[Secure-testing-commits] r2459 - in website: . DTSA
Joey Hess
joeyh at costa.debian.org
Wed Oct 19 22:57:35 UTC 2005
Author: joeyh
Date: 2005-10-19 22:57:32 +0000 (Wed, 19 Oct 2005)
New Revision: 2459
Modified:
website/DTSA/DTSA-1-1.html
website/DTSA/DTSA-10-1.html
website/DTSA/DTSA-11-1.html
website/DTSA/DTSA-12-1.html
website/DTSA/DTSA-13-1.html
website/DTSA/DTSA-14-1.html
website/DTSA/DTSA-15-1.html
website/DTSA/DTSA-16-1.html
website/DTSA/DTSA-17-1.html
website/DTSA/DTSA-19-1.html
website/DTSA/DTSA-2-1.html
website/DTSA/DTSA-20-1.html
website/DTSA/DTSA-3-1.html
website/DTSA/DTSA-4-1.html
website/DTSA/DTSA-5-1.html
website/DTSA/DTSA-7-1.html
website/DTSA/DTSA-8-2.html
website/DTSA/DTSA-9-1.html
website/index.html
Log:
update website to use only CVE references
Modified: website/DTSA/DTSA-1-1.html
===================================================================
--- website/DTSA/DTSA-1-1.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-1-1.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,19 +50,19 @@
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2626'>CAN-2005-2626</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2627'>CAN-2005-2627</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2626'>CVE-2005-2626</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2627'>CVE-2005-2627</a>
<br></dd>
<br><dt>More information:</dt>
<dd>Multiple security holes have been discovered in kismet: <br>
<br>
-CAN-2005-2627 <br>
+CVE-2005-2627 <br>
<br>
Multiple integer underflows in Kismet allow remote attackers to execute <br>
arbitrary code via (1) kernel headers in a pcap file or (2) data frame <br>
dissection, which leads to heap-based buffer overflows. <br>
<br>
-CAN-2005-2626 <br>
+CVE-2005-2626 <br>
<br>
Unspecified vulnerability in Kismet allows remote attackers to have an <br>
unknown impact via unprintable characters in the SSID. <br>
Modified: website/DTSA/DTSA-10-1.html
===================================================================
--- website/DTSA/DTSA-10-1.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-10-1.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,7 +50,7 @@
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491'>CAN-2005-2491</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491'>CVE-2005-2491</a>
<br></dd>
<br><dt>More information:</dt>
<dd>An integer overflow in pcre_compile.c in Perl Compatible Regular Expressions <br>
Modified: website/DTSA/DTSA-11-1.html
===================================================================
--- website/DTSA/DTSA-11-1.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-11-1.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,7 +50,7 @@
<dd>Yes<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2655'>CAN-2005-2655</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2655'>CVE-2005-2655</a>
<br></dd>
<br><dt>More information:</dt>
<dd>The lockmail binary shipped with maildrop allows for an attacker to <br>
Modified: website/DTSA/DTSA-12-1.html
===================================================================
--- website/DTSA/DTSA-12-1.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-12-1.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,7 +50,7 @@
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2368'>CAN-2005-2368</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2368'>CVE-2005-2368</a>
<br></dd>
<br><dt>More information:</dt>
<dd>vim modelines allow files to execute arbitrary commands via shell <br>
Modified: website/DTSA/DTSA-13-1.html
===================================================================
--- website/DTSA/DTSA-13-1.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-13-1.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,20 +50,20 @@
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2549'>CAN-2005-2549</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2550'>CAN-2005-2550</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2549'>CVE-2005-2549</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2550'>CVE-2005-2550</a>
<br></dd>
<br><dt>More information:</dt>
<dd>Multiple vulnerabilities were discovered in evolution: <br>
<br>
-CAN-2005-2549 <br>
+CVE-2005-2549 <br>
<br>
Multiple format string vulnerabilities in Evolution allow remote attackers <br>
to cause a denial of service (crash) and possibly execute arbitrary code via <br>
(1) full vCard data, (2) contact data from remote LDAP servers, or (3) task <br>
list data from remote servers. <br>
<br>
-CAN-2005-2550 <br>
+CVE-2005-2550 <br>
<br>
Format string vulnerability in Evolution allows remote attackers to cause a <br>
denial of service (crash) and possibly execute arbitrary code via the <br>
Modified: website/DTSA/DTSA-14-1.html
===================================================================
--- website/DTSA/DTSA-14-1.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-14-1.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,16 +50,16 @@
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0718'>CAN-2004-0718</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1937'>CAN-2005-1937</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2260'>CAN-2005-2260</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2261'>CAN-2005-2261</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2263'>CAN-2005-2263</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2265'>CAN-2005-2265</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2266'>CAN-2005-2266</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2268'>CAN-2005-2268</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2269'>CAN-2005-2269</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2270'>CAN-2005-2270</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0718'>CVE-2004-0718</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1937'>CVE-2005-1937</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2260'>CVE-2005-2260</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2261'>CVE-2005-2261</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2263'>CVE-2005-2263</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2265'>CVE-2005-2265</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2266'>CVE-2005-2266</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2268'>CVE-2005-2268</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2269'>CVE-2005-2269</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2270'>CVE-2005-2270</a>
<br></dd>
<br><dt>More information:</dt>
<dd>Several problems have been discovered in Mozilla. Since the usual praxis of <br>
@@ -68,49 +68,49 @@
named 1.7.8. The Common Vulnerabilities and Exposures project identifies the <br>
following problems: <br>
<br>
-CAN-2004-0718, CAN-2005-1937 <br>
+CVE-2004-0718, CVE-2005-1937 <br>
<br>
A vulnerability has been discovered in Mozilla that allows remote <br>
attackers to inject arbitrary Javascript from one page into the <br>
frameset of another site. <br>
<br>
-CAN-2005-2260 <br>
+CVE-2005-2260 <br>
<br>
The browser user interface does not properly distinguish between <br>
user-generated events and untrusted synthetic events, which makes <br>
it easier for remote attackers to perform dangerous actions that <br>
normally could only be performed manually by the user. <br>
<br>
-CAN-2005-2261 <br>
+CVE-2005-2261 <br>
<br>
XML scripts ran even when Javascript disabled. <br>
<br>
-CAN-2005-2263 <br>
+CVE-2005-2263 <br>
<br>
It is possible for a remote attacker to execute a callback <br>
function in the context of another domain (i.e. frame). <br>
<br>
-CAN-2005-2265 <br>
+CVE-2005-2265 <br>
<br>
Missing input sanitising of InstallVersion.compareTo() can cause <br>
the application to crash. <br>
<br>
-CAN-2005-2266 <br>
+CVE-2005-2266 <br>
<br>
Remote attackers could steal sensitive information such as cookies <br>
and passwords from web sites by accessing data in alien frames. <br>
<br>
-CAN-2005-2268 <br>
+CVE-2005-2268 <br>
<br>
It is possible for a Javascript dialog box to spoof a dialog box <br>
from a trusted site and facilitates phishing attacks. <br>
<br>
-CAN-2005-2269 <br>
+CVE-2005-2269 <br>
<br>
Remote attackers could modify certain tag properties of DOM nodes <br>
that could lead to the execution of arbitrary script or code. <br>
<br>
-CAN-2005-2270 <br>
+CVE-2005-2270 <br>
<br>
The Mozilla browser family does not properly clone base objects, <br>
which allows remote attackers to execute arbitrary code. <br>
Modified: website/DTSA/DTSA-15-1.html
===================================================================
--- website/DTSA/DTSA-15-1.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-15-1.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,9 +50,9 @@
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1751'>CAN-2005-1751</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921'>CAN-2005-1921</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498'>CAN-2005-2498</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1751'>CVE-2005-1751</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1921'>CVE-2005-1921</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2498'>CVE-2005-2498</a>
<br></dd>
<br><dt>More information:</dt>
<dd>Several security related problems have been found in PHP4, the <br>
@@ -60,20 +60,20 @@
Vulnerabilities and Exposures project identifies the following <br>
problems: <br>
<br>
-CAN-2005-1751 <br>
+CVE-2005-1751 <br>
<br>
Eric Romang discovered insecure temporary files in the shtool <br>
utility shipped with PHP that can exploited by a local attacker to <br>
overwrite arbitrary files. Only this vulnerability affects <br>
packages in oldstable. <br>
<br>
-CAN-2005-1921 <br>
+CVE-2005-1921 <br>
<br>
GulfTech has discovered that PEAR XML_RPC is vulnerable to a <br>
remote PHP code execution vulnerability that may allow an attacker <br>
to compromise a vulnerable server. <br>
<br>
-CAN-2005-2498 <br>
+CVE-2005-2498 <br>
<br>
Stefan Esser discovered another vulnerability in the XML-RPC <br>
libraries that allows injection of arbitrary PHP code into eval() <br>
Modified: website/DTSA/DTSA-16-1.html
===================================================================
--- website/DTSA/DTSA-16-1.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-16-1.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,57 +50,57 @@
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2098'>CAN-2005-2098</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2099'>CAN-2005-2099</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2456'>CAN-2005-2456</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2617'>CAN-2005-2617</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1913'>CAN-2005-1913</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1761'>CAN-2005-1761</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2457'>CAN-2005-2457</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2458'>CAN-2005-2458</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2459'>CAN-2005-2459</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2548'>CAN-2005-2548</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2302'>CAN-2004-2302</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1765'>CAN-2005-1765</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1762'>CAN-2005-1762</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1761'>CAN-2005-1761</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2555'>CAN-2005-2555</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2098'>CVE-2005-2098</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2099'>CVE-2005-2099</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456'>CVE-2005-2456</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2617'>CVE-2005-2617</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1913'>CVE-2005-1913</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1761'>CVE-2005-1761</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2457'>CVE-2005-2457</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458'>CVE-2005-2458</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2459'>CVE-2005-2459</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2548'>CVE-2005-2548</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2302'>CVE-2004-2302</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1765'>CVE-2005-1765</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1762'>CVE-2005-1762</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1761'>CVE-2005-1761</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2555'>CVE-2005-2555</a>
<br></dd>
<br><dt>More information:</dt>
<dd>Several security related problems have been found in version 2.6 of the <br>
linux kernel. The Common Vulnerabilities and Exposures project identifies <br>
the following problems: <br>
<br>
-CAN-2004-2302 <br>
+CVE-2004-2302 <br>
<br>
Race condition in the sysfs_read_file and sysfs_write_file functions in <br>
Linux kernel before 2.6.10 allows local users to read kernel memory and <br>
cause a denial of service (crash) via large offsets in sysfs files. <br>
<br>
-CAN-2005-1761 <br>
+CVE-2005-1761 <br>
<br>
Vulnerability in the Linux kernel allows local users to cause a <br>
denial of service (kernel crash) via ptrace. <br>
<br>
-CAN-2005-1762 <br>
+CVE-2005-1762 <br>
<br>
The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 <br>
platform allows local users to cause a denial of service (kernel crash) via <br>
a "non-canonical" address. <br>
<br>
-CAN-2005-1765 <br>
+CVE-2005-1765 <br>
<br>
syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when <br>
running in 32-bit compatibility mode, allows local users to cause a denial <br>
of service (kernel hang) via crafted arguments. <br>
<br>
-CAN-2005-1913 <br>
+CVE-2005-1913 <br>
<br>
When a non group-leader thread called exec() to execute a different program <br>
while an itimer was pending, the timer expiry would signal the old group <br>
leader task, which did not exist any more. This caused a kernel panic. <br>
<br>
-CAN-2005-2098 <br>
+CVE-2005-2098 <br>
<br>
The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before <br>
2.6.12.5 contains an error path that does not properly release the session <br>
@@ -109,7 +109,7 @@
empty name string, (2) with a long name string, (3) with the key quota <br>
reached, or (4) ENOMEM. <br>
<br>
-CAN-2005-2099 <br>
+CVE-2005-2099 <br>
<br>
The Linux kernel before 2.6.12.5 does not properly destroy a keyring that <br>
is not instantiated properly, which allows local users or remote attackers <br>
@@ -117,7 +117,7 @@
that is not empty, which causes the creation to fail, leading to a null <br>
dereference in the keyring destructor. <br>
<br>
-CAN-2005-2456 <br>
+CVE-2005-2456 <br>
<br>
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c <br>
in Linux kernel 2.6 allows local users to cause a denial of service (oops <br>
@@ -125,41 +125,41 @@
larger than XFRM_POLICY_OUT, which is used as an index in the <br>
sock->sk_policy array. <br>
<br>
-CAN-2005-2457 <br>
+CVE-2005-2457 <br>
<br>
The driver for compressed ISO file systems (zisofs) in the Linux kernel <br>
before 2.6.12.5 allows local users and remote attackers to cause a denial <br>
of service (kernel crash) via a crafted compressed ISO file system. <br>
<br>
-CAN-2005-2458 <br>
+CVE-2005-2458 <br>
<br>
inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows <br>
remote attackers to cause a denial of service (kernel crash) via a <br>
compressed file with "improper tables". <br>
<br>
-CAN-2005-2459 <br>
+CVE-2005-2459 <br>
<br>
The huft_build function in inflate.c in the zlib routines in the Linux <br>
kernel before 2.6.12.5 returns the wrong value, which allows remote <br>
attackers to cause a denial of service (kernel crash) via a certain <br>
compressed file that leads to a null pointer dereference, a different <br>
- vulnerbility than CAN-2005-2458. <br>
+ vulnerbility than CVE-2005-2458. <br>
<br>
-CAN-2005-2548 <br>
+CVE-2005-2548 <br>
<br>
vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a denial <br>
of service (kernel oops from null dereference) via certain UDP packets that <br>
lead to a function call with the wrong argument, as demonstrated using <br>
snmpwalk on snmpd. <br>
<br>
-CAN-2005-2555 <br>
+CVE-2005-2555 <br>
<br>
Linux kernel 2.6.x does not properly restrict socket policy access to users <br>
with the CAP_NET_ADMIN capability, which could allow local users to conduct <br>
unauthorized activities via (1) ipv4/ip_sockglue.c and (2) <br>
ipv6/ipv6_sockglue.c. <br>
<br>
-CAN-2005-2617 <br>
+CVE-2005-2617 <br>
<br>
The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 <br>
and later, on the amd64 architecture, does not check the return value of <br>
Modified: website/DTSA/DTSA-17-1.html
===================================================================
--- website/DTSA/DTSA-17-1.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-17-1.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,7 +50,7 @@
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2672'>CAN-2005-2672</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2672'>CVE-2005-2672</a>
<br></dd>
<br><dt>More information:</dt>
<dd>Javier Fernández-Sanguino Peña discovered that a script included in <br>
Modified: website/DTSA/DTSA-19-1.html
===================================================================
--- website/DTSA/DTSA-19-1.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-19-1.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,17 +50,17 @@
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2919'>CAN-2005-2919</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2920'>CAN-2005-2920</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2919'>CVE-2005-2919</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2920'>CVE-2005-2920</a>
<br></dd>
<br><dt>More information:</dt>
<dd>Multiple security holes were found in clamav: <br>
<br>
-CAN-2005-2919 <br>
+CVE-2005-2919 <br>
<br>
A possible infinate loop has been discovered in libclamav/fsg.c <br>
<br>
-CAN-2005-2920 <br>
+CVE-2005-2920 <br>
<br>
A possible buffer overflow has been found in libclamav/upx.c <br>
<br>
Modified: website/DTSA/DTSA-2-1.html
===================================================================
--- website/DTSA/DTSA-2-1.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-2-1.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,33 +50,33 @@
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2448'>CAN-2005-2448</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370'>CAN-2005-2370</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2369'>CAN-2005-2369</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1914'>CAN-2005-1914</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2448'>CVE-2005-2448</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2370'>CVE-2005-2370</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2369'>CVE-2005-2369</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1914'>CVE-2005-1914</a>
<br></dd>
<br><dt>More information:</dt>
<dd>centericq in testing is vulnerable to multiple security holes: <br>
<br>
-CAN-2005-2448 <br>
+CVE-2005-2448 <br>
<br>
Multiple endianness errors in libgadu, which is embedded in centericq, <br>
allow remote attackers to cause a denial of service (invalid behaviour in <br>
applications) on big-endian systems. <br>
<br>
-CAN-2005-2370 <br>
+CVE-2005-2370 <br>
<br>
Multiple memory alignment errors in libgadu, which is embedded in <br>
centericq, allows remote attackers to cause a denial of service (bus error) <br>
on certain architectures such as SPARC via an incoming message. <br>
<br>
-CAN-2005-2369 <br>
+CVE-2005-2369 <br>
<br>
Multiple integer signedness errors in libgadu, which is embedded in <br>
centericq, may allow remote attackers to cause a denial of service <br>
or execute arbitrary code. <br>
<br>
-CAN-2005-1914 <br>
+CVE-2005-1914 <br>
<br>
centericq creates temporary files with predictable file names, which <br>
allows local users to overwrite arbitrary files via a symlink attack. <br>
Modified: website/DTSA/DTSA-20-1.html
===================================================================
--- website/DTSA/DTSA-20-1.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-20-1.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,12 +50,12 @@
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2878'>CAN-2005-2878</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2878'>CVE-2005-2878</a>
<br></dd>
<br><dt>More information:</dt>
<dd>A format string vulnerability has been discovered in Mailutils. <br>
<br>
-CAN-2005-2878 <br>
+CVE-2005-2878 <br>
A format string vulnerability in search.c in the imap4d server in GNU <br>
Mailutils 0.6 allows remote authenticated users to execute arbitrary code via <br>
format string specifiers in the SEARCH command. <br>
Modified: website/DTSA/DTSA-3-1.html
===================================================================
--- website/DTSA/DTSA-3-1.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-3-1.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,42 +50,42 @@
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2070'>CAN-2005-2070</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1923'>CAN-2005-1923</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2056'>CAN-2005-2056</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1922'>CAN-2005-1922</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2450'>CAN-2005-2450</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2070'>CVE-2005-2070</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1923'>CVE-2005-1923</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2056'>CVE-2005-2056</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1922'>CVE-2005-1922</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2450'>CVE-2005-2450</a>
<br></dd>
<br><dt>More information:</dt>
<dd>Multiple security holes were found in clamav: <br>
<br>
-CAN-2005-2070 <br>
+CVE-2005-2070 <br>
<br>
The ClamAV Mail fILTER (clamav-milter), when used in Sendmail using long <br>
timeouts, allows remote attackers to cause a denial of service by keeping <br>
an open connection, which prevents ClamAV from reloading. <br>
<br>
-CAN-2005-1923 <br>
+CVE-2005-1923 <br>
<br>
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) allows remote <br>
attackers to cause a denial of service (CPU consumption by infinite loop) <br>
via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, <br>
which causes a zero-length read. <br>
<br>
-CAN-2005-2056 <br>
+CVE-2005-2056 <br>
<br>
The Quantum archive decompressor in Clam AntiVirus (ClamAV) allows remote <br>
attackers to cause a denial of service (application crash) via a crafted <br>
Quantum archive. <br>
<br>
-CAN-2005-1922 <br>
+CVE-2005-1922 <br>
<br>
The MS-Expand file handling in Clam AntiVirus (ClamAV) allows remote <br>
attackers to cause a denial of service (file descriptor and memory <br>
consumption) via a crafted file that causes repeated errors in the <br>
cli_msexpand function. <br>
<br>
-CAN-2005-2450 <br>
+CVE-2005-2450 <br>
<br>
Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file <br>
format processors in libclamav for Clam AntiVirus (ClamAV) allow remote <br>
Modified: website/DTSA/DTSA-4-1.html
===================================================================
--- website/DTSA/DTSA-4-1.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-4-1.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,38 +50,38 @@
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1916'>CAN-2005-1916</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1851'>CAN-2005-1851</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1850'>CAN-2005-1850</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1852'>CAN-2005-1852</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2448'>CAN-2005-2448</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1916'>CVE-2005-1916</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1851'>CVE-2005-1851</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1850'>CVE-2005-1850</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1852'>CVE-2005-1852</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2448'>CVE-2005-2448</a>
<br></dd>
<br><dt>More information:</dt>
<dd>Multiple vulnerabilities were discovered in ekg: <br>
<br>
-CAN-2005-1916 <br>
+CVE-2005-1916 <br>
<br>
Eric Romang discovered insecure temporary file creation and arbitrary <br>
command execution in a contributed script that can be exploited by a local <br>
attacker. <br>
<br>
-CAN-2005-1851 <br>
+CVE-2005-1851 <br>
<br>
Marcin Owsiany and Wojtek Kaniewski discovered potential shell command <br>
injection in a contributed script. <br>
<br>
-CAN-2005-1850 <br>
+CVE-2005-1850 <br>
<br>
Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file <br>
creation in contributed scripts. <br>
<br>
-CAN-2005-1852 <br>
+CVE-2005-1852 <br>
<br>
Multiple integer overflows in libgadu, as used in ekg, allows remote <br>
attackers to cause a denial of service (crash) and possibly execute <br>
arbitrary code via an incoming message. <br>
<br>
-CAN-2005-2448 <br>
+CVE-2005-2448 <br>
<br>
Multiple endianness errors in libgadu in ekg allow remote attackers to <br>
cause a denial of service (invalid behaviour in applications) on <br>
Modified: website/DTSA/DTSA-5-1.html
===================================================================
--- website/DTSA/DTSA-5-1.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-5-1.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,26 +50,26 @@
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102'>CAN-2005-2102</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370'>CAN-2005-2370</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103'>CAN-2005-2103</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2102'>CVE-2005-2102</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2370'>CVE-2005-2370</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2103'>CVE-2005-2103</a>
<br></dd>
<br><dt>More information:</dt>
<dd>Multiple security holes were found in gaim: <br>
<br>
-CAN-2005-2102 <br>
+CVE-2005-2102 <br>
<br>
The AIM/ICQ module in Gaim allows remote attackers to cause a denial of <br>
service (application crash) via a filename that contains invalid UTF-8 <br>
characters. <br>
<br>
-CAN-2005-2370 <br>
+CVE-2005-2370 <br>
<br>
Multiple memory alignment errors in libgadu, as used in gaim and other <br>
packages, allow remote attackers to cause a denial of service (bus error) <br>
on certain architectures such as SPARC via an incoming message. <br>
<br>
-CAN-2005-2103 <br>
+CVE-2005-2103 <br>
<br>
Buffer overflow in the AIM and ICQ module in Gaim allows remote attackers <br>
to cause a denial of service (application crash) and possibly execute <br>
Modified: website/DTSA/DTSA-7-1.html
===================================================================
--- website/DTSA/DTSA-7-1.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-7-1.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,8 +50,8 @@
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0718'>CAN-2004-0718</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1937'>CAN-2005-1937</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0718'>CVE-2004-0718</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1937'>CVE-2005-1937</a>
<br></dd>
<br><dt>More information:</dt>
<dd>A vulnerability has been discovered in Mozilla that allows remote attackers <br>
Modified: website/DTSA/DTSA-8-2.html
===================================================================
--- website/DTSA/DTSA-8-2.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-8-2.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,19 +50,19 @@
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0718'>CAN-2004-0718</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1937'>CAN-2005-1937</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2260'>CAN-2005-2260</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2261'>CAN-2005-2261</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2262'>CAN-2005-2262</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2263'>CAN-2005-2263</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2264'>CAN-2005-2264</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2265'>CAN-2005-2265</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2266'>CAN-2005-2266</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2267'>CAN-2005-2267</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2268'>CAN-2005-2268</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2269'>CAN-2005-2269</a>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2270'>CAN-2005-2270</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0718'>CVE-2004-0718</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1937'>CVE-2005-1937</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2260'>CVE-2005-2260</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2261'>CVE-2005-2261</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2262'>CVE-2005-2262</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2263'>CVE-2005-2263</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2264'>CVE-2005-2264</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2265'>CVE-2005-2265</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2266'>CVE-2005-2266</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2267'>CVE-2005-2267</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2268'>CVE-2005-2268</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2269'>CVE-2005-2269</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2270'>CVE-2005-2270</a>
<br></dd>
<br><dt>More information:</dt>
<dd>We experienced that the update for Mozilla Firefox from DTSA-8-1 <br>
@@ -74,65 +74,65 @@
<br>
Several problems were discovered in Mozilla Firefox: <br>
<br>
-CAN-2004-0718 CAN-2005-1937 <br>
+CVE-2004-0718 CVE-2005-1937 <br>
<br>
A vulnerability has been discovered in Mozilla Firefox that allows remote <br>
attackers to inject arbitrary Javascript from one page into the frameset of <br>
another site. <br>
<br>
-CAN-2005-2260 <br>
+CVE-2005-2260 <br>
<br>
The browser user interface does not properly distinguish between <br>
user-generated events and untrusted synthetic events, which makes it easier <br>
for remote attackers to perform dangerous actions that normally could only be <br>
performed manually by the user. <br>
<br>
-CAN-2005-2261 <br>
+CVE-2005-2261 <br>
<br>
XML scripts ran even when Javascript disabled. <br>
<br>
-CAN-2005-2262 <br>
+CVE-2005-2262 <br>
<br>
The user can be tricked to executing arbitrary JavaScript code by using a <br>
JavaScript URL as wallpaper. <br>
<br>
-CAN-2005-2263 <br>
+CVE-2005-2263 <br>
<br>
It is possible for a remote attacker to execute a callback function in the <br>
context of another domain (i.e. frame). <br>
<br>
-CAN-2005-2264 <br>
+CVE-2005-2264 <br>
<br>
By opening a malicious link in the sidebar it is possible for remote <br>
attackers to steal sensitive information. <br>
<br>
-CAN-2005-2265 <br>
+CVE-2005-2265 <br>
<br>
Missing input sanitising of InstallVersion.compareTo() can cause the <br>
application to crash. <br>
<br>
-CAN-2005-2266 <br>
+CVE-2005-2266 <br>
<br>
Remote attackers could steal sensitive information such as cookies and <br>
passwords from web sites by accessing data in alien frames. <br>
<br>
-CAN-2005-2267 <br>
+CVE-2005-2267 <br>
<br>
By using standalone applications such as Flash and QuickTime to open a <br>
javascript: URL, it is possible for a remote attacker to steal sensitive <br>
information and possibly execute arbitrary code. <br>
<br>
-CAN-2005-2268 <br>
+CVE-2005-2268 <br>
<br>
It is possible for a Javascript dialog box to spoof a dialog box from a <br>
trusted site and facilitates phishing attacks. <br>
<br>
-CAN-2005-2269 <br>
+CVE-2005-2269 <br>
<br>
Remote attackers could modify certain tag properties of DOM nodes that could <br>
lead to the execution of arbitrary script or code. <br>
<br>
-CAN-2005-2270 <br>
+CVE-2005-2270 <br>
<br>
The Mozilla browser family does not properly clone base objects, which allows <br>
remote attackers to execute arbitrary code. <br>
Modified: website/DTSA/DTSA-9-1.html
===================================================================
--- website/DTSA/DTSA-9-1.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/DTSA/DTSA-9-1.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -50,7 +50,7 @@
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
-<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2547'>CAN-2005-2547</a>
+<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2547'>CVE-2005-2547</a>
<br></dd>
<br><dt>More information:</dt>
<dd>A bug in bluez-utils allows remote attackers to execute arbitrary commands <br>
Modified: website/index.html
===================================================================
--- website/index.html 2005-10-19 22:54:03 UTC (rev 2458)
+++ website/index.html 2005-10-19 22:57:32 UTC (rev 2459)
@@ -92,7 +92,7 @@
<p>
The team maintains a database (actually some files) that contain
- our notes about all CVEs, CANs, and DSAs. This database is available
+ our notes about all CVEs and DSAs. This database is available
<a href="http://svn.debian.org/wsvn/secure-testing">from subversion</a>,
and may be checked out from
<tt>svn://svn.debian.org/secure-testing/</tt>.
@@ -191,7 +191,7 @@
then check the <a href="logs/dtsasync">log file</a> and/or
upgrade a test machine.</li>
<li>cd data/DTSA; ./sndadvisory DTSA-n-1</li>
- <li>Edit CAN/list and DSA/list to list the version of the
+ <li>Edit CVE/list and DSA/list to list the version of the
package that is in the secure-testing archive as fixing the
holes. This is unfortunatly currently necessary for the fix to
appear as a fix on the tracking page.</li>
More information about the Secure-testing-commits
mailing list