From a785b5081d8252dd68f025b0314d1e60c2debf82 Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Mon, 3 Sep 2007 21:20:53 +0000 Subject: update website git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6481 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- website/DTSA/DTSA-54-1.html | 91 ++++++++++++++++++++++++++++++++++++++++++++ website/DTSA/DTSA-55-1.html | 92 +++++++++++++++++++++++++++++++++++++++++++++ website/list.html | 30 +++++++++++++++ 3 files changed, 213 insertions(+) create mode 100644 website/DTSA/DTSA-54-1.html create mode 100644 website/DTSA/DTSA-55-1.html (limited to 'website') diff --git a/website/DTSA/DTSA-54-1.html b/website/DTSA/DTSA-54-1.html new file mode 100644 index 0000000000..c45e2019da --- /dev/null +++ b/website/DTSA/DTSA-54-1.html @@ -0,0 +1,91 @@ + + + Debian testing security team - Advisory + + + + +
+ + + + + Debian Project +
+
+ + + + + + + + + + + +
+ Debian testing security team - Advisory +
+ + +
+ + +

DTSA-54-1

+
+
Date Reported:
+
August 22nd , 2007
+
Affected Package:
+
poppler
+
Vulnerability:
+
integer overflow
+
Problem-Scope:
+
local (remote)
+
Debian-specific:
+
No
+
CVE:
+
+CVE-2007-3387 +
+
More information:
+
It was discovered that an integer overflow in the xpdf PDF viewer may lead 
+to the execution of arbitrary code if a malformed PDF file is opened. 

+CVE-2007-3387 

+Integer overflow in the StreamPredictor::StreamPredictor function in gpdf  
+before 2.8.2, as used in (1) poppler, (2) xpdf, (3) kpdf, (4) kdegraphics, 
+(5) CUPS, and other products, might allow remote attackers to execute  
+arbitrary code via a crafted PDF file. 
+
+
For the testing distribution (lenny) this is fixed in version 0.5.4-6lenny1
+
For the unstable distribution (sid) this is fixed in version 0.5.4-6.1
+
This upgrade is recommended if you use poppler.
+
If you have the secure testing lines in your sources.list, you can update by running this command as root:
+ +
apt-get update && apt-get upgrade
+
+ +
+
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
+
+
deb http://security.debian.org/ testing/updates main contrib non-free
+
deb-src http://security.debian.org/ testing/updates main contrib non-free
+
+ + +
+ + Valid HTML 4.01! + + Valid CSS! + + + + diff --git a/website/DTSA/DTSA-55-1.html b/website/DTSA/DTSA-55-1.html new file mode 100644 index 0000000000..60fed21a80 --- /dev/null +++ b/website/DTSA/DTSA-55-1.html @@ -0,0 +1,92 @@ + + + Debian testing security team - Advisory + + + + +
+ + + + + Debian Project +
+
+ + + + + + + + + + + +
+ Debian testing security team - Advisory +
+ + +
+ + +

DTSA-55-1

+
+
Date Reported:
+
September 1st , 2007
+
Affected Package:
+
centerim
+
Vulnerability:
+
buffer overflows
+
Problem-Scope:
+
remote
+
Debian-specific:
+
No
+
CVE:
+
+CVE-2007-3713 +
+
More information:
+
It was discovered that there are multiple buffer overflows, which could lead  
+to the execution of arbitrary code. 

+CVE-2007-3713 

+Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow 
+remote attackers to execute arbitrary code via unspecified vectors. 
+NOTE: the provenance of this information is unknown; the details are  
+obtained solely from third party information. NOTE: this might overlap 
+CVE-2007-0160. 
+
+
For the testing distribution (lenny) this is fixed in version 4.22.1-2lenny1
+
For the unstable distribution (sid) this is fixed in version 4.22.1-2.1
+
This upgrade is recommended if you use centerim.
+
If you have the secure testing lines in your sources.list, you can update by running this command as root:
+ +
apt-get update && apt-get upgrade
+
+ +
+
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
+
+
deb http://security.debian.org/ testing/updates main contrib non-free
+
deb-src http://security.debian.org/ testing/updates main contrib non-free
+
+ + +
+ + Valid HTML 4.01! + + Valid CSS! + + + + diff --git a/website/list.html b/website/list.html index bbeeb6f734..3375001b0b 100644 --- a/website/list.html +++ b/website/list.html @@ -113,6 +113,36 @@
several vulnerabilities
[May 28th, 2007] DTSA-40-1 php4
several vulnerabilities
+
[May 31th, 2007] DTSA-41-1 samba
+
several vulnerabilities
+
[July 13th, 2007] DTSA-42-1 ipsec-tools
+
missing input sanitising
+
[July 24th, 2007] DTSA-43-1 clamav
+
several vulnerabilities
+
[July 31st, 2007] DTSA-44-1 pulseaudio
+
remote DoS
+
[July 31st, 2007] DTSA-45-1 iceweasel
+
several vulnerabilities
+
[August 1st, 2007] DTSA-46-1 icedove
+
several vulnerabilities
+
[August 1st, 2007] DTSA-47-1 iceape
+
several vulnerabilities
+
[August 3rd, 2007] DTSA-48-1 gnash
+
arbitrary code execution
+
[August 7th, 2007] DTSA-49-1 kdegraphics
+
arbitrary code execution
+
[August 7th, 2007] DTSA-50-1 koffice
+
arbitrary code execution
+
[August 12th, 2007] DTSA-51-1 xulrunner
+
several vulnerabilities
+
[August 16th, 2007] DTSA-52-1 iceape
+
several vulnerabilities
+
[August 16th, 2007] DTSA-53-1 iceweasel
+
several vulnerabilities
+
[August 21th, 2007] DTSA-54-1 poppler
+
arbitrary code execution
+
[August 31st, 2007] DTSA-55-1 centerim
+
arbitrary code execution
-- cgit v1.2.3