2005-2270} - mozilla-thunderbird 1.0.6-1 (medium) NOTE: not fixed in testing at time of DSA (missing builds) [22 Aug 2005] DSA-780-1 kdegraphics - wrong input sanitising - {CAN-2005-2097} + {CVE-2005-2097} - kdegraphics 4:3.4.2-1 (bug #322458; low) NOTE: not fixed in testing at time of DSA (nor in unstable; C++ ABI transition) [21 Aug 2005] DSA-779-1 mozilla-firefox - several - {CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270} + {CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270} - mozilla-firefox 1.0.4-2sarge3 (medium) NOTE: not fixed in testing at time of DSA (build and deps) [19 Aug 2005] DSA-778-1 mantis - missing input sanitising - {CAN-2005-2556 CAN-2005-2557} + {CVE-2005-2556 CVE-2005-2557} - mantis 0.19.2-4 (medium) NOTE: not fixed in testing at time of DSA (nor unstable) [17 Aug 2005] DSA-777-1 mozilla - frame injection spoofing - {CAN-2004-0718 CAN-2005-1937} + {CVE-2004-0718 CVE-2005-1937} - mozilla 2:1.7.10-1 (medium) NOTE: not fixed in testing at time of DSA (waiting on builds) [16 Aug 2005] DSA-776-1 clamav - integer overflows, infinite loop - {CAN-2005-2450} + {CVE-2005-2450} - clamav 0.86.2-1 (medium) NOTE: not fixed in testing at time of DSA (waiting on dependencies) [12 Aug 2005] DSA-775-1 mozilla-firefox - frame injection spoofing - {CAN-2004-0718 CAN-2005-1937} + {CVE-2004-0718 CVE-2005-1937} - mozilla-firefox 1.0.4-2sarge3 (medium) NOTE: IMO the information about the sid fix in the DSA is wrong, pinged security@ NOTE: fixed in testing at time of DSA [12 Aug 2005] DSA-774-1 fetchmail - buffer overflow - {CAN-2005-2335} + {CVE-2005-2335} - fetchmail 6.2.5-16 (medium) NOTE: fixed in testing at time of DSA [11 Aug 2005] DSA-773-1 New amd64 packages fix several bugs NOTE: amd64 catch-up DSA, no new holes [03 Aug 2005] DSA-772-1 apt-cacher - missing input sanitising - {CAN-2005-1854} + {CVE-2005-1854} - apt-cacher 0.9.10 (high) NOTE: not fixed in testing at time of DSA (not uploaded to unstable yet) [01 Aug 2005] DSA-771-1 pdns - several - {CAN-2005-2301 CAN-2005-2302} + {CVE-2005-2301 CVE-2005-2302} - pdns 2.9.18-1 (medium) NOTE: not fixed in testing at time of DSA (too young) [29 Jul 2005] DSA-770-1 gopher - insecure tmpfile handling - {CAN-2005-1853} + {CVE-2005-1853} - gopher 3.0.10 NOTE: not fixed in testing at time of DSA (Debian server outage) [29 Jul 2005] DSA-769-1 gaim - memory alignment bug - {CAN-2005-2370} + {CVE-2005-2370} - gaim 1:1.4.0-5 (high) NOTE: not fixed in testing at time of DSA (?) [27 Jul 2005] DSA-768-1 phpbb2 - missing input validation - {CAN-2005-2161} + {CVE-2005-2161} - phpbb2 2.0.13-6sarge1 NOTE: not fixed in testing at time of DSA (Debian server outage) [27 Jul 2005] DSA-767-1 ekg - integer overflows - {CAN-2005-1852} + {CVE-2005-1852} - ekg 1:1.5+20050718+1.6rc3-1 (medium) NOTE: not fixed in testing at time of DSA (Debian server outage) [26 Jul 2005] DSA-766-1 webcalendar - authorisation failure - {CAN-2005-2320} + {CVE-2005-2320} - webcalendar 0.9.45-7 (medium) NOTE: not fixed in testing at time of DSA (Debian server outage) [22 Jul 2005] DSA-765-1 heimdal - buffer overflow - {CAN-2005-0469} + {CVE-2005-0469} - heimdal 0.6.3-10 (medium) NOTE: fixed in testing at time of DSA [21 Jul 2005] DSA-764-1 cacti - several - {CAN-2005-1524 CAN-2005-1525 CAN-2005-1526 CAN-2005-2148 CAN-2005-2149} + {CVE-2005-1524 CVE-2005-1525 CVE-2005-1526 CVE-2005-2148 CVE-2005-2149} - cacti 0.8.6f-1 (high) NOTE: fixed in testing at time of DSA NOTE: DSA information is incorrect, sid fix is 6f, not 6e [20 Jul 2005] DSA-763-1 zlib - buffer overflow - {CAN-2005-1849} + {CVE-2005-1849} - zlib 1:1.2.3-1 (medium) NOTE: not fixed in testing at time of DSA (only 1/2 days old, not built on s390) [19 Jul 2005] DSA-762-1 affix - several - {CAN-2005-2250 CAN-2005-2277} + {CVE-2005-2250 CVE-2005-2277} - affix 2.1.2-2 (medium) NOTE: not fixed in testing at time of DSA (only 2/2 days old) [19 Jul 2005] DSA-761-2 heartbeat - insecure temporary files - {CAN-2005-2231} + {CVE-2005-2231} - heartbeat 1.2.3-12 (medium) NOTE: not fixed in testing at time of DSA (only 0/2 days old) [18 Jul 2005] DSA-760-1 ekg - several - {CAN-2005-1850 CAN-2005-1851 CAN-2005-1916} + {CVE-2005-1850 CVE-2005-1851 CVE-2005-1916} - ekg 1:1.5+20050712+1.6rc2-1 (low) NOTE: not fixed in testing at time of DSA (waiting on dependencies, not built on five archs) [18 Jul 2005] DSA-759-1 phppgadmin - missing input sanitising - {CAN-2005-2256} + {CVE-2005-2256} - phppgadmin 3.5.4-1 (medium) NOTE: not fixed in testing at time of DSA (only 0/10 days old) [18 Jul 2005] DSA-758-1 heimdal - buffer overflow - {CAN-2005-2040} + {CVE-2005-2040} - heimdal 0.6.3-11 (medium) NOTE: not fixed in testing at time of DSA (waiting on dependencies) [17 Jul 2005] DSA-757-1 krb5 - buffer overflow, double-free memory - {CAN-2005-1689 CAN-2005-1174 CAN-2005-1175} + {CVE-2005-1689 CVE-2005-1174 CVE-2005-1175} - krb5 1.3.6-4 (medium) NOTE: not fixed in testing at time of DSA (waiting on dependencies, not built on m68k) [14 Jul 2005] DSA-746-1 phpgroupware - remote command execution - {CAN-2005-1921} + {CVE-2005-1921} - phpgroupware 0.9.16.006-1 (high) NOTE: fixed in testing at time of DSA [13 Jul 2005] DSA-756-1 squirrelmail - several - {CAN-2005-1769 CAN-2005-2095} + {CVE-2005-1769 CVE-2005-2095} - squirrelmail 2:1.4.4-6 (medium) NOTE: not fixed in testing at time of DSA (only 0/2 days old) [13 Jul 2005] DSA-755-1 tiff - buffer overflow - {CAN-2005-1544} + {CVE-2005-1544} - tiff 3.7.2-3 (medium) NOTE: fixed in testing at time of DSA [13 Jul 2005] DSA-754-1 centericq - insecure temporary file - {CAN-2005-1914} + {CVE-2005-1914} - centericq 4.20.0-7 (low) NOTE: not fixed in testing at time of DSA (waiting on dependencies) [12 Jul 2005] DSA-753-1 gedit - format string - {CAN-2005-1686} + {CVE-2005-1686} - gedit 2.10.3-1 (low) NOTE: not fixed in testing at time of DSA (waiting on dependencies) [11 Jul 2005] DSA-752-1 gzip - several - {CAN-2005-0988 CAN-2005-1228} + {CVE-2005-0988 CVE-2005-1228} - gzip 1.3.5-10 NOTE: fixed in testing at time of DSA [11 Jul 2005] DSA-751-1 squid - IP spoofind - {CAN-2005-1519} + {CVE-2005-1519} - squid 2.5.9-9 NOTE: fixed in testing at time of DSA [10 Jul 2005] DSA-748-1 ruby1.8 - bad default value - {CAN-2005-1992} + {CVE-2005-1992} - ruby1.8 1.8.2-8 (medium) NOTE: not fixed in testing at time of DSA (waiting on dependencies) [11 Jul 2005] DSA-750-1 dhcpcd - out-of-bound memory access - {CAN-2005-1848} + {CVE-2005-1848} - dhcpcd 1:1.3.22pl4-22 NOTE: fixed in testing at time of DSA [10 Jul 2005] DSA-749-1 ettercap - format string error - {CAN-2005-1796} + {CVE-2005-1796} - ettercap 1:0.7.3-1 (medium) NOTE: fixed in testing at time of DSA [10 Jul 2005] DSA-747-1 egroupware - input validation error - {CAN-2005-1921} + {CVE-2005-1921} - egroupware 1.0.0.007-3.dfsg-1 (high) NOTE: not fixed in testing at time of DSA (only 1/2 days old) [10 Jul 2005] DSA-745-1 drupal - arbitrary command execution - {CAN-2005-1921 CAN-2005-2106 CAN-2005-2116} + {CVE-2005-1921 CVE-2005-2106 CVE-2005-2116} - drupal 4.5.4-1 (high) NOTE: fixed in testing at time of DSA [08 Jul 2005] DSA-744-1 fuse - programming error - {CAN-2005-1858} + {CVE-2005-1858} - fuse 2.3.0-1 NOTE: fixed in testing at time of DSA [08 Jul 2005] DSA-743-1 ht - buffer overflows, integer overflows - {CAN-2005-1545 CAN-2005-1546} + {CVE-2005-1545 CVE-2005-1546} - ht 0.8.0-3 NOTE: fixed in testing at time of DSA [09 Jul 2005] DSA-742-1 cvs - buffer overflow - {CAN-2005-0753} + {CVE-2005-0753} - cvs 1:1.12.9-13 (high) NOTE: fixed in testing at time of DSA [07 Jul 2005] DSA-741-1 bzip2 - infinite loop - {CAN-2005-1260} + {CVE-2005-1260} - bzip2 1.0.2-7 (low) NOTE: fixed in testing at time of DSA [06 Jul 2005] DSA-740-1 zlib - buffer overflow - {CAN-2005-2096} + {CVE-2005-2096} - zlib 1:1.2.2-7 (medium) NOTE: anything statically linking zlib needs rebuild NOTE: not fixed in testing at time of DSA (embargoed disclosure) [06 Jul 2005] DSA-739-1 trac - missing input sanitising - {CAN-2005-2007} + {CVE-2005-2007} - trac 0.8.4-1 (medium) NOTE: fixed in testing at time of DSA [19 May 2005] DSA-725-2 ppxp - missing privilege release - {CAN-2005-0392} + {CVE-2005-0392} - ppxp 0.2001080415-11 NOTE: fixed in testing at time of DSA [05 Jul 2005] DSA-738-1 razor - email header parsing error - {CAN-2005-2024} + {CVE-2005-2024} - razor 2.720-1 (low) NOTE: not fixed in testing at time of DSA (not built on arm) [05 Jul 2005] DSA-737-1 clamav - various DOS vulnerabilities - {CAN-2005-1922 CAN-2005-1923 CAN-2005-2056 CAN-2005-2070} + {CVE-2005-1922 CVE-2005-1923 CVE-2005-2056 CVE-2005-2070} - clamav 0.86.1-1 (medium) NOTE: not fixed in testing at time of DSA (uploaded with low urgency only, one fix missing for sid) [05 Jul 2005] DSA-734-1 gaim - denial of service - {CAN-2005-1269 CAN-2005-1934} + {CVE-2005-1269 CVE-2005-1934} - gaim 1:1.3.1-1 NOTE: not fixed in testing at time of DSA (not built on sparc) [01 Jul 2005] DSA-736-2 spamassassin - mail header parsing error - {CAN-2005-1266} + {CVE-2005-1266} - spamassassin 3.0.4-1 (medium) NOTE: fixed in testing at time of DSA [01 Jul 2005] DSA-736-1 spamassassin - mail header parsing error - {CAN-2005-1266} + {CVE-2005-1266} - spamassassin 3.0.4-1 (medium) NOTE: fixed in testing at time of DSA [08 Jul 2005] DSA-735-2 sudo - pathname validation race - {CAN-2005-1993} + {CVE-2005-1993} - sudo 1.6.8p9-1 (medium) NOTE: fixed in testing at time of DSA [01 Jul 2005] DSA-735-1 sudo - pathname validation race - {CAN-2005-1993} + {CVE-2005-1993} - sudo 1.6.8p9-1 (medium) NOTE: not fixed in testing at time of DSA [30 Jun 2005] DSA-733-1 crip - insecure temporary files - {CAN-2005-0393} + {CVE-2005-0393} - crip 3.5-1sarge2 (low) NOTE: not fixed in testing at time of DSA (reserved) [03 Jun 2005] DSA-732-1 mailutils - several - {CAN-2005-1520 CAN-2005-1521 CAN-2005-1522 CAN-2005-1523} + {CVE-2005-1520 CVE-2005-1521 CVE-2005-1522 CVE-2005-1523} - mailutils 1:0.6.1-4 NOTE: fixed in testing at time of DSA [02 Jun 2005] DSA-731-1 krb4 - buffer overflows - {CAN-2005-0468 CAN-2005-0469} + {CVE-2005-0468 CVE-2005-0469} - krb4 1.2.2-11.2 NOTE: fixed in testing at time of DSA [27 May 2005] DSA-730-1 bzip2 - race condition - {CAN-2005-0953} + {CVE-2005-0953} - bzip2 1.0.2-6 NOTE: fixed in testing at time of DSA [26 May 2005] DSA-729-1 php4 - missing input sanitising - {CAN-2005-0525} + {CVE-2005-0525} - php4 4:4.3.10-10 NOTE: fixed in testing at time of DSA [25 May 2005] DSA-728-1 qpopper - missing privilege release - {CAN-2005-1151 CAN-2005-1152} + {CVE-2005-1151 CVE-2005-1152} - qpopper 4.0.5-4sarge1 NOTE: fixed in testing at time of DSA by security team [20 May 2005] DSA-727-1 libconvert-uulib-perl - buffer overflow - {CAN-2005-1349} + {CVE-2005-1349} - libconvert-uulib-perl 1.0.5.1-1 NOTE: fixed in testing at time of DSA [20 May 2005] DSA-726-1 oops - format string vulnerability - {CAN-2005-1121} + {CVE-2005-1121} - oops <unfixed> (bug #307360; high) NOTE: not in testing at time of DSA [19 May 2005] DSA-725-1 ppxp - missing privilege release - {CAN-2005-0392} + {CVE-2005-0392} - ppxp 0.2001080415-11 NOTE: not fixed in testing at time of DSA [18 May 2005] DSA-724-1 phpsysinfo - design flaw - {CAN-2005-0870} + {CVE-2005-0870} - phpsysinfo 2.3-3 NOTE: fixed in testing at time of DSA [09 May 2005] DSA-723-1 xfree86 - buffer overflow - {CAN-2005-0605} + {CVE-2005-0605} - xfree86 4.3.0.dfsg.1-13 NOTE: not fixed in testing at time of DSA [09 May 2005] DSA-722-1 smail - buffer overflow - {CAN-2005-0892} + {CVE-2005-0892} NOTE: Package not in testing at time of DSA [06 May 2005] DSA-721-1 squid - design flaw - {CAN-2005-1345} + {CVE-2005-1345} - squid 2.5.9-7 NOTE: not fixed in testing at time of DSA [03 May 2005] DSA-720-1 smartlist - wrong input processing - {CAN-2005-0157} + {CVE-2005-0157} - smartlist 3.15-18 NOTE: fixed in testing at time of DSA [28 Apr 2005] DSA-719-1 prozilla - format string problems - {CAN-2005-0523} + {CVE-2005-0523} - prozilla 1:1.3.7.4-1 NOTE: fixed in testing at time of DSA [28 Apr 2005] DSA-718-1 ethereal - buffer overflow - {CAN-2005-0739} + {CVE-2005-0739} - ethereal 0.10.10-1 NOTE: fixed in testing at time of DSA [27 Apr 2005] DSA-717-1 lsh-utils - buffer overflow, typo - {CAN-2003-0826 CAN-2005-0814} + {CVE-2003-0826 CVE-2005-0814} - lsh-utils 2.0.1-2 NOTE: fixed in testing at time of DSA [27 Apr 2005] DSA-716-1 gaim - denial of service - {CAN-2005-0472} + {CVE-2005-0472} - gaim 1:1.1.3-1 NOTE: fixed in testing at time of DSA [27 Apr 2005] DSA-715-1 cvs - several - {CAN-2004-1342 CAN-2004-1343} + {CVE-2004-1342 CVE-2004-1343} - cvs 1:1.12.9-12 NOTE: not fixed in testing at time of DSA [26 Apr 2005] DSA-714-1 kdelibs - several - {CAN-2005-1046} + {CVE-2005-1046} - kdelibs 4:3.3.2-5 NOTE: not fixed in testing at time of DSA [21 Apr 2005] DSA-701-2 samba - integer overflows NOTE: only a bug in the backported fix to stable, testing is ok [21 Apr 2005] DSA-713-1 junkbuster - several - {CAN-2005-1108 CAN-2005-1109} + {CVE-2005-1108 CVE-2005-1109} NOTE: package not in testing/unstable [19 Apr 2005] DSA-712-1 geneweb - insecure file operations - {CAN-2005-0391} + {CVE-2005-0391} - geneweb 4.10-7 NOTE: fixed in testing at time of DSA [19 Apr 2005] DSA-711-1 info2www - missing input sanitising - {CAN-2004-1341} + {CVE-2004-1341} - info2www 1.2.2.9-23 NOTE: fixed in testing at time of DSA [18 Apr 2005] DSA-710-1 gtkhtml - null pointer dereference - {CAN-2003-0541} + {CVE-2003-0541} - gtkhtml 1.0.4-6.2 NOTE: fixed in testing at time of DSA [15 Apr 2005] DSA-709-1 libexif - buffer overflow - {CAN-2005-0664} + {CVE-2005-0664} - libexif 0.6.9-5 [15 Apr 2005] DSA-708-1 php3 - missing input sanitising - {CAN-2005-0525} + {CVE-2005-0525} - php3 3:3.0.18-31 [13 Apr 2005] DSA-707-1 mysql - several - {CAN-2004-0957 CAN-2005-0709 CAN-2005-0710 CAN-2005-0711} + {CVE-2004-0957 CVE-2005-0709 CVE-2005-0710 CVE-2005-0711} - mysql-dfsg 4.0.24-5 - mysql-dfsg-4.1 4.1.10a-6 NOTE: not fixed in testing at time of DSA [13 Apr 2005] DSA-706-1 axel - buffer overflow - {CAN-2005-0390} + {CVE-2005-0390} - axel 1.0b-1 NOTE: fixed in testing at time of DSA [04 Apr 2005] DSA-705-1 wu-ftpd - missing input sanitising - {CAN-2005-0256 CAN-2003-0854} + {CVE-2005-0256 CVE-2003-0854} - wu-ftpd 2.6.2-19 [04 Apr 2005] DSA-704-1 remstats - tempfile, missing input sanitising - {CAN-2005-0387 CAN-2005-0388} + {CVE-2005-0387 CVE-2005-0388} - remstats 1.0.13a-5 NOTE: not fixed in testing at time of DSA [01 Apr 2005] DSA-703-1 krb5 - buffer overflows - {CAN-2005-0468 CAN-2005-0469} + {CVE-2005-0468 CVE-2005-0469} - krb5 1.3.6-1 [01 Apr 2005] DSA-702-1 imagemagick - several - {CAN-2005-0397 CAN-2005-0759 CAN-2005-0760 CAN-2005-0762} + {CVE-2005-0397 CVE-2005-0759 CVE-2005-0760 CVE-2005-0762} - imagemagick 6:6.0.6.2-2.2 [31 Mar 2005] DSA-701-1 samba - integer overflows - {CAN-2004-1154} + {CVE-2004-1154} - samba 3.0.10-1 [30 Mar 2005] DSA-700-1 mailreader - missing input sanitising - {CAN-2005-0386} + {CVE-2005-0386} - mailreader 2.3.29-11 NOTE: not fixed in testing at time of DSA [29 Mar 2005] DSA-699-1 netkit-telnet-ssl - buffer overflow - {CAN-2005-0469} + {CVE-2005-0469} - netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036) NOTE: not fixed in testing at time of DSA [29 Mar 2005] DSA-698-1 mc - buffer overflow - {CAN-2005-0763} + {CVE-2005-0763} NOTE: Not clear which unstable/testing version fixed this, NOTE: but advisory says it's fixed. [29 Mar 2005] DSA-697-1 netkit-telnet - buffer overflow - {CAN-2005-0469} + {CVE-2005-0469} - netkit-telnet 0.17-28 NOTE: not fixed in testing at time of DSA [22 Mar 2005] DSA-696-1 perl - design flaw - {CAN-2005-0448} + {CVE-2005-0448} - perl 5.8.4-8 NOTE: fixed in testing at time of DSA [21 Mar 2005] DSA-695-1 xli - buffer overflow, input sanitising, integer overflow - {CAN-2001-0775 CAN-2005-0638 CAN-2005-0639} + {CVE-2001-0775 CVE-2005-0638 CVE-2005-0639} - xli 1.17.0-18 NOTE: not fixed in testing at time of DSA [21 Mar 2005] DSA-694-1 xloadimage - missing input sanitising, integer overflow - {CAN-2005-0638 CAN-2005-0639} + {CVE-2005-0638 CVE-2005-0639} - xloadimage 4.1-14.2 NOTE: not fixed in testing at time of DSA [14 Mar 2005] DSA-693-1 luxman - buffer overflow - {CAN-2005-0385} + {CVE-2005-0385} NOTE: not fixed in testing at time of DSA NOTE: not in unstable at time of DSA though DSA claimed it was - luxman 0.41-20 [14 Mar 2005] DSA-662-2 squirrelmail - several NOTE: only an update to a prior DSA, did not affct sid/sarge. [08 Mar 2005] DSA-692-1 kppp - design flaw - {CAN-2005-0205} + {CVE-2005-0205} - kppp 4:3.1.6 NOTE: fixed in testing at time of DSA [07 Mar 2005] DSA-691-1 abuse - several - {CAN-2005-0098 CAN-2005-0099} + {CVE-2005-0098 CVE-2005-0099} NOTE: not in unstable/testing [25 Feb 2005] DSA-690-1 bsmtpd - missing input sanitising - {CAN-2005-0107} + {CVE-2005-0107} - bsmtpd 2.3pl8b-16 NOTE: not fixed in testing at time of DSA [23 Feb 2005] DSA-689-1 libapache-mod-python - missing input sanitising - {CAN-2005-0088} + {CVE-2005-0088} - libapache-mod-python 2:2.7.10-4 NOTE: fixed in testing at time of DSA - libapache2-mod-python 3.1.3-3 NOTE: fixed in testing at time of DSA [23 Feb 2005] DSA-688-1 squid - mising input sanitising - {CAN-2005-0446} + {CVE-2005-0446} - squid 2.5.8-3 NOTE: fixed in testing at time of DSA [21 Feb 2005] DSA-674-3 mailman - cross-site scripting, directory traversal NOTE: only fixed bug in DSA [18 Feb 2005] DSA-687-1 bidwatcher - format string - {CAN-2005-0158} + {CVE-2005-0158} - bidwatcher 1.3.17-1 NOTE: not fixed in testing at time of DSA [17 Feb 2005] DSA-686-1 gftp - missing input sanitising - {CAN-2005-0372} + {CVE-2005-0372} - gftp 2.0.18-1 NOTE: not fixed in testing at time of DSA [17 Feb 2005] DSA-685-1 emacs21 - format string - {CAN-2005-0100} + {CVE-2005-0100} - emacs21 21.3+1-9 NOTE: not fixed in testing at time of DSA [16 Feb 2005] DSA-684-1 typespeed - format string - {CAN-2005-0105} + {CVE-2005-0105} - typespeed 0.4.4-8 NOTE: not fixed in testing at time of DSA [15 Feb 2005] DSA-683-1 postgresql - buffer overflows - {CAN-2005-0245 CAN-2005-0247} + {CVE-2005-0245 CVE-2005-0247} - postgresql 7.4.7-2 NOTE: fixed in testing at time of DSA [15 Feb 2005] DSA-682-1 awstats - missing input sanitising - {CAN-2005-0363} + {CVE-2005-0363} - awstats 6.2-1.2 NOTE: not fixed in testing at time of DSA [14 Feb 2005] DSA-681-1 synaesthesia - privilege escalation - {CAN-2005-0070} + {CVE-2005-0070} NOTE: does not apply for sarge, program is not setuid anymore [14 Feb 2005] DSA-680-1 htdig - unsanitised input - {CAN-2005-0085} + {CVE-2005-0085} - htdig 1:3.1.6-11 NOTE: fixed in testing at time of DSA [14 Feb 2005] DSA-679-1 toolchain-source - insecure temporary files - {CAN-2005-0159} + {CVE-2005-0159} - toolchain-source 3.4-5 NOTE: not fixed in testing at time of DSA [11 Feb 2005] DSA-678-1 netkit-rwho - missing input validation - {CAN-2004-1180} + {CVE-2004-1180} - netkit-rwho 0.17-8 NOTE: not fixed in testing at time of DSA [11 Feb 2005] DSA-677-1 sympa - buffer overflow - {CAN-2005-0073} + {CVE-2005-0073} - sympa 4.1.2-2.1 NOTE: not fixed in testing at time of DSA [11 Feb 2005] DSA-676-1 xpcd - buffer overflow - {CAN-2005-0074} + {CVE-2005-0074} - xpcd 2.08-11.1 (bug #294793) NOTE: not fixed in testing at time of DSA [11 Feb 2005] DSA-674-2 mailman - cross-site scripting, directory traversal NOTE: only fixed bug in DSA [10 Feb 2005] DSA-675-1 hztty - privilege escalation - {CAN-2005-0019} + {CVE-2005-0019} - hztty 2.0-6.1 NOTE: not fixed in testing at time of DSA [10 Feb 2005] DSA-674-1 mailman - cross-site scripting, directory traversal - {CAN-2004-1177} + {CVE-2004-1177} - mailman 2.1.5-5 NOTE: fixed in testing at time of DSA - {CAN-2005-0202} + {CVE-2005-0202} - mailman 2.1.5-6 NOTE: not fixed in testing at time of DSA [10 Feb 2005] DSA-673-1 evolution - integer overflow - {CAN-2005-0102} + {CVE-2005-0102} - evolution 2.0.3-1.2 NOTE: fixed in testing at time of DSA [09 Feb 2005] DSA-672-1 xview - buffer overflows - {CAN-2005-0076} + {CVE-2005-0076} - xview 3.2p1.4-19 NOTE: not fixed in testing at time of DSA [08 Feb 2005] DSA-671-1 xemacs21 - format string - {CAN-2005-0100} + {CVE-2005-0100} NOTE: not fixed in testing at time of DSA - xemacs21 21.4.16-2 [08 Feb 2005] DSA-670-1 emacs20 - format string - {CAN-2005-0100} + {CVE-2005-0100} NOTE: also affects emacs21 in unstable, fixed [04 Feb 2005] DSA-669-1 php3 - several - {CAN-2004-0594 CAN-2004-0595} + {CVE-2004-0594 CVE-2004-0595} - php3 3:3.0.18-27 NOTE: fixed in testing at time of DSA [04 Feb 2005] DSA-668-1 postgresql - privilege escalation - {CAN-2005-0227} + {CVE-2005-0227} - postgresql 7.4.7-1 NOTE: not fixed in testing at time of DSA [04 Feb 2005] DSA-667-1 squid - several - {CAN-2005-0173 CAN-2005-0175 CAN-2005-0194 CAN-2005-0211} + {CVE-2005-0173 CVE-2005-0175 CVE-2005-0194 CVE-2005-0211} - squid 2.5.7-7 NOTE: not fixed in testing at time of DSA [04 Feb 2005] DSA-666-1 python2.2 - design flaw - {CAN-2005-0089} + {CVE-2005-0089} - python2.2 2.2.3-14 - python2.3 2.3.4-20 - python2.4 2.4-5 NOTE: not fixed in testing at time of DSA [04 Feb 2005] DSA-665-1 ncpfs - missing privilege release - {CAN-2005-0013} + {CVE-2005-0013} - ncpfs 2.2.6-1 NOTE: not fixed in testing at time of DSA [02 Feb 2005] DSA-664-1 cpio - broken file permissions - {CAN-1999-1572} + {CVE-1999-1572} - cpio 2.5-1.2 (bug #293379) NOTE: not fixed in testing at time of DSA [02 Feb 2005] DSA-663-1 prozilla - buffer overflows - {CAN-2004-1120} + {CVE-2004-1120} - prozilla 1:1.3.7.3-1 NOTE: fixed in testing at time of DSA [01 Feb 2005] DSA-662-1 squirrelmail - several - {CAN-2005-0104 CAN-2005-0152} - NOTE: CAN-2005-0152 only exists in 1.2.6 version + {CVE-2005-0104 CVE-2005-0152} + NOTE: CVE-2005-0152 only exists in 1.2.6 version - squirrelmail 2:1.4.4 NOTE: fixed in testing at time of DSA [20 Apr 2005] DSA-661-2 f2c - insecure temporary files - {CAN-2005-0017 CAN-2005-0018} + {CVE-2005-0017 CVE-2005-0018} - f2c 20020621-3.4 (bug #292792) NOTE: not fixed in testing at time of DSA [26 Jan 2005] DSA-660-1 kdebase - missing return value check - {CAN-2005-0078} + {CVE-2005-0078} - kdebase 4:3.0.5 NOTE: fixed in testing at time of DSA [26 Jan 2005] DSA-659-1 libpam-radius-auth - information leak, integer underflow - {CAN-2004-1340 CAN-2005-0108} + {CVE-2004-1340 CVE-2005-0108} - libpam-radius-auth 1.3.16-3 NOTE: 1/2 fixed in testing at time of DSA [25 Jan 2005] DSA-658-1 libdbi-perl - insecure temporary file - {CAN-2005-0077} + {CVE-2005-0077} - libdbi-perl 1.46-6 NOTE: not fixed in testing at time of DSA [25 Jan 2005] DSA-657-1 xine-lib - buffer overflow - {CAN-2004-1379} + {CVE-2004-1379} - xine-lib 1-rc6a-1 NOTE: fixed in testing at time of DSA [25 Jan 2005] DSA-656-1 vdr - insecure file access - {CAN-2005-0071} + {CVE-2005-0071} - vdr 1.2.6-6 NOTE: not fixed in testing at time of DSA [25 Jan 2005] DSA-655-1 zhcon - missing privilege release - {CAN-2005-0072} + {CVE-2005-0072} - zhcon 1:0.2.3-8.1 (bug #292210) NOTE: not fixed in testing at time of DSA [21 Jan 2005] DSA-654-1 enscript - several - {CAN-2004-1184 CAN-2004-1185 CAN-2004-1186} + {CVE-2004-1184 CVE-2004-1185 CVE-2004-1186} - enscript 1.6.4-6 NOTE: not fixed in testing at time of DSA [21 Jan 2005] DSA-653-1 ethereal - buffer overflow - {CAN-2005-0084} + {CVE-2005-0084} - ethereal 0.10.9-1 NOTE: not fixed in testing at time of DSA [21 Jan 2005] DSA-652-1 unarj - {CAN-2004-0947 CAN-2004-1027} + {CVE-2004-0947 CVE-2004-1027} NOTE: not-for-us (unarj) [20 Jan 2005] DSA-651-1 squid - buffer overflow, integer overflow - {CAN-2005-0094 CAN-2005-0095} + {CVE-2005-0094 CVE-2005-0095} - squid 2.5.7-4 NOTE: not fixed in testing at time of DSA [20 Jan 2005] DSA-650-1 sword - missing input sanitising - {CAN-2005-0015} + {CVE-2005-0015} - sword 1.5.7-7 NOTE: not fixed in testing at time of DSA [20 Jan 2005] DSA-649-1 xtrlock - buffer overflow - {CAN-2005-0079} + {CVE-2005-0079} - xtrlock 2.0-9 NOTE: fixed in testing at time of DSA [19 Jan 2005] DSA-648-1 xpdf - buffer overflow - {CAN-2005-0064} + {CVE-2005-0064} - xpdf 3.00-12 NOTE: not fixed in testing at time of DSA [19 Jan 2005] DSA-647-1 mysql - insecure temporary files - {CAN-2005-0004} + {CVE-2005-0004} - mysql-dfsg 4.0.23-3 - mysql-dfsg-4.1 4.1.8a-6 NOTE: not fixed in testing at time of DSA [19 Jan 2005] DSA-646-1 imagemagick - buffer overflow - {CAN-2005-0005} + {CVE-2005-0005} - imagemagick 6:6.0.6.2-2 NOTE: not fixed in testing at time of DSA [19 Jan 2005] DSA-645-1 cupsys - buffer overflow - {CAN-2005-0064} + {CVE-2005-0064} NOTE: cupsys not affected in sarge, though other programs are vulnerable NOTE: see CAN/list NOTE: not fixed in testing at time of DSA [18 Jan 2005] DSA-644-1 chbg - buffer overflow - {CAN-2004-1264} + {CVE-2004-1264} - chbg 1.5-4 NOTE: fixed in testing at time of DSA [18 Jan 2005] DSA-643-1 queue - buffer overflows - {CAN-2004-0555} + {CVE-2004-0555} - queue 1.30.1-5 NOTE: not fixed in testing at time of DSA [17 Jan 2005] DSA-642-1 gallery - several - {CAN-2004-1106} + {CVE-2004-1106} - gallery 1.4.4-pl4-1 NOTE: fixed in testing at time of DSA [17 Jan 2005] DSA-641-1 playmidi - buffer overflow - {CAN-2005-0020} + {CVE-2005-0020} - playmidi 2.4debian-3 NOTE: not fixed in testing at time of DSA [17 Jan 2005] DSA-640-1 gatos - buffer overflow - {CAN-2005-0016} + {CVE-2005-0016} - gatos 0.0.5-15 NOTE: not fixed in testing at time of DSA [14 Jan 2005] DSA-639-1 mc - several - {CAN-2004-1004 CAN-2004-1005 CAN-2004-1009 CAN-2004-1090 CAN-2004-1091 CAN-2004-1092 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2004-1176} + {CVE-2004-1004 CVE-2004-1005 CVE-2004-1009 CVE-2004-1090 CVE-2004-1091 CVE-2004-1092 CVE-2004-1093 CVE-2004-1174 CVE-2004-1175 CVE-2004-1176} NOTE: unstable not vulnerable according to DSA NOTE: DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 NOTE: not fixed in testing at time of DSA [13 Jan 2005] DSA-638-1 gopher - several - {CAN-2004-0560 CAN-2004-0561} + {CVE-2004-0560 CVE-2004-0561} NOTE: not in sarge [13 Jan 2005] DSA-637-1 exim-tls - buffer overflow - {CAN-2005-0021} + {CVE-2005-0021} NOTE: not in sarge [12 Jan 2005] DSA-636-1 glibc - insecure temporary files - {CAN-2004-0968} + {CVE-2004-0968} - glibc 2.3.2.ds1-20 NOTE: fixed in testing at time of DSA [12 Jan 2005] DSA-635-1 exim - buffer overflow - {CAN-2005-0021} + {CVE-2005-0021} - exim4 4.34-10 NOTE: fixed in testing at time of DSA - exim 3.36-13 NOTE: not fixed in testing at time of DSA [11 Jan 2005] DSA-634-1 hylafax - weak hostname and username validation - {CAN-2004-1182} + {CVE-2004-1182} - hylafax 1:4.2.1-1 NOTE: fixed in testing at time of DSA [11 Jan 2005] DSA-633-1 bmv - insecure temporary file - {CAN-2003-0014} + {CVE-2003-0014} - bmv 1.2-17 NOTE: fixed in testing at time of DSA [10 Jan 2005] DSA-632-1 linpopup - buffer overflow - {CAN-2004-1282} + {CVE-2004-1282} - linpopup 1.2.0-7 NOTE: fixed in testing at time of DSA [10 Jan 2005] DSA-631-1 kdelibs - unsanitised input - {CAN-2004-1165} + {CVE-2004-1165} - kdelibs 4:3.3.2-1 NOTE: not fixed in testing at time of DSA [10 Jan 2005] DSA-630-1 lintian - insecure temporary directory - {CAN-2004-1000} + {CVE-2004-1000} - lintian 1.23.6 NOTE: not fixed in testing at time of DSA [07 Jan 2005] DSA-629-1 krb5 - buffer overflow - {CAN-2004-1189} + {CVE-2004-1189} - krb5 1.3.6-1 NOTE: not fixed in testing at time of DSA [06 Jan 2005] DSA-628-1 imlib2 - integer overflows - {CAN-2004-1026} + {CVE-2004-1026} - imlib2 1.1.2-2.1 NOTE: not fixed in testing at time of DSA [06 Jan 2005] DSA-627-1 namazu2 - unsanitised input - {CAN-2004-1318} + {CVE-2004-1318} - namazu2 2.0.14-1 NOTE: not fixed in testing at time of DSA [06 Jan 2005] DSA-626-1 tiff - unsanitised input - {CAN-2004-1183} + {CVE-2004-1183} - libtiff4 3.6.1-5 NOTE: not fixed in testing at time of DSA [05 Jan 2005] DSA-625-1 pcal - buffer overflows - {CAN-2004-1289} + {CVE-2004-1289} - pcal 4.8.0-1 NOTE: not fixed in testing at time of DSA [05 Jan 2005] DSA-624-1 zip - buffer overflow - {CAN-2004-1010} + {CVE-2004-1010} - zip 2.30-8 NOTE: fixed in testing at time of DSA [04 Jan 2005] DSA-623-1 nasm - buffer overflow - {CAN-2004-1287} + {CVE-2004-1287} - nasm 0.98.38-1.1 [03 Jan 2005] DSA-622-1 htmlheadline - insecure temporary files - {CAN-2004-1181} + {CVE-2004-1181} NOTE: not in unstable [31 Dec 2004] DSA-621-1 cupsys - buffer overflow - {CAN-2004-1125} + {CVE-2004-1125} - cupsys 1.1.22-2 [30 Dec 2004] DSA-620-1 perl - insecure temporary files / directories - {CAN-2004-0452 CAN-2004-0976} + {CVE-2004-0452 CVE-2004-0976} - perl 5.8.4-5 [30 Dec 2004] DSA-619-1 xpdf - buffer overflow - {CAN-2004-1125} + {CVE-2004-1125} - xpdf 3.00-11 [24 Dec 2004] DSA-618-1 imlib - buffer overflows, integer overflows - {CAN-2004-1025 CAN-2004-1026} + {CVE-2004-1025 CVE-2004-1026} - imlib 1.9.14-17.1 - imlib+png2 1.9.14-16.1 [24 Dec 2004] DSA-617-1 libtiff - insufficient input validation - {CAN-2004-1308} + {CVE-2004-1308} - libtiff4 3.6.1-4 [23 Dec 2004] DSA-616-1 telnetd-ssl - format string - {CAN-2004-0998} + {CVE-2004-0998} - telnetd-ssl 0.17.24+0.1-6 [22 Dec 2004] DSA-615-1 debmake - insecure temporary file - {CAN-2004-1179} + {CVE-2004-1179} - debmake 3.7.7 [21 Dec 2004] DSA-614-1 xzgv - integer overflows - {CAN-2004-0994} + {CVE-2004-0994} - xzgv 0.8-3 [21 Dec 2004] DSA-613-1 ethereal - inifinite loop - {CAN-2004-1142} + {CVE-2004-1142} - ethereal 0.10.8-1 [20 Dec 2004] DSA-612-1 a2ps - unsanitised input - {CAN-2004-1170} + {CVE-2004-1170} - a2ps 1:4.13b-4.2 [20 Dec 2004] DSA-611-1 htget - buffer overflow - {CAN-2004-0852} + {CVE-2004-0852} NOTE: htget not in sarge or unstable [17 Dec 2004] DSA-610-1 cscope - insecure temporary file - {CAN-2004-0996} + {CVE-2004-0996} - cscope 15.5-1 [14 Dec 2004] DSA-609-1 atari800 - buffer overflows - {CAN-2004-1076} + {CVE-2004-1076} - atari800 1.3.2-1 [14 Dec 2004] DSA-608-1 zgv - integer overflows, unsanitised input - {CAN-2004-1095 CAN-2004-0999} + {CVE-2004-1095 CVE-2004-0999} - zgv 5.7-1.3 (bug #284124) NOTE: changelog says he only patched 1095, but diff comparison NOTE: shows 0999 was also fixed. [10 Dec 2004] DSA-607-1 xfree86 - several - {CAN-2004-0914} + {CVE-2004-0914} - xfree86 4.3.0.dfsg.1-9 [08 Dec 2004] DSA-606-1 nfs-utils - wrong signal handler - {CAN-2004-1014} + {CVE-2004-1014} - nfs-utils 1:1.0.6-3.1 [06 Dec 2004] DSA-605-1 viewcvs - settings not honored - {CAN-2004-0915} + {CVE-2004-0915} - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2 [03 Dec 2004] DSA-604-1 hpsockd - missing input sanitising - {CAN-2004-0993} + {CVE-2004-0993} - hpsockd 0.14 [01 Dec 2004] DSA-603-1 openssl - insecure temporary file - {CAN-2004-0975} + {CVE-2004-0975} - openssl 0.9.7e-3 [29 Nov 2004] DSA-602-1 libgd2 - integer overlow - {CAN-2004-0941 CAN-2004-0990} + {CVE-2004-0941 CVE-2004-0990} NOTE: different from fixes from earlier DSA for these CANs; 2004-0941 new - libgd2 2.0.33-1.1 [29 Nov 2004] DSA-601-1 libgd1 - integer overflow - {CAN-2004-0941 CAN-2004-0990} + {CVE-2004-0941 CVE-2004-0990} NOTE: different from fixes from earlier DSA for these CANs; 2004-0941 new - libgd 1.8.4-36.1 [25 Nov 2004] DSA-599-1 tetex-bin - integer overflows - {CAN-2004-0888} + {CVE-2004-0888} - tetex-bin 2.0.2-23 [25 Nov 2004] DSA-598-1 yardradius - buffer overflow - {CAN-2004-0987} + {CVE-2004-0987} - yardradius 1.0.20-15 [25 Nov 2004] DSA-597-1 cyrus-imapd - buffer overflow - {CAN-2004-1012 CAN-2004-1013} + {CVE-2004-1012 CVE-2004-1013} - cyrus21-imapd 2.1.17-1 [24 Nov 2004] DSA-596-2 sudo - missing input sanitising - {CAN-2004-1051} + {CVE-2004-1051} - sudo 1.6.8p3-1 [24 Nov 2004] DSA-596-1 sudo - missing input sanitising - {CAN-2004-1051} + {CVE-2004-1051} - sudo 1.6.8p3-1 [24 Nov 2004] DSA-595-1 bnc - buffer overflow - {CAN-2004-1052} + {CVE-2004-1052} NOTE: package not in sarge or sid [17 Nov 2004] DSA-594-1 apache - buffer overflows - {CAN-2004-0940} + {CVE-2004-0940} - apache 1.3.33-2 [16 Nov 2004] DSA-593-1 imagemagick - buffer overflow - {CAN-2004-0981} + {CVE-2004-0981} - imagemagick 6:6.0.6.2-1.5 [12 Nov 2004] DSA-592-1 ez-ipupdate - format string - {CAN-2004-0980} + {CVE-2004-0980} - ez-ipupdate 3.0.11b8-8 [09 Nov 2004] DSA-591-1 libgd2 - integer overflows - {CAN-2004-0990} + {CVE-2004-0990} - libgd2 2.0.30-1 [09 Nov 2004] DSA-590-1 gnats - format string vulnerability - {CAN-2004-0623} + {CVE-2004-0623} NOTE: DSA got version of fix for unstable wrong - gnats 4.0-6.1 [09 Nov 2004] DSA-589-1 libgd - integer overflows - {CAN-2004-0990} + {CVE-2004-0990} - libgd1 1.8.4-36.1 [08 Nov 2004] DSA-588-1 gzip - insecure temporary files - {CAN-2004-0970} + {CVE-2004-0970} NOTE: dsa says sid not affected [08 Nov 2004] DSA-587-1 freeamp - buffer overflow - {CAN-2004-0964} + {CVE-2004-0964} NOTE: DSA says zinf not vulnerable in sarge [08 Nov 2004] DSA-586-1 ruby - infinite loop - {CAN-2004-0983} + {CVE-2004-0983} - ruby1.6 1.6.8-12 - ruby1.8 1.8.1+1.8.2pre2-4 [05 Nov 2004] DSA-585-1 shadow - programming error - {CAN-2004-1001} + {CVE-2004-1001} - shadow 1:4.0.3-30.3 [04 Nov 2004] DSA-584-1 dhcp - format string vulnerability - {CAN-2004-1006} + {CVE-2004-1006} - dhcp 2.0pl5-19.1 [03 Nov 2004] DSA-583-1 lvm10 - insecure temporary directory - {CAN-2004-0972} + {CVE-2004-0972} [02 Nov 2004] DSA-582-1 libxml - buffer overflow - {CAN-2004-0989} + {CVE-2004-0989} - libxml 1:1.8.17-9 - libxml2 2.6.11-5 [01 Nov 2004] DSA-581-1 xpdf - integer overflows - {CAN-2004-0888} + {CVE-2004-0888} - xpdf 3.00-9 [01 Nov 2004] DSA-580-1 iptables - missing initialisation - {CAN-2004-0986} + {CVE-2004-0986} - iptables 1.2.11-4 [01 Nov 2004] DSA-579-1 abiword - buffer overflow - {CAN-2004-0645} + {CVE-2004-0645} NOTE: according to DSA, sid's abiword is not affected. sarge is same [01 Nov 2004] DSA-578-1 mpg123 - buffer overflow - {CAN-2004-0982} + {CVE-2004-0982} - mpg123 0.59r-17 [29 Oct 2004] DSA-577-1 postgresql - symlink vulnerability - {CAN-2004-0977} + {CVE-2004-0977} - postgresql 7.4.6-1 [29 Oct 2004] DSA-576-1 squid - multiple - {CVE-1999-0710 CAN-2004-0918} + {CVE-1999-0710 CVE-2004-0918} - squid 2.5.7-1 [28 Oct 2004] DSA-575-1 catdoc - insecure temporary file - {CAN-2003-0193} + {CVE-2003-0193} - catdoc 0.91.5-2 [28 Oct 2004] DSA-574-1 cabextract - missing directory sanitising - {CAN-2004-0916} + {CVE-2004-0916} - cabextract 1.1-1 [21 Oct 2004] DSA-573-1 cupsys - integer overflows - {CAN-2004-0888} + {CVE-2004-0888} - cupsys 1.1.20final+rc1-10 - {CAN-2004-0889} + {CVE-2004-0889} - xpdf 3.00-10 NOTE: kpdf and kfax are fixed in sarge, bug #278173 and #280373 for reference - kpdf 4:3.3.1-1 - gpdf 2.8.0-1 - kfax 4:3.3.1-1 [21 Oct 2004] DSA-572-1 ecartis - multiple - {CAN-2004-0913} + {CVE-2004-0913} - ecartis 1.0.0+cvs.20030911-8 [20 Oct 2004] DSA-571-1 libpng3 - buffer overflows, integer overflow - {CAN-2004-0955} + {CVE-2004-0955} - libpng3 1.2.5.0-9 [20 Oct 2004] DSA-570-1 libpng - integer overflow - {CAN-2004-0955} + {CVE-2004-0955} - libpng 1.0.15-8 [18 Oct 2004] DSA-569-1 netkit-telnet-ssl - invalid free(3) - {CAN-2004-0911} + {CVE-2004-0911} - netkit-telnet-ssl 0.17.24+0.1-4 [16 Oct 2004] DSA-568-1 cyrus-sasl-mit - unsanitised input - {CAN-2004-0884} + {CVE-2004-0884} NOTE: removed from testing NOTE: maintainer reports hole not in cyrus-sasl2-mit [15 Oct 2004] DSA-567-1 tiff - heap overflows - {CAN-2004-0803 CAN-2004-0804 CAN-2004-0886} + {CVE-2004-0803 CVE-2004-0804 CVE-2004-0886} - tiff 3.6.1-2 [14 Oct 2004] DSA-566-1 cupsys - unsanitised input - {CAN-2004-0923} + {CVE-2004-0923} - cupsys 1.1.20final+rc1-9 [13 Oct 2004] DSA-565-1 sox - buffer overflows - {CAN-2004-0557} + {CVE-2004-0557} - sox 12.17.4-9 (bug #262083) [13 Oct 2004] DSA-564-1 mpg123 - missing user input sanitising - {CAN-2004-0805} + {CVE-2004-0805} - mpg123 0.59r-16 [12 Oct 2004] DSA-563-1 cyrus-sasl - unsanitised input - {CAN-2004-0884} + {CVE-2004-0884} - cyrus-sasl 1.5.28-6.2 (bug #275432) - cyrus-sasl2 2.1.19-1.3 (bug #275431) [11 Oct 2004] DSA-562-2 mysql - several vulnerabilities - {CAN-2004-0835 CAN-2004-0836 CAN-2004-0837} + {CVE-2004-0835 CVE-2004-0836 CVE-2004-0837} - mysql 4.0.21-1 [11 Oct 2004] DSA-561-1 xfree86 - integer and stack overflows - {CAN-2004-0687 CAN-2004-0688} + {CVE-2004-0687 CVE-2004-0688} - xfree86 4.3.0.dfsg.1-8 [07 Oct 2004] DSA-600-1 samba - arbitrary file access - {CAN-2004-0815} + {CVE-2004-0815} NOTE: not affected according to DSA [07 Oct 2004] DSA-560-1 lesstif1-1 - integer and stack overflows - {CAN-2004-0687 CAN-2004-0688} + {CVE-2004-0687 CVE-2004-0688} - lesstif1-1 1:0.93.94-10 [06 Oct 2004] DSA-559-1 net-acct - insecure temporary file - {CAN-2004-0851} + {CVE-2004-0851} - net-acct 0.71-7 [06 Oct 2004] DSA-558-1 libapache-mod-dav - null pointer dereference - {CAN-2004-0809} + {CVE-2004-0809} - libapache-mod-dav 1.0.3-10 - apache2 2.0.51-1 [04 Oct 2004] DSA-557-1 pppoe - missing privilegue dropping - {CAN-2004-0564} + {CVE-2004-0564} - pppoe 3.5-4 [03 Oct 2004] DSA-556-1 netkit-telnet - invalid free(3) - {CAN-2004-0911} + {CVE-2004-0911} - netkit-telnet 0.17-26 [30 Sep 2004] DSA-555-1 freenet6 - file permissions - {CAN-2004-0563} + {CVE-2004-0563} - freenet6 1.0-2.2 [27 Sep 2004] DSA-554-1 sendmail - pre-set password - {CAN-2004-0833} + {CVE-2004-0833} - sendmail 8.13.1-13 [27 Sep 2004] DSA-553-1 getmail - symlink vulnerability - {CAN-2004-0880 CAN-2004-0881} + {CVE-2004-0880 CVE-2004-0881} - getmail 3.2.5-1 [22 Sep 2004] DSA-552-1 imlib2 - unsanitised input - {CAN-2004-0802} + {CVE-2004-0802} - imlib2 1.1.0-12.4 [21 Sep 2004] DSA-551-1 lukemftpd - incorrect internal variable handling - {CAN-2004-0794} + {CVE-2004-0794} - lukemftpd 1.1-2.2 (bug #266370) [20 Sep 2004] DSA-550-1 wv - buffer overflow - {CAN-2004-0645} + {CVE-2004-0645} - wv 1.0.2-0.1 (bug #264972) [17 Sep 2004] DSA-549-1 gtk+2.0 - multiple holes - {CAN-2004-0782 CAN-2004-0783 CAN-2004-0788} + {CVE-2004-0782 CVE-2004-0783 CVE-2004-0788} - gtk+2.0 2.4.9-2 [16 Sep 2004] DSA-548-1 imlib - unsanitised input - {CAN-2004-0817} + {CVE-2004-0817} - imlib 1.9.14-17 - imlib+png2 1.9.14-16.2 [16 Sep 2004] DSA-547-1 imagemagick - buffer overflows - {CAN-2004-0827} + {CVE-2004-0827} - imagemagick 6:6.0.6.2-1 [16 Sep 2004] DSA-546-1 gdk-pixbuf - multiple holes - {CAN-2004-0753 CAN-2004-0782 CAN-2004-0788} + {CVE-2004-0753 CVE-2004-0782 CVE-2004-0788} - gdk-pixbuf 0.22.0-7 [15 Sep 2004] DSA-545-1 cupsys - denial of service - {CAN-2004-0558} + {CVE-2004-0558} - cupsys 1.1.20final+rc1-6 [14 Sep 2004] DSA-544-1 webmin - insecure temporary directory - {CAN-2004-0559} + {CVE-2004-0559} - webmin 1.160-1 - usermin 1.090-1 [31 Aug 2004] DSA-543-1 krb5 -- several vulnerabilities - {CAN-2004-0642 CAN-2004-0643 CAN-2004-0644 CAN-2004-0772} + {CVE-2004-0642 CVE-2004-0643 CVE-2004-0644 CVE-2004-0772} - krb5 1.3.4-3 [31 Aug 2004] DSA-458-2 python2.2 - buffer overflow - {CAN-2004-0150} + {CVE-2004-0150} NOTE: not affected according to DSA [30 Aug 2004] DSA-542-1 qt - unsanitised input - {CAN-2004-0691 CAN-2004-0692 CAN-2004-0693} + {CVE-2004-0691 CVE-2004-0692 CVE-2004-0693} - qt-x11-free 3:3.3.3-4 [25 Aug 2004] DSA-541 icecast-server - cross site scripting - {CAN-2004-0781} + {CVE-2004-0781} - icecast-server 1:1.3.12-8 [18 Aug 2004] DSA-540 mysql-dfsg - insecure file creation - {CAN-2004-0457} + {CVE-2004-0457} - mysql-dfsg 4.0.20-11 [18 Aug 2004] DSA-539 kdelibs - denial of service - {CAN-2004-0689} + {CVE-2004-0689} - kdelibs 4:3.2.3-3.sarge.1 [17 Aug 2004] DSA-538 rsync - unauthorised directory traversal and file access - rsync 2.6.2-3 [16 Aug 2004] DSA-537 ruby - insecure file permissions - {CAN-2004-0755} + {CVE-2004-0755} - ruby1.8 1.8.1+1.8.2pre1-4 TODO: is ruby1.6 vulnerable? [04 Aug 2004] DSA-536 libpng - several vulnerabilities - {CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-0768} + {CVE-2004-0597 CVE-2004-0598 CVE-2004-0599 CVE-2004-0768} - libpng 1.0.15-6 - libpng3 1.2.5.0-7 [02 Aug 2004] DSA-535 squirrelmail - several vulnerabilities - {CAN-2004-0519 CAN-2004-0520 CAN-2004-0521 CAN-2004-0639} + {CVE-2004-0519 CVE-2004-0520 CVE-2004-0521 CVE-2004-0639} - squirrelmail 2:1.4.3a-0.1 [22 Jul 2004] DSA-534 mailreader - directory traversal - {CAN-2002-1581} + {CVE-2002-1581} - mailreader 2.3.29-9 [22 Jul 2004] DSA-533 courier - cross-site scripting - {CAN-2004-0591} + {CVE-2004-0591} - courier 0.45.4-4 [22 Jul 2004] DSA-532 libapache-mod-ssl - several vulnerabilities - {CAN-2004-0488 CAN-2004-0700} + {CVE-2004-0488 CVE-2004-0700} - libapache-mod-ssl 2.8.19-1 [20 Jul 2004] DSA-531 php4 - several vulnerabilities - {CAN-2004-0594 CAN-2004-0595} + {CVE-2004-0594 CVE-2004-0595} - php4 4:4.3.8-1 [17 Jul 2004] DSA-530 l2tpd - buffer overflow - {CAN-2004-0649} + {CVE-2004-0649} - l2tpd 0.70-pre20031121-2 [17 Jul 2004] DSA-529 netkit-telnet-ssl - format string - {CAN-2004-0640} + {CVE-2004-0640} - netkit-telnet-ssl 0.17.24+0.1-2 [17 Jul 2004] DSA-528 ethereal - denial of service - {CAN-2004-0635} + {CVE-2004-0635} - ethereal 0.10.5-1 [03 Jul 2004] DSA-527 pavuk - buffer overflow - {CAN-2004-0456} + {CVE-2004-0456} NOTE: DSA is incorrect; pavuk is in sarge and unstable. - pavuk 0.9pl28-3 (bug #264684) [03 Jul 2004] DSA-526 webmin - several vulnerabilities - {CAN-2004-0582 CAN-2004-0583} + {CVE-2004-0582 CVE-2004-0583} - webmin 1.150-1 [24 Jun 2004] DSA-525 apache - buffer overflow - {CAN-2004-0492} + {CVE-2004-0492} - apache 1.3.31-2 [19 Jun 2004] DSA-524 rlpr - several vulnerabilities - {CAN-2004-0393 CAN-2004-0454} + {CVE-2004-0393 CVE-2004-0454} - rlpr 2.02-7.1 (bug #255402) [19 Jun 2004] DSA-523 www-sql - buffer overflow - {CAN-2004-0455} + {CVE-2004-0455} - www-sql 0.5.7-18 [19 Jun 2004] DSA-522 super - format string vulnerability - {CAN-2004-0579} + {CVE-2004-0579} - super 3.23.0-1 [18 Jun 2004] DSA-521 sup - format string vulnerability - {CAN-2004-0451} + {CVE-2004-0451} - sup 1.8-11 [16 Jun 2004] DSA-520 krb5 - buffer overflows - {CAN-2004-0523} + {CVE-2004-0523} - krb5 1.3.3-2 [15 Jun 2004] DSA-519 cvs - several vulnerabilities - {CAN-2004-0416 CAN-2004-0417 CAN-2004-0418} + {CVE-2004-0416 CVE-2004-0417 CVE-2004-0418} - cvs 1:1.12.9-1 [14 Jun 2004] DSA-518 kdelibs - unsanitised input - {CAN-2004-0411} + {CVE-2004-0411} - kdelibs 4:3.2.3 [10 Jun 2004] DSA-517 cvs - buffer overflow - {CAN-2004-0414} + {CVE-2004-0414} - cvs 1:1.12.9-1 [07 Jun 2004] DSA-516 postgresql - buffer overflow - {CAN-2004-0547} + {CVE-2004-0547} - postgresql 07.03.0200-3. [05 Jun 2004] DSA-515 lha - several vulnerabilities - {CAN-2004-0234 CAN-2004-0235} + {CVE-2004-0234 CVE-2004-0235} - lha 1.14i-8 NOTE: If 1.14i-8 cannot get into testing, the fix for 1.14i-2.0.1 NOTE: from the DSA could to updated via t-p-u. [04 Jun 2004] DSA-514 kernel-image-sparc-2.2 - failing function and TLB flush - {CAN-2004-0077} + {CVE-2004-0077} - kernel-image-sparc-2.2 9.1 NOTE: did not check other versions of the kernel [03 Jun 2004] DSA-513 log2mail - format string - {CAN-2004-0450} + {CVE-2004-0450} - log2mail 0.2.8-3 [02 Jun 2004] DSA-512 gallery - unauthenticated access - {CAN-2004-0522} + {CVE-2004-0522} - gallery 1.4.3-pl2-1 [30 May 2004] DSA-511 ethereal - buffer overflows - {CAN-2004-0176} + {CVE-2004-0176} - ethereal 0.10.3-1 [29 May 2004] DSA-510 jftpgw - format string - {CAN-2004-0448} + {CVE-2004-0448} - jftpgw 0.13.4-1 [29 May 2004] DSA-509 gatos - privilege escalation - {CAN-2004-0395} + {CVE-2004-0395} - gatos 0.0.5-12 [22 May 2004] DSA-508 xpcd - buffer overflow - {CAN-2004-0402} + {CVE-2004-0402} - xpcd 2.08-10 [19 May 2004] DSA-507 cadaver - buffer overflow - {CAN-2004-0398} + {CVE-2004-0398} - cadaver 0.22.1-3 [19 May 2004] DSA-506 neon - buffer overflow - {CAN-2004-0398} + {CVE-2004-0398} - neon 0.24.6.dfsg-1 [19 May 2004] DSA-505 cvs - heap overflow - {CAN-2004-0396} + {CVE-2004-0396} - cvs 1:1.12.5-6 [18 May 2004] DSA-504 heimdal - missing input sanitising - {CAN-2004-0434} + {CVE-2004-0434} - heimdal 0.6.2-1 [13 May 2004] DSA-503 mah-jong - missing argument check - {CAN-2004-0458} + {CVE-2004-0458} - mah-jong 1.6.2-1 [11 May 2004] DSA-502 exim-tls - buffer overflow - {CAN-2004-0399 CAN-2004-0400} + {CVE-2004-0399 CVE-2004-0400} NOTE: exim-tls not in sarge [07 May 2004] DSA-501 exim - buffer overflow - {CAN-2004-0399 CAN-2004-0400} + {CVE-2004-0399 CVE-2004-0400} - exim 3.36-11 - exim4 4.33-1 [01 May 2004] DSA-500 flim - insecure temporary file - {CAN-2004-0422} + {CVE-2004-0422} - flim 1:1.14.6+0.20040415-1 [01 May 2004] DSA-499 rsync - directory traversal - {CAN-2004-0426} + {CVE-2004-0426} - rsync 2.6.1-1 [30 Apr 2004] DSA-498 libpng - out of bound access - {CAN-2004-0421} + {CVE-2004-0421} - libpng 1.0.15-5 - libpng3 1.2.5.0-6 [29 Apr 2004] DSA-497 mc - several vulnerabilities - {CAN-2004-0226 CAN-2004-0231 CAN-2004-0232} + {CVE-2004-0226 CVE-2004-0231 CVE-2004-0232} - mc 1:4.6.0-4.6.1-pre1-2 [29 Apr 2004] DSA-496 eterm - missing input sanitising - {CAN-2003-0068} + {CVE-2003-0068} - eterm 0.9.2-6 [26 Apr 2004] DSA-495 linux-kernel-2.4.16-arm - several vulnerabilities - {CAN-2003-0127 CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178} + {CVE-2003-0127 CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178} NOTE: 2.4.16 not present. Did not check newer kernels. [21 Apr 2004] DSA-494 ident2 - buffer overflow - {CAN-2004-0408} + {CVE-2004-0408} - ident2 1.04-2 [21 Apr 2004] DSA-493 xchat - buffer overflow - {CAN-2004-0409} + {CVE-2004-0409} - xchat 2.0.8-1 [18 Apr 2004] DSA-492 iproute - denial of service - {CAN-2003-0856} + {CVE-2003-0856} - iproute 20010824-13.1 [17 Apr 2004] DSA-491 linux-kernel-2.4.19-mips - several vulnerabilities - {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178} + {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178} NOTE: 2.4.19 not present. Did not check newer kernels. [17 Apr 2004] DSA-490 zope - arbitrary code execution {CVE-2002-0688} - zope 2.6.0-0.1 [17 Apr 2004] DSA-489 linux-kernel-2.4.17-mips+mipsel - several vulnerabilities - {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178} + {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178} NOTE: 2.4.17 not present. Did not check newer kernels. [16 Apr 2004] DSA-488 logcheck - insecure temporary directory - {CAN-2004-0404} + {CVE-2004-0404} - logcheck 1.1.1-13.2 [16 Apr 2004] DSA-487 neon - format string - {CAN-2004-0179} + {CVE-2004-0179} - neon 0.24.5-1 [16 Apr 2004] DSA-486 cvs - several vulnerabilities - {CAN-2004-0180 CAN-2004-0405} + {CVE-2004-0180 CVE-2004-0405} - cvs 1:1.12.5-4 [14 Apr 2004] DSA-485 ssmtp - format string - {CAN-2004-0156} + {CVE-2004-0156} - ssmtp 2.60.7 [14 Apr 2004] DSA-484 xonix - failure to drop privileges - {CAN-2004-0157} + {CVE-2004-0157} - xonix 1.4-21 [14 Apr 2004] DSA-483 mysql - insecure temporary file creation - {CAN-2004-0381} + {CVE-2004-0381} - mysql-dfsg 4.0.18-4 - {CAN-2004-0388} + {CVE-2004-0388} - mysql-dfsg 4.0.18-6 [14 Apr 2004] DSA-482 linux-kernel-2.4.17-apus+s390 - several vulnerabilities - {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178} + {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178} NOTE: 2.4.17 not present. Did not check newer kernels. [14 Apr 2004] DSA-481 linux-kernel-2.4.17-ia64 - several vulnerabilities - {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178} + {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178} NOTE: 2.4.17 not present. Did not check newer kernels. [14 Apr 2004] DSA-480 linux-kernel-2.4.17+2.4.18-hppa - several vulnerabilities - {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178} + {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178} NOTE: 2.4.17/18 not present. Did not check newer kernels. [14 Apr 2004] DSA-479 linux-kernel-2.4.18-alpha+i386+powerpc - several vulnerabilities - {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178} + {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178} NOTE: 2.4.18 not present. Did not check newer kernels. [06 Apr 2004] DSA-478 tcpdump - denial of service - {CAN-2004-0183 CAN-2004-0184} + {CVE-2004-0183 CVE-2004-0184} - tcpdump 3.7.2-4 [06 Apr 2004] DSA-477 xine-ui - insecure temporary file creation - {CAN-2004-0372} + {CVE-2004-0372} - xine-ui 0.99.1-1 [06 Apr 2004] DSA-476 heimdal - cross-realm - {CAN-2004-0371} + {CVE-2004-0371} - heimdal 0.6.1-1 [05 Apr 2004] DSA-475 linux-kernel-2.4.18-hppa - several vulnerabilities - {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077} + {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077} NOTE: 2.4.18 not present. Did not check newer kernels. [03 Apr 2004] DSA-474 squid - ACL bypass - {CAN-2004-0189} + {CVE-2004-0189} - squid 2.5.5-1 [03 Apr 2004] DSA-473 oftpd - denial of service - {CAN-2004-0376} + {CVE-2004-0376} - oftpd 20040304-1 [03 Apr 2004] DSA-472 fte - several vulnerabilities - {CAN-2003-0648} + {CVE-2003-0648} - fte 0.50.0-1.1 (bug #203871) [02 Apr 2004] DSA-471 interchange - missing input sanitising - {CAN-2004-0374} + {CVE-2004-0374} - interchange 5.0.1-1 [01 Apr 2004] DSA-470 linux-kernel-2.4.17-hppa - several vulnerabilities - {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077} + {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077} NOTE: 2.4.17 not present. Did not check newer kernels. [29 Mar 2004] DSA-469 pam-pgsql - missing input sanitising - {CAN-2004-0366} + {CVE-2004-0366} - pam-pgsql 0.5.2-7.1 [24 Mar 2004] DSA-468 emil - several vulnerabilities - {CAN-2004-0152 CAN-2004-0153} + {CVE-2004-0152 CVE-2004-0153} - emil 2.1.0-beta9-14 [23 Mar 2004] DSA-467 ecartis - several vulnerabilities - {CAN-2003-0781 CAN-2003-0782} + {CVE-2003-0781 CVE-2003-0782} - ecartis 1.0.0+cvs.20030911 [18 Mar 2004] DSA-466 linux-kernel-2.2.10-powerpc-apus - failing function and TLB flush - {CAN-2004-0077} + {CVE-2004-0077} NOTE: 2.2.10 not present. Did not check newer kernels. [17 Mar 2004] DSA-465 openssl - several vulnerabilities - {CAN-2004-0079 CAN-2004-0081} + {CVE-2004-0079 CVE-2004-0081} - openssl 0.9.7d-1 - NOTE: CAN-2004-0081 only affects 0.9.6. - NOTE: 0.9.7d also fixes CAN-2004-0112 + NOTE: CVE-2004-0081 only affects 0.9.6. + NOTE: 0.9.7d also fixes CVE-2004-0112 - openssl 0.9.6l - openssl096 0.9.6m-1 [16 Mar 2004] DSA-464 gdk-pixbuf - broken image handling - {CAN-2004-0111} + {CVE-2004-0111} - gdk-pixbuf 0.22.0-3 [12 Mar 2004] DSA-463 samba - privilege escalation - {CAN-2004-0186} + {CVE-2004-0186} - samba 3.0.2-2 [12 Mar 2004] DSA-462 xitalk - missing privilege release - {CAN-2004-0151} + {CVE-2004-0151} - xitalk 1.1.11-11 [11 Mar 2004] DSA-461 calife - buffer overflow - {CAN-2004-0188} + {CVE-2004-0188} - calife 2.8.6-1 [10 Mar 2004] DSA-460 sysstat - insecure temporary file - {CAN-2004-0108} + {CVE-2004-0108} - sysstat 5.0.2-1 [10 Mar 2004] DSA-459 kdelibs - cookie path traversal - {CAN-2003-0592} + {CVE-2003-0592} - kdelibs 4:3.1.3-1 [09 Mar 2004] DSA-458 python2.2 - buffer overflow - {CAN-2004-0150} + {CVE-2004-0150} NOTE: not affected according to DSA [08 Mar 2004] DSA-457 wu-ftpd - several vulnerabilities - {CAN-2004-0148 CAN-2004-0185} + {CVE-2004-0148 CVE-2004-0185} - wu-ftpd 2.6.2-17.1 [06 Mar 2004] DSA-456 linux-kernel-2.2.19-arm - failing function and TLB flush - {CAN-2004-0077} + {CVE-2004-0077} NOTE: 2.2.19 not present. Did not check newer kernels. [03 Mar 2004] DSA-455 libxml - buffer overflows - {CAN-2004-0110} + {CVE-2004-0110} - libxml 1:1.8.17-5 - libxml2 2.6.6-1 [02 Mar 2004] DSA-454 linux-kernel-2.2.22-alpha - failing function and TLB flush - {CAN-2004-0077} + {CVE-2004-0077} NOTE: 2.2.22 not present. Did not check newer kernels. [02 Mar 2004] DSA-453 linux-kernel-2.2.20-i386+m68k+powerpc - failing function and TLB flush - {CAN-2004-0077} + {CVE-2004-0077} NOTE: 2.2.20 not present. Did not check newer kernels. [29 Feb 2004] DSA-452 libapache-mod-python - denial of service - {CAN-2003-0973} + {CVE-2003-0973} - libapache-mod-python 2:2.7.10-1 [27 Feb 2004] DSA-451 xboing - buffer overflows - {CAN-2004-0149} + {CVE-2004-0149} - xboing 2.4-26.1 (bug #174924) [27 Feb 2004] DSA-450 linux-kernel-2.4.19-mips - several vulnerabilities - {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077} + {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077} NOTE: 2.4.19 not present. Did not check newer kernels. [24 Feb 2004] DSA-449 metamail - buffer overflow, format string bugs - {CAN-2004-0104 CAN-2004-0105} + {CVE-2004-0104 CVE-2004-0105} - metamail 2.7-45.2 [22 Feb 2004] DSA-448 pwlib - several vulnerabilities - {CAN-2004-0097} + {CVE-2004-0097} - pwlib 1.5.2-4 [22 Feb 2004] DSA-447 hsftp - format string - {CAN-2004-0159} + {CVE-2004-0159} - hsftp 1.15-1 [21 Feb 2004] DSA-446 synaesthesia - insecure file creation - {CAN-2004-0160} + {CVE-2004-0160} NOTE: DSA notes not setuid anymore so ok [21 Feb 2004] DSA-445 lbreakout2 - buffer overflow - {CAN-2004-0158} + {CVE-2004-0158} - lbreakout2 2.4 [20 Feb 2004] DSA-444 linux-kernel-2.4.17-ia64 - missing function return value check - {CAN-2004-0077} + {CVE-2004-0077} NOTE: 2.4.17 not present. Did not check newer kernels. [19 Feb 2004] DSA-443 xfree86 - several vulnerabilities - {CAN-2003-0690} + {CVE-2003-0690} - xfree86 4.3.0-0pre1v2 - {CAN-2004-0083 CAN-2004-0084 CAN-2004-0106} + {CVE-2004-0083 CVE-2004-0084 CVE-2004-0106} - xfree86 4.3.0-1 - {CAN-2004-0093 CAN-2004-0094} + {CVE-2004-0093 CVE-2004-0094} - xfree86 4.2.1-6 [19 Feb 2004] DSA-442 linux-kernel-2.4.17-s390 - several vulnerabilities - {CAN-2003-0001 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364 CAN-2003-0961 CAN-2003-0985 CAN-2004-0077 CVE-2002-0429} + {CVE-2003-0001 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364 CVE-2003-0961 CVE-2003-0985 CVE-2004-0077 CVE-2002-0429} NOTE: 2.4.17 not present. Did not check newer kernels. [18 Feb 2004] DSA-441 linux-kernel-2.4.17-mips+mipsel - missing function return value check - {CAN-2004-0077} + {CVE-2004-0077} NOTE: 2.4.17 not present. Did not check newer kernels. [18 Feb 2004] DSA-440 linux-kernel-2.4.17-powerpc-apus - several vulnerabilities - {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077} + {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077} NOTE: 2.4.17 not present. Did not check newer kernels. [18 Feb 2004] DSA-439 linux-kernel-2.4.16-arm - several vulnerabilities - {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077} + {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077} NOTE: 2.4.16 not present. Did not check newer kernels. [18 Feb 2004] DSA-438 linux-kernel-2.4.18-alpha+i386+powerpc - missing function return value check - {CAN-2004-0077} + {CVE-2004-0077} NOTE: 2.4.17 not present. Did not check newer kernels. [11 Feb 2004] DSA-437 cgiemail - open mail relay - {CAN-2002-1575} + {CVE-2002-1575} - cgiemail 1.6-20 [08 Feb 2004] DSA-436 mailman - several vulnerabilities - {CAN-2003-0991} + {CVE-2003-0991} NOTE: apparently specific to mailman 2.0, not 2.1 - {CAN-2003-0965} + {CVE-2003-0965} - mailman 2.1.4-1 - {CAN-2003-0038} + {CVE-2003-0038} - mailman 2.1.1-1 [06 Feb 2004] DSA-435 mpg123 - heap overflow - {CAN-2003-0865} + {CVE-2003-0865} - mpg123 0.59r-15 [05 Feb 2004] DSA-434 gaim - several vulnerabilities - {CAN-2004-0005 CAN-2004-0006 CAN-2004-0007 CAN-2004-0008} + {CVE-2004-0005 CVE-2004-0006 CVE-2004-0007 CVE-2004-0008} - gaim 1:0.75-2 [04 Feb 2004] DSA-433 kernel-patch-2.4.17-mips - integer overflow - {CAN-2003-0961} + {CVE-2003-0961} NOTE: 2.4.17 not present. Did not check newer kernels. [03 Feb 2004] DSA-432 crawl - buffer overflow - {CAN-2004-0103} + {CVE-2004-0103} - crawl 1:4.0.0beta26-4 [01 Feb 2004] DSA-431 perl - information leak - {CAN-2003-0618} + {CVE-2003-0618} - perl 5.8.3-3 [28 Jan 2004] DSA-430 trr19 - missing privilege release - {CAN-2004-0047} + {CVE-2004-0047} - trr19 1.0beta5-17.1 (bug #264702) [26 Jan 2004] DSA-429 gnupg - cryptographic weakness - {CAN-2003-0971} + {CVE-2003-0971} - gnupg 1.2.4-1 [20 Jan 2004] DSA-428 slocate - buffer overflow - {CAN-2003-0848} + {CVE-2003-0848} - slocate 2.7-3 [19 Jan 2004] DSA-427 linux-kernel-2.4.17-mips+mipsel - missing boundary check - {CAN-2003-0985} + {CVE-2003-0985} NOTE: 2.4.17 not present. Did not check newer kernels. [18 Jan 2004] DSA-426 netpbm-free - insecure temporary files - {CAN-2003-0924} + {CVE-2003-0924} - netpbm-free 2:9.25-9 [16 Jan 2004] DSA-425 tcpdump - multiple vulnerabilities - {CAN-2003-1029 CAN-2003-0989 CAN-2004-0055 CAN-2004-0057} + {CVE-2003-1029 CVE-2003-0989 CVE-2004-0055 CVE-2004-0057} TODO: No idea if this is fixed, we have a new upstream version TODO: that came out after these advisories, but neither the debian nor TODO: the upstream changelog seem to mention them. NOTE: Mailed maintainer. [16 Jan 2004] DSA-424 mc - buffer overflow - {CAN-2003-1023} + {CVE-2003-1023} - mc 1:4.6.0-4.6.1-pre1-1 [15 Jan 2004] DSA-423 linux-kernel-2.4.17-ia64 - several vulnerabilities - {CAN-2003-0001 CAN-2003-0018 CAN-2003-0127 CAN-2003-0461 CAN-2003-0462 CAN-2003-0476 CAN-2003-0501 CAN-2003-0550 CAN-2003-0551 CAN-2003-0552 CAN-2003-0961 CAN-2003-0985} + {CVE-2003-0001 CVE-2003-0018 CVE-2003-0127 CVE-2003-0461 CVE-2003-0462 CVE-2003-0476 CVE-2003-0501 CVE-2003-0550 CVE-2003-0551 CVE-2003-0552 CVE-2003-0961 CVE-2003-0985} NOTE: 2.4.17 not present. Did not check newer kernels. [13 Jan 2004] DSA-422 cvs - remote vulnerability - cvs 1:1.11.11 [12 Jan 2004] DSA-421 mod-auth-shadow - password expiration - {CAN-2004-0041} + {CVE-2004-0041} - mod-auth-shadow 1.4-1 [12 Jan 2004] DSA-420 jitterbug - improperly sanitised input - {CAN-2004-0028} + {CVE-2004-0028} - jitterbug 1.6.2-4.5 [09 Jan 2004] DSA-419 phpgroupware - missing filename sanitising, SQL injection - {CAN-2004-0016 CAN-2004-0017} + {CVE-2004-0016 CVE-2004-0017} - phpgroupware 0.9.14.007-4 [07 Jan 2004] DSA-418 vbox3 - privilege leak - {CAN-2004-0015} + {CVE-2004-0015} - vbox3 0.1.8 [07 Jan 2004] DSA-417 linux-kernel-2.4.18-powerpc+alpha - missing boundary check - {CAN-2003-0961 CAN-2003-0985} + {CVE-2003-0961 CVE-2003-0985} NOTE: 2.4.18 not present. Did not check newer kernels. [06 Jan 2004] DSA-416 fsp - buffer overflow, directory traversal - {CAN-2003-1022 CAN-2004-0011} + {CVE-2003-1022 CVE-2004-0011} - fsp 2.81.b18-1 [06 Jan 2004] DSA-415 zebra - denial of service - {CAN-2003-0795 CAN-2003-0858} + {CVE-2003-0795 CVE-2003-0858} - quagga 0.96.4x-4 [06 Jan 2004] DSA-414 jabber - denial of service - {CAN-2004-0013} + {CVE-2004-0013} - jabber 1.4.3-1 [06 Jan 2004] DSA-413 linux-kernel-2.4.18 - missing boundary check - {CAN-2003-0985} + {CVE-2003-0985} NOTE: 2.4.18 not present. Did not check newer kernels. [05 Jan 2004] DSA-412 nd - buffer overflows - {CAN-2004-0014} + {CVE-2004-0014} - nd 0.8.2-1 [05 Jan 2004] DSA-411 mpg321 - format string vulnerability - {CAN-2003-0969} + {CVE-2003-0969} - mpg321 0.2.10.3 [05 Jan 2004] DSA-410 libnids - buffer overflow - {CAN-2003-0850} + {CVE-2003-0850} - libnids 1.18-1 [05 Jan 2004] DSA-409 bind - denial of service - {CAN-2003-0914} + {CVE-2003-0914} - bind 1:8.4.3-1 [05 Jan 2004] DSA-408 screen - integer overflow - {CAN-2003-0972} + {CVE-2003-0972} - screen 4.0.2-0.1 [05 Jan 2004] DSA-407 ethereal - buffer overflows - {CAN-2003-0925 CAN-2003-0926 CAN-2003-0927 CAN-2003-1012 CAN-2003-1013} + {CVE-2003-0925 CVE-2003-0926 CVE-2003-0927 CVE-2003-1012 CVE-2003-1013} - ethereal 0.10.0-1 [05 Jan 2004] DSA-406 lftp - buffer overflow - lftp 2.6.10-1 [30 Dec 2003] DSA-405 xsok - missing privilege release - {CAN-2003-0949} + {CVE-2003-0949} - xsok 1.02-11 [04 Dec 2003] DSA-404 rsync - heap overflow - {CAN-2003-0962} + {CVE-2003-0962} - rsync 2.5.6-1.1 [01 Dec 2003] DSA-403 kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18 - local root exploit - {CAN-2003-0961} + {CVE-2003-0961} NOTE: 2.4.18 not present in sarge, did not check newer kernels. [17 Nov 2003] DSA-402 minimalist - unsanitised input - {CAN-2003-0902} + {CVE-2003-0902} - minimalist 2.4-1 [17 Nov 2003] DSA-401 hylafax - format strings - {CAN-2003-0886} + {CVE-2003-0886} - hylafax 1:4.1.8-1 [11 Nov 2003] DSA-400 omega-rpg - buffer overflow - {CAN-2003-0932} + {CVE-2003-0932} - omega-rpg 1:0.90-pa9-11 [10 Nov 2003] DSA-399 epic4 - buffer overflow - {CAN-2003-0328} + {CVE-2003-0328} - epic4 1:1.1.11.20030409-2 [10 Nov 2003] DSA-398 conquest - buffer overflow - {CAN-2003-0933} + {CVE-2003-0933} - conquest 7.2-5 [07 Nov 2003] DSA-397 postgresql - buffer overflow - {CAN-2003-0901} + {CVE-2003-0901} - postgresql 7.3.4 [29 Oct 2003] DSA-396 thttpd - missing input sanitizing, wrong calculation - {CAN-2002-1562 CAN-2003-0899} + {CVE-2002-1562 CVE-2003-0899} - thttpd 2.23beta1-2.3 (bug #216677) [15 Oct 2003] DSA-395 tomcat4 - incorrect input handling - {CAN-2003-0866} + {CVE-2003-0866} - tomcat4 4.1.24-2 NOTE: another RC (unreproducible?) bug and missing deps (#263201) NOTE: are keeping the fix out of testing [11 Oct 2003] DSA-394 openssl095 - ASN.1 parsing vulnerability - {CAN-2003-0543 CAN-2003-0544 CAN-2003-0545} + {CVE-2003-0543 CVE-2003-0544 CVE-2003-0545} - openssl 0.9.7c - openssl096 0.9.6k [01 Oct 2003] DSA-393 openssl - denial of service - {CAN-2003-0543 CAN-2003-0544 CAN-2003-0545} + {CVE-2003-0543 CVE-2003-0544 CVE-2003-0545} - openssl 0.9.7c - openssl096 0.9.6k [29 Sep 2003] DSA-392 webfs - buffer overflows, file and directory exposure - {CAN-2003-0832 CAN-2003-0833} + {CVE-2003-0832 CVE-2003-0833} - webfs 1.20 [28 Sep 2003] DSA-391 freesweep - buffer overflow - {CAN-2003-0828} + {CVE-2003-0828} - freesweep 0.88-4.1 [26 Sep 2003] DSA-390 marbles - buffer overflow - {CAN-2003-0830} + {CVE-2003-0830} NOTE: not present in sid, sarge [20 Sep 2003] DSA-389 ipmasq - insecure packet filtering rules - {CAN-2003-0785} + {CVE-2003-0785} - ipmasq 3.5.12 [19 Sep 2003] DSA-388 kdebase - several vulnerabilities - {CAN-2003-0690 CAN-2003-0692} + {CVE-2003-0690 CVE-2003-0692} - kdebase 4:3.2 [18 Sep 2003] DSA-387 gopher - buffer overflows - {CAN-2003-0805} + {CVE-2003-0805} - gopher 3.0.6 [18 Sep 2003] DSA-386 libmailtools-perl - input validation bug - {CAN-2002-1271} + {CVE-2002-1271} - libmailtools-perl 1.51 (bug #168381) [18 Sep 2003] DSA-385 hztty - buffer overflows - {CAN-2003-0783} + {CVE-2003-0783} - hztty 2.0-6 [17 Sep 2003] DSA-384 sendmail - buffer overflows - {CAN-2003-0681 CAN-2003-0694} + {CVE-2003-0681 CVE-2003-0694} - sendmail 8.12.10-1 [17 Sep 2003] DSA-383 ssh-krb5 - possible remote vulnerability - {CAN-2003-0693} - {CAN-2003-0695} - {CAN-2003-0682} + {CVE-2003-0693} + {CVE-2003-0695} + {CVE-2003-0682} TODO: Screwy changelog does not make sense. Filed bug. [16 Sep 2003] DSA-382 ssh - possible remote vulnerability - {CAN-2003-0693} + {CVE-2003-0693} - openssh 1:3.6.1p2-6.0 - {CAN-2003-0695} + {CVE-2003-0695} - openssh 1:3.7.1 - {CAN-2003-0682} + {CVE-2003-0682} - openssh 1:3.6.1p2-9 [13 Sep 2003] DSA-381 mysql - buffer overflow - {CAN-2003-0780} + {CVE-2003-0780} - mysql-dfsg 4.0.15-1 [12 Sep 2003] DSA-380 xfree86 - buffer overflows, denial of service - {CAN-2003-0063} + {CVE-2003-0063} - xfree86 4.2.1-11 - {CAN-2003-0071} + {CVE-2003-0071} - xfree86 4.2.1-11 - {CAN-2002-0164} + {CVE-2002-0164} - xfree86 4.2.1-11 - {CAN-2003-0730} + {CVE-2003-0730} - xfree86 4.2.1-12 [11 Sep 2003] DSA-379 sane-backends - several vulnerabilities - {CAN-2003-0773 CAN-2003-0774 CAN-2003-0775 CAN-2003-0776 CAN-2003-0777 CAN-2003-0778} + {CVE-2003-0773 CVE-2003-0774 CVE-2003-0775 CVE-2003-0776 CVE-2003-0777 CVE-2003-0778} - sane-backends 1.0.11-1 [07 Sep 2003] DSA-378 mah-jong - buffer overflows, denial of service - {CAN-2003-0705 CAN-2003-0706} + {CVE-2003-0705 CVE-2003-0706} - mah-jong 1.5.6-2 [04 Sep 2003] DSA-377 wu-ftpd - insecure program execution {CVE-1999-0997} - wu-ftpd 2.6.2-15 [04 Sep 2003] DSA-376 exim - buffer overflow - {CAN-2003-0743} + {CVE-2003-0743} - exim 3.36-8 [29 Aug 2003] DSA-375 node - buffer overflow, format string - {CAN-2003-0707 CAN-2003-0708} + {CVE-2003-0707 CVE-2003-0708} - node 0.3.2-1 [26 Aug 2003] DSA-374 libpam-smb - buffer overflow - {CAN-2003-0686} + {CVE-2003-0686} NOTE: not in sid/sarge [16 Aug 2003] DSA-373 autorespond - buffer overflow - {CAN-2003-0654} + {CVE-2003-0654} - autorespond 2.0.4-1 [16 Aug 2003] DSA-372 netris - buffer overflow - {CAN-2003-0685} + {CVE-2003-0685} - netris 0.52-1 [11 Aug 2003] DSA-371 perl - cross-site scripting - {CAN-2003-0615} + {CVE-2003-0615} - perl 5.8.0-19 [08 Aug 2003] DSA-370 pam-pgsql - format string - {CAN-2003-0672} + {CVE-2003-0672} - pam-pgsql 0.5.2-7 [08 Aug 2003] DSA-369 zblast - buffer overflow - {CAN-2003-0613} + {CVE-2003-0613} - zblast 1.2.1-7 [08 Aug 2003] DSA-368 xpcd - buffer overflow - {CAN-2003-0649} + {CVE-2003-0649} - xpcd 2.08-9 [08 Aug 2003] DSA-367 xtokkaetama - buffer overflow - {CAN-2003-0652} + {CVE-2003-0652} - xtokkaetama 1.0b-9 [05 Aug 2003] DSA-366 eroaster - insecure temporary file - {CAN-2003-0656} + {CVE-2003-0656} - eroaster 2.2.0-0.5-1 [05 Aug 2003] DSA-365 phpgroupware - several vulnerabilities - {CAN-2003-0504 CAN-2003-0599 CAN-2003-0657} + {CVE-2003-0504 CVE-2003-0599 CVE-2003-0657} - phpgroupware 0.9.14.007-1 [04 Aug 2003] DSA-364 man-db - buffer overflows, arbitrary command execution - {CAN-2003-0620 CAN-2003-0645} + {CVE-2003-0620 CVE-2003-0645} - man-db 2.4.1-13 [03 Aug 2003] DSA-363 postfix - denial of service, bounce-scanning - {CAN-2003-0468 CAN-2003-0540} + {CVE-2003-0468 CVE-2003-0540} - postfix 1.1.12 [02 Aug 2003] DSA-362 mindi - insecure temporary file - {CAN-2003-0617} + {CVE-2003-0617} - mindi 0.86-1 [01 Aug 2003] DSA-361 kdelibs, kdelibs-crypto - several vulnerabilities - {CAN-2003-0459 CAN-2003-0370} + {CVE-2003-0459 CVE-2003-0370} - kdelibs 4:3.1.3-1 [01 Aug 2003] DSA-360 xfstt - several vulnerabilities - {CAN-2003-0581} + {CVE-2003-0581} - xfstt 1.5-1 - {CAN-2003-0625} + {CVE-2003-0625} - xfstt 1.5.1-1 [31 Jul 2003] DSA-359 atari800 - buffer overflows - {CAN-2003-0630} + {CVE-2003-0630} - atari800 1.3.1-2 [31 Jul 2003] DSA-358 linux-kernel-2.4.18 - several vulnerabilities - {CAN-2003-0461 CAN-2003-0462 CAN-2003-0476 CAN-2003-0501 CAN-2003-0550 CAN-2003-0551 CAN-2003-0552 CAN-2003-0018 CAN-2003-0619 CAN-2003-0643} + {CVE-2003-0461 CVE-2003-0462 CVE-2003-0476 CVE-2003-0501 CVE-2003-0550 CVE-2003-0551 CVE-2003-0552 CVE-2003-0018 CVE-2003-0619 CVE-2003-0643} NOTE: 2.4.18/2.4.20 not in unstable/testing. Did not check newer ones. [31 Jul 2003] DSA-357 wu-ftpd - remote root exploit - {CAN-2003-0466} + {CVE-2003-0466} - wu-ftpd 2.6.2-12 [30 Jul 2003] DSA-356 xtokkaetama - buffer overflows - {CAN-2003-0611} + {CVE-2003-0611} - xtokkaetama 1.0b-8 [30 Jul 2003] DSA-355 gallery - cross-site scripting - {CAN-2003-0614} + {CVE-2003-0614} - gallery 1.3.4-3 [29 Jul 2003] DSA-354 xconq - buffer overflows - {CAN-2003-0607} + {CVE-2003-0607} - xconq 7.4.1-2.1 (bug #202963) [29 Jul 2003] DSA-353 sup - insecure temporary file - {CAN-2003-0606} + {CVE-2003-0606} - sup 1.8-9 [22 Jul 2003] DSA-352 fdclone - insecure temporary directory - {CAN-2003-0596} + {CVE-2003-0596} - fdclone 2.04-1 [16 Jul 2003] DSA-351 php4 - cross-site scripting - {CAN-2003-0442} + {CVE-2003-0442} - php4 4:4.3.2+rc3-1 [15 Jul 2003] DSA-350 falconseye - buffer overflow - {CAN-2003-0358} + {CVE-2003-0358} NOTE: not in testing, fixed in unstable - falconseye 1.9.3-9 [14 Jul 2003] DSA-349 nfs-utils - buffer overflow - {CAN-2003-0252} + {CVE-2003-0252} - nfs-utils 1:1.0.3-2 [11 Jul 2003] DSA-348 traceroute-nanog - integer overflow, buffer overflow - {CAN-2003-0453} + {CVE-2003-0453} - traceroute-nanog 6.1.1-1.3 [08 Jul 2003] DSA-347 teapop - SQL injection - {CAN-2003-0515} + {CVE-2003-0515} - teapop 0.3.5-2 [08 Jul 2003] DSA-346 phpsysinfo - directory traversal - {CAN-2003-0536} + {CVE-2003-0536} - phpsysinfo 2.1-1 [08 Jul 2003] DSA-345 xbl - buffer overflow - {CAN-2003-0535} + {CVE-2003-0535} - xbl 1.0k-6 [08 Jul 2003] DSA-344 unzip - directory traversal - {CAN-2003-0282} + {CVE-2003-0282} - unzip 5.50-3 [08 Jul 2003] DSA-343 skk, ddskk - insecure temporary file - {CAN-2003-0539} + {CVE-2003-0539} - skk 10.62a-6 - ddskk 12.1.cvs.20030622-1 [07 Jul 2003] DSA-342 mozart - unsafe mailcap configuration - {CAN-2003-0538} + {CVE-2003-0538} NOTE: mozart is not in sarge - mozart 1.2.5.20030212-2 [07 Jul 2003] DSA-341 liece - insecure temporary file - {CAN-2003-0537} + {CVE-2003-0537} - liece 2.0+0.20030527cvs-1 [06 Jul 2003] DSA-340 x-face-el - insecure temporary file - x-face-el 1.3.6.23-1 [06 Jul 2003] DSA-339 semi - insecure temporary file - {CAN-2003-0440} + {CVE-2003-0440} - semi 1.14.5+20030609-1 (bug #223456) [29 Jun 2003] DSA-338 proftpd - SQL injection - {CAN-2003-0500} + {CVE-2003-0500} - proftpd 1.2.8-8 [29 Jun 2003] DSA-337 gtksee - buffer overflow - {CAN-2003-0444} + {CVE-2003-0444} - gtksee 0.5.6-1 [29 Jun 2003] DSA-336 linux-kernel-2.2.20 - several vulnerabilities - {CAN-2002-1380 CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0364 CAN-2003-0246 CAN-2003-0244 CAN-2003-0247 CAN-2003-0248} + {CVE-2002-1380 CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0364 CVE-2003-0246 CVE-2003-0244 CVE-2003-0247 CVE-2003-0248} - kernel-source-2.2.25 2.2.25-3 NOTE: did not check newer kernels [28 Jun 2003] DSA-335 mantis - incorrect permissions - {CAN-2003-0499} + {CVE-2003-0499} - mantis 0.17.5-6 [28 Jun 2003] DSA-334 xgalaga - buffer overflows - {CAN-2003-0454} + {CVE-2003-0454} - xgalaga 2.0.34-22 [27 Jun 2003] DSA-333 acm - integer overflow {CVE-2002-0391} - acm 5.0-10 [27 Jun 2003] DSA-332 linux-kernel-2.4.17 - several vulnerabilities - {CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364} + {CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364} NOTE: note in the archive, and did not check newer kernels [27 Jun 2003] DSA-331 imagemagick - insecure temporary file - {CAN-2003-0455} + {CVE-2003-0455} - imagemagick 4:5.5.7-1 [23 Jun 2003] DSA-330 tcptraceroute - failure to drop root privileges - {CAN-2003-0489} + {CVE-2003-0489} - tcptraceroute 1.4-4 [20 Jun 2003] DSA-329 osh - buffer overflows - {CAN-2003-0452} + {CVE-2003-0452} - osh 1.7-12 [19 Jun 2003] DSA-328 webfs - buffer overflow - {CAN-2003-0445} + {CVE-2003-0445} - webfs 1.20 [19 Jun 2003] DSA-327 xbl - buffer overflows - {CAN-2003-0451} + {CVE-2003-0451} - xbl 1.0k-5 [19 Jun 2003] DSA-326 orville-write - buffer overflows - {CAN-2003-0441} + {CVE-2003-0441} - orville-write 2.54-1 [19 Jun 2003] DSA-325 eldav - insecure temporary file - {CAN-2003-0438} + {CVE-2003-0438} - eldav 0.7.2-1 [18 Jun 2003] DSA-324 ethereal - several vulnerabilities - {CAN-2003-0428 CAN-2003-0429 CAN-2003-0431 CAN-2003-0432} + {CVE-2003-0428 CVE-2003-0429 CVE-2003-0431 CVE-2003-0432} - ethereal 0.9.13-1. [16 Jun 2003] DSA-323 noweb - insecure temporary files - {CAN-2003-0381} + {CVE-2003-0381} - noweb 2.10c-3.1 (bug #271146) [16 Jun 2003] DSA-322 typespeed - buffer overflow - {CAN-2003-0435} + {CVE-2003-0435} - typespeed 0.4.4 [13 Jun 2003] DSA-321 radiusd-cistron - buffer overflow - {CAN-2003-0450} + {CVE-2003-0450} - radiusd-cistron 1.6.6-2 [13 Jun 2003] DSA-320 mikmod - buffer overflow - {CAN-2003-0427} + {CVE-2003-0427} - mikmod 3.1.6-6 [12 Jun 2003] DSA-319 webmin - session ID spoofing - {CAN-2003-0101} + {CVE-2003-0101} - webmin 1.070-1 [12 Jun 2003] DSA-318 lyskom-server - denial of service - {CAN-2003-0366} + {CVE-2003-0366} - lyskom-server 2.0.7-2 [11 Jun 2003] DSA-317 cupsys - denial of service - {CAN-2003-0195} + {CVE-2003-0195} - cupsys 1.1.19final-1 [11 Jun 2003] DSA-316 nethack - buffer overflow, incorrect permissions - {CAN-2003-0358 CAN-2003-0359} + {CVE-2003-0358 CVE-2003-0359} - nethack 3.4.1-1 - slashem 0.0.6E4F8-6 - jnethack 1.1.5-15 NOTE: DSA contains some strange non-nethack version numbers [11 Jun 2003] DSA-315 gnocatan - buffer overflows, denial of service - {CAN-2003-0433} + {CVE-2003-0433} - gnocatan 0.8.0-1 (bug #328136) - pioneers <not-affected> (bug #328136) NOTE: maintainer confirmed that the security fixes are included [11 Jun 2003] DSA-314 atftp - buffer overflow - {CAN-2003-0380} + {CVE-2003-0380} - atftp 0.6.2 [11 Jun 2003] DSA-313 ethereal - buffer overflows, integer overflows - {CAN-2003-0356 CAN-2003-0357} + {CVE-2003-0356 CVE-2003-0357} - ethereal 0.9.12-1 [09 Jun 2003] DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities - {CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248} + {CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248} NOTE: not in unstable/testing. Did not check other versions. [08 Jun 2003] DSA-311 linux-kernel-2.4.18 - several vulnerabilities - {CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364} + {CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364} NOTE: not in unstable/testing. Did not check other versions. [08 Jun 2003] DSA-310 xaos - improper setuid-root execution - {CAN-2003-0385} + {CVE-2003-0385} - xaos 3.1r-4 [06 Jun 2003] DSA-309 eterm - buffer overflow - {CAN-2003-0382} + {CVE-2003-0382} - eterm 0.9.2-1 [06 Jun 2003] DSA-308 gzip - insecure temporary files - {CVE-1999-1332 CAN-2003-0367} + {CVE-1999-1332 CVE-2003-0367} - gzip 1.3.5-6 [27 May 2003] DSA-307 gps - multiple vulnerabilities - {CAN-2003-0361 CAN-2003-0360 CAN-2003-0362} + {CVE-2003-0361 CVE-2003-0360 CVE-2003-0362} - gps 1.1.0-1 [19 May 2003] DSA-306 ircii-pana - buffer overflows, integer overflow - {CAN-2003-0321 CAN-2003-0322 CAN-2003-0328} + {CVE-2003-0321 CVE-2003-0322 CVE-2003-0328} - ircii-pana 1:1.0-0c19-8 [15 May 2003] DSA-305 sendmail - insecure temporary files - {CAN-2003-0308} + {CVE-2003-0308} - sendmail 8.12.9-2 [15 May 2003] DSA-304 lv - privilege escalation - {CAN-2003-0188} + {CVE-2003-0188} - lv 4.49.5-2 [15 May 2003] DSA-303 mysql - privilege escalation - {CAN-2003-0073} + {CVE-2003-0073} - mysql-dfsg 4.0.12-2 - {CAN-2003-0150} + {CVE-2003-0150} TODO: not sure if this is fixed [07 May 2003] DSA-302 fuzz - privilege escalation - {CAN-2003-0261} + {CVE-2003-0261} - fuzz 0.6-7.1 [07 May 2003] DSA-301 libgtop - buffer overflow - {CAN-2001-0928} + {CVE-2001-0928} - libgtop 1.0.13-4 [06 May 2003] DSA-300 balsa - buffer overflow - {CAN-2003-0167} + {CVE-2003-0167} - balsa 2.0.10 [06 May 2003] DSA-299 leksbot - improper setuid-root execution - {CAN-2003-0262} + {CVE-2003-0262} - leksbot 1.2-5 (bug #186421) [02 May 2003] DSA-298 epic4 - buffer overflows - {CAN-2003-0323} + {CVE-2003-0323} - epic4 1:1.1.11.20030409-1 [01 May 2003] DSA-297 snort - integer overflow, buffer overflow - {CAN-2003-0033 CAN-2003-0209} + {CVE-2003-0033 CVE-2003-0209} - snort 2.0.0-1 [30 Apr 2003] DSA-296 kdebase - insecure execution - {CAN-2003-0204} + {CVE-2003-0204} - kdebase 4:3.1.0-1 [30 Apr 2003] DSA-295 pptpd - buffer overflow - {CAN-2003-0213} + {CVE-2003-0213} - pptpd 1.1.4-0.b3.2 [23 Apr 2003] DSA-294 gkrellm-newsticker - missing quoting, incomplete parser - {CAN-2003-0205 CAN-2003-0206} + {CVE-2003-0205 CVE-2003-0206} NOTE: not in unstable/testing [23 Apr 2003] DSA-293 kdelibs - insecure execution - {CAN-2003-0204} + {CVE-2003-0204} - kdebase 4:3.1.0-1 [22 Apr 2003] DSA-292 mime-support - insecure temporary file creation - {CAN-2003-0214} + {CVE-2003-0214} - mime-support 3.23-1 [22 Apr 2003] DSA-291 ircii - buffer overflows - {CAN-2003-0323} + {CVE-2003-0323} - ircii 20030315-1 [17 Apr 2003] DSA-290 sendmail-wide - char-to-int conversion - {CAN-2003-0161} + {CVE-2003-0161} - sendmail-wide 8.12.9+3.5Wbeta-1 [17 Apr 2003] DSA-289 rinetd - incorrect memory resizing - {CAN-2003-0212} + {CVE-2003-0212} - rinetd 0.61-2 [17 Apr 2003] DSA-288 openssl - several vulnerabilities - {CAN-2003-0147 CAN-2003-0131} + {CVE-2003-0147 CVE-2003-0131} - openssl 0.9.7b-1 - openssl096 0.9.6j-1 [15 Apr 2003] DSA-287 epic - buffer overflows - {CAN-2003-0324} + {CVE-2003-0324} - epic4 1:1.1.11.20030409-1 [14 Apr 2003] DSA-286 gs-common - insecure temporary file - {CAN-2003-0207} + {CVE-2003-0207} - gs-common 0.3.3.1 [14 Apr 2003] DSA-285 lprng - insecure temporary file - {CAN-2003-0136} + {CVE-2003-0136} - lprng 3.8.20-4. [12 Apr 2003] DSA-284 kdegraphics - insecure execution - {CAN-2003-0204} + {CVE-2003-0204} - kdegraphics 4:3.1.0-1 [11 Apr 2003] DSA-283 xfsdump - insecure file creation - {CAN-2003-0173} + {CVE-2003-0173} - xfsdump 2.2.8-1 [09 Apr 2003] DSA-282 glibc - integer overflow - {CAN-2003-0028} + {CVE-2003-0028} - glibc 2.3.1-16 [08 Apr 2003] DSA-281 moxftp - buffer overflow - {CAN-2003-0203} + {CVE-2003-0203} - moxftp 2.2-18.20 [07 Apr 2003] DSA-280 samba - buffer overflow - {CAN-2003-0201 CAN-2003-0196} + {CVE-2003-0201 CVE-2003-0196} - samba 3.0 [07 Apr 2003] DSA-279 metrics - insecure temporary file creation - {CAN-2003-0202} + {CVE-2003-0202} NOTE: note in unstable/testing [04 Apr 2003] DSA-278 sendmail - char-to-int conversion - {CAN-2003-0161} + {CVE-2003-0161} - sendmail 8.12.9-1 [03 Apr 2003] DSA-277 apcupsd - buffer overflows, format string - {CAN-2003-0098 CAN-2003-0099} + {CVE-2003-0098 CVE-2003-0099} - apcupsd 3.8.5-1.2 [03 Apr 2003] DSA-276 linux-kernel-s390 - local privilege escalation - {CAN-2003-0127} + {CVE-2003-0127} NOTE: this version is not in sarge, did not check others [02 Apr 2003] DSA-275 lpr-ppd - buffer overflow - {CAN-2003-0144} + {CVE-2003-0144} - lpr-ppd 1:0.72-3 [28 Mar 2003] DSA-274 mutt - buffer overflow - {CAN-2003-0167} + {CVE-2003-0167} - mutt 1.4.0 [28 Mar 2003] DSA-273 krb4 - Cryptographic weakness - {CAN-2003-0138 CAN-2003-0139} + {CVE-2003-0138 CVE-2003-0139} - krb4 1.2.2-1 [28 Mar 2003] DSA-272 dietlibc - integer overflow - {CAN-2003-0028} + {CVE-2003-0028} - dietlibc 0.22-2 [27 Mar 2003] DSA-271 ecartis - unauthorized password change - {CAN-2003-0162} + {CVE-2003-0162} - ecartis 1.0.0+cvs.20030321-1 [27 Mar 2003] DSA-270 linux-kernel-mips - local privilege escalation - {CAN-2003-0127} + {CVE-2003-0127} NOTE: not in unstable/testing, did not check other versions [26 Mar 2003] DSA-269 heimdal - Cryptographic weakness - {CAN-2003-0138} + {CVE-2003-0138} - heimdal 0.5.2-1 [25 Mar 2003] DSA-268 mutt - buffer overflow - {CAN-2003-0140} + {CVE-2003-0140} - mutt 1.5.4-1 [24 Mar 2003] DSA-267 lpr - buffer overflow - {CAN-2003-0144} + {CVE-2003-0144} - lpr 1:2000.05.07-4.20 [24 Mar 2003] DSA-266 krb5 - several vulnerabilities - {CAN-2003-0028} + {CVE-2003-0028} - krb5 1.3.3-2 NOTE: changelog does not mention this one, verified patch from NOTE: Tom Yu was applied to this version. - {CAN-2003-0072} + {CVE-2003-0072} - krb5 1.2.7-3 NOTE: changelog does not mention this one, verified patch from NOTE: upstream was applied to this version. - {CAN-2003-0082} + {CVE-2003-0082} - krb5 1.3.3-2 - {CAN-2003-0138 VU#623217} + {CVE-2003-0138 VU#623217} - krb5 1.2.7-3 - {CAN-2003-0139 VU#442569} + {CVE-2003-0139 VU#442569} - krb5 1.2.7-3 [21 Mar 2003] DSA-265 bonsai - several vulnerabilities - {CAN-2003-0152 CAN-2003-0153 CAN-2003-0154 CAN-2003-0155} + {CVE-2003-0152 CVE-2003-0153 CVE-2003-0154 CVE-2003-0155} - bonsai 1.3+cvs20030317-1 [19 Mar 2003] DSA-264 lxr - missing filename sanitizing - {CAN-2003-0156} + {CVE-2003-0156} - lxr 0.3-4 [17 Mar 2003] DSA-263 netpbm-free - math overflow errors - {CAN-2003-0146} + {CVE-2003-0146} - netpbm-free 2:9.20-9 [15 Mar 2003] DSA-262 samba - remote exploit - {CAN-2003-0085 CAN-2003-0086} + {CVE-2003-0085 CVE-2003-0086} - samba 2.2.8 [14 Mar 2003] DSA-261 tcpdump - infinite loop - {CAN-2003-0093 CAN-2003-0145} + {CVE-2003-0093 CVE-2003-0145} NOTE: DSA reports sid was not affected, sarge has sid version [13 Mar 2003] DSA-260 file - buffer overflow - {CAN-2003-0102} + {CVE-2003-0102} - file 3.40-1.1 [12 Mar 2003] DSA-259 qpopper - mail user privilege escalation - {CAN-2003-0143} + {CVE-2003-0143} - qpopper 4.0.4-9 [10 Mar 2003] DSA-258 ethereal - format string vulnerability - {CAN-2003-0081} + {CVE-2003-0081} - ethereal 0.9.9-2 [04 Mar 2003] DSA-257 sendmail - remote exploit - {CAN-2002-1337} + {CVE-2002-1337} - sendmail 8.12.8 [28 Feb 2003] DSA-256 mhc - insecure temporary file - {CAN-2003-0120} + {CVE-2003-0120} - mhc 0.25+20030224-1 [27 Feb 2003] DSA-255 tcpdump - infinite loop - {CAN-2003-0108 CAN-2002-0380} + {CVE-2003-0108 CVE-2002-0380} - tcpdump 3.7.1-1.2 [27 Feb 2003] DSA-254 traceroute-nanog - buffer overflow - {CAN-2002-1051 CAN-2002-1364 CAN-2002-1386 CAN-2002-1387} + {CVE-2002-1051 CVE-2002-1364 CVE-2002-1386 CVE-2002-1387} - traceroute-nanog 6.3.0-1 [24 Feb 2003] DSA-253 openssl - information leak - {CAN-2003-0078} + {CVE-2003-0078} - openssl 0.9.7a-1 [21 Feb 2003] DSA-252 slocate - buffer overflow - {CAN-2003-0056} + {CVE-2003-0056} - slocate 2.7-1 [14 Feb 2003] DSA-251 w3m - missing HTML quoting - {CAN-2002-1335 CAN-2002-1348} + {CVE-2002-1335 CVE-2002-1348} - w3m 0.3.2.2-1 [12 Feb 2003] DSA-250 w3mmee-ssl - missing HTML quoting - {CAN-2002-1335 CAN-2002-1348} + {CVE-2002-1335 CVE-2002-1348} NOTE: not in sid/sarge [11 Feb 2003] DSA-249 w3mmee - missing HTML quoting - {CAN-2002-1335 CAN-2002-1348} + {CVE-2002-1335 CVE-2002-1348} - w3mmee 0.3.p24.17-3 [31 Jan 2003] DSA-248 hypermail - buffer overflows - {CAN-2003-0057} + {CVE-2003-0057} - hypermail 2.1.6-1 [30 Jan 2003] DSA-247 courier-ssl - missing input sanitizing - {CAN-2003-0040} + {CVE-2003-0040} - courier 0.40.2-3 [29 Jan 2003] DSA-246 tomcat - information exposure, cross site scripting - {CAN-2003-0042 CAN-2003-0043 CAN-2003-0044} + {CVE-2003-0042 CVE-2003-0043 CVE-2003-0044} NOTE: tomcat not in sid/sarge NOTE: tomcat4 not affected [28 Jan 2003] DSA-245 dhcp3 - ignored counter boundary - {CAN-2003-0039} + {CVE-2003-0039} - dhcp3 1.1.2-1 [27 Jan 2003] DSA-244 noffle - buffer overflows - {CAN-2003-0037} + {CVE-2003-0037} - noffle 1.1.2-1 [24 Jan 2003] DSA-243 kdemultimedia - several vulnerabilities - {CAN-2002-1393} + {CVE-2002-1393} - kdemultimedia 4:3.1 [24 Jan 2003] DSA-242 kdebase - several vulnerabilities - {CAN-2002-1393} + {CVE-2002-1393} - kdebase 4:3.1 [24 Jan 2003] DSA-241 kdeutils - several vulnerabilities - {CAN-2002-1393} + {CVE-2002-1393} - kdeutils 4:3.1 [23 Jan 2003] DSA-240 kdegames - several vulnerabilities - {CAN-2002-1393} + {CVE-2002-1393} - kdegames 4:3.1 [23 Jan 2003] DSA-239 kdesdk - several vulnerabilities - {CAN-2002-1393} + {CVE-2002-1393} - kdesdk 4:3.1 [23 Jan 2003] DSA-238 kdepim - several vulnerabilities - {CAN-2002-1393} + {CVE-2002-1393} - kdepim 4:3.1 [22 Jan 2003] DSA-237 kdenetwork - several vulnerabilities - {CAN-2002-1393} + {CVE-2002-1393} - kdenetwork 4:3.1 [22 Jan 2003] DSA-236 kdelibs - several vulnerabilities - {CAN-2002-1393} + {CVE-2002-1393} - kdelibs 4:3.1 [22 Jan 2003] DSA-235 kdegraphics - several vulnerabilities - {CAN-2002-1393} + {CVE-2002-1393} - kdegraphics 4:3.1 [22 Jan 2003] DSA-234 kdeadmin - several vulnerabilities - {CAN-2002-1393} + {CVE-2002-1393} - kdeadmin 4:3.1 [21 Jan 2003] DSA-233 cvs - doubly freed memory - {CAN-2003-0015} + {CVE-2003-0015} - cvs 1.11.2-5.1 [20 Jan 2003] DSA-232 cupsys - several vulnerabilities - {CAN-2002-1366 CAN-2002-1367 CAN-2002-1368 CAN-2002-1369 CAN-2002-1371 CAN-2002-1372 CAN-2002-1383 CAN-2002-1384} + {CVE-2002-1366 CVE-2002-1367 CVE-2002-1368 CVE-2002-1369 CVE-2002-1371 CVE-2002-1372 CVE-2002-1383 CVE-2002-1384} - cupsys 1.1.18-1 [17 Jan 2003] DSA-231 dhcp3 - stack overflows - {CAN-2003-0026} + {CVE-2003-0026} - dhcp3 3.0+3.0.1rc11-1 [16 Jan 2003] DSA-230 bugzilla - insecure permissions, spurious backup files NOTE: not in testing due to 3 newer security holes - {CAN-2003-0012} + {CVE-2003-0012} - bugzilla 2.16.2 - {CAN-2003-0013} + {CVE-2003-0013} - bugzilla 2.16.2 [15 Jan 2003] DSA-229 imp - SQL injection - {CAN-2003-0025} + {CVE-2003-0025} NOTE: I think imp3 is ok. [14 Jan 2003] DSA-228 libmcrypt - buffer overflows and memory leak - {CAN-2003-0031 CAN-2003-0032} + {CVE-2003-0031 CVE-2003-0032} - libmcrypt 2.5.5-1 [13 Jan 2003] DSA-227 openldap2 - buffer overflows and other bugs - {CAN-2002-1378 CAN-2002-1379 CAN-2002-1508} + {CVE-2002-1378 CVE-2002-1379 CVE-2002-1508} - openldap2 2.0.27-3 [10 Jan 2003] DSA-226 xpdf-i - integer overflow - {CAN-2002-1384} + {CVE-2002-1384} - xpdf 2.01-2 [09 Jan 2003] DSA-225 tomcat4 - source disclosure - {CAN-2002-1394} + {CVE-2002-1394} - tomcat4 4.1.16-1 NOTE: another RC (unreproducible?) bug and missing deps (#263201) NOTE: are keeping the fix out of testing NOTE: this is the second unfixed security hole in tomcat4 in testing.. [08 Jan 2003] DSA-224 canna - buffer overflow and more - {CAN-2002-1158 CAN-2002-1159} + {CVE-2002-1158 CVE-2002-1159} - canna 3.6p1-1 [07 Jan 2003] DSA-223 geneweb - information exposure - {CAN-2002-1390} + {CVE-2002-1390} - geneweb 4.09-1 [06 Jan 2003] DSA-222 xpdf - integer overflow - {CAN-2002-1384} + {CVE-2002-1384} - xpdf 2.01-2 [03 Jan 2003] DSA-221 mhonarc - cross site scripting - {CAN-2002-1388} + {CVE-2002-1388} - mhonarc 2.5.14-1 [02 Jan 2003] DSA-220 squirrelmail - cross site scripting - {CAN-2002-1341} + {CVE-2002-1341} - squirrelmail 1:1.3.2-2 ------- These processed by Djoumé SALVETTI <salvetti@crans.org> ----- [31 Dec 2002] DSA-219 dhcpcd - remote command execution - {CAN-2002-1403} + {CVE-2002-1403} - dhcpcd 1:1.3.22pl2-2 [30 Dec 2002] DSA-218 bugzilla - cross site scripting NOTE: not in testing, fixed in unstable (bugzilla 2.16.2-1). [27 Dec 2002] DSA-217 typespeed - buffer overflow - {CAN-2002-1389} + {CVE-2002-1389} - typespeed 0.4.2-2 [24 Dec 2002] DSA-216 fetchmail - buffer overflow - {CAN-2002-1365} + {CVE-2002-1365} - fetchmail 6.2.0-1 [23 Dec 2002] DSA-215 cyrus-imapd - buffer overflow - {CAN-2002-1580} + {CVE-2002-1580} - cyrus-imapd 1.5.19-9.10 [20 Dec 2002] DSA-214 kdnetwork - buffer overflows - {CAN-2002-1306} + {CVE-2002-1306} - kdenetwork 4:2.2.2-14.20 NOTE: there is a typo in the DSA, the name of the package is kdenetwork. [19 Dec 2002] DSA-213 libpng - buffer overflow - {CAN-2002-1363} + {CVE-2002-1363} - libpng 1.0.12-7 - libpng3 1.2.5-8 [17 Dec 2002] DSA-212 mysql - multiple problems - {CAN-2002-1373 CAN-2002-1374 CAN-2002-1375 CAN-2002-1376} + {CVE-2002-1373 CVE-2002-1374 CVE-2002-1375 CVE-2002-1376} - mysql-dfsg 4.0.7.gamma-1 [13 Dec 2002] DSA-211 micq - denial of service - {CAN-2002-1362} + {CVE-2002-1362} NOTE: not in testing nor unstable (was fixed in 0.4.9.4-1) [13 Dec 2002] DSA-210 lynx - CRLF injection - {CAN-2002-1405} + {CVE-2002-1405} - lynx 2.8.4.1b-4 NOTE: lynx-ssl not in testing nor unstable. [12 Dec 2002] DSA-209 wget - directory traversal - {CAN-2002-1344} + {CVE-2002-1344} - wget 1.8.2-8 [12 Dec 2002] DSA-208 perl - broken safe compartment - {CAN-2002-1323} + {CVE-2002-1323} - perl 5.8.0-14 [11 Dec 2002] DSA-207 tetex-bin - arbitrary command execution - {CAN-2002-0836} + {CVE-2002-0836} - tetex-bin 1.0.7+20021025-4 [10 Dec 2002] DSA-206 tcpdump - denial of service - {CAN-2002-1350} + {CVE-2002-1350} - tcpdump 3.7.2-1 [10 Dec 2002] DSA-205 gtetrinet - buffer overflow - gtetrinet 0.4.4-1 NOTE: no CAN not CVE for this one [05 Dec 2002] DSA-204 kdelibs - arbitrary program execution - {CAN-2002-1281 CAN-2002-1282} + {CVE-2002-1281 CVE-2002-1282} - kdelibs 4:3.1.0-1 [04 Dec 2002] DSA-203 smb2www - arbitrary command execution - {CAN-2002-1342} + {CVE-2002-1342} - smb2www 980804-17 [03 Dec 2002] DSA-202 im - insecure temporary files - {CAN-2002-1395} + {CVE-2002-1395} - im 1:141-20 [02 Dec 2002] DSA-201 freeswan - denial of service - {CAN-2002-0666 VU#459371} + {CVE-2002-0666 VU#459371} - freeswan 1.99-1 [22 Nov 2002] DSA-200 samba - remote exploit - {CAN-2002-1318} + {CVE-2002-1318} - samba 2.99.cvs.20020713-1 [19 Nov 2002] DSA-199 mhonarc - cross site scripting - {CAN-2002-1307} + {CVE-2002-1307} - mhonarc 2.5.13-1 [18 Nov 2002] DSA-198 nullmailer - denial of service - {CAN-2002-1313} + {CVE-2002-1313} - nullmailer 1.00RC5-17 [15 Nov 2002] DSA-197 courier - buffer overflow - {CAN-2002-1311} + {CVE-2002-1311} - courier 0.40.0-1 [14 Nov 2002] DSA-196 bind - several vulnerabilities - {CAN-2002-0029 CAN-2002-1219 CAN-2002-1220 CAN-2002-1221} + {CVE-2002-0029 CVE-2002-1219 CVE-2002-1220 CVE-2002-1221} - bind 1:8.3.3-3 [13 Nov 2002] DSA-195 apache-perl - several vulnerabilities - {CAN-2002-0839 CAN-2002-0840 CAN-2002-0843 CAN-2001-0131 CAN-2002-1233} + {CVE-2002-0839 CVE-2002-0840 CVE-2002-0843 CVE-2001-0131 CVE-2002-1233} - apache-perl 1.3.26-1.1-1.27-3-1 [12 Nov 2002] DSA-194 masqmail - buffer overflows - {CAN-2002-1279} + {CVE-2002-1279} - masqmail 0.2.15-1 [11 Nov 2002] DSA-193 kdenetwork - buffer overflow - {CAN-2002-1247} + {CVE-2002-1247} - kdenetwork 4:2.2.2-14.3 [08 Nov 2002] DSA-192 html2ps - arbitrary code execution - {CAN-2002-1275} + {CVE-2002-1275} - html2ps 1.0b3-2 [07 Nov 2002] DSA-191 squirrelmail - cross site scripting - {CAN-2002-1131 CAN-2002-1132 CAN-2002-1276} + {CVE-2002-1131 CVE-2002-1132 CVE-2002-1276} - squirrelmail 1:1.2.8-1.1 [07 Nov 2002] DSA-190 wmaker - buffer overflow - {CAN-2002-1277} + {CVE-2002-1277} - wmaker 0.80.1-4 [06 Nov 2002] DSA-189 luxman - local root exploit - {CAN-2002-1245} + {CVE-2002-1245} - luxman 0.41-19 [05 Nov 2002] DSA-188 apache-ssl - several vulnerabilities TODO: The DSA is for apache-ssl, but the bug entries are for apache. - {CAN-2002-0839 CAN-2002-0840 CAN-2002-0843} + {CVE-2002-0839 CVE-2002-0840 CVE-2002-0843} - apache 1.3.27-0.1 - {CAN-2001-0131 CAN-2002-1233} + {CVE-2001-0131 CVE-2002-1233} - apache 1.3.27-1 - TODO: CAN-2002-0843 appears to be listed twice in this DSA + TODO: CVE-2002-0843 appears to be listed twice in this DSA TODO: (once with NO-CAN) [04 Nov 2002] DSA-187 apache - several vulnerabilities - {CAN-2002-0839 CAN-2002-0840 CAN-2002-0843} + {CVE-2002-0839 CVE-2002-0840 CVE-2002-0843} - apache 1.3.27-0.1 - {CAN-2001-0131 CAN-2002-1233} + {CVE-2001-0131 CVE-2002-1233} - apache 1.3.27-1 - TODO: CAN-2002-0843 appears to be listed twice in this DSA + TODO: CVE-2002-0843 appears to be listed twice in this DSA TODO: (once with NO-CAN) [01 Nov 2002] DSA-186 log2mail - buffer overflow - {CAN-2002-1251} + {CVE-2002-1251} - log2mail 0.2.6-1 [31 Oct 2002] DSA-185 heimdal - buffer overflow - {CAN-2002-1235} + {CVE-2002-1235} - heimdal 0.4e-22 [30 Oct 2002] DSA-184 krb4 - buffer overflow - {CAN-2002-1235} + {CVE-2002-1235} - krb4 1.1-11-8 [29 Oct 2002] DSA-183 krb5 - buffer overflow - {CAN-2002-1235} + {CVE-2002-1235} - krb5 1.2.6-2 [28 Oct 2002] DSA-182 kdegraphics - buffer overflow - {CAN-2002-0838} + {CVE-2002-0838} - kdegraphics 4:2.2.2-6.9 [22 Oct 2002] DSA-181 libapache-mod-ssl - cross site scripting - {CAN-2002-1157} + {CVE-2002-1157} - libapache-mod-ssl 2.8.9-2.3 [21 Oct 2002] DSA-180 nis - information leak - {CAN-2002-1232} + {CVE-2002-1232} - nis 3.9-6.2 [18 Oct 2002] DSA-179 gnome-gv - buffer overflow - {CAN-2002-0838} + {CVE-2002-0838} - gnome-gv 1.99.7-9 [17 Oct 2002] DSA-178 heimdal - remote command execution - {CAN-2002-1225 CAN-2002-1226} + {CVE-2002-1225 CVE-2002-1226} - heimdal 0.4e-21 [17 Oct 2002] DSA-177 pam - serious security violation - {CAN-2002-1227} + {CVE-2002-1227} - pam 0.76-6 [16 Oct 2002] DSA-176 gv - buffer overflow - {CAN-2002-0838} + {CVE-2002-0838} - gv 1:3.5.8-27 [15 Oct 2002] DSA-175 syslog-ng - buffer overflow - {CAN-2002-1200} + {CVE-2002-1200} - syslog-ng 1.5.21-1 [14 Oct 2002] DSA-174 heartbeat - buffer overflow - {CAN-2002-1215} + {CVE-2002-1215} - heartbeat 0.4.9.2-1 [09 Oct 2002] DSA-173 bugzilla - privilege escalation - {CAN-2002-1196} + {CVE-2002-1196} NOTE: not in testing, fixed in unstable (bugzilla 2.16.0-2.1) [08 Oct 2002] DSA-172 tkmail - insecure temporary files - {CAN-2002-1193} + {CVE-2002-1193} NOTE: not in testing nor unstable (was fixed in 4.0beta9-9) [07 Oct 2002] DSA-171 fetchmail - buffer overflows - {CAN-2002-1175 CAN-2002-1174} + {CVE-2002-1175 CVE-2002-1174} - fetchmail 6.1.0-1 NOTE: fetchmail-ssl not in testing, fixed in unstable (fetchmail-ssl 6.1.0-1) [04 Oct 2002] DSA-170 tomcat4 - source code disclosure - {CAN-2002-1148} + {CVE-2002-1148} - tomcat4 4.1.12-1 NOTE: only 4.0.4-4 in testing (which seems to be vulnerable) [25 Sep 2002] DSA-169 htcheck - cross site scripting - {CAN-2002-1195} + {CVE-2002-1195} - htcheck 1:1.1-1.2 [18 Sep 2002] DSA-168 php - bypassing safe_mode, CRLF injection - {CAN-2002-0985 CAN-2002-0986} + {CVE-2002-0985 CVE-2002-0986} - php3 3:3.0.18-23.2 - php4 4:4.2.3-3 NOTE: php3 is not in testing, it seems to be wait for tiff and gcc transition NOTE: and is out of date on alpha and arm [16 Sep 2002] DSA-167 kdelibs - cross site scripting - {CAN-2002-1151} + {CVE-2002-1151} - kdelibs 4:2.2.2-14 NOTE: there is a typo in the DSA that mentionned Konquerer instead of kdelibs [13 Sep 2002] DSA-166 purity - buffer overflows - {CAN-2002-1124} + {CVE-2002-1124} - purity 1-16 [12 Sep 2002] DSA-165 postgresql - buffer overflows - {CAN-2002-0972 CAN-2002-1398 CAN-2002-1400 CAN-2002-1401 CVE-2002-1402} + {CVE-2002-0972 CVE-2002-1398 CVE-2002-1400 CVE-2002-1401 CVE-2002-1402} - postgresql 7.2.2-2 [10 Sep 2002] DSA-164 cacti - arbitrary code execution - {CAN-2002-1477 CAN-2002-1478} + {CVE-2002-1477 CVE-2002-1478} - cacti 0.6.8a-2 [09 Sep 2002] DSA-163 mhonarc - cross site scripting {CVE-2002-0738} - mhonarc 2.5.11-1 [06 Sep 2002] DSA-162 ethereal - buffer overflow - {CAN-2002-0834} + {CVE-2002-0834} - ethereal 0.9.6-1 [04 Sep 2002] DSA-161 mantis - privilege escalation - {CAN-2002-1115 CAN-2002-1116} + {CVE-2002-1115 CVE-2002-1116} - mantis 0.17.5-2 [03 Sep 2002] DSA-160 scrollkeeper - insecure temporary file creation - {CAN-2002-0662} + {CVE-2002-0662} - scrollkeeper 0.3.11-2 [28 Aug 2002] DSA-159 python - insecure temporary files - {CAN-2002-1119} + {CVE-2002-1119} - python2.1 2.1.3-6a - python2.2 2.2.1-8 NOTE: python1.5 not in testing nor unstable (was fixed in 1.5.2-24) @@ -2524,19 +2524,19 @@ {CVE-2002-0989} - gaim 1:0.59.1-2 [23 Aug 2002] DSA-157 irssi-text - denial of service - {CAN-2002-0983} + {CVE-2002-0983} - irssi-text 0.8.5-2 [22 Aug 2002] DSA-156 epic4-script-light - arbitrary script execution {CVE-2002-0984} - epic4-script-light 1:2.7.30p5-2 [17 Aug 2002] DSA-155 kdelibs - privacy escalation with Konqueror - {CAN-2002-0970} + {CVE-2002-0970} - kdelibs 4:2.2.2-14 [15 Aug 2002] DSA-154 fam - privilege escalation {CVE-2002-0875} - fam 2.6.8-1 [14 Aug 2002] DSA-153 mantis - cross site code execution and privilege escalation - {CAN-2002-1114 CAN-2002-1113 CAN-2002-1112 CAN-2002-1111 CAN-2002-1110} + {CVE-2002-1114 CVE-2002-1113 CVE-2002-1112 CVE-2002-1111 CVE-2002-1110} - mantis 0.17.4a-2 [13 Aug 2002] DSA-152 l2tpd - missing random seed {CVE-2002-0872 CVE-2002-0873} @@ -2545,16 +2545,16 @@ {CVE-2002-0871} - xinetd 1:2.3.7-1 [13 Aug 2002] DSA-150 interchange - illegal file exposition - {CAN-2002-0874} + {CVE-2002-0874} - interchange 4.8.6-1 [13 Aug 2002] DSA-149 glibc - integer overflow {CVE-2002-0391} - glibc 2.2.5-13 [12 Aug 2002] DSA-148 hylafax - buffer overflows and format string vulnerabilities - {CVE-2002-1049 CVE-2002-1050 CAN-2001-1034} + {CVE-2002-1049 CVE-2002-1050 CVE-2001-1034} - hylafax 4.1.2-2.1 [08 Aug 2002] DSA-147 mailman - cross-site scripting - {CAN-2002-0388 CAN-2002-0855} + {CVE-2002-0388 CVE-2002-0855} - mailman 2.0.12-1 [08 Aug 2002] DSA-146 dietlibc - integer overflow {CVE-2002-0391} @@ -2572,21 +2572,21 @@ {CVE-2002-0391} - openafs 1.2.6-1 [01 Aug 2002] DSA-141 mpack - buffer overflow - {CAN-2002-1425} + {CVE-2002-1425} - mpack 1.5-9 [05 Aug 2002] DSA-140 libpng - buffer overflow - {CAN-2002-0660 CAN-2002-0728} + {CVE-2002-0660 CVE-2002-0728} - libpng 1.0.12-4 - libpng3 1.2.1-2 [01 Aug 2002] DSA-139 super - format string vulnerability {CVE-2002-0817} - super 3.18.0-3 [01 Aug 2002] DSA-138 gallery - remote exploit - {CAN-2002-1412} + {CVE-2002-1412} - gallery 1.3-3 [30 Jul 2002] DSA-137 mm - insecure temporary files {CVE-2002-0658} - mm 1.1.3-7 [30 Jul 2002] DSA-136 openssl - multiple remote exploits - {CAN-2002-0655 CAN-2002-0656 CAN-2002-0657 CAN-2002-0659} + {CVE-2002-0655 CVE-2002-0656 CVE-2002-0657 CVE-2002-0659} - openssl 0.9.6e-1 diff --git a/data/DTSA/advs/1-kismet.adv b/data/DTSA/advs/1-kismet.adv index 598a2fed20..3ed9ded250 100644 --- a/data/DTSA/advs/1-kismet.adv +++ b/data/DTSA/advs/1-kismet.adv @@ -4,20 +4,20 @@ author: Joey Hess vuln-type: various problem-scope: remote debian-specific: no -cve: CAN-2005-2626 CAN-2005-2627 +cve: CVE-2005-2626 CVE-2005-2627 testing-fix: 2005.08.R1-0.1etch1 sid-fix: 2005.08.R1-1 upgrade: apt-get install kismet Multiple security holes have been discovered in kismet: - CAN-2005-2627 + CVE-2005-2627 Multiple integer underflows in Kismet allow remote attackers to execute arbitrary code via (1) kernel headers in a pcap file or (2) data frame dissection, which leads to heap-based buffer overflows. - CAN-2005-2626 + CVE-2005-2626 Unspecified vulnerability in Kismet allows remote attackers to have an unknown impact via unprintable characters in the SSID. diff --git a/data/DTSA/advs/10-pcre.adv b/data/DTSA/advs/10-pcre.adv index 8eab16540c..e4d535aa8e 100644 --- a/data/DTSA/advs/10-pcre.adv +++ b/data/DTSA/advs/10-pcre.adv @@ -4,7 +4,7 @@ author: Joey Hess vuln-type: buffer overflow problem-scope: remote debian-specific: no -cve: CAN-2005-2491 +cve: CVE-2005-2491 testing-fix: 6.3-0.1etch1 sid-fix: 6.3-1 upgrade: apt-get install libpcre3 diff --git a/data/DTSA/advs/11-maildrop.adv b/data/DTSA/advs/11-maildrop.adv index 5f82766c60..e5f203d17a 100644 --- a/data/DTSA/advs/11-maildrop.adv +++ b/data/DTSA/advs/11-maildrop.adv @@ -4,7 +4,7 @@ author: Andres Salomon vuln-type: local privilege escalation problem-scope: local debian-specific: yes -cve: CAN-2005-2655 +cve: CVE-2005-2655 testing-fix: 1.5.3-1.1etch1 sid-fix: 1.5.3-2 upgrade: apt-get install maildrop diff --git a/data/DTSA/advs/12-vim.adv b/data/DTSA/advs/12-vim.adv index 42aae07e69..93014157ce 100644 --- a/data/DTSA/advs/12-vim.adv +++ b/data/DTSA/advs/12-vim.adv @@ -4,7 +4,7 @@ author: Joey Hess vuln-type: modeline exploits problem-scope: local debian-specifc: no -cve: CAN-2005-2368 +cve: CVE-2005-2368 testing-fix: 1:6.3-085+0.0etch1 sid-fix: 1:6.3-085+1 upgrade: apt-get install vim diff --git a/data/DTSA/advs/13-evolution.adv b/data/DTSA/advs/13-evolution.adv index bd30fe5ec3..f709db2a80 100644 --- a/data/DTSA/advs/13-evolution.adv +++ b/data/DTSA/advs/13-evolution.adv @@ -4,21 +4,21 @@ author: Joey Hess vuln-type: format string vulnerabilities problem-scope: remote debian-specifc: no -cve: CAN-2005-2549 CAN-2005-2550 +cve: CVE-2005-2549 CVE-2005-2550 testing-fix: 2.2.3-2etch1 sid-fix: 2.2.3-3 upgrade: apt-get install evolution Multiple vulnerabilities were discovered in evolution: -CAN-2005-2549 +CVE-2005-2549 Multiple format string vulnerabilities in Evolution allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. -CAN-2005-2550 +CVE-2005-2550 Format string vulnerability in Evolution allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the diff --git a/data/DTSA/advs/14-mozilla.adv b/data/DTSA/advs/14-mozilla.adv index 64f65a2bc9..c059327f4a 100644 --- a/data/DTSA/advs/14-mozilla.adv +++ b/data/DTSA/advs/14-mozilla.adv @@ -4,7 +4,7 @@ author: Joey Hess vuln-type: several problem-scope: remote debian-specifc: no -cve: CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2263 CAN-2005-2265 CAN-2005-2266 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 +cve: CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2263 CVE-2005-2265 CVE-2005-2266 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270 testing-fix: 2:1.7.8-1sarge2 sid-fix: 2:1.7.10-1 upgrade: apt-get install mozilla @@ -15,49 +15,49 @@ basically version 1.7.10 with the version number rolled back, and hence still named 1.7.8. The Common Vulnerabilities and Exposures project identifies the following problems: -CAN-2004-0718, CAN-2005-1937 +CVE-2004-0718, CVE-2005-1937 A vulnerability has been discovered in Mozilla that allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site. -CAN-2005-2260 +CVE-2005-2260 The browser user interface does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user. -CAN-2005-2261 +CVE-2005-2261 XML scripts ran even when Javascript disabled. -CAN-2005-2263 +CVE-2005-2263 It is possible for a remote attacker to execute a callback function in the context of another domain (i.e. frame). -CAN-2005-2265 +CVE-2005-2265 Missing input sanitising of InstallVersion.compareTo() can cause the application to crash. -CAN-2005-2266 +CVE-2005-2266 Remote attackers could steal sensitive information such as cookies and passwords from web sites by accessing data in alien frames. -CAN-2005-2268 +CVE-2005-2268 It is possible for a Javascript dialog box to spoof a dialog box from a trusted site and facilitates phishing attacks. -CAN-2005-2269 +CVE-2005-2269 Remote attackers could modify certain tag properties of DOM nodes that could lead to the execution of arbitrary script or code. -CAN-2005-2270 +CVE-2005-2270 The Mozilla browser family does not properly clone base objects, which allows remote attackers to execute arbitrary code. diff --git a/data/DTSA/advs/15-php4.adv b/data/DTSA/advs/15-php4.adv index 2b6d31ff99..0fdf486d6c 100644 --- a/data/DTSA/advs/15-php4.adv +++ b/data/DTSA/advs/15-php4.adv @@ -4,7 +4,7 @@ author: Neil McGovern vuln-type: several vulnerabilities problem-scope: remote/local debian-specifc: no -cve: CAN-2005-1751 CAN-2005-1921 CAN-2005-2498 +cve: CVE-2005-1751 CVE-2005-1921 CVE-2005-2498 vendor-advisory: testing-fix: 4.3.10-16etch1 sid-fix: 4.4.0-2 @@ -15,20 +15,20 @@ server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: -CAN-2005-1751 +CVE-2005-1751 Eric Romang discovered insecure temporary files in the shtool utility shipped with PHP that can exploited by a local attacker to overwrite arbitrary files. Only this vulnerability affects packages in oldstable. -CAN-2005-1921 +CVE-2005-1921 GulfTech has discovered that PEAR XML_RPC is vulnerable to a remote PHP code execution vulnerability that may allow an attacker to compromise a vulnerable server. -CAN-2005-2498 +CVE-2005-2498 Stefan Esser discovered another vulnerability in the XML-RPC libraries that allows injection of arbitrary PHP code into eval() diff --git a/data/DTSA/advs/16-linux-2.6.adv b/data/DTSA/advs/16-linux-2.6.adv index 1305adbda1..3b184b78e7 100644 --- a/data/DTSA/advs/16-linux-2.6.adv +++ b/data/DTSA/advs/16-linux-2.6.adv @@ -4,7 +4,7 @@ author: Joey Hess vuln-type: several holes problem-scope: remote debian-specifc: no -cve: CAN-2005-2098 CAN-2005-2099 CAN-2005-2456 CAN-2005-2617 CAN-2005-1913 CAN-2005-1761 CAN-2005-2457 CAN-2005-2458 CAN-2005-2459 CAN-2005-2548 CAN-2004-2302 CAN-2005-1765 CAN-2005-1762 CAN-2005-1761 CAN-2005-2555 +cve: CVE-2005-2098 CVE-2005-2099 CVE-2005-2456 CVE-2005-2617 CVE-2005-1913 CVE-2005-1761 CVE-2005-2457 CVE-2005-2458 CVE-2005-2459 CVE-2005-2548 CVE-2004-2302 CVE-2005-1765 CVE-2005-1762 CVE-2005-1761 CVE-2005-2555 testing-fix: 2.6.12-6 sid-fix: 2.6.12-6 upgrade: apt-get install linux-image-2.6-386; reboot @@ -13,36 +13,36 @@ Several security related problems have been found in version 2.6 of the linux kernel. The Common Vulnerabilities and Exposures project identifies the following problems: -CAN-2004-2302 +CVE-2004-2302 Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 allows local users to read kernel memory and cause a denial of service (crash) via large offsets in sysfs files. -CAN-2005-1761 +CVE-2005-1761 Vulnerability in the Linux kernel allows local users to cause a denial of service (kernel crash) via ptrace. -CAN-2005-1762 +CVE-2005-1762 The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a "non-canonical" address. -CAN-2005-1765 +CVE-2005-1765 syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when running in 32-bit compatibility mode, allows local users to cause a denial of service (kernel hang) via crafted arguments. -CAN-2005-1913 +CVE-2005-1913 When a non group-leader thread called exec() to execute a different program while an itimer was pending, the timer expiry would signal the old group leader task, which did not exist any more. This caused a kernel panic. -CAN-2005-2098 +CVE-2005-2098 The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session @@ -51,7 +51,7 @@ CAN-2005-2098 empty name string, (2) with a long name string, (3) with the key quota reached, or (4) ENOMEM. -CAN-2005-2099 +CVE-2005-2099 The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers @@ -59,7 +59,7 @@ CAN-2005-2099 that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor. -CAN-2005-2456 +CVE-2005-2456 Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops @@ -67,41 +67,41 @@ CAN-2005-2456 larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array. -CAN-2005-2457 +CVE-2005-2457 The driver for compressed ISO file systems (zisofs) in the Linux kernel before 2.6.12.5 allows local users and remote attackers to cause a denial of service (kernel crash) via a crafted compressed ISO file system. -CAN-2005-2458 +CVE-2005-2458 inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause a denial of service (kernel crash) via a compressed file with "improper tables". -CAN-2005-2459 +CVE-2005-2459 The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different - vulnerbility than CAN-2005-2458. + vulnerbility than CVE-2005-2458. -CAN-2005-2548 +CVE-2005-2548 vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a denial of service (kernel oops from null dereference) via certain UDP packets that lead to a function call with the wrong argument, as demonstrated using snmpwalk on snmpd. -CAN-2005-2555 +CVE-2005-2555 Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c. -CAN-2005-2617 +CVE-2005-2617 The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the amd64 architecture, does not check the return value of diff --git a/data/DTSA/advs/17-lm-sensors.adv b/data/DTSA/advs/17-lm-sensors.adv index 3a0fcd9590..04351ff05a 100644 --- a/data/DTSA/advs/17-lm-sensors.adv +++ b/data/DTSA/advs/17-lm-sensors.adv @@ -4,7 +4,7 @@ author: Micah Anderson vuln-type: insecure temporary file problem-scope: local debian-specifc: no -cve: CAN-2005-2672 +cve: CVE-2005-2672 vendor-advisory: testing-fix: 1:2.9.1-6etch1 sid-fix: 1:2.9.1-7 diff --git a/data/DTSA/advs/18-thunderbird.adv b/data/DTSA/advs/18-thunderbird.adv index 5ccce208f7..4e4c53d1aa 100644 --- a/data/DTSA/advs/18-thunderbird.adv +++ b/data/DTSA/advs/18-thunderbird.adv @@ -4,7 +4,7 @@ author: xxx vuln-type: multiple problem-scope: remote/local debian-specifc: yes/no -cve: CAN-2005-2968, CAN-2005-2266, CAN-2005-2265, CAN-2005-2261, CAN-2005-1532, CAN-2005-1160, CAN-2005-1159, CAN-2005-0989 +cve: CVE-2005-2968, CVE-2005-2266, CVE-2005-2265, CVE-2005-2261, CVE-2005-1532, CVE-2005-1160, CVE-2005-1159, CVE-2005-0989 vendor-advisory: testing-fix: xxx sid-fix: xxx @@ -12,37 +12,37 @@ upgrade: apt-get install xxx xxx multiline description here -CAN-2005-2968 +CVE-2005-2968 Thunderbird incorrectly escapes commands in input, fed to it through the --compose option, which could lead to execution of arbitrary shell commands. -CAN-2005-2266 +CVE-2005-2266 Child frames may access parental frames, even if these are in different access domains and may lead to information leakage of cookies or pass words. -CAN-2005-2265 +CVE-2005-2265 Incorrect type checks in InstallVersion.compareTo may lead to a denial-of-service attack or possibly execution of arbitrary code. -CAN-2005-2261 +CVE-2005-2261 XBL scripts are even run, if Javascript has been disabled. -CAN-2005-1532 +CVE-2005-1532 Javascript is inproperly limits its privileges to the calling context, which could lead to "non-DOM privilege override". -CAN-2005-1160 +CVE-2005-1160 Overriding properties/methods of DOM nodes could lead to execution of code with extended "chrome" privileges. -CAN-2005-1159 +CVE-2005-1159 Native function implementations are not verified, causing Javascript execution at improper memory addresses allowing denial of service and potentially arbitrary code execution -CAN-2005-0989 +CVE-2005-0989 The find_replen function in the Javascript engine allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method. diff --git a/data/DTSA/advs/19-clamav.adv b/data/DTSA/advs/19-clamav.adv index 35356bd0e4..2dc39870c1 100644 --- a/data/DTSA/advs/19-clamav.adv +++ b/data/DTSA/advs/19-clamav.adv @@ -4,18 +4,18 @@ author: Neil McGovern vuln-type: buffer overflow and infinate loop problems problem-scope: remote debian-specific: no -cve: CAN-2005-2919 CAN-2005-2920 +cve: CVE-2005-2919 CVE-2005-2920 testing-fix: 0.86.2-4etch2 sid-fix: 0.87-1 upgrade: apt-get upgrade Multiple security holes were found in clamav: -CAN-2005-2919 +CVE-2005-2919 A possible infinate loop has been discovered in libclamav/fsg.c -CAN-2005-2920 +CVE-2005-2920 A possible buffer overflow has been found in libclamav/upx.c diff --git a/data/DTSA/advs/2-centericq.adv b/data/DTSA/advs/2-centericq.adv index bf1a9fe0be..d16bbd0015 100644 --- a/data/DTSA/advs/2-centericq.adv +++ b/data/DTSA/advs/2-centericq.adv @@ -4,32 +4,32 @@ author: Joey Hess vuln-type: multiple vulnerabilities problem-scope: local and remote debian-specific: no -cve: CAN-2005-2448 CAN-2005-2370 CAN-2005-2369 CAN-2005-1914 +cve: CVE-2005-2448 CVE-2005-2370 CVE-2005-2369 CVE-2005-1914 testing-fix: 4.20.0-8etch1 sid-fix: 4.20.0-9 upgrade: apt-get install centericq centericq in testing is vulnerable to multiple security holes: -CAN-2005-2448 +CVE-2005-2448 Multiple endianness errors in libgadu, which is embedded in centericq, allow remote attackers to cause a denial of service (invalid behaviour in applications) on big-endian systems. -CAN-2005-2370 +CVE-2005-2370 Multiple memory alignment errors in libgadu, which is embedded in centericq, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message. -CAN-2005-2369 +CVE-2005-2369 Multiple integer signedness errors in libgadu, which is embedded in centericq, may allow remote attackers to cause a denial of service or execute arbitrary code. -CAN-2005-1914 +CVE-2005-1914 centericq creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack. diff --git a/data/DTSA/advs/20-mailutils.adv b/data/DTSA/advs/20-mailutils.adv index 376f3d3b2e..02129dadb9 100644 --- a/data/DTSA/advs/20-mailutils.adv +++ b/data/DTSA/advs/20-mailutils.adv @@ -4,7 +4,7 @@ author: Neil McGovern vuln-type: Format string vulnerability problem-scope: remote debian-specifc: no -cve: CAN-2005-2878 +cve: CVE-2005-2878 vendor-advisory: http://savannah.gnu.org/patch/index.php?func=detailitem&item_id=4407 testing-fix: 1:0.6.90-2.1etch1 sid-fix: 1:0.6.90-3 @@ -12,7 +12,7 @@ upgrade: apt-get upgrade A format string vulnerability has been discovered in Mailutils. -CAN-2005-2878 +CVE-2005-2878 A format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command. diff --git a/data/DTSA/advs/3-clamav.adv b/data/DTSA/advs/3-clamav.adv index 141a38ea5e..1a92f84f5c 100644 --- a/data/DTSA/advs/3-clamav.adv +++ b/data/DTSA/advs/3-clamav.adv @@ -4,40 +4,40 @@ author: Joey Hess vuln-type: denial of service and privilege escalation problem-scope: remote debian-specific: no -cve: CAN-2005-2070 CAN-2005-1923 CAN-2005-2056 CAN-2005-1922 CAN-2005-2450 +cve: CVE-2005-2070 CVE-2005-1923 CVE-2005-2056 CVE-2005-1922 CVE-2005-2450 testing-fix: 0.86.2-4etch1 sid-fix: 0.86.2-1 upgrade: apt-get upgrade Multiple security holes were found in clamav: -CAN-2005-2070 +CVE-2005-2070 The ClamAV Mail fILTER (clamav-milter), when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading. -CAN-2005-1923 +CVE-2005-1923 The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read. -CAN-2005-2056 +CVE-2005-2056 The Quantum archive decompressor in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive. -CAN-2005-1922 +CVE-2005-1922 The MS-Expand file handling in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function. -CAN-2005-2450 +CVE-2005-2450 Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) allow remote diff --git a/data/DTSA/advs/4-ekg.adv b/data/DTSA/advs/4-ekg.adv index 1c03064ab3..3139bb55d1 100644 --- a/data/DTSA/advs/4-ekg.adv +++ b/data/DTSA/advs/4-ekg.adv @@ -4,36 +4,36 @@ author: Joey Hess vuln-type: multiple vulnerabilities problem-scope: local and remote debian-specific: no -cve: CAN-2005-1916 CAN-2005-1851 CAN-2005-1850 CAN-2005-1852 CAN-2005-2448 +cve: CVE-2005-1916 CVE-2005-1851 CVE-2005-1850 CVE-2005-1852 CVE-2005-2448 testing-fix: 1:1.5+20050808+1.6rc3-0etch1 sid-fix: 1:1.5+20050808+1.6rc3-1 upgrade: apt-get install libgadu3 ekg Multiple vulnerabilities were discovered in ekg: -CAN-2005-1916 +CVE-2005-1916 Eric Romang discovered insecure temporary file creation and arbitrary command execution in a contributed script that can be exploited by a local attacker. -CAN-2005-1851 +CVE-2005-1851 Marcin Owsiany and Wojtek Kaniewski discovered potential shell command injection in a contributed script. -CAN-2005-1850 +CVE-2005-1850 Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file creation in contributed scripts. -CAN-2005-1852 +CVE-2005-1852 Multiple integer overflows in libgadu, as used in ekg, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message. -CAN-2005-2448 +CVE-2005-2448 Multiple endianness errors in libgadu in ekg allow remote attackers to cause a denial of service (invalid behaviour in applications) on diff --git a/data/DTSA/advs/44-kdelibs.adv b/data/DTSA/advs/44-kdelibs.adv index 4b12cbd030..e3fd2d3b7d 100644 --- a/data/DTSA/advs/44-kdelibs.adv +++ b/data/DTSA/advs/44-kdelibs.adv @@ -4,7 +4,7 @@ author: Moritz Muehlenhoff vuln-type: insecure default permissions problem-scope: local debian-specifc: no -cve: CAN-2005-1920 +cve: CVE-2005-1920 vendor-advisory: testing-fix: 4:3.3.2-6.1etch1 sid-fix: 4:3.4.2-1 diff --git a/data/DTSA/advs/5-gaim.adv b/data/DTSA/advs/5-gaim.adv index d87c1b77c9..3c65588af6 100644 --- a/data/DTSA/advs/5-gaim.adv +++ b/data/DTSA/advs/5-gaim.adv @@ -4,26 +4,26 @@ author: Joey Hess vuln-type: multiple remote vulnerabilities problem-scope: remote debian-specific: no -cve: CAN-2005-2102 CAN-2005-2370 CAN-2005-2103 +cve: CVE-2005-2102 CVE-2005-2370 CVE-2005-2103 testing-fix: 1:1.4.0-5etch2 sid-fix: 1:1.4.0-5 upgrade: apt-get install gaim Multiple security holes were found in gaim: -CAN-2005-2102 +CVE-2005-2102 The AIM/ICQ module in Gaim allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters. -CAN-2005-2370 +CVE-2005-2370 Multiple memory alignment errors in libgadu, as used in gaim and other packages, allow remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message. -CAN-2005-2103 +CVE-2005-2103 Buffer overflow in the AIM and ICQ module in Gaim allows remote attackers to cause a denial of service (application crash) and possibly execute diff --git a/data/DTSA/advs/7-mozilla.adv b/data/DTSA/advs/7-mozilla.adv index b5d8d3d158..3dfa10bac5 100644 --- a/data/DTSA/advs/7-mozilla.adv +++ b/data/DTSA/advs/7-mozilla.adv @@ -4,7 +4,7 @@ author: Joey Hess vuln-type: frame injection spoofing problem-scope: remote debian-specific: no -cve: CAN-2004-0718 CAN-2005-1937 +cve: CVE-2004-0718 CVE-2005-1937 testing-fix: 2:1.7.8-1sarge1 sid-fix: 2:1.7.10-1 upgrade: apt-get install mozilla diff --git a/data/DTSA/advs/8-mozilla-firefox.adv b/data/DTSA/advs/8-mozilla-firefox.adv index 8aab984670..b105d6548a 100644 --- a/data/DTSA/advs/8-mozilla-firefox.adv +++ b/data/DTSA/advs/8-mozilla-firefox.adv @@ -4,7 +4,7 @@ author: Joey Hess vuln-type: several vulnerabilities (update) problem-scope: remote debian-specific: no -cve: CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 +cve: CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270 testing-fix: 1.0.4-2sarge3 sid-fix: 1.0.6-3 upgrade: apt-get install mozilla-firefox @@ -18,65 +18,65 @@ text: Several problems were discovered in Mozilla Firefox: -CAN-2004-0718 CAN-2005-1937 +CVE-2004-0718 CVE-2005-1937 A vulnerability has been discovered in Mozilla Firefox that allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site. -CAN-2005-2260 +CVE-2005-2260 The browser user interface does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user. -CAN-2005-2261 +CVE-2005-2261 XML scripts ran even when Javascript disabled. -CAN-2005-2262 +CVE-2005-2262 The user can be tricked to executing arbitrary JavaScript code by using a JavaScript URL as wallpaper. -CAN-2005-2263 +CVE-2005-2263 It is possible for a remote attacker to execute a callback function in the context of another domain (i.e. frame). -CAN-2005-2264 +CVE-2005-2264 By opening a malicious link in the sidebar it is possible for remote attackers to steal sensitive information. -CAN-2005-2265 +CVE-2005-2265 Missing input sanitising of InstallVersion.compareTo() can cause the application to crash. -CAN-2005-2266 +CVE-2005-2266 Remote attackers could steal sensitive information such as cookies and passwords from web sites by accessing data in alien frames. -CAN-2005-2267 +CVE-2005-2267 By using standalone applications such as Flash and QuickTime to open a javascript: URL, it is possible for a remote attacker to steal sensitive information and possibly execute arbitrary code. -CAN-2005-2268 +CVE-2005-2268 It is possible for a Javascript dialog box to spoof a dialog box from a trusted site and facilitates phishing attacks. -CAN-2005-2269 +CVE-2005-2269 Remote attackers could modify certain tag properties of DOM nodes that could lead to the execution of arbitrary script or code. -CAN-2005-2270 +CVE-2005-2270 The Mozilla browser family does not properly clone base objects, which allows remote attackers to execute arbitrary code. diff --git a/data/DTSA/advs/9-bluez-utils.adv b/data/DTSA/advs/9-bluez-utils.adv index 8190518e0c..07540ceb42 100644 --- a/data/DTSA/advs/9-bluez-utils.adv +++ b/data/DTSA/advs/9-bluez-utils.adv @@ -4,7 +4,7 @@ author: Joey Hess vuln-type: bad device name escaping problem-scope: remote debian-specific: no -cve: CAN-2005-2547 +cve: CVE-2005-2547 testing-fix: 2.19-0.1etch1 sid-fix: 2.19-1 upgrade: apt-get install bluez-utils diff --git a/data/DTSA/advs/nn-kernel-source-2.4.27.adv b/data/DTSA/advs/nn-kernel-source-2.4.27.adv index e7a56a2521..0f37cc0a32 100644 --- a/data/DTSA/advs/nn-kernel-source-2.4.27.adv +++ b/data/DTSA/advs/nn-kernel-source-2.4.27.adv @@ -4,8 +4,8 @@ author: Micah Anderson vuln-type: various problem-scope: remote debian-specifc: no -cve: CAN-2005-2458, CAN-2005-2459, CAN-2005-1767, CAN-2005-2456, -CAN-2005-1768, CAN-2005-0756 CAN-2005-0757, CAN-2005-1762, CAN-2005-1768 +cve: CVE-2005-2458, CVE-2005-2459, CVE-2005-1767, CVE-2005-2456, +CVE-2005-1768, CVE-2005-0756 CVE-2005-0757, CVE-2005-1762, CVE-2005-1768 vendor-advisory: testing-fix: 2.4.27-11 sid-fix: 2.4.27-11 diff --git a/data/DTSA/list b/data/DTSA/list index b9f21b1d9b..9dbc0c50ba 100644 --- a/data/DTSA/list +++ b/data/DTSA/list @@ -1,56 +1,56 @@ [August 26th, 2005] DTSA-1-1 kismet - various - {CAN-2005-2626 CAN-2005-2627 } + {CVE-2005-2626 CVE-2005-2627 } - kismet 2005.08.R1-0.1etch1 (high) [August 28th, 2005] DTSA-2-1 centericq - multiple vulnerabilities - {CAN-2005-2448 CAN-2005-2370 CAN-2005-2369 CAN-2005-1914 } + {CVE-2005-2448 CVE-2005-2370 CVE-2005-2369 CVE-2005-1914 } - centericq 4.20.0-8etch1 (medium) [August 28th, 2005] DTSA-3-1 clamav - denial of service and privilege escalation - {CAN-2005-2070 CAN-2005-1923 CAN-2005-2056 CAN-2005-1922 CAN-2005-2450 } + {CVE-2005-2070 CVE-2005-1923 CVE-2005-2056 CVE-2005-1922 CVE-2005-2450 } - clamav 0.86.2-4etch1 (high) [August 28th, 2005] DTSA-4-1 ekg - multiple vulnerabilities - {CAN-2005-1916 CAN-2005-1851 CAN-2005-1850 CAN-2005-1852 CAN-2005-2448 } + {CVE-2005-1916 CVE-2005-1851 CVE-2005-1850 CVE-2005-1852 CVE-2005-2448 } - ekg 1:1.5+20050808+1.6rc3-0etch1 (high) [August 28th, 2005] DTSA-5-1 gaim - multiple remote vulnerabilities - {CAN-2005-2102 CAN-2005-2370 CAN-2005-2103 } + {CVE-2005-2102 CVE-2005-2370 CVE-2005-2103 } - gaim 1:1.4.0-5etch2 (high) [August 28th, 2005] DTSA-6-1 cgiwrap - multiple vulnerabilities - cgiwrap 3.9-3.0etch1 (medium) [August 28th, 2005] DTSA-7-1 mozilla - frame injection spoofing - {CAN-2004-0718 CAN-2005-1937 } + {CVE-2004-0718 CVE-2005-1937 } - mozilla 2:1.7.8-1sarge1 (medium) [September 1st, 2005] DTSA-8-2 mozilla-firefox - several vulnerabilities (update) - {CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 } + {CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270 } - mozilla-firefox 1.0.4-2sarge3 (medium) [August 31st, 2005] DTSA-9-1 bluez-utils - bad device name escaping - {CAN-2005-2547 } + {CVE-2005-2547 } - bluez-utils 2.19-0.1etch1 (high) [August 29th, 2005] DTSA-10-1 pcre3 - buffer overflow - {CAN-2005-2491 } + {CVE-2005-2491 } - pcre3 6.3-0.1etch1 (high) [August 29th, 2005] DTSA-11-1 maildrop - local privilege escalation - {CAN-2005-2655 } + {CVE-2005-2655 } - maildrop 1.5.3-1.1etch1 (medium) [September 8th, 2005] DTSA-12-1 vim - modeline exploits - {CAN-2005-2368 } + {CVE-2005-2368 } - vim 1:6.3-085+0.0etch1 (medium) [September 8th, 2005] DTSA-13-1 evolution - format string vulnerabilities - {CAN-2005-2549 CAN-2005-2550 } + {CVE-2005-2549 CVE-2005-2550 } - evolution 2.2.3-2etch1 (high) [September 13th, 2005] DTSA-14-1 mozilla - several - {CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2263 CAN-2005-2265 CAN-2005-2266 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 } + {CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2263 CVE-2005-2265 CVE-2005-2266 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270 } - mozilla 2:1.7.8-1sarge2 [September 13th, 2005] DTSA-15-1 php4 - several vulnerabilities - {CAN-2005-1751 CAN-2005-1921 CAN-2005-2498 } + {CVE-2005-1751 CVE-2005-1921 CVE-2005-2498 } - php4 4:4.3.10-16etch1 [September 15th, 2005] DTSA-16-1 linux-2.6 - various - {CAN-2005-2098 CAN-2005-2099 CAN-2005-2456 CAN-2005-2617 CAN-2005-1913 CAN-2005-1761 CAN-2005-2457 CAN-2005-2458 CAN-2005-2459 CAN-2005-2548 CAN-2004-2302 CAN-2005-1765 CAN-2005-1762 CAN-2005-2555 } + {CVE-2005-2098 CVE-2005-2099 CVE-2005-2456 CVE-2005-2617 CVE-2005-1913 CVE-2005-1761 CVE-2005-2457 CVE-2005-2458 CVE-2005-2459 CVE-2005-2548 CVE-2004-2302 CVE-2005-1765 CVE-2005-1762 CVE-2005-2555 } - linux-2.6 2.6.12-6 [September 15th, 2005] DTSA-17-1 lm-sensors - insecure temporary file - {CAN-2005-2672 } + {CVE-2005-2672 } - lm-sensors 1:2.9.1-6etch1 [September 22nd, 2005] DTSA-19-1 clamav - buffer overflow and infinate loop problems - {CAN-2005-2919 CAN-2005-2920 } + {CVE-2005-2919 CVE-2005-2920 } - clamav 0.86.2-4etch2 [October 13th, 2005] DTSA-20-1 mailutils - Format string vulnerability - {CAN-2005-2878 } + {CVE-2005-2878 } - mailutils 1:0.6.90-2.1etch1 diff --git a/data/README b/data/README index 746bcf327d..b891af5382 100644 --- a/data/README +++ b/data/README @@ -21,7 +21,7 @@ probably will be replaced with something better: The date of the advisory in the form dd Mmm YYYY (01 Nov 2004). Optional, only given for DSAs at the moment. id - DSA-nnn-n, CAN-YYY-nnnn, CVE-YYY-nnnn, etc + DSA-nnn-n, CVE-YYY-nnnn, etc description Pretty much freeform description of the problem. Short and optional. By convention, if it's taken from upstream data source |