[August 26th, 2005] DTSA-1-1 kismet - various {CVE-2005-2626 CVE-2005-2627 } [etch] - kismet 2005.08.R1-0.1etch1 (high) [August 28th, 2005] DTSA-2-1 centericq - multiple vulnerabilities {CVE-2005-2448 CVE-2005-2370 CVE-2005-2369 CVE-2005-1914 } [etch] - centericq 4.20.0-8etch1 (medium) [August 28th, 2005] DTSA-3-1 clamav - denial of service and privilege escalation {CVE-2005-2070 CVE-2005-1923 CVE-2005-2056 CVE-2005-1922 CVE-2005-2450 } [etch] - clamav 0.86.2-4etch1 (high) [August 28th, 2005] DTSA-4-1 ekg - multiple vulnerabilities {CVE-2005-1916 CVE-2005-1851 CVE-2005-1850 CVE-2005-1852 CVE-2005-2448 } [etch] - ekg 1:1.5+20050808+1.6rc3-0etch1 (high) [August 28th, 2005] DTSA-5-1 gaim - multiple remote vulnerabilities {CVE-2005-2102 CVE-2005-2370 CVE-2005-2103 } [etch] - gaim 1:1.4.0-5etch2 (high) [August 28th, 2005] DTSA-6-1 cgiwrap - multiple vulnerabilities {CVE-2005-3254 CVE-2005-3255} [etch] - cgiwrap 3.9-3.0etch1 (medium) [August 28th, 2005] DTSA-7-1 mozilla - frame injection spoofing {CVE-2004-0718 CVE-2005-1937 } [etch] - mozilla 2:1.7.8-1sarge1 (medium) [September 1st, 2005] DTSA-8-2 mozilla-firefox - several vulnerabilities (update) {CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270 } [etch] - mozilla-firefox 1.0.4-2sarge3 (medium) [August 31st, 2005] DTSA-9-1 bluez-utils - bad device name escaping {CVE-2005-2547 } [etch] - bluez-utils 2.19-0.1etch1 (high) [August 29th, 2005] DTSA-10-1 pcre3 - buffer overflow {CVE-2005-2491 } [etch] - pcre3 6.3-0.1etch1 (high) [August 29th, 2005] DTSA-11-1 maildrop - local privilege escalation {CVE-2005-2655 } [etch] - maildrop 1.5.3-1.1etch1 (medium) [September 8th, 2005] DTSA-12-1 vim - modeline exploits {CVE-2005-2368 } [etch] - vim 1:6.3-085+0.0etch1 (medium) [September 8th, 2005] DTSA-13-1 evolution - format string vulnerabilities {CVE-2005-2549 CVE-2005-2550 } [etch] - evolution 2.2.3-2etch1 (high) [September 13th, 2005] DTSA-14-1 mozilla - several {CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2263 CVE-2005-2265 CVE-2005-2266 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270 } [etch] - mozilla 2:1.7.8-1sarge2 [September 13th, 2005] DTSA-15-1 php4 - several vulnerabilities {CVE-2005-1751 CVE-2005-1921 CVE-2005-2498 } [etch] - php4 4:4.3.10-16etch1 [September 15th, 2005] DTSA-16-1 linux-2.6 - various {CVE-2005-2098 CVE-2005-2099 CVE-2005-2456 CVE-2005-2617 CVE-2005-1913 CVE-2005-1761 CVE-2005-2457 CVE-2005-2458 CVE-2005-2459 CVE-2005-2548 CVE-2004-2302 CVE-2005-1765 CVE-2005-1762 CVE-2005-2555 } NOTE: Just a pointer to a regular update in testing. [September 15th, 2005] DTSA-17-1 lm-sensors - insecure temporary file {CVE-2005-2672 } [etch] - lm-sensors 1:2.9.1-6etch1 [September 22nd, 2005] DTSA-19-1 clamav - buffer overflow and infinate loop problems {CVE-2005-2919 CVE-2005-2920 } [etch] - clamav 0.86.2-4etch2 [October 13th, 2005] DTSA-20-1 mailutils - Format string vulnerability {CVE-2005-2878 } [etch] - mailutils 1:0.6.90-2.1etch1 [November 3rd, 2005] DTSA-21-1 clamav - Denial of service vulnerabilities and buffer overflow {CVE-2005-3239 CVE-2005-3500 CVE-2005-3501 CVE-2005-3303 } [etch] - clamav 0.87.1-0etch.1 [December 5th, 2005] DTSA-22-1 uim - local privilege escalation {CVE-2005-3149 } [etch] - uim 1:0.4.7-2.0etch1 [December 5th, 2005] DTSA-23-1 centericq - buffer overflow {CVE-2005-3863 } [etch] - centericq 4.21.0-6.0etch1 [December 5th, 2005] DTSA-24-1 inkscape - buffer overflow {CVE-2005-3737 } [etch] - inkscape 0.43-0.0etch1 [December 5th, 2005] DTSA-25-1 smb4k - access validation error {CVE-2005-2851 } [etch] - smb4k 0.6.4-0.0etch1 [December 5th, 2005] DTSA-26-1 trackballs - symlink attack [etch] - trackballs 1.1.1-0.0etch1 [January 20th, 2006] DTSA-27-1 fuse - potential data corruption when installed seduid root {CVE-2005-3531 } [etch] - fuse 2.3.0-4.2etch1 [January 25th, 2005] DTSA-28-1 gpdf - multiple vulnerabilities {CVE-2005-2097 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628 } [etch] - gpdf 2.10.0-1+etch1 [June 15th, 2006] DTSA-29-1 blender - heap-based buffer overflow {CVE-2005-4470 } [etch] - blender 2.37a-1.1etch1 [September 27th, 2006] DTSA-31-1 hyperestraier - cross-site request forgery (CSRF) vulnerability {CVE-2006-3671 } [etch] - hyperestraier 1.0.6-1.1etch1 [February 1st, 2007] DTSA-32-1 bcfg2 - programming error [etch] - bcfg2 0.8.6.1-1.1etch1 [February 12th, 2007] DTSA-33-1 wordpress - multiple vulnerabilities {CVE-2007-0262 CVE-2007-0539 CVE-2007-0541 } [etch] - wordpress 2.0.8-1 [March 3rd, 2007] DTSA-34-1 wordpress - cross-site scripting {CVE-2007-1049 } [etch] - wordpress 2.0.9-1 [May 22nd, 2007] DTSA-35-1 aircrack-ng - programming error {CVE-2007-2057 } [lenny] - aircrack-ng 1:0.8-0.1lenny1 [May 22nd, 2007] DTSA-36-1 mydns - multiple buffer overflows {CVE-2007-2362 } [lenny] - mydns 1:1.1.0-7.1lenny1 [May 22nd, 2007] DTSA-37-1 clamav - several vulnerabilities {CVE-2007-1745 CVE-2007-1997 CVE-2007-2029 } [lenny] - clamav 0.90.1-3lenny2 [May 26th, 2007] DTSA-38-1 qemu - several vulnerabilities {CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1366 } [lenny] - qemu 0.8.2-5lenny1 [May 28th, 2007] DTSA-39-1 php5 - several vulnerabilities {CVE-2007-1286 CVE-2007-1375 CVE-2007-1376 CVE-2007-1380 CVE-2007-1453 CVE-2007-1454 CVE-2007-1521 CVE-2007-1583 CVE-2007-1700 CVE-2007-1718 CVE-2007-1777 CVE-2007-1824 CVE-2007-1887 CVE-2007-1889 CVE-2007-1900 CVE-2007-2509 CVE-2007-2510 CVE-2007-2511 } [lenny] - php5 5.2.0-10+lenny1 [May 28th, 2007] DTSA-40-1 php4 - several vulnerabilities {CVE-2007-1286 CVE-2007-1380 CVE-2007-1521 CVE-2007-1583 CVE-2007-1718 CVE-2007-1777 CVE-2007-2509 } [lenny] - php4 6:4.4.4-9+lenny1 [May 31st, 2007] DTSA-41-1 samba - several vulnerabilities {CVE-2007-2444 CVE-2007-2446 CVE-2007-2447 } [lenny] - samba 3.0.24-6+lenny3 [July 13th, 2007] DTSA-42-1 ipsec-tools - missing input sanitising {CVE-2007-1841} [lenny] - ipsec-tools 1:0.6.6-3.1lenny1 [July 24th, 2007] DTSA-43-1 clamav - several vulnerabilities {CVE-2007-3725 CVE-2007-2650 CVE-2007-3023 CVE-2007-3024 CVE-2007-3122 CVE-2007-3123} [lenny] - clamav 0.90.1-3.1lenny3 [July 31st, 2007] DTSA-44-1 pulseaudio - remote DoS {CVE-2007-1804} [lenny] - pulseaudio 0.9.5-7lenny2 [July 31st, 2007] DTSA-45-1 iceweasel - several vulnerabilities {CVE-2007-1116 CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871 CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738} [lenny] - iceweasel 2.0.0.5-0etch1+lenny1 [August 1st, 2007] DTSA-46-1 icedove - several vulnerabilities {CVE-2007-1558 CVE-2007-2867 CVE-2007-2868} [lenny] - icedove 1.5.0.12.dfsg1-0etch1+lenny1 [August 1st, 2007] DTSA-47-1 iceape - several vulnerabilities {CVE-2007-1116 CVE-2007-1362 CVE-2007-1558 CVE-2007-2867 CVE-2007-2868 CVE-2007-2870 CVE-2007-2871 CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738} [lenny] - iceape 1.0.10~pre070720-0etch1+lenny1 [August 3rd, 2007] DTSA-48-1 gnash - arbitrary code execution {CVE-2007-2500} [lenny] - gnash 0.7.2-1lenny1 [August 7th, 2007] DTSA-49-1 kdegraphics - arbitrary code execution {CVE-2007-3387} [lenny] - kdegraphics 4:3.5.7-2lenny1 [August 7th, 2007] DTSA-50-1 koffice - arbitrary code execution {CVE-2007-3387} [lenny] - koffice 1:1.6.3-1lenny1 [August 12th, 2007] DTSA-51-1 xulrunner - several vulnerabilities {CVE-2007-1116 CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871 CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738 CVE-2007-3844 CVE-2007-3845 CVE-2007-4041} [lenny] - xulrunner 1.8.0.13~pre070720-0etch3+lenny1 [August 16th, 2007] DTSA-52-1 iceape - several vulnerabilities {CVE-2007-3844 CVE-2007-3845 CVE-2007-4041} [lenny] - iceape 1.0.10~pre070720-0etch3+lenny1 [August 16th, 2007] DTSA-53-1 iceweasel - several vulnerabilities {CVE-2007-3844 CVE-2007-3845 CVE-2007-4041} [lenny] - iceweasel 2.0.0.6-0etch1+lenny1 [August 21st, 2007] DTSA-54-1 poppler - arbitrary code execution {CVE-2007-3387} [lenny] - poppler 0.5.4-6lenny1 [August 31st, 2007] DTSA-55-1 centerim - arbitrary code execution {CVE-2007-3713} [lenny] - centerim 4.22.1-2lenny1 [September 4th, 2007] DTSA-56-1 zziplib - arbitrary code execution {CVE-2007-1614} [lenny] - zziplib 0.12.83-8lenny1 [September 9th, 2007] DTSA-57-1 gforge - sql injection {CVE-2007-3913} [lenny] - gforge 4.5.14-23lenny2 [September 13th, 2007] DTSA-58-1 phpgroupware - cross scripting vulnerability {CVE-2007-4048} [lenny] - phpgroupware 0.9.16.011-3lenny2 [September 21st, 2007] DTSA-59-1 gforge - cross site scripting vulnerability in account/verify.php [lenny] - gforge 4.5.14-23lenny4 [September 25th, 2007] DTSA-60-1 kdebase - kdm allows user logins without a password in some configurations {CVE-2007-4569} [lenny] - kdebase 4:3.5.7-3lenny1 [October 3rd, 2007] DTSA-61-1 php5 - several vulnerabilities {CVE-2007-3806 CVE-2007-3799 CVE-2007-4658 CVE-2007-4657 CVE-2007-4662 CVE-2007-4660 CVE-2007-3998 CVE-2007-4659} [lenny] - php5 5.2.3-1+lenny1 [October 1st, 2007] DTSA-62-1 poppler - buffer overflow {CVE-2007-3387} [lenny] - poppler 0.5.4-6lenny2 [October 4th, 2007] DTSA-63-1 imagemagick - several vulnerabilities {CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988} [lenny] - imagemagick 7:6.2.4.5.dfsg1-1+lenny1 [October 7th, 2007] DTSA-64-1 util-linux - privilege escalation in mount / umount {CVE-2007-5191} [lenny] - util-linux 2.12r-19+lenny1 [October 8th, 2007] DTSA-65-1 mplayer - denial of service via crafted .avi file {CVE-2007-4938} [lenny] - mplayer 1.0~rc1-16+lenny1 [October 12th, 2007] DTSA-66-1 alsaplayer - stack based buffer overflow in vorbis plugin {CVE-2007-5301} [lenny] - alsaplayer 0.99.79-3+lenny1 [October 20th, 2007] DTSA-67-1 nagios-plugins - multiple stack based vulnerabilities {CVE-2007-5198} [lenny] - nagios-plugins 1.4.8-2+lenny1 [October 21st, 2007] DTSA-68-1 ldapscripts - unauthorized disclosure of information {CVE-2007-5373} [lenny] - ldapscripts 1.4-2+lenny1 [October 23rd, 2007] DTSA-69-1 xulrunner - several vulnerabilities {CVE-2007-5339 CVE-2007-5340 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2006-2894 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338} [lenny] - xulrunner 1.8.0.14~pre071019b-0lenny1 [October 23rd, 2007] DTSA-70-1 loop-aes-utils - privilege escalation {CVE-2007-5191} [lenny] - loop-aes-utils 2.12r-16+lenny1 [October 25th, 2007] DTSA-71-1 icedove - several vulnerabilities {CVE-2007-3734 CVE-2007-3735 CVE-2007-3844 CVE-2007-3845 CVE-2007-5339 CVE-2007-5340} [lenny] - icedove 1.5.0.13+1.5.0.14b.dfsg1-0lenny1 [October 25th, 2007] DTSA-72-1 hplip - arbitrary command execution {CVE-2007-5208} [lenny] - hplip 1.6.10-4.2+lenny1 [October 26th, 2007] DTSA-73-1 xorg-server - buffer overflow {CVE-2007-4730} [lenny] - xorg-server 2:1.3.0.0.dfsg-12lenny1 [October 27th, 2007] DTSA-74-1 hugin - insecure temp file handling {CVE-2007-5200} [lenny] - hugin 0.6.1-1+lenny1 [November 1st, 2007] DTSA-75-1 gnome-screensaver - authentication bypass {CVE-2007-3920} [lenny] - gnome-screensaver 2.18.2-1+lenny1 [November 1st, 2007] DTSA-76-1 mono - integer overflow {CVE-2007-5197} [lenny] - mono 1.2.5.1-1+lenny1 [November 6th, 2007] DTSA-77-1 pcre3 - arbitrary code execution {CVE-2007-1659 CVE-2007-1660 CVE-2007-1661 CVE-2007-1662 CVE-2007-4766 CVE-2007-4767 CVE-2007-4768} [lenny] - pcre3 6.7+7.4-2+lenny1 [November 10th, 2007] DTSA-78-1 perl - arbitrary code execution {CVE-2007-5116} [lenny] - perl 5.8.8-11.1+lenny1 [November 10th, 2007] DTSA-79-1 emacs22 - restriction bypass {CVE-2007-5795} [lenny] - emacs22 22.1+1-2+lenny1 [November 10th, 2007] DTSA-80-1 iceape - several vulnerabilities {CVE-2006-2894 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340} [lenny] - iceape 1.0.11~pre071022-0etch1+lenny1 [November 11th, 2007] DTSA-81-1 cupsys - buffer overflow {CVE-2007-4351} [lenny] - cupsys 1.3.2-1+lenny1 [November 11th, 2007] DTSA-82-1 nufw - buffer overflow {CVE-2007-5723} [lenny] - nufw 2.2.6-1+lenny1 [November 11th, 2007] DTSA-83-1 xscreensaver - authentication bypass {CVE-2007-5585} [lenny] - xscreensaver 5.03-2+lenny1 [November 13th, 2007] DTSA-84-1 perdition - format string vulnerability {CVE-2007-5740} [lenny] - perdition 1.17-8+lenny1 [November 17th, 2007] DTSA-85-1 kdegraphics - several vulnerabilities {CVE-2007-5393 CVE-2007-5392 CVE-2007-4352} [lenny] - kdegraphics 4:3.5.7-4+lenny1 [November 17th, 2007] DTSA-86-1 koffice - several vulnerabilities {CVE-2007-4352 CVE-2007-5392 CVE-2007-5393} [lenny] - koffice 1:1.6.3-3+lenny1 [November 18th, 2007] DTSA-87-1 openldap2.3 - denial of service {CVE-2007-5708} [lenny] - openldap2.3 2.3.38-1+lenny1 [November 26th, 2007] DTSA-88-1 net-snmp - denial of service {CVE-2007-5846} [lenny] - net-snmp 5.3.1-8+lenny1 [November 28th, 2007] DTSA-89-1 pioneers - remote denial of service {CVE-2007-5933 CVE-2007-6010} [lenny] - pioneers 0.11.2-2+lenny1 [December 1st, 2007] DTSA-90-1 wesnoth - information disclosure {CVE-2007-5742} [lenny] - wesnoth 1:1.2.7-2+lenny1 [December 3rd, 2007] DTSA-91-1 mysql-dfsg-5.0 - remote denial of service {CVE-2007-5925} [lenny] - mysql-dfsg-5.0 5.0.45-1+lenny1 [December 3rd, 2007] DTSA-92-1 wireshark - several vulnerabilities {CVE-2007-6111 CVE-2007-6112 CVE-2007-6113 CVE-2007-6114 CVE-2007-6115 CVE-2007-6116 CVE-2007-6117 CVE-2007-6118 CVE-2007-6119 CVE-2007-6120 CVE-2007-6121} [lenny] - wireshark 0.99.6rel-5+0.99.7~pre1-1+lenny1 [December 6th, 2007] DTSA-93-1 zabbix - programming error {CVE-2007-6210} [lenny] - zabbix 1:1.4.1-4+lenny1 [December 7th, 2007] DTSA-94-1 pwlib - remote denial of service {CVE-2007-4897} [lenny] - pwlib 1.10.7~dfsg1-4+lenny1 [lenny] - pwlib-titan 1.11.2-1+lenny1 [December 7th, 2007] DTSA-95-1 e2fsprogs - multiple integer overflows {CVE-2007-5497} [lenny] - e2fsprogs 1.40.2-1+lenny1 [December 8th, 2007] DTSA-96-1 libcairo - multiple integer overflows {CVE-2007-5503} [lenny] - libcairo 1.4.10-1+lenny2 [December 9th, 2007] DTSA-97-1 texlive-bin - arbitrary code execution {CVE-2007-5935} [lenny] - texlive-bin 2007-14+lenny1 [December 11th, 2007] DTSA-98-1 emacs21 - buffer overflow {CVE-2007-6109} [lenny] - emacs21 21.4a+1-5.1+lenny1 [December 11th, 2007] DTSA-99-1 emacs22 - buffer overflow {CVE-2007-6109} [lenny] - emacs22 22.1+1-2.1+lenny1 [December 11th, 2007] DTSA-100-1 samba - buffer overflow {CVE-2007-6015} [lenny] - samba 3.0.28-1~lenny1 [December 12th, 2007] DTSA-101-1 clamav - several vulnerabilities {CVE-2007-6336 CVE-2007-6337 CVE-2007-6335} [lenny] - clamav 0.91.2-4.0lenny1 [December 20th, 2007] DTSA-102-1 ruby-gnome2 - format string vulnerability {CVE-2007-6183} [lenny] - ruby-gnome2 0.16.0-10~lenny1 [December 25th, 2007] DTSA-103-1 mnogosearch - cross-site scripting {CVE-2007-5588} [lenny] - mnogosearch 3.2.42-1+lenny1 [December 26th, 2007] DTSA-104-1 wireshark - several vulnerabilities {CVE-2007-6439 CVE-2007-6438 CVE-2007-6450 CVE-2007-6441 CVE-2007-6451} [lenny] - wireshark 0.99.7-1~lenny1 [December 26th, 2007] DTSA-105-1 syslog-ng - remote denial of service {CVE-2007-6437} [lenny] - syslog-ng 2.0.5-3+lenny1 [December 26th, 2007] DTSA-106-1 iscsitarget - information disclosure {CVE-2007-5827} [lenny] - iscsitarget 0.4.15-4+lenny1 [January 5th, 2008] DTSA-107-1 liferea - multiple vulnerabilities {CVE-2005-4791 CVE-2007-5751} [lenny] - liferea 1.0.27-2+lenny1 [January 12th, 2008] DTSA-108-1 vlc - multiple vulnerabilities [lenny] - vlc 0.8.6.c-4.1~lenny1 [January 14th, 2008] DTSA-109-1 xine-lib - heap-based buffer overflow {CVE-2008-0225} [lenny] - xine-lib 1.1.8-3+lenny1 [January 20th, 2008] DTSA-110-1 xorg-server - multiple vulnerabilities {CVE-2007-5760 CVE-2007-5958 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006} [lenny] - xorg-server 2:1.3.0.0.dfsg-12lenny2 [January 23rd, 2008] DTSA-111-1 vlc - buffer overflows {CVE-2008-0295 CVE-2008-0296} [lenny] - vlc 0.8.6.c-4.1~lenny2 [January 29th, 2008] DTSA-112-1 firebird2.0 - remote denial of service [lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1 [February 12th, 2008] DTSA-113-1 linux-2.6 - privilege escalation {CVE-2008-0600} [lenny] - linux-2.6 2.6.22-6.lenny1 [February 15th, 2008] DTSA-114-1 mplayer - multiple vulnerabilities {CVE-2008-0630 CVE-2008-0629 CVE-2008-0485 CVE-2008-0486} [lenny] - mplayer 1.0~rc2-7+lenny1 [February 26th, 2008] DTSA-115-1 pcre3 - arbitrary code execution {CVE-2008-0674} [lenny] - pcre3 7.4-1+lenny1 [February 28th, 2008] DTSA-116-1 vlc - arbitrary code execution {CVE-2008-0984} [lenny] - vlc 0.8.6.c-6+lenny1 [March 11th, 2008] DTSA-117-1 cupsys - arbitrary code execution {CVE-2008-0882} [lenny] - cupsys 1.3.5-1+lenny1 [March 18th, 2008] DTSA-118-1 ldm - authentication bypass {CVE-2008-1293} [lenny] - ldm 2:0.1~bzr20071217-1+lenny1 [March 31st, 2008] DTSA-119-1 vlc - arbitrary code execution {CVE-2008-1489 CVE-2008-0073} [lenny] - vlc 0.8.6.c-6+lenny3 [April 2nd, 2008] DTSA-120-1 xine-lib - several integer overflows {CVE-2008-1482} [lenny] - xine-lib 1.1.10.1-2+lenny1 [April 9th, 2008] DTSA-121-1 mplayer - arbitrary code execution {CVE-2008-1558} [lenny] - mplayer 1.0~rc2-8+lenny1 [April 12th, 2008] DTSA-122-1 cupsys - buffer overflow {CVE-2008-1373} [lenny] - cupsys 1.3.6-3+lenny1 [April 17th, 2008] DTSA-123-1 audit - buffer overflow {CVE-2008-1628} [lenny] - audit 1.5.3-2+lenny1 [April 18th, 2008] DTSA-124-1 suphp - race condition {CVE-2008-1614} [lenny] - suphp 0.6.2-2+lenny0 [April 28th, 2008] DTSA-125-1 vlc - multiple vulnerabilities {CVE-2008-1769 CVE-2008-1768 CVE-2008-1881} [lenny] - vlc 0.8.6.c-6+lenny4 [May 5th, 2008] DTSA-126-1 util-linux - log injection {CVE-2008-1926} [lenny] - util-linux 2.13.1-3+lenny1 [May 5th, 2008] DTSA-127-1 libfishsound - insufficient boundary check {CVE-2008-1686} [lenny] - libfishsound 0.7.0-2.1+lenny1 [May 5th, 2008] DTSA-128-1 xine-lib - multiple vulnerabilities {CVE-2008-1878 CVE-2008-1686 CVE-2008-0073} [lenny] - xine-lib 1.1.10.1-2+lenny2 [May 8th, 2008] DTSA-129-1 speex - insufficient boundary check {CVE-2008-1686} [lenny] - speex 1.1.12-3+lenny1 [May 8th, 2008] DTSA-130-1 zoneminder - arbitrary code execution {CVE-2008-1381} [lenny] - zoneminder 1.23.2-2+lenny1 [May 17th, 2008] DTSA-131-1 apache2 - denial of service (memory leak in mod_ssl) {CVE-2008-1678} [lenny] - apache2 2.2.8-4~lenny1 [May 17th, 2008] DTSA-132-1 vlc - multiple vulnerabilities {CVE-2007-6683 CVE-2008-2147} [lenny] - vlc 0.8.6.c-6+lenny5 [May 24th, 2008] DTSA-133-1 kvm - multiple vulnerabilities {CVE-2008-2004 CVE-2008-0928 CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1366} [lenny] - kvm 60+dfsg-1+lenny1 [May 26th, 2008] DTSA-134-1 net-snmp - buffer overflow {CVE-2008-2292} [lenny] - net-snmp 5.4.1~dfsg-7+lenny1 [May 29th, 2008] DTSA-135-1 php5 - multiple vulnerabilities {CVE-2008-0599 CVE-2008-1384 CVE-2008-2050 CVE-2008-2051} [lenny] - php5 5.2.5-3+lenny1 [May 29th, 2008] DTSA-136-1 openssl - multiple vulnerabilities {CVE-2008-1672 CVE-2008-0891} [lenny] - openssl 0.9.8g-10+lenny1 [June 16th, 2008] DTSA-137-1 net-snmp - authentication bypass {CVE-2008-0960} [lenny] - net-snmp 5.4.1~dfsg-7.1+lenny1 [June 17th, 2008] DTSA-138-1 clamav - denial of service {CVE-2008-2713} [lenny] - clamav 0.93~dfsg-1+lenny1 [June 20th, 2008] DTSA-139-1 freetype - multiple vulnerabilities {CVE-2008-1808 CVE-2008-1807 CVE-2008-1806} [lenny] - freetype 2.3.5-1+lenny1 [June 22nd, 2008] DTSA-140-1 libtk-img - buffer overflow {CVE-2008-0553} [lenny] - libtk-img 1:1.3-release-6+lenny1 [June 22nd, 2008] DTSA-141-1 xorg-server - multiple vulnerabilities {CVE-2008-2360 CVE-2008-2361 CVE-2008-1379 CVE-2008-2362 CVE-2008-1377} [lenny] - xorg-server 2:1.4.1~git20080517-2~lenny1 [June 24th, 2008] DTSA-142-1 perl - information disclosure / permission bypass {CVE-2008-2827} [lenny] - perl 5.10.0-10+lenny1 [June 24th, 2008] DTSA-143-1 vim - filename escape vulnerability {CVE-2008-2712} [lenny] - vim 1:7.1.293-3+lenny1 [July 3rd, 2008] DTSA-144-1 php5 - Denial of Service {CVE-2008-2829} [lenny] - php5 5.2.5-3+lenny2 [July 5th, 2008] DTSA-145-1 pcre3 - heap-based buffer overflow {CVE-2008-2371} [lenny] - pcre3 7.4-1+lenny2 [July 7th, 2008] DTSA-146-1 poppler - arbitrary code execution {CVE-2008-2950} [lenny] - poppler 0.8.2-2+lenny1 [July 9th, 2008] DTSA-147-1 bind9 - cache poisoning {CVE-2008-1447} [lenny] - bind9 1:9.4.2-10+lenny1 [July 9th, 2008] DTSA-148-1 vlc - heap-based buffer overflow {CVE-2008-2430} [lenny] - vlc 0.8.6.e-2.3+lenny1 [July 15th, 2008] DTSA-149-1 afuse - privilege escalation {CVE-2008-2232} [lenny] - afuse 0.2-2+lenny1 [July 16th, 2008] DTSA-150-1 mysql-dfsg-5.0 - authorization bypass {CVE-2008-2079} [lenny] - mysql-dfsg-5.0 5.0.51a-9+lenny2 [July 17th, 2008] DTSA-151-1 openldap - denial of service {CVE-2008-2952} [lenny] - openldap 2.4.10-2+lenny1 [August 1st, 2008] DTSA-152-1 libxslt - arbitrary code execution {CVE-2008-2935} [lenny] - libxslt 1.1.24-1+lenny1 [August 9th, 2008] DTSA-153-1 git-core - stack-based buffer overflow {CVE-2008-3546} [lenny] - git-core 1.5.6.3-1+lenny1 [August 13th, 2008] DTSA-154-1 yelp - format string vulnerability {CVE-2008-3533} [lenny] - yelp 2.22.1-3+lenny2 [August 14th, 2008] DTSA-155-1 postfix - local privilege escalation {CVE-2008-2936} [lenny] - postfix 2.5.2-2lenny1 [August 16th, 2008] DTSA-153-2 git-core - stack-based buffer overflow {CVE-2008-3546} [lenny] - git-core 1.5.6.3-1+lenny2 NOTE: DTSA-153-1 was incomplete [August 17th, 2008] DTSA-156-1 drupal5 - multiple vulnerabilities {CVE-2008-3740 CVE-2008-3741 CVE-2008-3742 CVE-2008-3743 CVE-2008-3744 CVE-2008-3745} [lenny] - drupal5 5.9-1.1+lenny1 [August 17th, 2008] DTSA-157-1 python2.5 - multiple vulnerabilities {CVE-2008-3142 CVE-2008-3144 CVE-2008-2315 CVE-2008-2316} [lenny] - python2.5 2.5.2-6+lenny1 [August 22nd, 2008] DTSA-158-1 libxml2 - denial of service {CVE-2008-3281} [lenny] - libxml2 2.6.32.dfsg-2+lenny1 [August 23rd, 2008] DTSA-159-1 havp - denial of service {CVE-2008-3688} [lenny] - havp 0.88-1+lenny1 [August 26th, 2008] DTSA-160-1 tiff - buffer underflow {CVE-2008-2327} [lenny] - tiff 3.8.2-10+lenny1 [August 28th, 2008] DTSA-161-1 samba - privilege escalation {CVE-2008-3789} [lenny] - samba 2:3.2.1-1+lenny1 [August 28th, 2008] DTSA-162-1 r-base - symlink attack [lenny] - r-base 2.7.1-1+lenny1 [September 2nd, 2008] DTSA-163-1 wordnet - several overflows {CVE-2008-3908} [lenny] - wordnet 3.0-11+lenny1 [September 2nd, 2008] DTSA-164-1 newsbeuter - command injection {CVE-2008-3907} [lenny] - newsbeuter 0.9.1-1+lenny2 [September 4th, 2008] DTSA-164-2 newsbeuter - command injection {CVE-2008-3907} [lenny] - newsbeuter 0.9.1-1+lenny3 NOTE: the preivous DTSA fixed the appended the URL twice [September 11th, 2008] DTSA-165-1 horde3 - several vulnerabilities {CVE-2008-3823 CVE-2008-3824} [lenny] - horde3 3.2.1+debian0-2+lenny1 [September 16th, 2008] DTSA-166-1 vlc - several integer overflows {CVE-2008-3732 CVE-2008-3794} [lenny] - vlc 0.8.6.h-1+lenny1 [September 19th, 2008] DTSA-167-1 wireshark - several vulnerabilities {CVE-2008-3933 CVE-2008-3146 CVE-2008-3932 CVE-2008-3934} [lenny] - wireshark 1.0.2-3+lenny1 [September 30th, 2008] DTSA-168-1 mplayer - integer overflows {CVE-2008-3827} [lenny] - mplayer 1.0~rc2-17+lenny1 [October 3rd, 2008] DTSA-169-1 libpam-mount - access restriction bypass {CVE-2008-3970} [lenny] - libpam-mount 0.44-1+lenny1 [October 14th, 2008] DTSA-170-1 bugzilla - directory traversal {CVE-2008-4437} [lenny] - bugzilla 3.0.4.1-2+lenny1 [October 15th, 2008] DTSA-171-1 mediawiki - cross site scripting {CVE-2008-4408} [lenny] - mediawiki 1.12.0-2lenny1 [October 20th, 2008] DTSA-172-1 libspf2 - buffer overflow {CVE-2008-2469} [lenny] - libspf2 1.2.5.dfsg-5+lenny1 [November 3rd, 2008] DTSA-173-1 snort - rules bypass {CVE-2008-1804} [lenny] - snort 2.7.0-19+lenny1 [November 5th, 2008] DTSA-174-1 uw-imap - buffer overflow {CVE-2008-5006 CVE-2008-5005} [lenny] - uw-imap 2007b~dfsg-4+lenny1 [November 5th, 2008] DTSA-175-1 vlc - integer overflows {CVE-2008-4686} [lenny] - vlc 0.8.6.h-4+lenny1 [November 8th, 2008] DTSA-176-1 vlc - buffer overflows {CVE-2008-5032} [lenny] - vlc 0.8.6.h-4+lenny2 [November 16th, 2008] DTSA-177-1 liquidsoap - insecure temporary file handling {CVE-2008-4965} [lenny] - liquidsoap 0.3.6-4lenny1 [November 20th, 2008] DTSA-178-1 liquidsoap - version regression with DTSA-177-1 {CVE-2008-4965} [lenny] - liquidsoap 0.3.6-4+lenny1 [November 29th, 2008] DTSA-179-1 geshi - multiple issues {CVE-2008-5185 CVE-2008-5186} [lenny] - geshi 1.0.7.22-1+lenny1 [December 19th, 2008] DTSA-180-1 courier-authlib - sql injection {CVE-2008-2380} [lenny] - courier-authlib 0.61.0-1+lenny1 [December 22nd, 2008] DTSA-181-1 mplayer - arbitrary code execution {CVE-2008-5616 CVE-2008-4610} [lenny] - mplayer 1.0~rc2-17+lenny2 [December 29th, 2008] DTSA-174-2 uw-imap - several vulnerabilities {CVE-2008-5006 CVE-2008-5005 CVE-2008-5514} [lenny] - uw-imap 2007b~dfsg-4+lenny3 NOTE: regression fix for DTSA-174-1 + additional patch [January 5th, 2009] DTSA-182-1 xterm - remote code execution {CVE-2008-2383 CVE-2006-7236} [lenny] - xterm 235-2 [January 11th, 2009] DTSA-183-1 netatalk - remote code execution {CVE-2008-5718} [lenny] - netatalk 2.0.3-11+lenny1 [January 17th, 2009] DTSA-184-1 devil - arbitrary code execution {CVE-2008-5262} [lenny] - devil 1.6.8-rc2-3+lenny1 [January 22nd, 2009] DTSA-185-1 slurm-llnl - cryptographic weakness {CVE-2009-0128} [lenny] - slurm-llnl 1.3.6-1lenny1 [January 25th, 2009] DTSA-186-1 mediawiki - several vulnerabilities {CVE-2008-5249 CVE-2008-5250 CVE-2008-5252 CVE-2008-5687} [lenny] - mediawiki 1:1.12.0-2lenny2 [January 28th, 2009] DTSA-187-1 moin - insufficient input sanitising {CVE-2009-0260 CVE-2009-0312} [lenny] - moin 1.7.1-3+lenny1 [January 28th, 2009] DTSA-188-1 php5 - several vulnerabilities {CVE-2008-5658 CVE-2008-5557 CVE-2008-5624 CVE-2008-7068 CVE-2009-1272} [lenny] - php5 5.2.6.dfsg.1-1+lenny2 [February 1st, 2009] DTSA-189-1 avahi - denial of service {CVE-2008-5081} [lenny] - avahi 0.6.22-3+lenny1 [February 7th, 2009] DTSA-190-1 gnumeric - insecure python search path {CVE-2009-0318} [lenny] - gnumeric 1.8.3-5+lenny1 [February 7th, 2009] DTSA-191-1 gedit - insecure python search path {CVE-2009-0314} [lenny] - gedit 2.22.3-1+lenny1 [February 7th, 2009] DTSA-192-1 audacity - arbitrary code execution {CVE-2009-0490} [lenny] - audacity 1.3.5-2+lenny1 [February 10th, 2009] DTSA-193-1 typo3 - several vulnerabilities {CVE-2009-0816 CVE-2009-0815} [lenny] - typo3-src 4.2.5-1+lenny1 [February 11th, 2009] DTSA-194-1 samizdat - cross-site scripting {CVE-2009-0359} [lenny] - samizdat 0.6.1-3lenny1 [February 12th, 2009] DTSA-195-1 moodle - several vulnerabilities {CVE-2009-0500 CVE-2009-0501} [lenny] - moodle 1.8.2.dfsg-3+lenny1 [February 12th, 2009] DTSA-196-1 mediawiki - cross-site scripting [lenny] - mediawiki 1:1.12.0-2lenny3 [February 13th, 2009] DTSA-197-1 barnowl {CVE-2009-0363} [lenny] - barnowl 1.0.1-4 [April 4th, 2009] DTSA-198-1 ghostscript - integer overflows {CVE-2009-0792 CVE-2009-0584 CVE-2009-0583 CVE-2009-0196} [squeeze] - ghostscript 8.64~dfsg-1+squeeze1 [April 6th, 2009] DTSA-199-1 apt - several vulnerabilities {CVE-2009-1358 CVE-2009-1300} [squeeze] - apt 0.7.20.2+squeeze1 [June 15th, 2009] DTSA-200-1 cyrus-sasl2 - buffer overflow {CVE-2009-0688} [squeeze] - cyrus-sasl2 2.1.22.dfsg1-23+squeeze1 [June 15th, 2009] DTSA-201-1 cyrus-sasl2-heimdal - buffer overflow {CVE-2009-0688} [squeeze] - cyrus-sasl2-heimdal 2.1.22.dfsg1-23+squeeze1 [September 13th, 2009] DTSA-202-1 libsndfile - multiple heap buffer overflows {CVE-2009-0186 CVE-2009-1788 CVE-2009-1791} [squeeze] - libsndfile 1.0.18-2+squeeze1 [October 21st, 2009] DTSA-203-1 kvm - several vulnerabilities {CVE-2008-5714 CVE-2009-3290} [squeeze] - kvm 72+dfsg-5+squeeze1 [December 8th, 2009] DTSA-204-1 linux-2.6 - several vulnerabilities {CVE-2009-1298 CVE-2009-4026 CVE-2009-4027} [squeeze] - linux-2.6 2.6.30-8squeeze1 [February 15th, 2010] DTSA-205-1 openoffice.org - several vulnerabilities {CVE-2009-2949 CVE-2009-2950 CVE-2009-3301 CVE-2009-3302 CVE-2009-0217} [squeeze] - openoffice.org 1:3.1.1-15+squeeze1 [April 2nd, 2010] DTSA-206-1 netpbm-free - buffer overflow {CVE-2009-4274} [squeeze] - netpbm-free 2:10.0-12.1+squeeze1 [January 7th, 2011] DTSA-207-1 mediawiki - clickjacking {CVE-2011-0003} [squeeze] - mediawiki 1:1.15.5-2