From 20cd29d934ef16cee0a9d683f5ac4233739c1a12 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 19 Oct 2005 23:10:21 +0000 Subject: update references to CANs to be CVEs and complete CVE transition git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2462 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- data/DTSA/advs/1-kismet.adv | 6 +++--- data/DTSA/advs/10-pcre.adv | 2 +- data/DTSA/advs/11-maildrop.adv | 2 +- data/DTSA/advs/12-vim.adv | 2 +- data/DTSA/advs/13-evolution.adv | 6 +++--- data/DTSA/advs/14-mozilla.adv | 20 +++++++++---------- data/DTSA/advs/15-php4.adv | 8 ++++---- data/DTSA/advs/16-linux-2.6.adv | 32 +++++++++++++++--------------- data/DTSA/advs/17-lm-sensors.adv | 2 +- data/DTSA/advs/18-thunderbird.adv | 18 ++++++++--------- data/DTSA/advs/19-clamav.adv | 6 +++--- data/DTSA/advs/2-centericq.adv | 10 +++++----- data/DTSA/advs/20-mailutils.adv | 4 ++-- data/DTSA/advs/3-clamav.adv | 12 +++++------ data/DTSA/advs/4-ekg.adv | 12 +++++------ data/DTSA/advs/44-kdelibs.adv | 2 +- data/DTSA/advs/5-gaim.adv | 8 ++++---- data/DTSA/advs/7-mozilla.adv | 2 +- data/DTSA/advs/8-mozilla-firefox.adv | 26 ++++++++++++------------ data/DTSA/advs/9-bluez-utils.adv | 2 +- data/DTSA/advs/nn-kernel-source-2.4.27.adv | 4 ++-- 21 files changed, 93 insertions(+), 93 deletions(-) (limited to 'data/DTSA/advs') diff --git a/data/DTSA/advs/1-kismet.adv b/data/DTSA/advs/1-kismet.adv index 598a2fed20..3ed9ded250 100644 --- a/data/DTSA/advs/1-kismet.adv +++ b/data/DTSA/advs/1-kismet.adv @@ -4,20 +4,20 @@ author: Joey Hess vuln-type: various problem-scope: remote debian-specific: no -cve: CAN-2005-2626 CAN-2005-2627 +cve: CVE-2005-2626 CVE-2005-2627 testing-fix: 2005.08.R1-0.1etch1 sid-fix: 2005.08.R1-1 upgrade: apt-get install kismet Multiple security holes have been discovered in kismet: - CAN-2005-2627 + CVE-2005-2627 Multiple integer underflows in Kismet allow remote attackers to execute arbitrary code via (1) kernel headers in a pcap file or (2) data frame dissection, which leads to heap-based buffer overflows. - CAN-2005-2626 + CVE-2005-2626 Unspecified vulnerability in Kismet allows remote attackers to have an unknown impact via unprintable characters in the SSID. diff --git a/data/DTSA/advs/10-pcre.adv b/data/DTSA/advs/10-pcre.adv index 8eab16540c..e4d535aa8e 100644 --- a/data/DTSA/advs/10-pcre.adv +++ b/data/DTSA/advs/10-pcre.adv @@ -4,7 +4,7 @@ author: Joey Hess vuln-type: buffer overflow problem-scope: remote debian-specific: no -cve: CAN-2005-2491 +cve: CVE-2005-2491 testing-fix: 6.3-0.1etch1 sid-fix: 6.3-1 upgrade: apt-get install libpcre3 diff --git a/data/DTSA/advs/11-maildrop.adv b/data/DTSA/advs/11-maildrop.adv index 5f82766c60..e5f203d17a 100644 --- a/data/DTSA/advs/11-maildrop.adv +++ b/data/DTSA/advs/11-maildrop.adv @@ -4,7 +4,7 @@ author: Andres Salomon vuln-type: local privilege escalation problem-scope: local debian-specific: yes -cve: CAN-2005-2655 +cve: CVE-2005-2655 testing-fix: 1.5.3-1.1etch1 sid-fix: 1.5.3-2 upgrade: apt-get install maildrop diff --git a/data/DTSA/advs/12-vim.adv b/data/DTSA/advs/12-vim.adv index 42aae07e69..93014157ce 100644 --- a/data/DTSA/advs/12-vim.adv +++ b/data/DTSA/advs/12-vim.adv @@ -4,7 +4,7 @@ author: Joey Hess vuln-type: modeline exploits problem-scope: local debian-specifc: no -cve: CAN-2005-2368 +cve: CVE-2005-2368 testing-fix: 1:6.3-085+0.0etch1 sid-fix: 1:6.3-085+1 upgrade: apt-get install vim diff --git a/data/DTSA/advs/13-evolution.adv b/data/DTSA/advs/13-evolution.adv index bd30fe5ec3..f709db2a80 100644 --- a/data/DTSA/advs/13-evolution.adv +++ b/data/DTSA/advs/13-evolution.adv @@ -4,21 +4,21 @@ author: Joey Hess vuln-type: format string vulnerabilities problem-scope: remote debian-specifc: no -cve: CAN-2005-2549 CAN-2005-2550 +cve: CVE-2005-2549 CVE-2005-2550 testing-fix: 2.2.3-2etch1 sid-fix: 2.2.3-3 upgrade: apt-get install evolution Multiple vulnerabilities were discovered in evolution: -CAN-2005-2549 +CVE-2005-2549 Multiple format string vulnerabilities in Evolution allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. -CAN-2005-2550 +CVE-2005-2550 Format string vulnerability in Evolution allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the diff --git a/data/DTSA/advs/14-mozilla.adv b/data/DTSA/advs/14-mozilla.adv index 64f65a2bc9..c059327f4a 100644 --- a/data/DTSA/advs/14-mozilla.adv +++ b/data/DTSA/advs/14-mozilla.adv @@ -4,7 +4,7 @@ author: Joey Hess vuln-type: several problem-scope: remote debian-specifc: no -cve: CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2263 CAN-2005-2265 CAN-2005-2266 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 +cve: CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2263 CVE-2005-2265 CVE-2005-2266 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270 testing-fix: 2:1.7.8-1sarge2 sid-fix: 2:1.7.10-1 upgrade: apt-get install mozilla @@ -15,49 +15,49 @@ basically version 1.7.10 with the version number rolled back, and hence still named 1.7.8. The Common Vulnerabilities and Exposures project identifies the following problems: -CAN-2004-0718, CAN-2005-1937 +CVE-2004-0718, CVE-2005-1937 A vulnerability has been discovered in Mozilla that allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site. -CAN-2005-2260 +CVE-2005-2260 The browser user interface does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user. -CAN-2005-2261 +CVE-2005-2261 XML scripts ran even when Javascript disabled. -CAN-2005-2263 +CVE-2005-2263 It is possible for a remote attacker to execute a callback function in the context of another domain (i.e. frame). -CAN-2005-2265 +CVE-2005-2265 Missing input sanitising of InstallVersion.compareTo() can cause the application to crash. -CAN-2005-2266 +CVE-2005-2266 Remote attackers could steal sensitive information such as cookies and passwords from web sites by accessing data in alien frames. -CAN-2005-2268 +CVE-2005-2268 It is possible for a Javascript dialog box to spoof a dialog box from a trusted site and facilitates phishing attacks. -CAN-2005-2269 +CVE-2005-2269 Remote attackers could modify certain tag properties of DOM nodes that could lead to the execution of arbitrary script or code. -CAN-2005-2270 +CVE-2005-2270 The Mozilla browser family does not properly clone base objects, which allows remote attackers to execute arbitrary code. diff --git a/data/DTSA/advs/15-php4.adv b/data/DTSA/advs/15-php4.adv index 2b6d31ff99..0fdf486d6c 100644 --- a/data/DTSA/advs/15-php4.adv +++ b/data/DTSA/advs/15-php4.adv @@ -4,7 +4,7 @@ author: Neil McGovern vuln-type: several vulnerabilities problem-scope: remote/local debian-specifc: no -cve: CAN-2005-1751 CAN-2005-1921 CAN-2005-2498 +cve: CVE-2005-1751 CVE-2005-1921 CVE-2005-2498 vendor-advisory: testing-fix: 4.3.10-16etch1 sid-fix: 4.4.0-2 @@ -15,20 +15,20 @@ server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: -CAN-2005-1751 +CVE-2005-1751 Eric Romang discovered insecure temporary files in the shtool utility shipped with PHP that can exploited by a local attacker to overwrite arbitrary files. Only this vulnerability affects packages in oldstable. -CAN-2005-1921 +CVE-2005-1921 GulfTech has discovered that PEAR XML_RPC is vulnerable to a remote PHP code execution vulnerability that may allow an attacker to compromise a vulnerable server. -CAN-2005-2498 +CVE-2005-2498 Stefan Esser discovered another vulnerability in the XML-RPC libraries that allows injection of arbitrary PHP code into eval() diff --git a/data/DTSA/advs/16-linux-2.6.adv b/data/DTSA/advs/16-linux-2.6.adv index 1305adbda1..3b184b78e7 100644 --- a/data/DTSA/advs/16-linux-2.6.adv +++ b/data/DTSA/advs/16-linux-2.6.adv @@ -4,7 +4,7 @@ author: Joey Hess vuln-type: several holes problem-scope: remote debian-specifc: no -cve: CAN-2005-2098 CAN-2005-2099 CAN-2005-2456 CAN-2005-2617 CAN-2005-1913 CAN-2005-1761 CAN-2005-2457 CAN-2005-2458 CAN-2005-2459 CAN-2005-2548 CAN-2004-2302 CAN-2005-1765 CAN-2005-1762 CAN-2005-1761 CAN-2005-2555 +cve: CVE-2005-2098 CVE-2005-2099 CVE-2005-2456 CVE-2005-2617 CVE-2005-1913 CVE-2005-1761 CVE-2005-2457 CVE-2005-2458 CVE-2005-2459 CVE-2005-2548 CVE-2004-2302 CVE-2005-1765 CVE-2005-1762 CVE-2005-1761 CVE-2005-2555 testing-fix: 2.6.12-6 sid-fix: 2.6.12-6 upgrade: apt-get install linux-image-2.6-386; reboot @@ -13,36 +13,36 @@ Several security related problems have been found in version 2.6 of the linux kernel. The Common Vulnerabilities and Exposures project identifies the following problems: -CAN-2004-2302 +CVE-2004-2302 Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 allows local users to read kernel memory and cause a denial of service (crash) via large offsets in sysfs files. -CAN-2005-1761 +CVE-2005-1761 Vulnerability in the Linux kernel allows local users to cause a denial of service (kernel crash) via ptrace. -CAN-2005-1762 +CVE-2005-1762 The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a "non-canonical" address. -CAN-2005-1765 +CVE-2005-1765 syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when running in 32-bit compatibility mode, allows local users to cause a denial of service (kernel hang) via crafted arguments. -CAN-2005-1913 +CVE-2005-1913 When a non group-leader thread called exec() to execute a different program while an itimer was pending, the timer expiry would signal the old group leader task, which did not exist any more. This caused a kernel panic. -CAN-2005-2098 +CVE-2005-2098 The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session @@ -51,7 +51,7 @@ CAN-2005-2098 empty name string, (2) with a long name string, (3) with the key quota reached, or (4) ENOMEM. -CAN-2005-2099 +CVE-2005-2099 The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers @@ -59,7 +59,7 @@ CAN-2005-2099 that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor. -CAN-2005-2456 +CVE-2005-2456 Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops @@ -67,41 +67,41 @@ CAN-2005-2456 larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array. -CAN-2005-2457 +CVE-2005-2457 The driver for compressed ISO file systems (zisofs) in the Linux kernel before 2.6.12.5 allows local users and remote attackers to cause a denial of service (kernel crash) via a crafted compressed ISO file system. -CAN-2005-2458 +CVE-2005-2458 inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause a denial of service (kernel crash) via a compressed file with "improper tables". -CAN-2005-2459 +CVE-2005-2459 The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different - vulnerbility than CAN-2005-2458. + vulnerbility than CVE-2005-2458. -CAN-2005-2548 +CVE-2005-2548 vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a denial of service (kernel oops from null dereference) via certain UDP packets that lead to a function call with the wrong argument, as demonstrated using snmpwalk on snmpd. -CAN-2005-2555 +CVE-2005-2555 Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c. -CAN-2005-2617 +CVE-2005-2617 The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the amd64 architecture, does not check the return value of diff --git a/data/DTSA/advs/17-lm-sensors.adv b/data/DTSA/advs/17-lm-sensors.adv index 3a0fcd9590..04351ff05a 100644 --- a/data/DTSA/advs/17-lm-sensors.adv +++ b/data/DTSA/advs/17-lm-sensors.adv @@ -4,7 +4,7 @@ author: Micah Anderson vuln-type: insecure temporary file problem-scope: local debian-specifc: no -cve: CAN-2005-2672 +cve: CVE-2005-2672 vendor-advisory: testing-fix: 1:2.9.1-6etch1 sid-fix: 1:2.9.1-7 diff --git a/data/DTSA/advs/18-thunderbird.adv b/data/DTSA/advs/18-thunderbird.adv index 5ccce208f7..4e4c53d1aa 100644 --- a/data/DTSA/advs/18-thunderbird.adv +++ b/data/DTSA/advs/18-thunderbird.adv @@ -4,7 +4,7 @@ author: xxx vuln-type: multiple problem-scope: remote/local debian-specifc: yes/no -cve: CAN-2005-2968, CAN-2005-2266, CAN-2005-2265, CAN-2005-2261, CAN-2005-1532, CAN-2005-1160, CAN-2005-1159, CAN-2005-0989 +cve: CVE-2005-2968, CVE-2005-2266, CVE-2005-2265, CVE-2005-2261, CVE-2005-1532, CVE-2005-1160, CVE-2005-1159, CVE-2005-0989 vendor-advisory: testing-fix: xxx sid-fix: xxx @@ -12,37 +12,37 @@ upgrade: apt-get install xxx xxx multiline description here -CAN-2005-2968 +CVE-2005-2968 Thunderbird incorrectly escapes commands in input, fed to it through the --compose option, which could lead to execution of arbitrary shell commands. -CAN-2005-2266 +CVE-2005-2266 Child frames may access parental frames, even if these are in different access domains and may lead to information leakage of cookies or pass words. -CAN-2005-2265 +CVE-2005-2265 Incorrect type checks in InstallVersion.compareTo may lead to a denial-of-service attack or possibly execution of arbitrary code. -CAN-2005-2261 +CVE-2005-2261 XBL scripts are even run, if Javascript has been disabled. -CAN-2005-1532 +CVE-2005-1532 Javascript is inproperly limits its privileges to the calling context, which could lead to "non-DOM privilege override". -CAN-2005-1160 +CVE-2005-1160 Overriding properties/methods of DOM nodes could lead to execution of code with extended "chrome" privileges. -CAN-2005-1159 +CVE-2005-1159 Native function implementations are not verified, causing Javascript execution at improper memory addresses allowing denial of service and potentially arbitrary code execution -CAN-2005-0989 +CVE-2005-0989 The find_replen function in the Javascript engine allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method. diff --git a/data/DTSA/advs/19-clamav.adv b/data/DTSA/advs/19-clamav.adv index 35356bd0e4..2dc39870c1 100644 --- a/data/DTSA/advs/19-clamav.adv +++ b/data/DTSA/advs/19-clamav.adv @@ -4,18 +4,18 @@ author: Neil McGovern vuln-type: buffer overflow and infinate loop problems problem-scope: remote debian-specific: no -cve: CAN-2005-2919 CAN-2005-2920 +cve: CVE-2005-2919 CVE-2005-2920 testing-fix: 0.86.2-4etch2 sid-fix: 0.87-1 upgrade: apt-get upgrade Multiple security holes were found in clamav: -CAN-2005-2919 +CVE-2005-2919 A possible infinate loop has been discovered in libclamav/fsg.c -CAN-2005-2920 +CVE-2005-2920 A possible buffer overflow has been found in libclamav/upx.c diff --git a/data/DTSA/advs/2-centericq.adv b/data/DTSA/advs/2-centericq.adv index bf1a9fe0be..d16bbd0015 100644 --- a/data/DTSA/advs/2-centericq.adv +++ b/data/DTSA/advs/2-centericq.adv @@ -4,32 +4,32 @@ author: Joey Hess vuln-type: multiple vulnerabilities problem-scope: local and remote debian-specific: no -cve: CAN-2005-2448 CAN-2005-2370 CAN-2005-2369 CAN-2005-1914 +cve: CVE-2005-2448 CVE-2005-2370 CVE-2005-2369 CVE-2005-1914 testing-fix: 4.20.0-8etch1 sid-fix: 4.20.0-9 upgrade: apt-get install centericq centericq in testing is vulnerable to multiple security holes: -CAN-2005-2448 +CVE-2005-2448 Multiple endianness errors in libgadu, which is embedded in centericq, allow remote attackers to cause a denial of service (invalid behaviour in applications) on big-endian systems. -CAN-2005-2370 +CVE-2005-2370 Multiple memory alignment errors in libgadu, which is embedded in centericq, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message. -CAN-2005-2369 +CVE-2005-2369 Multiple integer signedness errors in libgadu, which is embedded in centericq, may allow remote attackers to cause a denial of service or execute arbitrary code. -CAN-2005-1914 +CVE-2005-1914 centericq creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack. diff --git a/data/DTSA/advs/20-mailutils.adv b/data/DTSA/advs/20-mailutils.adv index 376f3d3b2e..02129dadb9 100644 --- a/data/DTSA/advs/20-mailutils.adv +++ b/data/DTSA/advs/20-mailutils.adv @@ -4,7 +4,7 @@ author: Neil McGovern vuln-type: Format string vulnerability problem-scope: remote debian-specifc: no -cve: CAN-2005-2878 +cve: CVE-2005-2878 vendor-advisory: http://savannah.gnu.org/patch/index.php?func=detailitem&item_id=4407 testing-fix: 1:0.6.90-2.1etch1 sid-fix: 1:0.6.90-3 @@ -12,7 +12,7 @@ upgrade: apt-get upgrade A format string vulnerability has been discovered in Mailutils. -CAN-2005-2878 +CVE-2005-2878 A format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command. diff --git a/data/DTSA/advs/3-clamav.adv b/data/DTSA/advs/3-clamav.adv index 141a38ea5e..1a92f84f5c 100644 --- a/data/DTSA/advs/3-clamav.adv +++ b/data/DTSA/advs/3-clamav.adv @@ -4,40 +4,40 @@ author: Joey Hess vuln-type: denial of service and privilege escalation problem-scope: remote debian-specific: no -cve: CAN-2005-2070 CAN-2005-1923 CAN-2005-2056 CAN-2005-1922 CAN-2005-2450 +cve: CVE-2005-2070 CVE-2005-1923 CVE-2005-2056 CVE-2005-1922 CVE-2005-2450 testing-fix: 0.86.2-4etch1 sid-fix: 0.86.2-1 upgrade: apt-get upgrade Multiple security holes were found in clamav: -CAN-2005-2070 +CVE-2005-2070 The ClamAV Mail fILTER (clamav-milter), when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading. -CAN-2005-1923 +CVE-2005-1923 The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read. -CAN-2005-2056 +CVE-2005-2056 The Quantum archive decompressor in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive. -CAN-2005-1922 +CVE-2005-1922 The MS-Expand file handling in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function. -CAN-2005-2450 +CVE-2005-2450 Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) allow remote diff --git a/data/DTSA/advs/4-ekg.adv b/data/DTSA/advs/4-ekg.adv index 1c03064ab3..3139bb55d1 100644 --- a/data/DTSA/advs/4-ekg.adv +++ b/data/DTSA/advs/4-ekg.adv @@ -4,36 +4,36 @@ author: Joey Hess vuln-type: multiple vulnerabilities problem-scope: local and remote debian-specific: no -cve: CAN-2005-1916 CAN-2005-1851 CAN-2005-1850 CAN-2005-1852 CAN-2005-2448 +cve: CVE-2005-1916 CVE-2005-1851 CVE-2005-1850 CVE-2005-1852 CVE-2005-2448 testing-fix: 1:1.5+20050808+1.6rc3-0etch1 sid-fix: 1:1.5+20050808+1.6rc3-1 upgrade: apt-get install libgadu3 ekg Multiple vulnerabilities were discovered in ekg: -CAN-2005-1916 +CVE-2005-1916 Eric Romang discovered insecure temporary file creation and arbitrary command execution in a contributed script that can be exploited by a local attacker. -CAN-2005-1851 +CVE-2005-1851 Marcin Owsiany and Wojtek Kaniewski discovered potential shell command injection in a contributed script. -CAN-2005-1850 +CVE-2005-1850 Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file creation in contributed scripts. -CAN-2005-1852 +CVE-2005-1852 Multiple integer overflows in libgadu, as used in ekg, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message. -CAN-2005-2448 +CVE-2005-2448 Multiple endianness errors in libgadu in ekg allow remote attackers to cause a denial of service (invalid behaviour in applications) on diff --git a/data/DTSA/advs/44-kdelibs.adv b/data/DTSA/advs/44-kdelibs.adv index 4b12cbd030..e3fd2d3b7d 100644 --- a/data/DTSA/advs/44-kdelibs.adv +++ b/data/DTSA/advs/44-kdelibs.adv @@ -4,7 +4,7 @@ author: Moritz Muehlenhoff vuln-type: insecure default permissions problem-scope: local debian-specifc: no -cve: CAN-2005-1920 +cve: CVE-2005-1920 vendor-advisory: testing-fix: 4:3.3.2-6.1etch1 sid-fix: 4:3.4.2-1 diff --git a/data/DTSA/advs/5-gaim.adv b/data/DTSA/advs/5-gaim.adv index d87c1b77c9..3c65588af6 100644 --- a/data/DTSA/advs/5-gaim.adv +++ b/data/DTSA/advs/5-gaim.adv @@ -4,26 +4,26 @@ author: Joey Hess vuln-type: multiple remote vulnerabilities problem-scope: remote debian-specific: no -cve: CAN-2005-2102 CAN-2005-2370 CAN-2005-2103 +cve: CVE-2005-2102 CVE-2005-2370 CVE-2005-2103 testing-fix: 1:1.4.0-5etch2 sid-fix: 1:1.4.0-5 upgrade: apt-get install gaim Multiple security holes were found in gaim: -CAN-2005-2102 +CVE-2005-2102 The AIM/ICQ module in Gaim allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters. -CAN-2005-2370 +CVE-2005-2370 Multiple memory alignment errors in libgadu, as used in gaim and other packages, allow remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message. -CAN-2005-2103 +CVE-2005-2103 Buffer overflow in the AIM and ICQ module in Gaim allows remote attackers to cause a denial of service (application crash) and possibly execute diff --git a/data/DTSA/advs/7-mozilla.adv b/data/DTSA/advs/7-mozilla.adv index b5d8d3d158..3dfa10bac5 100644 --- a/data/DTSA/advs/7-mozilla.adv +++ b/data/DTSA/advs/7-mozilla.adv @@ -4,7 +4,7 @@ author: Joey Hess vuln-type: frame injection spoofing problem-scope: remote debian-specific: no -cve: CAN-2004-0718 CAN-2005-1937 +cve: CVE-2004-0718 CVE-2005-1937 testing-fix: 2:1.7.8-1sarge1 sid-fix: 2:1.7.10-1 upgrade: apt-get install mozilla diff --git a/data/DTSA/advs/8-mozilla-firefox.adv b/data/DTSA/advs/8-mozilla-firefox.adv index 8aab984670..b105d6548a 100644 --- a/data/DTSA/advs/8-mozilla-firefox.adv +++ b/data/DTSA/advs/8-mozilla-firefox.adv @@ -4,7 +4,7 @@ author: Joey Hess vuln-type: several vulnerabilities (update) problem-scope: remote debian-specific: no -cve: CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 +cve: CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270 testing-fix: 1.0.4-2sarge3 sid-fix: 1.0.6-3 upgrade: apt-get install mozilla-firefox @@ -18,65 +18,65 @@ text: Several problems were discovered in Mozilla Firefox: -CAN-2004-0718 CAN-2005-1937 +CVE-2004-0718 CVE-2005-1937 A vulnerability has been discovered in Mozilla Firefox that allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site. -CAN-2005-2260 +CVE-2005-2260 The browser user interface does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user. -CAN-2005-2261 +CVE-2005-2261 XML scripts ran even when Javascript disabled. -CAN-2005-2262 +CVE-2005-2262 The user can be tricked to executing arbitrary JavaScript code by using a JavaScript URL as wallpaper. -CAN-2005-2263 +CVE-2005-2263 It is possible for a remote attacker to execute a callback function in the context of another domain (i.e. frame). -CAN-2005-2264 +CVE-2005-2264 By opening a malicious link in the sidebar it is possible for remote attackers to steal sensitive information. -CAN-2005-2265 +CVE-2005-2265 Missing input sanitising of InstallVersion.compareTo() can cause the application to crash. -CAN-2005-2266 +CVE-2005-2266 Remote attackers could steal sensitive information such as cookies and passwords from web sites by accessing data in alien frames. -CAN-2005-2267 +CVE-2005-2267 By using standalone applications such as Flash and QuickTime to open a javascript: URL, it is possible for a remote attacker to steal sensitive information and possibly execute arbitrary code. -CAN-2005-2268 +CVE-2005-2268 It is possible for a Javascript dialog box to spoof a dialog box from a trusted site and facilitates phishing attacks. -CAN-2005-2269 +CVE-2005-2269 Remote attackers could modify certain tag properties of DOM nodes that could lead to the execution of arbitrary script or code. -CAN-2005-2270 +CVE-2005-2270 The Mozilla browser family does not properly clone base objects, which allows remote attackers to execute arbitrary code. diff --git a/data/DTSA/advs/9-bluez-utils.adv b/data/DTSA/advs/9-bluez-utils.adv index 8190518e0c..07540ceb42 100644 --- a/data/DTSA/advs/9-bluez-utils.adv +++ b/data/DTSA/advs/9-bluez-utils.adv @@ -4,7 +4,7 @@ author: Joey Hess vuln-type: bad device name escaping problem-scope: remote debian-specific: no -cve: CAN-2005-2547 +cve: CVE-2005-2547 testing-fix: 2.19-0.1etch1 sid-fix: 2.19-1 upgrade: apt-get install bluez-utils diff --git a/data/DTSA/advs/nn-kernel-source-2.4.27.adv b/data/DTSA/advs/nn-kernel-source-2.4.27.adv index e7a56a2521..0f37cc0a32 100644 --- a/data/DTSA/advs/nn-kernel-source-2.4.27.adv +++ b/data/DTSA/advs/nn-kernel-source-2.4.27.adv @@ -4,8 +4,8 @@ author: Micah Anderson vuln-type: various problem-scope: remote debian-specifc: no -cve: CAN-2005-2458, CAN-2005-2459, CAN-2005-1767, CAN-2005-2456, -CAN-2005-1768, CAN-2005-0756 CAN-2005-0757, CAN-2005-1762, CAN-2005-1768 +cve: CVE-2005-2458, CVE-2005-2459, CVE-2005-1767, CVE-2005-2456, +CVE-2005-1768, CVE-2005-0756 CVE-2005-0757, CVE-2005-1762, CVE-2005-1768 vendor-advisory: testing-fix: 2.4.27-11 sid-fix: 2.4.27-11 -- cgit v1.2.3