[Secure-testing-commits] r2462 - in data: . DSA DTSA DTSA/advs
Joey Hess
joeyh at costa.debian.org
Wed Oct 19 23:10:23 UTC 2005
Author: joeyh
Date: 2005-10-19 23:10:21 +0000 (Wed, 19 Oct 2005)
New Revision: 2462
Removed:
data/CAN/
Modified:
data/DSA/list
data/DTSA/advs/1-kismet.adv
data/DTSA/advs/10-pcre.adv
data/DTSA/advs/11-maildrop.adv
data/DTSA/advs/12-vim.adv
data/DTSA/advs/13-evolution.adv
data/DTSA/advs/14-mozilla.adv
data/DTSA/advs/15-php4.adv
data/DTSA/advs/16-linux-2.6.adv
data/DTSA/advs/17-lm-sensors.adv
data/DTSA/advs/18-thunderbird.adv
data/DTSA/advs/19-clamav.adv
data/DTSA/advs/2-centericq.adv
data/DTSA/advs/20-mailutils.adv
data/DTSA/advs/3-clamav.adv
data/DTSA/advs/4-ekg.adv
data/DTSA/advs/44-kdelibs.adv
data/DTSA/advs/5-gaim.adv
data/DTSA/advs/7-mozilla.adv
data/DTSA/advs/8-mozilla-firefox.adv
data/DTSA/advs/9-bluez-utils.adv
data/DTSA/advs/nn-kernel-source-2.4.27.adv
data/DTSA/list
data/README
Log:
update references to CANs to be CVEs and complete CVE transition
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DSA/list 2005-10-19 23:10:21 UTC (rev 2462)
@@ -1,2521 +1,2521 @@
[13 Oct 2005] DSA-865-1 hylafax - insecure temporary files
- {CAN-2005-3069}
+ {CVE-2005-3069}
- hylafax 1:4.2.2-1
NOTE: not fixed in testing at time of DSA (missing arm)
[13 Oct 2005] DSA-864-1 ruby1.8 - programming error
- {CAN-2005-2337}
+ {CVE-2005-2337}
- ruby1.6 1.6.8-13
NOTE: not fixed in testing at time of DSA (RC bugs)
[12 Oct 2005] DSA-863-1 xine-lib - format string vulnerability
- {CAN-2005-2967}
+ {CVE-2005-2967}
- xine-lib <unfixed> (bug #332919; medium)
NOTE: not fixed in testing at time of DSA (unfixed in sid)
[11 Oct 2005] DSA-862-1 ruby1.6 - programming error
- {CAN-2005-2337}
+ {CVE-2005-2337}
- ruby1.6 1.6.8-13
NOTE: fixed in testing at time of DSA
[11 Oct 2005] DSA-861-1 up-imap - buffer overflow
- {CAN-2005-2933}
+ {CVE-2005-2933}
- uw-imap 7:2002edebian1-12
NOTE: not fixed in testing at time of DSA (unfixed in sid)
[11 Oct 2005] DSA-860-1 ruby - programming error
- {CAN-2005-2337}
+ {CVE-2005-2337}
- ruby <removed>
NOTE: fixed in testing at time of DSA (woody-only DSA)
[10 Oct 2005] DSA-859-1 xli - buffer overflows
- {CAN-2005-3178}
+ {CVE-2005-3178}
- xli <unfixed> (medium)
NOTE: not fixed in testing at time of DSA (unfixed in sid)
[10 Oct 2005] DSA-858-1 xloadimage - buffer overflows
- {CAN-2005-3178}
+ {CVE-2005-3178}
- xloadimage 4.1-15 (bug #332524; medium)
NOTE: not fixed in testing at time of DSA (too young)
[10 Oct 2005] DSA-857-1 graphviz - insecure temporary file
- {CAN-2005-2965}
+ {CVE-2005-2965}
- graphviz 2.2.1-1sarge1 (low)
NOTE: fixed in testing at time of DSA
[10 Oct 2005] DSA-856-1 py2play - design error
- {CAN-2005-2875}
+ {CVE-2005-2875}
- py2play 0.1.8-1 (bug #326976; medium)
NOTE: fixed in testing at time of DSA
[10 Oct 2005] DSA-855-1 weex - format string vulnerability
- {CAN-2005-3150}
+ {CVE-2005-3150}
- weex 2.6.1-6sarge1 (bug #332424; medium)
NOTE: not fixed in testing at time of DSA (DSA fix propagated to sid)
[09 Oct 2005] DSA-854-1 tcpdump - infinite loop
- {CAN-2005-1267}
+ {CVE-2005-1267}
- tcpdump 3.9.0.cvs.20050614-1
NOTE: fixed in testing at time of DSA
[09 Oct 2005] DSA-853-1 ethereal - several
- {CAN-2005-2360 CAN-2005-2361 CAN-2005-2363 CAN-2005-2364 CAN-2005-2365 CAN-2005-2366 CAN-2005-2367}
+ {CVE-2005-2360 CVE-2005-2361 CVE-2005-2363 CVE-2005-2364 CVE-2005-2365 CVE-2005-2366 CVE-2005-2367}
- ethereal 0.10.12-1
NOTE: not fixed in testing at time of DSA (not fixed in unstable)
[08 Oct 2005] DSA-852-1 up-imapproxy - arbitrary code execution
- {CAN-2005-2661}
+ {CVE-2005-2661}
- up-imapproxy 1.2.4-2
NOTE: not fixed in testing at time of DSA (not fixed in unstable)
[08 Oct 2005] DSA-851-1 openvpn - denial of service
- {CAN-2005-2531 CAN-2005-2532 CAN-2005-2533 CAN-2005-2534}
+ {CVE-2005-2531 CVE-2005-2532 CVE-2005-2533 CVE-2005-2534}
- openvpn 2.0.2-1
NOTE: fixed in testing at time of DSA
[08 Oct 2005] DSA-850-1 tcpdump - denial of service
- {CAN-2005-1279}
+ {CVE-2005-1279}
- tcpdump 3.8.3-4
NOTE: fixed in testing at time of DSA (woody-only DSA)
[08 Oct 2005] DSA-849-1 shorewall - programming error
- {CAN-2005-2317}
+ {CVE-2005-2317}
- shorewall 2.4.2-2
NOTE: fixed in testing at time of DSA
[08 Oct 2005] DSA-848-1 masqmail - several
- {CAN-2005-2662 CAN-2005-2663}
+ {CVE-2005-2662 CVE-2005-2663}
- masqmail 0.2.20-1sarge1
NOTE: not fixed in testing at time of DSA (not fixed in unstable)
[08 Oct 2005] DSA-847-1 dia - missing input sanitising
- {CAN-2005-2966}
+ {CVE-2005-2966}
- dia 0.94.0-15 (bug #330890; medium)
NOTE: not fixed in testing at time of DSA, missing sparc build, gcc-4.0
[07 Oct 2005] DSA-846-1 cpio - several
- {CAN-2005-1111 CAN-2005-1229}
+ {CVE-2005-1111 CVE-2005-1229}
- cpio 2.6-6
NOTE: fixed in testing at time of DSA
[06 Oct 2005] DSA-845-1 mason - programming error
- {CAN-2005-3118}
+ {CVE-2005-3118}
- mason 1.0.0-3
NOTE: fixed in testing at time of DSA
[05 Oct 2005] DSA-844-1 mod-auth-shadow - programming error
- {CAN-2005-2963}
+ {CVE-2005-2963}
- mod-auth-shadow 1.4-2
NOTE: not fixed in testing at time of DSA (missing m68k)
[05 Oct 2005] DSA-843-1 arc - insecure temporary file
- {CAN-2005-2945 CAN-2005-2992}
+ {CVE-2005-2945 CVE-2005-2992}
- arc 5.21m-1
NOTE: fixed in testing at time of DSA
[04 Oct 2005] DSA-842-1 egroupware - missing input sanitising
- {CAN-2005-2498}
+ {CVE-2005-2498}
- egroupware 1.0.0.009.dfsg-1
NOTE: fixed in testing at time of DSA
[04 Oct 2005] DSA-841-1 mailutils - format string vulnerability
- {CAN-2005-2878}
+ {CVE-2005-2878}
- mailutils 1:0.6.90-2.1etch1
NOTE: not fixed in testing at time of DSA (missing arm)
[04 Jul 2005] DSA-840-1 drupal - missing input sanitising
- {CAN-2005-2498}
+ {CVE-2005-2498}
- drupal 4.5.5-1
NOTE: fixed in testing at time of DSA
[04 Oct 2005] DSA-839-1 apachetop - insecure temporary file
- {CAN-2005-2660}
+ {CVE-2005-2660}
- apachetop 0.12.5-3
NOTE: not fixed in testing at time of DSA (not built on m68k, waiting on gcc-4)
[03 Oct 2005] DSA-838-1 mozilla-firefox - multiple vulnerabilities
- {CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704 CAN-2005-2705 CAN-2005-2706 CAN-2005-2707}
+ {CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706 CVE-2005-2707}
- mozilla-firefox 1.0.7-1
NOTE: not fixed in testing at time of DSA (not built on arm, silly RC bugs)
[02 Oct 2005] DSA-837-1 mozilla-firefox - buffer overflow
- {CAN-2005-2871}
+ {CVE-2005-2871}
- mozilla-firefox 1.0.6-5 (medium)
NOTE: not fixed in testing at time of DSA (not built on arm, silly RC bugs)
[01 Oct 2005] DSA-836-1 cfengine2 - insecure temporary files
- {CAN-2005-2960 CAN-2005-3137}
+ {CVE-2005-2960 CVE-2005-3137}
- cfengine2 <unfixed>
NOTE: not fixed in testing at time of DSA (unfixed in sid)
NOTE: No bug exists for this issue
[01 Oct 2005] DSA-835-1 cfengine - insecure temporary files
- {CAN-2005-2960 CAN-2005-3137}
+ {CVE-2005-2960 CVE-2005-3137}
- cfengine <unfixed>
NOTE: not fixed in testing at time of DSA (unfixed in sid)
NOTE: No bug exists for this issue
[01 Oct 2005] DSA-834-1 prozilla - buffer overflow
- {CAN-2005-2961}
+ {CVE-2005-2961}
NOTE: Prozilla has been removed before Sarge release
[30 Sep 2005] DSA-832-1 gopher - buffer overflows
- {CAN-2005-2772}
+ {CVE-2005-2772}
- gopher 3.0.11
NOTE: fixed in testing at time of DSA
[30 Sep 2005] DSA-831-1 mysql-dfsg-4.1 - several
- {CAN-2005-2558}
+ {CVE-2005-2558}
- mysql-dfsg-4.1 4.1.14-2 (medium)
- mysql-dfsg-5.0 5.0.11beta-3 (medium)
NOTE: not fixed in testing at time of DSA (waiting on gmp, missing builds)
[30 Sep 2005] DSA-830-1 ntlmaps - wrong permissions
- {CAN-2005-2962}
+ {CVE-2005-2962}
- ntlmaps 0.9.9-4
NOTE: fixed in testing at time of DSA
[30 Sep 2005] DSA-829-1 mysql - several
- {CAN-2005-2558}
+ {CVE-2005-2558}
- mysql-dfsg-4.1 4.1.14-2 (medium)
- mysql-dfsg-5.0 5.0.11beta-3 (medium)
NOTE: fixed in testing at time of DSA
[30 Sep 2005] DSA-828-1 squid - several
- {CAN-2005-2917}
+ {CVE-2005-2917}
- squid 2.5.10-6 (medium)
NOTE: fixed in testing at time of DSA
[30 Sep 2005] DSA-809-2 squid - assertion error
- {CAN-2005-2794}
+ {CVE-2005-2794}
- squid 2.5.10-5 (medium)
NOTE: fixed in testing at time of DSA
[29 Sep 2005] DSA-827-1 backupninja - insecure temporary file creation
- backupninja 0.8-2 (medium)
NOTE: not fixed in testing at time of DSA (too young 1/2 days)
[29 Sep 2005] DSA-826-1 helix-player - multiple
- {CAN-2005-1766 CAN-2005-2710}
+ {CVE-2005-1766 CVE-2005-2710}
- helix-player 1.0.6-1 (high)
NOTE: not fixed in testing at time of DSA
[29 Sep 2005] DSA-825-1 loop-aes-utils - privilege escalation
- {CAN-2005-2876}
+ {CVE-2005-2876}
- loop-aes-utils 2.12p-9 (medium)
NOTE: fixed in testing at the time of the DSA
[29 Sep 2005] DSA-823-1 util-linux - privilege escalation
- {CAN-2005-2876}
+ {CVE-2005-2876}
- util-linux 2.12p-8 (high)
NOTE: not fixed in testing at time of DSA
[29 Sep 2005] DSA-822-1 gtkdiskfree - insecure temporary file creation
- {CAN-2005-2918}
+ {CVE-2005-2918}
- gtkdiskfree 1.9.3-4sarge1 (medium)
NOTE: not fixed even in unstable at time of DSA
[29 Sep 2005] DSA-824-1 clamav - infinite loop, buffer overflow
- {CAN-2005-2919 CAN-2005-2920}
+ {CVE-2005-2919 CVE-2005-2920}
- clamav 0.87-1 (high)
NOTE: not fixed in testing at time of DSA
[28 Sep 2005] DSA-797-2 zsync - buffer overflow
- {CAN-2005-1849 CAN-2005-2096}
+ {CVE-2005-1849 CVE-2005-2096}
- zsync 0.3.3-1.sarge.1.2 (low)
NOTE: An upload to fix a FTBS
[28 Sep 2005] DSA-821-1 python2.3 - integer overflow
- {CAN-2005-2491}
+ {CVE-2005-2491}
- python2.3 2.3.5-8 (medium)
NOTE: not fixed in testing at time of DSA (waiting on gmp)
[24 Sep 2005] DSA-820-1 courier - missing input sanitising
- {CAN-2005-2820}
+ {CVE-2005-2820}
- courier 0.47-9 (medium)
NOTE: fixed in testing at time of DSA
[23 Sep 2005] DSA-819-1 python2.1 - integer overflow
- {CAN-2005-2491}
+ {CVE-2005-2491}
- python2.1 2.1.3dfsg-3 (medium)
NOTE: not fixed in testing at time of DSA (waiting on gmp)
[22 Sep 2005] DSA-818-1 kdeedu - insecure temporary files
- {CAN-2005-2101}
+ {CVE-2005-2101}
- kdeedu 4:3.4.2-1
NOTE: not fixed in testing at time of DSA
[22 Sep 2005] DSA-817-1 python2.2 - integer overflow
- {CAN-2005-2491}
+ {CVE-2005-2491}
- python2.2 2.2.3dfsg-4 (medium)
NOTE: not fixed in testing at time of DSA (waiting on gmp)
[19 Sep 2005] DSA-816-1 xfree86 - integer overflow
- {CAN-2005-2495}
+ {CVE-2005-2495}
- xserver-xorg 6.8.2.dfsg.1-7
NOTE: not fixed in testing at time of DSA (waiting on gcc, which is waiting on gmp)
[16 Sep 2005] DSA-815-1 kdebase - programming error
- {CAN-2005-2494}
+ {CVE-2005-2494}
- kdebase 4:3.4.2-3 (medium)
NOTE: not fixed in testing at time of DSA (not even fixed in unstable)
[15 Sep 2005] DSA-814-1 lm-sensors - insecure temporary file
- {CAN-2005-2672}
+ {CVE-2005-2672}
- lm-sensors 1:2.9.1-6etch1
NOTE: not fixed in testing at time of DSA (waiting on rrdtool, which is waiting on perl)
[15 Sep 2005] DSA-813-1 centericq - several
- {CAN-2005-2369 CAN-2005-2370 CAN-2005-2448}
+ {CVE-2005-2369 CVE-2005-2370 CVE-2005-2448}
- centericq 4.20.0-9
NOTE: fixed in testing in time of DSA
[15 Sep 2005] DSA-812-1 turqstat - buffer overflow
- {CAN-2005-2658}
+ {CVE-2005-2658}
- turqstat 2.2.4-1 (medium)
NOTE: not fixed in testing at time of DSA (waiting on qt, borked on m68k)
[14 Sep 2005] DSA-811-1 common-lisp-controller - design error
- {CAN-2005-2657}
+ {CVE-2005-2657}
- common-lisp-controller 4.18 (bug #328633; medium)
NOTE: not fixed in testing at time of DSA (too young, sid fix not yet uploaded)
[13 Sep 2005] DSA-810-1 mozilla - several
- {CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2263 CAN-2005-2265 CAN-2005-2266 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270}
+ {CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2263 CVE-2005-2265 CVE-2005-2266 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270}
- mozilla 2:1.7.8-1sarge2 (medium)
NOTE: not fixed in testing at time of DSA (buggy and TBS)
[13 Sep 2005] DSA-809-1 squid - several
- {CAN-2005-2794 CAN-2005-2796}
+ {CVE-2005-2794 CVE-2005-2796}
- squid 2.5.10-5 (medium)
NOTE: not fixed in testing at time of DSA (too young)
[12 Sep 2005] DSA-808-1 tdiary - design error
- {CAN-2005-2411}
+ {CVE-2005-2411}
- tdiary 2.0.2-1 (medium)
NOTE: fixed in testing at time of DSA
[12 Sep 2005] DSA-807-1 libapache-mod-ssl - acl restriction bypass
- {CAN-2005-2700}
+ {CVE-2005-2700}
- libapache-mod-ssl 2.8.24-1 (medium)
NOTE: not fixed in testing at time of DSA (too young)
[09 Sep 2005] DSA-806-1 gcvs - insecure temporary files
- {CAN-2005-2693}
+ {CVE-2005-2693}
- gcvs 1.0final-7 (low)
NOTE: fixed in testing at time of DSA
[08 Sep 2005] DSA-805-1 apache2 - several
- {CAN-2005-1268 CAN-2005-2088 CAN-2005-2700 CAN-2005-2728}
+ {CVE-2005-1268 CVE-2005-2088 CVE-2005-2700 CVE-2005-2728}
- apache2 2.0.54-5 (medium)
NOTE: not fixed in testing at time of DSA (too young)
[08 Sep 2005] DSA-804-1 kdelibs - insecure permissions
- {CAN-2005-1920}
+ {CVE-2005-1920}
- kdelibs 4:3.4.2-1 (medium)
NOTE: not fixed in testing at time of DSA (kde transition)
[07 Sep 2005] DSA-803-1 apache - programming error
- {CAN-2005-2088}
+ {CVE-2005-2088}
- apache 1.3.33-8 (medium)
NOTE: not fixed in testing at time of DSA (too young)
[07 Sep 2005] DSA-802-1 cvs - insecure temporary files
- {CAN-2005-2693}
+ {CVE-2005-2693}
- cvs 1:1.11.5-4 (low)
NOTE: fixed in testing at time of DSA
[05 Sep 2005] DSA-801-1 ntp - programming error
- {CAN-2005-2496}
+ {CVE-2005-2496}
- ntp 1:4.2.0a+stable-2sarge1 (medium)
NOTE: not fixed in testing at time of DSA (RC bugs)
[02 Sep 2005] DSA-800-1 pcre3 - integer overflow
- {CAN-2005-2491}
+ {CVE-2005-2491}
- pcre3 6.3-0.1etch1 (high)
NOTE: not fixed in testing at time of DSA (glibc transition)
NOTE: however, fixed in secure-testing archive
[02 Sep 2005] DSA-799-1 webcalendar - input validation
- {CAN-2005-2717}
+ {CVE-2005-2717}
- webcalendar 0.9.45-7 (bug #326223; high)
NOTE: not fixed in testing at time of DSA (coordinated disclosure)
[02 Sep 2005] DSA-798-1 phpgroupware - several
- {CAN-2005-2498 CAN-2005-2600 CAN-2005-2761}
+ {CVE-2005-2498 CVE-2005-2600 CVE-2005-2761}
- phpgroupware 0.9.16.008-1 (high)
NOTE: not fixed in testing at time of DSA (too young)
[01 Sep 2005] DSA-797-1 zsync - buffer overflow
- {CAN-2005-1849 CAN-2005-2096}
+ {CVE-2005-1849 CVE-2005-2096}
- zsync 0.4.0-2 (medium)
NOTE: fixed in testing at time of DSA
[01 Sep 2005] DSA-796-1 affix - unsafe use of popen
- {CAN-2005-2716}
+ {CVE-2005-2716}
- affix 2.1.2-3 (medium)
NOTE: not fixed in testing at time of DSA (glibc transition, builds)
[01 Sep 2005] DSA-795-2 proftpd - format string error
- {CAN-2005-2390}
+ {CVE-2005-2390}
- proftpd 1.2.10-20 (medium)
NOTE: fixed in testing at time of DSA
NOTE: Initial -1 release had a build problem
[01 Sep 2005] DSA-794-1 polygen - programming error
- {CAN-2005-2656}
+ {CVE-2005-2656}
- polygen 1.0.6-9 (low)
NOTE: not fixed in testing at time of DSA (too young)
[21 Aug 2005] DSA-779-2 mozilla-firefox - several
NOTE: Essentially 1.0.6 with rolled-back version number, backported version had regressions
- {CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270}
+ {CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270}
- mozilla-firefox 1.0.4-2sarge3 (medium)
NOTE: not fixed in testing at time of DSA (waiting on dependencies)
NOTE: Fixed in DTSA, which will have the same regressions, should be checked/reverted
[01 Sep 2005] DSA-793-1 courier - missing input sanitising
- {CAN-2005-2724}
+ {CVE-2005-2724}
- courier 0.47-8 (medium)
NOTE: not fixed in testing at time of DSA (glibc transition, too young)
[31 Aug 2005] DSA-792-1 pstotext - missing input sanitising
- {CAN-2005-2536}
+ {CVE-2005-2536}
- pstotext 1.9-2 (medium)
NOTE: not fixed in testing at time of DSA (glibc transition, builds)
[30 Aug 2005] DSA-791-1 maildrop - missing privilege release
- {CAN-2005-2655}
+ {CVE-2005-2655}
- maildrop 1.5.3-1.1etch1 (medium)
NOTE: not fixed in testing at time of DSA (glibc transition)
NOTE: but fixed in secure-testing repo
[30 Aug 2005] DSA-790-1 phpldapadmin - programming error
- {CAN-2005-2654}
+ {CVE-2005-2654}
- phpldapadmin 0.9.6c-5 (medium)
NOTE: fixed in testing at time of DSA
[29 Aug 2005] DSA-789-1 php4 - several
- {CAN-2005-1751 CAN-2005-1921 CAN-2005-2498}
+ {CVE-2005-1751 CVE-2005-1921 CVE-2005-2498}
- php4 4:4.3.10-16etch1 (high)
NOTE: not fixed in testing at time of DSA (not uploaded yet)
[29 Aug 2005] DSA-788-1 kismet - several
- {CAN-2005-2626 CAN-2005-2627}
+ {CVE-2005-2626 CVE-2005-2627}
- kismet 2005.08.R1-1 (medium)
NOTE: not fixed in testing at time of DSA (glibc transition)
NOTE: but fixed in secure-testing repo
[26 Aug 2005] DSA-787-1 backup-manager - insecure permissions and tempfile
- {CAN-2005-1855 CAN-2005-1856}
+ {CVE-2005-1855 CVE-2005-1856}
- backup-manager 0.5.8-2 (medium)
NOTE: fixed in testing at time of DSA
[26 Aug 2005] DSA-786-1 simpleproxy - format string vulnerability
- {CAN-2005-1857}
+ {CVE-2005-1857}
- simpleproxy 3.2-4 (medium)
NOTE: not fixed in testing at time of DSA (embargoed disclosure)
[25 Aug 2005] DSA-785-1 libpam-ldap - authentication bypass
- {CAN-2005-2641 CAN-2005-2069}
+ {CVE-2005-2641 CVE-2005-2069}
- libpam-ldap 178-1sarge1 (medium)
NOTE: not fixed in testing at time of DSA (embargoed disclosure)
[25 Aug 2005] DSA-784-1 courier - programming error
- {CAN-2005-2151}
+ {CVE-2005-2151}
- courier 0.47-6 (low)
NOTE: not fixed in testing at time of DSA (glibc transition)
[24 Aug 2005] DSA-783-1 mysql-dfsg-4.1 - insecure temporary file
- {CAN-2005-1636}
+ {CVE-2005-1636}
- mysql-dfsg-4.1 4.1.12 (medium; bug #319526)
NOTE: not fixed in testing at time of DSA (glibc transition)
- mysql-dfsg-5.0 5.0.11beta-3 (medium)
NOTE: not fixed in testing at time of DSA (glibc transition)
[23 Aug 2005] DSA-782-1 bluez-utils - missing input sanitising
- {CAN-2005-2547}
+ {CVE-2005-2547}
- bluez-utils 2.19-1 (high)
NOTE: not fixed in testing at time of DSA (missing builds)
[23 Aug 2005] DSA-781-1 mozilla-thunderbird - several
- {CAN-2005-0989 CAN-2005-1159 CAN-2005-1160 CAN-2005-1532 CAN-2005-2261 CAN-2005-2265 CAN-2005-2266 CAN-2005-2269 CAN-2005-2270}
+ {CVE-2005-0989 CVE-2005-1159 CVE-2005-1160 CVE-2005-1532 CVE-2005-2261 CVE-2005-2265 CVE-2005-2266 CVE-2005-2269 CVE-2005-2270}
- mozilla-thunderbird 1.0.6-1 (medium)
NOTE: not fixed in testing at time of DSA (missing builds)
[22 Aug 2005] DSA-780-1 kdegraphics - wrong input sanitising
- {CAN-2005-2097}
+ {CVE-2005-2097}
- kdegraphics 4:3.4.2-1 (bug #322458; low)
NOTE: not fixed in testing at time of DSA (nor in unstable; C++ ABI transition)
[21 Aug 2005] DSA-779-1 mozilla-firefox - several
- {CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270}
+ {CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270}
- mozilla-firefox 1.0.4-2sarge3 (medium)
NOTE: not fixed in testing at time of DSA (build and deps)
[19 Aug 2005] DSA-778-1 mantis - missing input sanitising
- {CAN-2005-2556 CAN-2005-2557}
+ {CVE-2005-2556 CVE-2005-2557}
- mantis 0.19.2-4 (medium)
NOTE: not fixed in testing at time of DSA (nor unstable)
[17 Aug 2005] DSA-777-1 mozilla - frame injection spoofing
- {CAN-2004-0718 CAN-2005-1937}
+ {CVE-2004-0718 CVE-2005-1937}
- mozilla 2:1.7.10-1 (medium)
NOTE: not fixed in testing at time of DSA (waiting on builds)
[16 Aug 2005] DSA-776-1 clamav - integer overflows, infinite loop
- {CAN-2005-2450}
+ {CVE-2005-2450}
- clamav 0.86.2-1 (medium)
NOTE: not fixed in testing at time of DSA (waiting on dependencies)
[12 Aug 2005] DSA-775-1 mozilla-firefox - frame injection spoofing
- {CAN-2004-0718 CAN-2005-1937}
+ {CVE-2004-0718 CVE-2005-1937}
- mozilla-firefox 1.0.4-2sarge3 (medium)
NOTE: IMO the information about the sid fix in the DSA is wrong, pinged security@
NOTE: fixed in testing at time of DSA
[12 Aug 2005] DSA-774-1 fetchmail - buffer overflow
- {CAN-2005-2335}
+ {CVE-2005-2335}
- fetchmail 6.2.5-16 (medium)
NOTE: fixed in testing at time of DSA
[11 Aug 2005] DSA-773-1 New amd64 packages fix several bugs
NOTE: amd64 catch-up DSA, no new holes
[03 Aug 2005] DSA-772-1 apt-cacher - missing input sanitising
- {CAN-2005-1854}
+ {CVE-2005-1854}
- apt-cacher 0.9.10 (high)
NOTE: not fixed in testing at time of DSA (not uploaded to unstable yet)
[01 Aug 2005] DSA-771-1 pdns - several
- {CAN-2005-2301 CAN-2005-2302}
+ {CVE-2005-2301 CVE-2005-2302}
- pdns 2.9.18-1 (medium)
NOTE: not fixed in testing at time of DSA (too young)
[29 Jul 2005] DSA-770-1 gopher - insecure tmpfile handling
- {CAN-2005-1853}
+ {CVE-2005-1853}
- gopher 3.0.10
NOTE: not fixed in testing at time of DSA (Debian server outage)
[29 Jul 2005] DSA-769-1 gaim - memory alignment bug
- {CAN-2005-2370}
+ {CVE-2005-2370}
- gaim 1:1.4.0-5 (high)
NOTE: not fixed in testing at time of DSA (?)
[27 Jul 2005] DSA-768-1 phpbb2 - missing input validation
- {CAN-2005-2161}
+ {CVE-2005-2161}
- phpbb2 2.0.13-6sarge1
NOTE: not fixed in testing at time of DSA (Debian server outage)
[27 Jul 2005] DSA-767-1 ekg - integer overflows
- {CAN-2005-1852}
+ {CVE-2005-1852}
- ekg 1:1.5+20050718+1.6rc3-1 (medium)
NOTE: not fixed in testing at time of DSA (Debian server outage)
[26 Jul 2005] DSA-766-1 webcalendar - authorisation failure
- {CAN-2005-2320}
+ {CVE-2005-2320}
- webcalendar 0.9.45-7 (medium)
NOTE: not fixed in testing at time of DSA (Debian server outage)
[22 Jul 2005] DSA-765-1 heimdal - buffer overflow
- {CAN-2005-0469}
+ {CVE-2005-0469}
- heimdal 0.6.3-10 (medium)
NOTE: fixed in testing at time of DSA
[21 Jul 2005] DSA-764-1 cacti - several
- {CAN-2005-1524 CAN-2005-1525 CAN-2005-1526 CAN-2005-2148 CAN-2005-2149}
+ {CVE-2005-1524 CVE-2005-1525 CVE-2005-1526 CVE-2005-2148 CVE-2005-2149}
- cacti 0.8.6f-1 (high)
NOTE: fixed in testing at time of DSA
NOTE: DSA information is incorrect, sid fix is 6f, not 6e
[20 Jul 2005] DSA-763-1 zlib - buffer overflow
- {CAN-2005-1849}
+ {CVE-2005-1849}
- zlib 1:1.2.3-1 (medium)
NOTE: not fixed in testing at time of DSA (only 1/2 days old, not built on s390)
[19 Jul 2005] DSA-762-1 affix - several
- {CAN-2005-2250 CAN-2005-2277}
+ {CVE-2005-2250 CVE-2005-2277}
- affix 2.1.2-2 (medium)
NOTE: not fixed in testing at time of DSA (only 2/2 days old)
[19 Jul 2005] DSA-761-2 heartbeat - insecure temporary files
- {CAN-2005-2231}
+ {CVE-2005-2231}
- heartbeat 1.2.3-12 (medium)
NOTE: not fixed in testing at time of DSA (only 0/2 days old)
[18 Jul 2005] DSA-760-1 ekg - several
- {CAN-2005-1850 CAN-2005-1851 CAN-2005-1916}
+ {CVE-2005-1850 CVE-2005-1851 CVE-2005-1916}
- ekg 1:1.5+20050712+1.6rc2-1 (low)
NOTE: not fixed in testing at time of DSA (waiting on dependencies, not built on five archs)
[18 Jul 2005] DSA-759-1 phppgadmin - missing input sanitising
- {CAN-2005-2256}
+ {CVE-2005-2256}
- phppgadmin 3.5.4-1 (medium)
NOTE: not fixed in testing at time of DSA (only 0/10 days old)
[18 Jul 2005] DSA-758-1 heimdal - buffer overflow
- {CAN-2005-2040}
+ {CVE-2005-2040}
- heimdal 0.6.3-11 (medium)
NOTE: not fixed in testing at time of DSA (waiting on dependencies)
[17 Jul 2005] DSA-757-1 krb5 - buffer overflow, double-free memory
- {CAN-2005-1689 CAN-2005-1174 CAN-2005-1175}
+ {CVE-2005-1689 CVE-2005-1174 CVE-2005-1175}
- krb5 1.3.6-4 (medium)
NOTE: not fixed in testing at time of DSA (waiting on dependencies, not built on m68k)
[14 Jul 2005] DSA-746-1 phpgroupware - remote command execution
- {CAN-2005-1921}
+ {CVE-2005-1921}
- phpgroupware 0.9.16.006-1 (high)
NOTE: fixed in testing at time of DSA
[13 Jul 2005] DSA-756-1 squirrelmail - several
- {CAN-2005-1769 CAN-2005-2095}
+ {CVE-2005-1769 CVE-2005-2095}
- squirrelmail 2:1.4.4-6 (medium)
NOTE: not fixed in testing at time of DSA (only 0/2 days old)
[13 Jul 2005] DSA-755-1 tiff - buffer overflow
- {CAN-2005-1544}
+ {CVE-2005-1544}
- tiff 3.7.2-3 (medium)
NOTE: fixed in testing at time of DSA
[13 Jul 2005] DSA-754-1 centericq - insecure temporary file
- {CAN-2005-1914}
+ {CVE-2005-1914}
- centericq 4.20.0-7 (low)
NOTE: not fixed in testing at time of DSA (waiting on dependencies)
[12 Jul 2005] DSA-753-1 gedit - format string
- {CAN-2005-1686}
+ {CVE-2005-1686}
- gedit 2.10.3-1 (low)
NOTE: not fixed in testing at time of DSA (waiting on dependencies)
[11 Jul 2005] DSA-752-1 gzip - several
- {CAN-2005-0988 CAN-2005-1228}
+ {CVE-2005-0988 CVE-2005-1228}
- gzip 1.3.5-10
NOTE: fixed in testing at time of DSA
[11 Jul 2005] DSA-751-1 squid - IP spoofind
- {CAN-2005-1519}
+ {CVE-2005-1519}
- squid 2.5.9-9
NOTE: fixed in testing at time of DSA
[10 Jul 2005] DSA-748-1 ruby1.8 - bad default value
- {CAN-2005-1992}
+ {CVE-2005-1992}
- ruby1.8 1.8.2-8 (medium)
NOTE: not fixed in testing at time of DSA (waiting on dependencies)
[11 Jul 2005] DSA-750-1 dhcpcd - out-of-bound memory access
- {CAN-2005-1848}
+ {CVE-2005-1848}
- dhcpcd 1:1.3.22pl4-22
NOTE: fixed in testing at time of DSA
[10 Jul 2005] DSA-749-1 ettercap - format string error
- {CAN-2005-1796}
+ {CVE-2005-1796}
- ettercap 1:0.7.3-1 (medium)
NOTE: fixed in testing at time of DSA
[10 Jul 2005] DSA-747-1 egroupware - input validation error
- {CAN-2005-1921}
+ {CVE-2005-1921}
- egroupware 1.0.0.007-3.dfsg-1 (high)
NOTE: not fixed in testing at time of DSA (only 1/2 days old)
[10 Jul 2005] DSA-745-1 drupal - arbitrary command execution
- {CAN-2005-1921 CAN-2005-2106 CAN-2005-2116}
+ {CVE-2005-1921 CVE-2005-2106 CVE-2005-2116}
- drupal 4.5.4-1 (high)
NOTE: fixed in testing at time of DSA
[08 Jul 2005] DSA-744-1 fuse - programming error
- {CAN-2005-1858}
+ {CVE-2005-1858}
- fuse 2.3.0-1
NOTE: fixed in testing at time of DSA
[08 Jul 2005] DSA-743-1 ht - buffer overflows, integer overflows
- {CAN-2005-1545 CAN-2005-1546}
+ {CVE-2005-1545 CVE-2005-1546}
- ht 0.8.0-3
NOTE: fixed in testing at time of DSA
[09 Jul 2005] DSA-742-1 cvs - buffer overflow
- {CAN-2005-0753}
+ {CVE-2005-0753}
- cvs 1:1.12.9-13 (high)
NOTE: fixed in testing at time of DSA
[07 Jul 2005] DSA-741-1 bzip2 - infinite loop
- {CAN-2005-1260}
+ {CVE-2005-1260}
- bzip2 1.0.2-7 (low)
NOTE: fixed in testing at time of DSA
[06 Jul 2005] DSA-740-1 zlib - buffer overflow
- {CAN-2005-2096}
+ {CVE-2005-2096}
- zlib 1:1.2.2-7 (medium)
NOTE: anything statically linking zlib needs rebuild
NOTE: not fixed in testing at time of DSA (embargoed disclosure)
[06 Jul 2005] DSA-739-1 trac - missing input sanitising
- {CAN-2005-2007}
+ {CVE-2005-2007}
- trac 0.8.4-1 (medium)
NOTE: fixed in testing at time of DSA
[19 May 2005] DSA-725-2 ppxp - missing privilege release
- {CAN-2005-0392}
+ {CVE-2005-0392}
- ppxp 0.2001080415-11
NOTE: fixed in testing at time of DSA
[05 Jul 2005] DSA-738-1 razor - email header parsing error
- {CAN-2005-2024}
+ {CVE-2005-2024}
- razor 2.720-1 (low)
NOTE: not fixed in testing at time of DSA (not built on arm)
[05 Jul 2005] DSA-737-1 clamav - various DOS vulnerabilities
- {CAN-2005-1922 CAN-2005-1923 CAN-2005-2056 CAN-2005-2070}
+ {CVE-2005-1922 CVE-2005-1923 CVE-2005-2056 CVE-2005-2070}
- clamav 0.86.1-1 (medium)
NOTE: not fixed in testing at time of DSA (uploaded with low urgency only, one fix missing for sid)
[05 Jul 2005] DSA-734-1 gaim - denial of service
- {CAN-2005-1269 CAN-2005-1934}
+ {CVE-2005-1269 CVE-2005-1934}
- gaim 1:1.3.1-1
NOTE: not fixed in testing at time of DSA (not built on sparc)
[01 Jul 2005] DSA-736-2 spamassassin - mail header parsing error
- {CAN-2005-1266}
+ {CVE-2005-1266}
- spamassassin 3.0.4-1 (medium)
NOTE: fixed in testing at time of DSA
[01 Jul 2005] DSA-736-1 spamassassin - mail header parsing error
- {CAN-2005-1266}
+ {CVE-2005-1266}
- spamassassin 3.0.4-1 (medium)
NOTE: fixed in testing at time of DSA
[08 Jul 2005] DSA-735-2 sudo - pathname validation race
- {CAN-2005-1993}
+ {CVE-2005-1993}
- sudo 1.6.8p9-1 (medium)
NOTE: fixed in testing at time of DSA
[01 Jul 2005] DSA-735-1 sudo - pathname validation race
- {CAN-2005-1993}
+ {CVE-2005-1993}
- sudo 1.6.8p9-1 (medium)
NOTE: not fixed in testing at time of DSA
[30 Jun 2005] DSA-733-1 crip - insecure temporary files
- {CAN-2005-0393}
+ {CVE-2005-0393}
- crip 3.5-1sarge2 (low)
NOTE: not fixed in testing at time of DSA (reserved)
[03 Jun 2005] DSA-732-1 mailutils - several
- {CAN-2005-1520 CAN-2005-1521 CAN-2005-1522 CAN-2005-1523}
+ {CVE-2005-1520 CVE-2005-1521 CVE-2005-1522 CVE-2005-1523}
- mailutils 1:0.6.1-4
NOTE: fixed in testing at time of DSA
[02 Jun 2005] DSA-731-1 krb4 - buffer overflows
- {CAN-2005-0468 CAN-2005-0469}
+ {CVE-2005-0468 CVE-2005-0469}
- krb4 1.2.2-11.2
NOTE: fixed in testing at time of DSA
[27 May 2005] DSA-730-1 bzip2 - race condition
- {CAN-2005-0953}
+ {CVE-2005-0953}
- bzip2 1.0.2-6
NOTE: fixed in testing at time of DSA
[26 May 2005] DSA-729-1 php4 - missing input sanitising
- {CAN-2005-0525}
+ {CVE-2005-0525}
- php4 4:4.3.10-10
NOTE: fixed in testing at time of DSA
[25 May 2005] DSA-728-1 qpopper - missing privilege release
- {CAN-2005-1151 CAN-2005-1152}
+ {CVE-2005-1151 CVE-2005-1152}
- qpopper 4.0.5-4sarge1
NOTE: fixed in testing at time of DSA by security team
[20 May 2005] DSA-727-1 libconvert-uulib-perl - buffer overflow
- {CAN-2005-1349}
+ {CVE-2005-1349}
- libconvert-uulib-perl 1.0.5.1-1
NOTE: fixed in testing at time of DSA
[20 May 2005] DSA-726-1 oops - format string vulnerability
- {CAN-2005-1121}
+ {CVE-2005-1121}
- oops <unfixed> (bug #307360; high)
NOTE: not in testing at time of DSA
[19 May 2005] DSA-725-1 ppxp - missing privilege release
- {CAN-2005-0392}
+ {CVE-2005-0392}
- ppxp 0.2001080415-11
NOTE: not fixed in testing at time of DSA
[18 May 2005] DSA-724-1 phpsysinfo - design flaw
- {CAN-2005-0870}
+ {CVE-2005-0870}
- phpsysinfo 2.3-3
NOTE: fixed in testing at time of DSA
[09 May 2005] DSA-723-1 xfree86 - buffer overflow
- {CAN-2005-0605}
+ {CVE-2005-0605}
- xfree86 4.3.0.dfsg.1-13
NOTE: not fixed in testing at time of DSA
[09 May 2005] DSA-722-1 smail - buffer overflow
- {CAN-2005-0892}
+ {CVE-2005-0892}
NOTE: Package not in testing at time of DSA
[06 May 2005] DSA-721-1 squid - design flaw
- {CAN-2005-1345}
+ {CVE-2005-1345}
- squid 2.5.9-7
NOTE: not fixed in testing at time of DSA
[03 May 2005] DSA-720-1 smartlist - wrong input processing
- {CAN-2005-0157}
+ {CVE-2005-0157}
- smartlist 3.15-18
NOTE: fixed in testing at time of DSA
[28 Apr 2005] DSA-719-1 prozilla - format string problems
- {CAN-2005-0523}
+ {CVE-2005-0523}
- prozilla 1:1.3.7.4-1
NOTE: fixed in testing at time of DSA
[28 Apr 2005] DSA-718-1 ethereal - buffer overflow
- {CAN-2005-0739}
+ {CVE-2005-0739}
- ethereal 0.10.10-1
NOTE: fixed in testing at time of DSA
[27 Apr 2005] DSA-717-1 lsh-utils - buffer overflow, typo
- {CAN-2003-0826 CAN-2005-0814}
+ {CVE-2003-0826 CVE-2005-0814}
- lsh-utils 2.0.1-2
NOTE: fixed in testing at time of DSA
[27 Apr 2005] DSA-716-1 gaim - denial of service
- {CAN-2005-0472}
+ {CVE-2005-0472}
- gaim 1:1.1.3-1
NOTE: fixed in testing at time of DSA
[27 Apr 2005] DSA-715-1 cvs - several
- {CAN-2004-1342 CAN-2004-1343}
+ {CVE-2004-1342 CVE-2004-1343}
- cvs 1:1.12.9-12
NOTE: not fixed in testing at time of DSA
[26 Apr 2005] DSA-714-1 kdelibs - several
- {CAN-2005-1046}
+ {CVE-2005-1046}
- kdelibs 4:3.3.2-5
NOTE: not fixed in testing at time of DSA
[21 Apr 2005] DSA-701-2 samba - integer overflows
NOTE: only a bug in the backported fix to stable, testing is ok
[21 Apr 2005] DSA-713-1 junkbuster - several
- {CAN-2005-1108 CAN-2005-1109}
+ {CVE-2005-1108 CVE-2005-1109}
NOTE: package not in testing/unstable
[19 Apr 2005] DSA-712-1 geneweb - insecure file operations
- {CAN-2005-0391}
+ {CVE-2005-0391}
- geneweb 4.10-7
NOTE: fixed in testing at time of DSA
[19 Apr 2005] DSA-711-1 info2www - missing input sanitising
- {CAN-2004-1341}
+ {CVE-2004-1341}
- info2www 1.2.2.9-23
NOTE: fixed in testing at time of DSA
[18 Apr 2005] DSA-710-1 gtkhtml - null pointer dereference
- {CAN-2003-0541}
+ {CVE-2003-0541}
- gtkhtml 1.0.4-6.2
NOTE: fixed in testing at time of DSA
[15 Apr 2005] DSA-709-1 libexif - buffer overflow
- {CAN-2005-0664}
+ {CVE-2005-0664}
- libexif 0.6.9-5
[15 Apr 2005] DSA-708-1 php3 - missing input sanitising
- {CAN-2005-0525}
+ {CVE-2005-0525}
- php3 3:3.0.18-31
[13 Apr 2005] DSA-707-1 mysql - several
- {CAN-2004-0957 CAN-2005-0709 CAN-2005-0710 CAN-2005-0711}
+ {CVE-2004-0957 CVE-2005-0709 CVE-2005-0710 CVE-2005-0711}
- mysql-dfsg 4.0.24-5
- mysql-dfsg-4.1 4.1.10a-6
NOTE: not fixed in testing at time of DSA
[13 Apr 2005] DSA-706-1 axel - buffer overflow
- {CAN-2005-0390}
+ {CVE-2005-0390}
- axel 1.0b-1
NOTE: fixed in testing at time of DSA
[04 Apr 2005] DSA-705-1 wu-ftpd - missing input sanitising
- {CAN-2005-0256 CAN-2003-0854}
+ {CVE-2005-0256 CVE-2003-0854}
- wu-ftpd 2.6.2-19
[04 Apr 2005] DSA-704-1 remstats - tempfile, missing input sanitising
- {CAN-2005-0387 CAN-2005-0388}
+ {CVE-2005-0387 CVE-2005-0388}
- remstats 1.0.13a-5
NOTE: not fixed in testing at time of DSA
[01 Apr 2005] DSA-703-1 krb5 - buffer overflows
- {CAN-2005-0468 CAN-2005-0469}
+ {CVE-2005-0468 CVE-2005-0469}
- krb5 1.3.6-1
[01 Apr 2005] DSA-702-1 imagemagick - several
- {CAN-2005-0397 CAN-2005-0759 CAN-2005-0760 CAN-2005-0762}
+ {CVE-2005-0397 CVE-2005-0759 CVE-2005-0760 CVE-2005-0762}
- imagemagick 6:6.0.6.2-2.2
[31 Mar 2005] DSA-701-1 samba - integer overflows
- {CAN-2004-1154}
+ {CVE-2004-1154}
- samba 3.0.10-1
[30 Mar 2005] DSA-700-1 mailreader - missing input sanitising
- {CAN-2005-0386}
+ {CVE-2005-0386}
- mailreader 2.3.29-11
NOTE: not fixed in testing at time of DSA
[29 Mar 2005] DSA-699-1 netkit-telnet-ssl - buffer overflow
- {CAN-2005-0469}
+ {CVE-2005-0469}
- netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036)
NOTE: not fixed in testing at time of DSA
[29 Mar 2005] DSA-698-1 mc - buffer overflow
- {CAN-2005-0763}
+ {CVE-2005-0763}
NOTE: Not clear which unstable/testing version fixed this,
NOTE: but advisory says it's fixed.
[29 Mar 2005] DSA-697-1 netkit-telnet - buffer overflow
- {CAN-2005-0469}
+ {CVE-2005-0469}
- netkit-telnet 0.17-28
NOTE: not fixed in testing at time of DSA
[22 Mar 2005] DSA-696-1 perl - design flaw
- {CAN-2005-0448}
+ {CVE-2005-0448}
- perl 5.8.4-8
NOTE: fixed in testing at time of DSA
[21 Mar 2005] DSA-695-1 xli - buffer overflow, input sanitising, integer overflow
- {CAN-2001-0775 CAN-2005-0638 CAN-2005-0639}
+ {CVE-2001-0775 CVE-2005-0638 CVE-2005-0639}
- xli 1.17.0-18
NOTE: not fixed in testing at time of DSA
[21 Mar 2005] DSA-694-1 xloadimage - missing input sanitising, integer overflow
- {CAN-2005-0638 CAN-2005-0639}
+ {CVE-2005-0638 CVE-2005-0639}
- xloadimage 4.1-14.2
NOTE: not fixed in testing at time of DSA
[14 Mar 2005] DSA-693-1 luxman - buffer overflow
- {CAN-2005-0385}
+ {CVE-2005-0385}
NOTE: not fixed in testing at time of DSA
NOTE: not in unstable at time of DSA though DSA claimed it was
- luxman 0.41-20
[14 Mar 2005] DSA-662-2 squirrelmail - several
NOTE: only an update to a prior DSA, did not affct sid/sarge.
[08 Mar 2005] DSA-692-1 kppp - design flaw
- {CAN-2005-0205}
+ {CVE-2005-0205}
- kppp 4:3.1.6
NOTE: fixed in testing at time of DSA
[07 Mar 2005] DSA-691-1 abuse - several
- {CAN-2005-0098 CAN-2005-0099}
+ {CVE-2005-0098 CVE-2005-0099}
NOTE: not in unstable/testing
[25 Feb 2005] DSA-690-1 bsmtpd - missing input sanitising
- {CAN-2005-0107}
+ {CVE-2005-0107}
- bsmtpd 2.3pl8b-16
NOTE: not fixed in testing at time of DSA
[23 Feb 2005] DSA-689-1 libapache-mod-python - missing input sanitising
- {CAN-2005-0088}
+ {CVE-2005-0088}
- libapache-mod-python 2:2.7.10-4
NOTE: fixed in testing at time of DSA
- libapache2-mod-python 3.1.3-3
NOTE: fixed in testing at time of DSA
[23 Feb 2005] DSA-688-1 squid - mising input sanitising
- {CAN-2005-0446}
+ {CVE-2005-0446}
- squid 2.5.8-3
NOTE: fixed in testing at time of DSA
[21 Feb 2005] DSA-674-3 mailman - cross-site scripting, directory traversal
NOTE: only fixed bug in DSA
[18 Feb 2005] DSA-687-1 bidwatcher - format string
- {CAN-2005-0158}
+ {CVE-2005-0158}
- bidwatcher 1.3.17-1
NOTE: not fixed in testing at time of DSA
[17 Feb 2005] DSA-686-1 gftp - missing input sanitising
- {CAN-2005-0372}
+ {CVE-2005-0372}
- gftp 2.0.18-1
NOTE: not fixed in testing at time of DSA
[17 Feb 2005] DSA-685-1 emacs21 - format string
- {CAN-2005-0100}
+ {CVE-2005-0100}
- emacs21 21.3+1-9
NOTE: not fixed in testing at time of DSA
[16 Feb 2005] DSA-684-1 typespeed - format string
- {CAN-2005-0105}
+ {CVE-2005-0105}
- typespeed 0.4.4-8
NOTE: not fixed in testing at time of DSA
[15 Feb 2005] DSA-683-1 postgresql - buffer overflows
- {CAN-2005-0245 CAN-2005-0247}
+ {CVE-2005-0245 CVE-2005-0247}
- postgresql 7.4.7-2
NOTE: fixed in testing at time of DSA
[15 Feb 2005] DSA-682-1 awstats - missing input sanitising
- {CAN-2005-0363}
+ {CVE-2005-0363}
- awstats 6.2-1.2
NOTE: not fixed in testing at time of DSA
[14 Feb 2005] DSA-681-1 synaesthesia - privilege escalation
- {CAN-2005-0070}
+ {CVE-2005-0070}
NOTE: does not apply for sarge, program is not setuid anymore
[14 Feb 2005] DSA-680-1 htdig - unsanitised input
- {CAN-2005-0085}
+ {CVE-2005-0085}
- htdig 1:3.1.6-11
NOTE: fixed in testing at time of DSA
[14 Feb 2005] DSA-679-1 toolchain-source - insecure temporary files
- {CAN-2005-0159}
+ {CVE-2005-0159}
- toolchain-source 3.4-5
NOTE: not fixed in testing at time of DSA
[11 Feb 2005] DSA-678-1 netkit-rwho - missing input validation
- {CAN-2004-1180}
+ {CVE-2004-1180}
- netkit-rwho 0.17-8
NOTE: not fixed in testing at time of DSA
[11 Feb 2005] DSA-677-1 sympa - buffer overflow
- {CAN-2005-0073}
+ {CVE-2005-0073}
- sympa 4.1.2-2.1
NOTE: not fixed in testing at time of DSA
[11 Feb 2005] DSA-676-1 xpcd - buffer overflow
- {CAN-2005-0074}
+ {CVE-2005-0074}
- xpcd 2.08-11.1 (bug #294793)
NOTE: not fixed in testing at time of DSA
[11 Feb 2005] DSA-674-2 mailman - cross-site scripting, directory traversal
NOTE: only fixed bug in DSA
[10 Feb 2005] DSA-675-1 hztty - privilege escalation
- {CAN-2005-0019}
+ {CVE-2005-0019}
- hztty 2.0-6.1
NOTE: not fixed in testing at time of DSA
[10 Feb 2005] DSA-674-1 mailman - cross-site scripting, directory traversal
- {CAN-2004-1177}
+ {CVE-2004-1177}
- mailman 2.1.5-5
NOTE: fixed in testing at time of DSA
- {CAN-2005-0202}
+ {CVE-2005-0202}
- mailman 2.1.5-6
NOTE: not fixed in testing at time of DSA
[10 Feb 2005] DSA-673-1 evolution - integer overflow
- {CAN-2005-0102}
+ {CVE-2005-0102}
- evolution 2.0.3-1.2
NOTE: fixed in testing at time of DSA
[09 Feb 2005] DSA-672-1 xview - buffer overflows
- {CAN-2005-0076}
+ {CVE-2005-0076}
- xview 3.2p1.4-19
NOTE: not fixed in testing at time of DSA
[08 Feb 2005] DSA-671-1 xemacs21 - format string
- {CAN-2005-0100}
+ {CVE-2005-0100}
NOTE: not fixed in testing at time of DSA
- xemacs21 21.4.16-2
[08 Feb 2005] DSA-670-1 emacs20 - format string
- {CAN-2005-0100}
+ {CVE-2005-0100}
NOTE: also affects emacs21 in unstable, fixed
[04 Feb 2005] DSA-669-1 php3 - several
- {CAN-2004-0594 CAN-2004-0595}
+ {CVE-2004-0594 CVE-2004-0595}
- php3 3:3.0.18-27
NOTE: fixed in testing at time of DSA
[04 Feb 2005] DSA-668-1 postgresql - privilege escalation
- {CAN-2005-0227}
+ {CVE-2005-0227}
- postgresql 7.4.7-1
NOTE: not fixed in testing at time of DSA
[04 Feb 2005] DSA-667-1 squid - several
- {CAN-2005-0173 CAN-2005-0175 CAN-2005-0194 CAN-2005-0211}
+ {CVE-2005-0173 CVE-2005-0175 CVE-2005-0194 CVE-2005-0211}
- squid 2.5.7-7
NOTE: not fixed in testing at time of DSA
[04 Feb 2005] DSA-666-1 python2.2 - design flaw
- {CAN-2005-0089}
+ {CVE-2005-0089}
- python2.2 2.2.3-14
- python2.3 2.3.4-20
- python2.4 2.4-5
NOTE: not fixed in testing at time of DSA
[04 Feb 2005] DSA-665-1 ncpfs - missing privilege release
- {CAN-2005-0013}
+ {CVE-2005-0013}
- ncpfs 2.2.6-1
NOTE: not fixed in testing at time of DSA
[02 Feb 2005] DSA-664-1 cpio - broken file permissions
- {CAN-1999-1572}
+ {CVE-1999-1572}
- cpio 2.5-1.2 (bug #293379)
NOTE: not fixed in testing at time of DSA
[02 Feb 2005] DSA-663-1 prozilla - buffer overflows
- {CAN-2004-1120}
+ {CVE-2004-1120}
- prozilla 1:1.3.7.3-1
NOTE: fixed in testing at time of DSA
[01 Feb 2005] DSA-662-1 squirrelmail - several
- {CAN-2005-0104 CAN-2005-0152}
- NOTE: CAN-2005-0152 only exists in 1.2.6 version
+ {CVE-2005-0104 CVE-2005-0152}
+ NOTE: CVE-2005-0152 only exists in 1.2.6 version
- squirrelmail 2:1.4.4
NOTE: fixed in testing at time of DSA
[20 Apr 2005] DSA-661-2 f2c - insecure temporary files
- {CAN-2005-0017 CAN-2005-0018}
+ {CVE-2005-0017 CVE-2005-0018}
- f2c 20020621-3.4 (bug #292792)
NOTE: not fixed in testing at time of DSA
[26 Jan 2005] DSA-660-1 kdebase - missing return value check
- {CAN-2005-0078}
+ {CVE-2005-0078}
- kdebase 4:3.0.5
NOTE: fixed in testing at time of DSA
[26 Jan 2005] DSA-659-1 libpam-radius-auth - information leak, integer underflow
- {CAN-2004-1340 CAN-2005-0108}
+ {CVE-2004-1340 CVE-2005-0108}
- libpam-radius-auth 1.3.16-3
NOTE: 1/2 fixed in testing at time of DSA
[25 Jan 2005] DSA-658-1 libdbi-perl - insecure temporary file
- {CAN-2005-0077}
+ {CVE-2005-0077}
- libdbi-perl 1.46-6
NOTE: not fixed in testing at time of DSA
[25 Jan 2005] DSA-657-1 xine-lib - buffer overflow
- {CAN-2004-1379}
+ {CVE-2004-1379}
- xine-lib 1-rc6a-1
NOTE: fixed in testing at time of DSA
[25 Jan 2005] DSA-656-1 vdr - insecure file access
- {CAN-2005-0071}
+ {CVE-2005-0071}
- vdr 1.2.6-6
NOTE: not fixed in testing at time of DSA
[25 Jan 2005] DSA-655-1 zhcon - missing privilege release
- {CAN-2005-0072}
+ {CVE-2005-0072}
- zhcon 1:0.2.3-8.1 (bug #292210)
NOTE: not fixed in testing at time of DSA
[21 Jan 2005] DSA-654-1 enscript - several
- {CAN-2004-1184 CAN-2004-1185 CAN-2004-1186}
+ {CVE-2004-1184 CVE-2004-1185 CVE-2004-1186}
- enscript 1.6.4-6
NOTE: not fixed in testing at time of DSA
[21 Jan 2005] DSA-653-1 ethereal - buffer overflow
- {CAN-2005-0084}
+ {CVE-2005-0084}
- ethereal 0.10.9-1
NOTE: not fixed in testing at time of DSA
[21 Jan 2005] DSA-652-1 unarj
- {CAN-2004-0947 CAN-2004-1027}
+ {CVE-2004-0947 CVE-2004-1027}
NOTE: not-for-us (unarj)
[20 Jan 2005] DSA-651-1 squid - buffer overflow, integer overflow
- {CAN-2005-0094 CAN-2005-0095}
+ {CVE-2005-0094 CVE-2005-0095}
- squid 2.5.7-4
NOTE: not fixed in testing at time of DSA
[20 Jan 2005] DSA-650-1 sword - missing input sanitising
- {CAN-2005-0015}
+ {CVE-2005-0015}
- sword 1.5.7-7
NOTE: not fixed in testing at time of DSA
[20 Jan 2005] DSA-649-1 xtrlock - buffer overflow
- {CAN-2005-0079}
+ {CVE-2005-0079}
- xtrlock 2.0-9
NOTE: fixed in testing at time of DSA
[19 Jan 2005] DSA-648-1 xpdf - buffer overflow
- {CAN-2005-0064}
+ {CVE-2005-0064}
- xpdf 3.00-12
NOTE: not fixed in testing at time of DSA
[19 Jan 2005] DSA-647-1 mysql - insecure temporary files
- {CAN-2005-0004}
+ {CVE-2005-0004}
- mysql-dfsg 4.0.23-3
- mysql-dfsg-4.1 4.1.8a-6
NOTE: not fixed in testing at time of DSA
[19 Jan 2005] DSA-646-1 imagemagick - buffer overflow
- {CAN-2005-0005}
+ {CVE-2005-0005}
- imagemagick 6:6.0.6.2-2
NOTE: not fixed in testing at time of DSA
[19 Jan 2005] DSA-645-1 cupsys - buffer overflow
- {CAN-2005-0064}
+ {CVE-2005-0064}
NOTE: cupsys not affected in sarge, though other programs are vulnerable
NOTE: see CAN/list
NOTE: not fixed in testing at time of DSA
[18 Jan 2005] DSA-644-1 chbg - buffer overflow
- {CAN-2004-1264}
+ {CVE-2004-1264}
- chbg 1.5-4
NOTE: fixed in testing at time of DSA
[18 Jan 2005] DSA-643-1 queue - buffer overflows
- {CAN-2004-0555}
+ {CVE-2004-0555}
- queue 1.30.1-5
NOTE: not fixed in testing at time of DSA
[17 Jan 2005] DSA-642-1 gallery - several
- {CAN-2004-1106}
+ {CVE-2004-1106}
- gallery 1.4.4-pl4-1
NOTE: fixed in testing at time of DSA
[17 Jan 2005] DSA-641-1 playmidi - buffer overflow
- {CAN-2005-0020}
+ {CVE-2005-0020}
- playmidi 2.4debian-3
NOTE: not fixed in testing at time of DSA
[17 Jan 2005] DSA-640-1 gatos - buffer overflow
- {CAN-2005-0016}
+ {CVE-2005-0016}
- gatos 0.0.5-15
NOTE: not fixed in testing at time of DSA
[14 Jan 2005] DSA-639-1 mc - several
- {CAN-2004-1004 CAN-2004-1005 CAN-2004-1009 CAN-2004-1090 CAN-2004-1091 CAN-2004-1092 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2004-1176}
+ {CVE-2004-1004 CVE-2004-1005 CVE-2004-1009 CVE-2004-1090 CVE-2004-1091 CVE-2004-1092 CVE-2004-1093 CVE-2004-1174 CVE-2004-1175 CVE-2004-1176}
NOTE: unstable not vulnerable according to DSA
NOTE: DSA was wrong..
- mc 1:4.6.0-4.6.1-pre3-1
NOTE: not fixed in testing at time of DSA
[13 Jan 2005] DSA-638-1 gopher - several
- {CAN-2004-0560 CAN-2004-0561}
+ {CVE-2004-0560 CVE-2004-0561}
NOTE: not in sarge
[13 Jan 2005] DSA-637-1 exim-tls - buffer overflow
- {CAN-2005-0021}
+ {CVE-2005-0021}
NOTE: not in sarge
[12 Jan 2005] DSA-636-1 glibc - insecure temporary files
- {CAN-2004-0968}
+ {CVE-2004-0968}
- glibc 2.3.2.ds1-20
NOTE: fixed in testing at time of DSA
[12 Jan 2005] DSA-635-1 exim - buffer overflow
- {CAN-2005-0021}
+ {CVE-2005-0021}
- exim4 4.34-10
NOTE: fixed in testing at time of DSA
- exim 3.36-13
NOTE: not fixed in testing at time of DSA
[11 Jan 2005] DSA-634-1 hylafax - weak hostname and username validation
- {CAN-2004-1182}
+ {CVE-2004-1182}
- hylafax 1:4.2.1-1
NOTE: fixed in testing at time of DSA
[11 Jan 2005] DSA-633-1 bmv - insecure temporary file
- {CAN-2003-0014}
+ {CVE-2003-0014}
- bmv 1.2-17
NOTE: fixed in testing at time of DSA
[10 Jan 2005] DSA-632-1 linpopup - buffer overflow
- {CAN-2004-1282}
+ {CVE-2004-1282}
- linpopup 1.2.0-7
NOTE: fixed in testing at time of DSA
[10 Jan 2005] DSA-631-1 kdelibs - unsanitised input
- {CAN-2004-1165}
+ {CVE-2004-1165}
- kdelibs 4:3.3.2-1
NOTE: not fixed in testing at time of DSA
[10 Jan 2005] DSA-630-1 lintian - insecure temporary directory
- {CAN-2004-1000}
+ {CVE-2004-1000}
- lintian 1.23.6
NOTE: not fixed in testing at time of DSA
[07 Jan 2005] DSA-629-1 krb5 - buffer overflow
- {CAN-2004-1189}
+ {CVE-2004-1189}
- krb5 1.3.6-1
NOTE: not fixed in testing at time of DSA
[06 Jan 2005] DSA-628-1 imlib2 - integer overflows
- {CAN-2004-1026}
+ {CVE-2004-1026}
- imlib2 1.1.2-2.1
NOTE: not fixed in testing at time of DSA
[06 Jan 2005] DSA-627-1 namazu2 - unsanitised input
- {CAN-2004-1318}
+ {CVE-2004-1318}
- namazu2 2.0.14-1
NOTE: not fixed in testing at time of DSA
[06 Jan 2005] DSA-626-1 tiff - unsanitised input
- {CAN-2004-1183}
+ {CVE-2004-1183}
- libtiff4 3.6.1-5
NOTE: not fixed in testing at time of DSA
[05 Jan 2005] DSA-625-1 pcal - buffer overflows
- {CAN-2004-1289}
+ {CVE-2004-1289}
- pcal 4.8.0-1
NOTE: not fixed in testing at time of DSA
[05 Jan 2005] DSA-624-1 zip - buffer overflow
- {CAN-2004-1010}
+ {CVE-2004-1010}
- zip 2.30-8
NOTE: fixed in testing at time of DSA
[04 Jan 2005] DSA-623-1 nasm - buffer overflow
- {CAN-2004-1287}
+ {CVE-2004-1287}
- nasm 0.98.38-1.1
[03 Jan 2005] DSA-622-1 htmlheadline - insecure temporary files
- {CAN-2004-1181}
+ {CVE-2004-1181}
NOTE: not in unstable
[31 Dec 2004] DSA-621-1 cupsys - buffer overflow
- {CAN-2004-1125}
+ {CVE-2004-1125}
- cupsys 1.1.22-2
[30 Dec 2004] DSA-620-1 perl - insecure temporary files / directories
- {CAN-2004-0452 CAN-2004-0976}
+ {CVE-2004-0452 CVE-2004-0976}
- perl 5.8.4-5
[30 Dec 2004] DSA-619-1 xpdf - buffer overflow
- {CAN-2004-1125}
+ {CVE-2004-1125}
- xpdf 3.00-11
[24 Dec 2004] DSA-618-1 imlib - buffer overflows, integer overflows
- {CAN-2004-1025 CAN-2004-1026}
+ {CVE-2004-1025 CVE-2004-1026}
- imlib 1.9.14-17.1
- imlib+png2 1.9.14-16.1
[24 Dec 2004] DSA-617-1 libtiff - insufficient input validation
- {CAN-2004-1308}
+ {CVE-2004-1308}
- libtiff4 3.6.1-4
[23 Dec 2004] DSA-616-1 telnetd-ssl - format string
- {CAN-2004-0998}
+ {CVE-2004-0998}
- telnetd-ssl 0.17.24+0.1-6
[22 Dec 2004] DSA-615-1 debmake - insecure temporary file
- {CAN-2004-1179}
+ {CVE-2004-1179}
- debmake 3.7.7
[21 Dec 2004] DSA-614-1 xzgv - integer overflows
- {CAN-2004-0994}
+ {CVE-2004-0994}
- xzgv 0.8-3
[21 Dec 2004] DSA-613-1 ethereal - inifinite loop
- {CAN-2004-1142}
+ {CVE-2004-1142}
- ethereal 0.10.8-1
[20 Dec 2004] DSA-612-1 a2ps - unsanitised input
- {CAN-2004-1170}
+ {CVE-2004-1170}
- a2ps 1:4.13b-4.2
[20 Dec 2004] DSA-611-1 htget - buffer overflow
- {CAN-2004-0852}
+ {CVE-2004-0852}
NOTE: htget not in sarge or unstable
[17 Dec 2004] DSA-610-1 cscope - insecure temporary file
- {CAN-2004-0996}
+ {CVE-2004-0996}
- cscope 15.5-1
[14 Dec 2004] DSA-609-1 atari800 - buffer overflows
- {CAN-2004-1076}
+ {CVE-2004-1076}
- atari800 1.3.2-1
[14 Dec 2004] DSA-608-1 zgv - integer overflows, unsanitised input
- {CAN-2004-1095 CAN-2004-0999}
+ {CVE-2004-1095 CVE-2004-0999}
- zgv 5.7-1.3 (bug #284124)
NOTE: changelog says he only patched 1095, but diff comparison
NOTE: shows 0999 was also fixed.
[10 Dec 2004] DSA-607-1 xfree86 - several
- {CAN-2004-0914}
+ {CVE-2004-0914}
- xfree86 4.3.0.dfsg.1-9
[08 Dec 2004] DSA-606-1 nfs-utils - wrong signal handler
- {CAN-2004-1014}
+ {CVE-2004-1014}
- nfs-utils 1:1.0.6-3.1
[06 Dec 2004] DSA-605-1 viewcvs - settings not honored
- {CAN-2004-0915}
+ {CVE-2004-0915}
- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2
[03 Dec 2004] DSA-604-1 hpsockd - missing input sanitising
- {CAN-2004-0993}
+ {CVE-2004-0993}
- hpsockd 0.14
[01 Dec 2004] DSA-603-1 openssl - insecure temporary file
- {CAN-2004-0975}
+ {CVE-2004-0975}
- openssl 0.9.7e-3
[29 Nov 2004] DSA-602-1 libgd2 - integer overlow
- {CAN-2004-0941 CAN-2004-0990}
+ {CVE-2004-0941 CVE-2004-0990}
NOTE: different from fixes from earlier DSA for these CANs; 2004-0941 new
- libgd2 2.0.33-1.1
[29 Nov 2004] DSA-601-1 libgd1 - integer overflow
- {CAN-2004-0941 CAN-2004-0990}
+ {CVE-2004-0941 CVE-2004-0990}
NOTE: different from fixes from earlier DSA for these CANs; 2004-0941 new
- libgd 1.8.4-36.1
[25 Nov 2004] DSA-599-1 tetex-bin - integer overflows
- {CAN-2004-0888}
+ {CVE-2004-0888}
- tetex-bin 2.0.2-23
[25 Nov 2004] DSA-598-1 yardradius - buffer overflow
- {CAN-2004-0987}
+ {CVE-2004-0987}
- yardradius 1.0.20-15
[25 Nov 2004] DSA-597-1 cyrus-imapd - buffer overflow
- {CAN-2004-1012 CAN-2004-1013}
+ {CVE-2004-1012 CVE-2004-1013}
- cyrus21-imapd 2.1.17-1
[24 Nov 2004] DSA-596-2 sudo - missing input sanitising
- {CAN-2004-1051}
+ {CVE-2004-1051}
- sudo 1.6.8p3-1
[24 Nov 2004] DSA-596-1 sudo - missing input sanitising
- {CAN-2004-1051}
+ {CVE-2004-1051}
- sudo 1.6.8p3-1
[24 Nov 2004] DSA-595-1 bnc - buffer overflow
- {CAN-2004-1052}
+ {CVE-2004-1052}
NOTE: package not in sarge or sid
[17 Nov 2004] DSA-594-1 apache - buffer overflows
- {CAN-2004-0940}
+ {CVE-2004-0940}
- apache 1.3.33-2
[16 Nov 2004] DSA-593-1 imagemagick - buffer overflow
- {CAN-2004-0981}
+ {CVE-2004-0981}
- imagemagick 6:6.0.6.2-1.5
[12 Nov 2004] DSA-592-1 ez-ipupdate - format string
- {CAN-2004-0980}
+ {CVE-2004-0980}
- ez-ipupdate 3.0.11b8-8
[09 Nov 2004] DSA-591-1 libgd2 - integer overflows
- {CAN-2004-0990}
+ {CVE-2004-0990}
- libgd2 2.0.30-1
[09 Nov 2004] DSA-590-1 gnats - format string vulnerability
- {CAN-2004-0623}
+ {CVE-2004-0623}
NOTE: DSA got version of fix for unstable wrong
- gnats 4.0-6.1
[09 Nov 2004] DSA-589-1 libgd - integer overflows
- {CAN-2004-0990}
+ {CVE-2004-0990}
- libgd1 1.8.4-36.1
[08 Nov 2004] DSA-588-1 gzip - insecure temporary files
- {CAN-2004-0970}
+ {CVE-2004-0970}
NOTE: dsa says sid not affected
[08 Nov 2004] DSA-587-1 freeamp - buffer overflow
- {CAN-2004-0964}
+ {CVE-2004-0964}
NOTE: DSA says zinf not vulnerable in sarge
[08 Nov 2004] DSA-586-1 ruby - infinite loop
- {CAN-2004-0983}
+ {CVE-2004-0983}
- ruby1.6 1.6.8-12
- ruby1.8 1.8.1+1.8.2pre2-4
[05 Nov 2004] DSA-585-1 shadow - programming error
- {CAN-2004-1001}
+ {CVE-2004-1001}
- shadow 1:4.0.3-30.3
[04 Nov 2004] DSA-584-1 dhcp - format string vulnerability
- {CAN-2004-1006}
+ {CVE-2004-1006}
- dhcp 2.0pl5-19.1
[03 Nov 2004] DSA-583-1 lvm10 - insecure temporary directory
- {CAN-2004-0972}
+ {CVE-2004-0972}
[02 Nov 2004] DSA-582-1 libxml - buffer overflow
- {CAN-2004-0989}
+ {CVE-2004-0989}
- libxml 1:1.8.17-9
- libxml2 2.6.11-5
[01 Nov 2004] DSA-581-1 xpdf - integer overflows
- {CAN-2004-0888}
+ {CVE-2004-0888}
- xpdf 3.00-9
[01 Nov 2004] DSA-580-1 iptables - missing initialisation
- {CAN-2004-0986}
+ {CVE-2004-0986}
- iptables 1.2.11-4
[01 Nov 2004] DSA-579-1 abiword - buffer overflow
- {CAN-2004-0645}
+ {CVE-2004-0645}
NOTE: according to DSA, sid's abiword is not affected. sarge is same
[01 Nov 2004] DSA-578-1 mpg123 - buffer overflow
- {CAN-2004-0982}
+ {CVE-2004-0982}
- mpg123 0.59r-17
[29 Oct 2004] DSA-577-1 postgresql - symlink vulnerability
- {CAN-2004-0977}
+ {CVE-2004-0977}
- postgresql 7.4.6-1
[29 Oct 2004] DSA-576-1 squid - multiple
- {CVE-1999-0710 CAN-2004-0918}
+ {CVE-1999-0710 CVE-2004-0918}
- squid 2.5.7-1
[28 Oct 2004] DSA-575-1 catdoc - insecure temporary file
- {CAN-2003-0193}
+ {CVE-2003-0193}
- catdoc 0.91.5-2
[28 Oct 2004] DSA-574-1 cabextract - missing directory sanitising
- {CAN-2004-0916}
+ {CVE-2004-0916}
- cabextract 1.1-1
[21 Oct 2004] DSA-573-1 cupsys - integer overflows
- {CAN-2004-0888}
+ {CVE-2004-0888}
- cupsys 1.1.20final+rc1-10
- {CAN-2004-0889}
+ {CVE-2004-0889}
- xpdf 3.00-10
NOTE: kpdf and kfax are fixed in sarge, bug #278173 and #280373 for reference
- kpdf 4:3.3.1-1
- gpdf 2.8.0-1
- kfax 4:3.3.1-1
[21 Oct 2004] DSA-572-1 ecartis - multiple
- {CAN-2004-0913}
+ {CVE-2004-0913}
- ecartis 1.0.0+cvs.20030911-8
[20 Oct 2004] DSA-571-1 libpng3 - buffer overflows, integer overflow
- {CAN-2004-0955}
+ {CVE-2004-0955}
- libpng3 1.2.5.0-9
[20 Oct 2004] DSA-570-1 libpng - integer overflow
- {CAN-2004-0955}
+ {CVE-2004-0955}
- libpng 1.0.15-8
[18 Oct 2004] DSA-569-1 netkit-telnet-ssl - invalid free(3)
- {CAN-2004-0911}
+ {CVE-2004-0911}
- netkit-telnet-ssl 0.17.24+0.1-4
[16 Oct 2004] DSA-568-1 cyrus-sasl-mit - unsanitised input
- {CAN-2004-0884}
+ {CVE-2004-0884}
NOTE: removed from testing
NOTE: maintainer reports hole not in cyrus-sasl2-mit
[15 Oct 2004] DSA-567-1 tiff - heap overflows
- {CAN-2004-0803 CAN-2004-0804 CAN-2004-0886}
+ {CVE-2004-0803 CVE-2004-0804 CVE-2004-0886}
- tiff 3.6.1-2
[14 Oct 2004] DSA-566-1 cupsys - unsanitised input
- {CAN-2004-0923}
+ {CVE-2004-0923}
- cupsys 1.1.20final+rc1-9
[13 Oct 2004] DSA-565-1 sox - buffer overflows
- {CAN-2004-0557}
+ {CVE-2004-0557}
- sox 12.17.4-9 (bug #262083)
[13 Oct 2004] DSA-564-1 mpg123 - missing user input sanitising
- {CAN-2004-0805}
+ {CVE-2004-0805}
- mpg123 0.59r-16
[12 Oct 2004] DSA-563-1 cyrus-sasl - unsanitised input
- {CAN-2004-0884}
+ {CVE-2004-0884}
- cyrus-sasl 1.5.28-6.2 (bug #275432)
- cyrus-sasl2 2.1.19-1.3 (bug #275431)
[11 Oct 2004] DSA-562-2 mysql - several vulnerabilities
- {CAN-2004-0835 CAN-2004-0836 CAN-2004-0837}
+ {CVE-2004-0835 CVE-2004-0836 CVE-2004-0837}
- mysql 4.0.21-1
[11 Oct 2004] DSA-561-1 xfree86 - integer and stack overflows
- {CAN-2004-0687 CAN-2004-0688}
+ {CVE-2004-0687 CVE-2004-0688}
- xfree86 4.3.0.dfsg.1-8
[07 Oct 2004] DSA-600-1 samba - arbitrary file access
- {CAN-2004-0815}
+ {CVE-2004-0815}
NOTE: not affected according to DSA
[07 Oct 2004] DSA-560-1 lesstif1-1 - integer and stack overflows
- {CAN-2004-0687 CAN-2004-0688}
+ {CVE-2004-0687 CVE-2004-0688}
- lesstif1-1 1:0.93.94-10
[06 Oct 2004] DSA-559-1 net-acct - insecure temporary file
- {CAN-2004-0851}
+ {CVE-2004-0851}
- net-acct 0.71-7
[06 Oct 2004] DSA-558-1 libapache-mod-dav - null pointer dereference
- {CAN-2004-0809}
+ {CVE-2004-0809}
- libapache-mod-dav 1.0.3-10
- apache2 2.0.51-1
[04 Oct 2004] DSA-557-1 pppoe - missing privilegue dropping
- {CAN-2004-0564}
+ {CVE-2004-0564}
- pppoe 3.5-4
[03 Oct 2004] DSA-556-1 netkit-telnet - invalid free(3)
- {CAN-2004-0911}
+ {CVE-2004-0911}
- netkit-telnet 0.17-26
[30 Sep 2004] DSA-555-1 freenet6 - file permissions
- {CAN-2004-0563}
+ {CVE-2004-0563}
- freenet6 1.0-2.2
[27 Sep 2004] DSA-554-1 sendmail - pre-set password
- {CAN-2004-0833}
+ {CVE-2004-0833}
- sendmail 8.13.1-13
[27 Sep 2004] DSA-553-1 getmail - symlink vulnerability
- {CAN-2004-0880 CAN-2004-0881}
+ {CVE-2004-0880 CVE-2004-0881}
- getmail 3.2.5-1
[22 Sep 2004] DSA-552-1 imlib2 - unsanitised input
- {CAN-2004-0802}
+ {CVE-2004-0802}
- imlib2 1.1.0-12.4
[21 Sep 2004] DSA-551-1 lukemftpd - incorrect internal variable handling
- {CAN-2004-0794}
+ {CVE-2004-0794}
- lukemftpd 1.1-2.2 (bug #266370)
[20 Sep 2004] DSA-550-1 wv - buffer overflow
- {CAN-2004-0645}
+ {CVE-2004-0645}
- wv 1.0.2-0.1 (bug #264972)
[17 Sep 2004] DSA-549-1 gtk+2.0 - multiple holes
- {CAN-2004-0782 CAN-2004-0783 CAN-2004-0788}
+ {CVE-2004-0782 CVE-2004-0783 CVE-2004-0788}
- gtk+2.0 2.4.9-2
[16 Sep 2004] DSA-548-1 imlib - unsanitised input
- {CAN-2004-0817}
+ {CVE-2004-0817}
- imlib 1.9.14-17
- imlib+png2 1.9.14-16.2
[16 Sep 2004] DSA-547-1 imagemagick - buffer overflows
- {CAN-2004-0827}
+ {CVE-2004-0827}
- imagemagick 6:6.0.6.2-1
[16 Sep 2004] DSA-546-1 gdk-pixbuf - multiple holes
- {CAN-2004-0753 CAN-2004-0782 CAN-2004-0788}
+ {CVE-2004-0753 CVE-2004-0782 CVE-2004-0788}
- gdk-pixbuf 0.22.0-7
[15 Sep 2004] DSA-545-1 cupsys - denial of service
- {CAN-2004-0558}
+ {CVE-2004-0558}
- cupsys 1.1.20final+rc1-6
[14 Sep 2004] DSA-544-1 webmin - insecure temporary directory
- {CAN-2004-0559}
+ {CVE-2004-0559}
- webmin 1.160-1
- usermin 1.090-1
[31 Aug 2004] DSA-543-1 krb5 -- several vulnerabilities
- {CAN-2004-0642 CAN-2004-0643 CAN-2004-0644 CAN-2004-0772}
+ {CVE-2004-0642 CVE-2004-0643 CVE-2004-0644 CVE-2004-0772}
- krb5 1.3.4-3
[31 Aug 2004] DSA-458-2 python2.2 - buffer overflow
- {CAN-2004-0150}
+ {CVE-2004-0150}
NOTE: not affected according to DSA
[30 Aug 2004] DSA-542-1 qt - unsanitised input
- {CAN-2004-0691 CAN-2004-0692 CAN-2004-0693}
+ {CVE-2004-0691 CVE-2004-0692 CVE-2004-0693}
- qt-x11-free 3:3.3.3-4
[25 Aug 2004] DSA-541 icecast-server - cross site scripting
- {CAN-2004-0781}
+ {CVE-2004-0781}
- icecast-server 1:1.3.12-8
[18 Aug 2004] DSA-540 mysql-dfsg - insecure file creation
- {CAN-2004-0457}
+ {CVE-2004-0457}
- mysql-dfsg 4.0.20-11
[18 Aug 2004] DSA-539 kdelibs - denial of service
- {CAN-2004-0689}
+ {CVE-2004-0689}
- kdelibs 4:3.2.3-3.sarge.1
[17 Aug 2004] DSA-538 rsync - unauthorised directory traversal and file access
- rsync 2.6.2-3
[16 Aug 2004] DSA-537 ruby - insecure file permissions
- {CAN-2004-0755}
+ {CVE-2004-0755}
- ruby1.8 1.8.1+1.8.2pre1-4
TODO: is ruby1.6 vulnerable?
[04 Aug 2004] DSA-536 libpng - several vulnerabilities
- {CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-0768}
+ {CVE-2004-0597 CVE-2004-0598 CVE-2004-0599 CVE-2004-0768}
- libpng 1.0.15-6
- libpng3 1.2.5.0-7
[02 Aug 2004] DSA-535 squirrelmail - several vulnerabilities
- {CAN-2004-0519 CAN-2004-0520 CAN-2004-0521 CAN-2004-0639}
+ {CVE-2004-0519 CVE-2004-0520 CVE-2004-0521 CVE-2004-0639}
- squirrelmail 2:1.4.3a-0.1
[22 Jul 2004] DSA-534 mailreader - directory traversal
- {CAN-2002-1581}
+ {CVE-2002-1581}
- mailreader 2.3.29-9
[22 Jul 2004] DSA-533 courier - cross-site scripting
- {CAN-2004-0591}
+ {CVE-2004-0591}
- courier 0.45.4-4
[22 Jul 2004] DSA-532 libapache-mod-ssl - several vulnerabilities
- {CAN-2004-0488 CAN-2004-0700}
+ {CVE-2004-0488 CVE-2004-0700}
- libapache-mod-ssl 2.8.19-1
[20 Jul 2004] DSA-531 php4 - several vulnerabilities
- {CAN-2004-0594 CAN-2004-0595}
+ {CVE-2004-0594 CVE-2004-0595}
- php4 4:4.3.8-1
[17 Jul 2004] DSA-530 l2tpd - buffer overflow
- {CAN-2004-0649}
+ {CVE-2004-0649}
- l2tpd 0.70-pre20031121-2
[17 Jul 2004] DSA-529 netkit-telnet-ssl - format string
- {CAN-2004-0640}
+ {CVE-2004-0640}
- netkit-telnet-ssl 0.17.24+0.1-2
[17 Jul 2004] DSA-528 ethereal - denial of service
- {CAN-2004-0635}
+ {CVE-2004-0635}
- ethereal 0.10.5-1
[03 Jul 2004] DSA-527 pavuk - buffer overflow
- {CAN-2004-0456}
+ {CVE-2004-0456}
NOTE: DSA is incorrect; pavuk is in sarge and unstable.
- pavuk 0.9pl28-3 (bug #264684)
[03 Jul 2004] DSA-526 webmin - several vulnerabilities
- {CAN-2004-0582 CAN-2004-0583}
+ {CVE-2004-0582 CVE-2004-0583}
- webmin 1.150-1
[24 Jun 2004] DSA-525 apache - buffer overflow
- {CAN-2004-0492}
+ {CVE-2004-0492}
- apache 1.3.31-2
[19 Jun 2004] DSA-524 rlpr - several vulnerabilities
- {CAN-2004-0393 CAN-2004-0454}
+ {CVE-2004-0393 CVE-2004-0454}
- rlpr 2.02-7.1 (bug #255402)
[19 Jun 2004] DSA-523 www-sql - buffer overflow
- {CAN-2004-0455}
+ {CVE-2004-0455}
- www-sql 0.5.7-18
[19 Jun 2004] DSA-522 super - format string vulnerability
- {CAN-2004-0579}
+ {CVE-2004-0579}
- super 3.23.0-1
[18 Jun 2004] DSA-521 sup - format string vulnerability
- {CAN-2004-0451}
+ {CVE-2004-0451}
- sup 1.8-11
[16 Jun 2004] DSA-520 krb5 - buffer overflows
- {CAN-2004-0523}
+ {CVE-2004-0523}
- krb5 1.3.3-2
[15 Jun 2004] DSA-519 cvs - several vulnerabilities
- {CAN-2004-0416 CAN-2004-0417 CAN-2004-0418}
+ {CVE-2004-0416 CVE-2004-0417 CVE-2004-0418}
- cvs 1:1.12.9-1
[14 Jun 2004] DSA-518 kdelibs - unsanitised input
- {CAN-2004-0411}
+ {CVE-2004-0411}
- kdelibs 4:3.2.3
[10 Jun 2004] DSA-517 cvs - buffer overflow
- {CAN-2004-0414}
+ {CVE-2004-0414}
- cvs 1:1.12.9-1
[07 Jun 2004] DSA-516 postgresql - buffer overflow
- {CAN-2004-0547}
+ {CVE-2004-0547}
- postgresql 07.03.0200-3.
[05 Jun 2004] DSA-515 lha - several vulnerabilities
- {CAN-2004-0234 CAN-2004-0235}
+ {CVE-2004-0234 CVE-2004-0235}
- lha 1.14i-8
NOTE: If 1.14i-8 cannot get into testing, the fix for 1.14i-2.0.1
NOTE: from the DSA could to updated via t-p-u.
[04 Jun 2004] DSA-514 kernel-image-sparc-2.2 - failing function and TLB flush
- {CAN-2004-0077}
+ {CVE-2004-0077}
- kernel-image-sparc-2.2 9.1
NOTE: did not check other versions of the kernel
[03 Jun 2004] DSA-513 log2mail - format string
- {CAN-2004-0450}
+ {CVE-2004-0450}
- log2mail 0.2.8-3
[02 Jun 2004] DSA-512 gallery - unauthenticated access
- {CAN-2004-0522}
+ {CVE-2004-0522}
- gallery 1.4.3-pl2-1
[30 May 2004] DSA-511 ethereal - buffer overflows
- {CAN-2004-0176}
+ {CVE-2004-0176}
- ethereal 0.10.3-1
[29 May 2004] DSA-510 jftpgw - format string
- {CAN-2004-0448}
+ {CVE-2004-0448}
- jftpgw 0.13.4-1
[29 May 2004] DSA-509 gatos - privilege escalation
- {CAN-2004-0395}
+ {CVE-2004-0395}
- gatos 0.0.5-12
[22 May 2004] DSA-508 xpcd - buffer overflow
- {CAN-2004-0402}
+ {CVE-2004-0402}
- xpcd 2.08-10
[19 May 2004] DSA-507 cadaver - buffer overflow
- {CAN-2004-0398}
+ {CVE-2004-0398}
- cadaver 0.22.1-3
[19 May 2004] DSA-506 neon - buffer overflow
- {CAN-2004-0398}
+ {CVE-2004-0398}
- neon 0.24.6.dfsg-1
[19 May 2004] DSA-505 cvs - heap overflow
- {CAN-2004-0396}
+ {CVE-2004-0396}
- cvs 1:1.12.5-6
[18 May 2004] DSA-504 heimdal - missing input sanitising
- {CAN-2004-0434}
+ {CVE-2004-0434}
- heimdal 0.6.2-1
[13 May 2004] DSA-503 mah-jong - missing argument check
- {CAN-2004-0458}
+ {CVE-2004-0458}
- mah-jong 1.6.2-1
[11 May 2004] DSA-502 exim-tls - buffer overflow
- {CAN-2004-0399 CAN-2004-0400}
+ {CVE-2004-0399 CVE-2004-0400}
NOTE: exim-tls not in sarge
[07 May 2004] DSA-501 exim - buffer overflow
- {CAN-2004-0399 CAN-2004-0400}
+ {CVE-2004-0399 CVE-2004-0400}
- exim 3.36-11
- exim4 4.33-1
[01 May 2004] DSA-500 flim - insecure temporary file
- {CAN-2004-0422}
+ {CVE-2004-0422}
- flim 1:1.14.6+0.20040415-1
[01 May 2004] DSA-499 rsync - directory traversal
- {CAN-2004-0426}
+ {CVE-2004-0426}
- rsync 2.6.1-1
[30 Apr 2004] DSA-498 libpng - out of bound access
- {CAN-2004-0421}
+ {CVE-2004-0421}
- libpng 1.0.15-5
- libpng3 1.2.5.0-6
[29 Apr 2004] DSA-497 mc - several vulnerabilities
- {CAN-2004-0226 CAN-2004-0231 CAN-2004-0232}
+ {CVE-2004-0226 CVE-2004-0231 CVE-2004-0232}
- mc 1:4.6.0-4.6.1-pre1-2
[29 Apr 2004] DSA-496 eterm - missing input sanitising
- {CAN-2003-0068}
+ {CVE-2003-0068}
- eterm 0.9.2-6
[26 Apr 2004] DSA-495 linux-kernel-2.4.16-arm - several vulnerabilities
- {CAN-2003-0127 CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
+ {CVE-2003-0127 CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
NOTE: 2.4.16 not present. Did not check newer kernels.
[21 Apr 2004] DSA-494 ident2 - buffer overflow
- {CAN-2004-0408}
+ {CVE-2004-0408}
- ident2 1.04-2
[21 Apr 2004] DSA-493 xchat - buffer overflow
- {CAN-2004-0409}
+ {CVE-2004-0409}
- xchat 2.0.8-1
[18 Apr 2004] DSA-492 iproute - denial of service
- {CAN-2003-0856}
+ {CVE-2003-0856}
- iproute 20010824-13.1
[17 Apr 2004] DSA-491 linux-kernel-2.4.19-mips - several vulnerabilities
- {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
+ {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
NOTE: 2.4.19 not present. Did not check newer kernels.
[17 Apr 2004] DSA-490 zope - arbitrary code execution
{CVE-2002-0688}
- zope 2.6.0-0.1
[17 Apr 2004] DSA-489 linux-kernel-2.4.17-mips+mipsel - several vulnerabilities
- {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
+ {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
NOTE: 2.4.17 not present. Did not check newer kernels.
[16 Apr 2004] DSA-488 logcheck - insecure temporary directory
- {CAN-2004-0404}
+ {CVE-2004-0404}
- logcheck 1.1.1-13.2
[16 Apr 2004] DSA-487 neon - format string
- {CAN-2004-0179}
+ {CVE-2004-0179}
- neon 0.24.5-1
[16 Apr 2004] DSA-486 cvs - several vulnerabilities
- {CAN-2004-0180 CAN-2004-0405}
+ {CVE-2004-0180 CVE-2004-0405}
- cvs 1:1.12.5-4
[14 Apr 2004] DSA-485 ssmtp - format string
- {CAN-2004-0156}
+ {CVE-2004-0156}
- ssmtp 2.60.7
[14 Apr 2004] DSA-484 xonix - failure to drop privileges
- {CAN-2004-0157}
+ {CVE-2004-0157}
- xonix 1.4-21
[14 Apr 2004] DSA-483 mysql - insecure temporary file creation
- {CAN-2004-0381}
+ {CVE-2004-0381}
- mysql-dfsg 4.0.18-4
- {CAN-2004-0388}
+ {CVE-2004-0388}
- mysql-dfsg 4.0.18-6
[14 Apr 2004] DSA-482 linux-kernel-2.4.17-apus+s390 - several vulnerabilities
- {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
+ {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
NOTE: 2.4.17 not present. Did not check newer kernels.
[14 Apr 2004] DSA-481 linux-kernel-2.4.17-ia64 - several vulnerabilities
- {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
+ {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
NOTE: 2.4.17 not present. Did not check newer kernels.
[14 Apr 2004] DSA-480 linux-kernel-2.4.17+2.4.18-hppa - several vulnerabilities
- {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
+ {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
NOTE: 2.4.17/18 not present. Did not check newer kernels.
[14 Apr 2004] DSA-479 linux-kernel-2.4.18-alpha+i386+powerpc - several vulnerabilities
- {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
+ {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
NOTE: 2.4.18 not present. Did not check newer kernels.
[06 Apr 2004] DSA-478 tcpdump - denial of service
- {CAN-2004-0183 CAN-2004-0184}
+ {CVE-2004-0183 CVE-2004-0184}
- tcpdump 3.7.2-4
[06 Apr 2004] DSA-477 xine-ui - insecure temporary file creation
- {CAN-2004-0372}
+ {CVE-2004-0372}
- xine-ui 0.99.1-1
[06 Apr 2004] DSA-476 heimdal - cross-realm
- {CAN-2004-0371}
+ {CVE-2004-0371}
- heimdal 0.6.1-1
[05 Apr 2004] DSA-475 linux-kernel-2.4.18-hppa - several vulnerabilities
- {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077}
+ {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
NOTE: 2.4.18 not present. Did not check newer kernels.
[03 Apr 2004] DSA-474 squid - ACL bypass
- {CAN-2004-0189}
+ {CVE-2004-0189}
- squid 2.5.5-1
[03 Apr 2004] DSA-473 oftpd - denial of service
- {CAN-2004-0376}
+ {CVE-2004-0376}
- oftpd 20040304-1
[03 Apr 2004] DSA-472 fte - several vulnerabilities
- {CAN-2003-0648}
+ {CVE-2003-0648}
- fte 0.50.0-1.1 (bug #203871)
[02 Apr 2004] DSA-471 interchange - missing input sanitising
- {CAN-2004-0374}
+ {CVE-2004-0374}
- interchange 5.0.1-1
[01 Apr 2004] DSA-470 linux-kernel-2.4.17-hppa - several vulnerabilities
- {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077}
+ {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
NOTE: 2.4.17 not present. Did not check newer kernels.
[29 Mar 2004] DSA-469 pam-pgsql - missing input sanitising
- {CAN-2004-0366}
+ {CVE-2004-0366}
- pam-pgsql 0.5.2-7.1
[24 Mar 2004] DSA-468 emil - several vulnerabilities
- {CAN-2004-0152 CAN-2004-0153}
+ {CVE-2004-0152 CVE-2004-0153}
- emil 2.1.0-beta9-14
[23 Mar 2004] DSA-467 ecartis - several vulnerabilities
- {CAN-2003-0781 CAN-2003-0782}
+ {CVE-2003-0781 CVE-2003-0782}
- ecartis 1.0.0+cvs.20030911
[18 Mar 2004] DSA-466 linux-kernel-2.2.10-powerpc-apus - failing function and TLB flush
- {CAN-2004-0077}
+ {CVE-2004-0077}
NOTE: 2.2.10 not present. Did not check newer kernels.
[17 Mar 2004] DSA-465 openssl - several vulnerabilities
- {CAN-2004-0079 CAN-2004-0081}
+ {CVE-2004-0079 CVE-2004-0081}
- openssl 0.9.7d-1
- NOTE: CAN-2004-0081 only affects 0.9.6.
- NOTE: 0.9.7d also fixes CAN-2004-0112
+ NOTE: CVE-2004-0081 only affects 0.9.6.
+ NOTE: 0.9.7d also fixes CVE-2004-0112
- openssl 0.9.6l
- openssl096 0.9.6m-1
[16 Mar 2004] DSA-464 gdk-pixbuf - broken image handling
- {CAN-2004-0111}
+ {CVE-2004-0111}
- gdk-pixbuf 0.22.0-3
[12 Mar 2004] DSA-463 samba - privilege escalation
- {CAN-2004-0186}
+ {CVE-2004-0186}
- samba 3.0.2-2
[12 Mar 2004] DSA-462 xitalk - missing privilege release
- {CAN-2004-0151}
+ {CVE-2004-0151}
- xitalk 1.1.11-11
[11 Mar 2004] DSA-461 calife - buffer overflow
- {CAN-2004-0188}
+ {CVE-2004-0188}
- calife 2.8.6-1
[10 Mar 2004] DSA-460 sysstat - insecure temporary file
- {CAN-2004-0108}
+ {CVE-2004-0108}
- sysstat 5.0.2-1
[10 Mar 2004] DSA-459 kdelibs - cookie path traversal
- {CAN-2003-0592}
+ {CVE-2003-0592}
- kdelibs 4:3.1.3-1
[09 Mar 2004] DSA-458 python2.2 - buffer overflow
- {CAN-2004-0150}
+ {CVE-2004-0150}
NOTE: not affected according to DSA
[08 Mar 2004] DSA-457 wu-ftpd - several vulnerabilities
- {CAN-2004-0148 CAN-2004-0185}
+ {CVE-2004-0148 CVE-2004-0185}
- wu-ftpd 2.6.2-17.1
[06 Mar 2004] DSA-456 linux-kernel-2.2.19-arm - failing function and TLB flush
- {CAN-2004-0077}
+ {CVE-2004-0077}
NOTE: 2.2.19 not present. Did not check newer kernels.
[03 Mar 2004] DSA-455 libxml - buffer overflows
- {CAN-2004-0110}
+ {CVE-2004-0110}
- libxml 1:1.8.17-5
- libxml2 2.6.6-1
[02 Mar 2004] DSA-454 linux-kernel-2.2.22-alpha - failing function and TLB flush
- {CAN-2004-0077}
+ {CVE-2004-0077}
NOTE: 2.2.22 not present. Did not check newer kernels.
[02 Mar 2004] DSA-453 linux-kernel-2.2.20-i386+m68k+powerpc - failing function and TLB flush
- {CAN-2004-0077}
+ {CVE-2004-0077}
NOTE: 2.2.20 not present. Did not check newer kernels.
[29 Feb 2004] DSA-452 libapache-mod-python - denial of service
- {CAN-2003-0973}
+ {CVE-2003-0973}
- libapache-mod-python 2:2.7.10-1
[27 Feb 2004] DSA-451 xboing - buffer overflows
- {CAN-2004-0149}
+ {CVE-2004-0149}
- xboing 2.4-26.1 (bug #174924)
[27 Feb 2004] DSA-450 linux-kernel-2.4.19-mips - several vulnerabilities
- {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077}
+ {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
NOTE: 2.4.19 not present. Did not check newer kernels.
[24 Feb 2004] DSA-449 metamail - buffer overflow, format string bugs
- {CAN-2004-0104 CAN-2004-0105}
+ {CVE-2004-0104 CVE-2004-0105}
- metamail 2.7-45.2
[22 Feb 2004] DSA-448 pwlib - several vulnerabilities
- {CAN-2004-0097}
+ {CVE-2004-0097}
- pwlib 1.5.2-4
[22 Feb 2004] DSA-447 hsftp - format string
- {CAN-2004-0159}
+ {CVE-2004-0159}
- hsftp 1.15-1
[21 Feb 2004] DSA-446 synaesthesia - insecure file creation
- {CAN-2004-0160}
+ {CVE-2004-0160}
NOTE: DSA notes not setuid anymore so ok
[21 Feb 2004] DSA-445 lbreakout2 - buffer overflow
- {CAN-2004-0158}
+ {CVE-2004-0158}
- lbreakout2 2.4
[20 Feb 2004] DSA-444 linux-kernel-2.4.17-ia64 - missing function return value check
- {CAN-2004-0077}
+ {CVE-2004-0077}
NOTE: 2.4.17 not present. Did not check newer kernels.
[19 Feb 2004] DSA-443 xfree86 - several vulnerabilities
- {CAN-2003-0690}
+ {CVE-2003-0690}
- xfree86 4.3.0-0pre1v2
- {CAN-2004-0083 CAN-2004-0084 CAN-2004-0106}
+ {CVE-2004-0083 CVE-2004-0084 CVE-2004-0106}
- xfree86 4.3.0-1
- {CAN-2004-0093 CAN-2004-0094}
+ {CVE-2004-0093 CVE-2004-0094}
- xfree86 4.2.1-6
[19 Feb 2004] DSA-442 linux-kernel-2.4.17-s390 - several vulnerabilities
- {CAN-2003-0001 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364 CAN-2003-0961 CAN-2003-0985 CAN-2004-0077 CVE-2002-0429}
+ {CVE-2003-0001 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364 CVE-2003-0961 CVE-2003-0985 CVE-2004-0077 CVE-2002-0429}
NOTE: 2.4.17 not present. Did not check newer kernels.
[18 Feb 2004] DSA-441 linux-kernel-2.4.17-mips+mipsel - missing function return value check
- {CAN-2004-0077}
+ {CVE-2004-0077}
NOTE: 2.4.17 not present. Did not check newer kernels.
[18 Feb 2004] DSA-440 linux-kernel-2.4.17-powerpc-apus - several vulnerabilities
- {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077}
+ {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
NOTE: 2.4.17 not present. Did not check newer kernels.
[18 Feb 2004] DSA-439 linux-kernel-2.4.16-arm - several vulnerabilities
- {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077}
+ {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
NOTE: 2.4.16 not present. Did not check newer kernels.
[18 Feb 2004] DSA-438 linux-kernel-2.4.18-alpha+i386+powerpc - missing function return value check
- {CAN-2004-0077}
+ {CVE-2004-0077}
NOTE: 2.4.17 not present. Did not check newer kernels.
[11 Feb 2004] DSA-437 cgiemail - open mail relay
- {CAN-2002-1575}
+ {CVE-2002-1575}
- cgiemail 1.6-20
[08 Feb 2004] DSA-436 mailman - several vulnerabilities
- {CAN-2003-0991}
+ {CVE-2003-0991}
NOTE: apparently specific to mailman 2.0, not 2.1
- {CAN-2003-0965}
+ {CVE-2003-0965}
- mailman 2.1.4-1
- {CAN-2003-0038}
+ {CVE-2003-0038}
- mailman 2.1.1-1
[06 Feb 2004] DSA-435 mpg123 - heap overflow
- {CAN-2003-0865}
+ {CVE-2003-0865}
- mpg123 0.59r-15
[05 Feb 2004] DSA-434 gaim - several vulnerabilities
- {CAN-2004-0005 CAN-2004-0006 CAN-2004-0007 CAN-2004-0008}
+ {CVE-2004-0005 CVE-2004-0006 CVE-2004-0007 CVE-2004-0008}
- gaim 1:0.75-2
[04 Feb 2004] DSA-433 kernel-patch-2.4.17-mips - integer overflow
- {CAN-2003-0961}
+ {CVE-2003-0961}
NOTE: 2.4.17 not present. Did not check newer kernels.
[03 Feb 2004] DSA-432 crawl - buffer overflow
- {CAN-2004-0103}
+ {CVE-2004-0103}
- crawl 1:4.0.0beta26-4
[01 Feb 2004] DSA-431 perl - information leak
- {CAN-2003-0618}
+ {CVE-2003-0618}
- perl 5.8.3-3
[28 Jan 2004] DSA-430 trr19 - missing privilege release
- {CAN-2004-0047}
+ {CVE-2004-0047}
- trr19 1.0beta5-17.1 (bug #264702)
[26 Jan 2004] DSA-429 gnupg - cryptographic weakness
- {CAN-2003-0971}
+ {CVE-2003-0971}
- gnupg 1.2.4-1
[20 Jan 2004] DSA-428 slocate - buffer overflow
- {CAN-2003-0848}
+ {CVE-2003-0848}
- slocate 2.7-3
[19 Jan 2004] DSA-427 linux-kernel-2.4.17-mips+mipsel - missing boundary check
- {CAN-2003-0985}
+ {CVE-2003-0985}
NOTE: 2.4.17 not present. Did not check newer kernels.
[18 Jan 2004] DSA-426 netpbm-free - insecure temporary files
- {CAN-2003-0924}
+ {CVE-2003-0924}
- netpbm-free 2:9.25-9
[16 Jan 2004] DSA-425 tcpdump - multiple vulnerabilities
- {CAN-2003-1029 CAN-2003-0989 CAN-2004-0055 CAN-2004-0057}
+ {CVE-2003-1029 CVE-2003-0989 CVE-2004-0055 CVE-2004-0057}
TODO: No idea if this is fixed, we have a new upstream version
TODO: that came out after these advisories, but neither the debian nor
TODO: the upstream changelog seem to mention them.
NOTE: Mailed maintainer.
[16 Jan 2004] DSA-424 mc - buffer overflow
- {CAN-2003-1023}
+ {CVE-2003-1023}
- mc 1:4.6.0-4.6.1-pre1-1
[15 Jan 2004] DSA-423 linux-kernel-2.4.17-ia64 - several vulnerabilities
- {CAN-2003-0001 CAN-2003-0018 CAN-2003-0127 CAN-2003-0461 CAN-2003-0462 CAN-2003-0476 CAN-2003-0501 CAN-2003-0550 CAN-2003-0551 CAN-2003-0552 CAN-2003-0961 CAN-2003-0985}
+ {CVE-2003-0001 CVE-2003-0018 CVE-2003-0127 CVE-2003-0461 CVE-2003-0462 CVE-2003-0476 CVE-2003-0501 CVE-2003-0550 CVE-2003-0551 CVE-2003-0552 CVE-2003-0961 CVE-2003-0985}
NOTE: 2.4.17 not present. Did not check newer kernels.
[13 Jan 2004] DSA-422 cvs - remote vulnerability
- cvs 1:1.11.11
[12 Jan 2004] DSA-421 mod-auth-shadow - password expiration
- {CAN-2004-0041}
+ {CVE-2004-0041}
- mod-auth-shadow 1.4-1
[12 Jan 2004] DSA-420 jitterbug - improperly sanitised input
- {CAN-2004-0028}
+ {CVE-2004-0028}
- jitterbug 1.6.2-4.5
[09 Jan 2004] DSA-419 phpgroupware - missing filename sanitising, SQL injection
- {CAN-2004-0016 CAN-2004-0017}
+ {CVE-2004-0016 CVE-2004-0017}
- phpgroupware 0.9.14.007-4
[07 Jan 2004] DSA-418 vbox3 - privilege leak
- {CAN-2004-0015}
+ {CVE-2004-0015}
- vbox3 0.1.8
[07 Jan 2004] DSA-417 linux-kernel-2.4.18-powerpc+alpha - missing boundary check
- {CAN-2003-0961 CAN-2003-0985}
+ {CVE-2003-0961 CVE-2003-0985}
NOTE: 2.4.18 not present. Did not check newer kernels.
[06 Jan 2004] DSA-416 fsp - buffer overflow, directory traversal
- {CAN-2003-1022 CAN-2004-0011}
+ {CVE-2003-1022 CVE-2004-0011}
- fsp 2.81.b18-1
[06 Jan 2004] DSA-415 zebra - denial of service
- {CAN-2003-0795 CAN-2003-0858}
+ {CVE-2003-0795 CVE-2003-0858}
- quagga 0.96.4x-4
[06 Jan 2004] DSA-414 jabber - denial of service
- {CAN-2004-0013}
+ {CVE-2004-0013}
- jabber 1.4.3-1
[06 Jan 2004] DSA-413 linux-kernel-2.4.18 - missing boundary check
- {CAN-2003-0985}
+ {CVE-2003-0985}
NOTE: 2.4.18 not present. Did not check newer kernels.
[05 Jan 2004] DSA-412 nd - buffer overflows
- {CAN-2004-0014}
+ {CVE-2004-0014}
- nd 0.8.2-1
[05 Jan 2004] DSA-411 mpg321 - format string vulnerability
- {CAN-2003-0969}
+ {CVE-2003-0969}
- mpg321 0.2.10.3
[05 Jan 2004] DSA-410 libnids - buffer overflow
- {CAN-2003-0850}
+ {CVE-2003-0850}
- libnids 1.18-1
[05 Jan 2004] DSA-409 bind - denial of service
- {CAN-2003-0914}
+ {CVE-2003-0914}
- bind 1:8.4.3-1
[05 Jan 2004] DSA-408 screen - integer overflow
- {CAN-2003-0972}
+ {CVE-2003-0972}
- screen 4.0.2-0.1
[05 Jan 2004] DSA-407 ethereal - buffer overflows
- {CAN-2003-0925 CAN-2003-0926 CAN-2003-0927 CAN-2003-1012 CAN-2003-1013}
+ {CVE-2003-0925 CVE-2003-0926 CVE-2003-0927 CVE-2003-1012 CVE-2003-1013}
- ethereal 0.10.0-1
[05 Jan 2004] DSA-406 lftp - buffer overflow
- lftp 2.6.10-1
[30 Dec 2003] DSA-405 xsok - missing privilege release
- {CAN-2003-0949}
+ {CVE-2003-0949}
- xsok 1.02-11
[04 Dec 2003] DSA-404 rsync - heap overflow
- {CAN-2003-0962}
+ {CVE-2003-0962}
- rsync 2.5.6-1.1
[01 Dec 2003] DSA-403 kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18 - local root exploit
- {CAN-2003-0961}
+ {CVE-2003-0961}
NOTE: 2.4.18 not present in sarge, did not check newer kernels.
[17 Nov 2003] DSA-402 minimalist - unsanitised input
- {CAN-2003-0902}
+ {CVE-2003-0902}
- minimalist 2.4-1
[17 Nov 2003] DSA-401 hylafax - format strings
- {CAN-2003-0886}
+ {CVE-2003-0886}
- hylafax 1:4.1.8-1
[11 Nov 2003] DSA-400 omega-rpg - buffer overflow
- {CAN-2003-0932}
+ {CVE-2003-0932}
- omega-rpg 1:0.90-pa9-11
[10 Nov 2003] DSA-399 epic4 - buffer overflow
- {CAN-2003-0328}
+ {CVE-2003-0328}
- epic4 1:1.1.11.20030409-2
[10 Nov 2003] DSA-398 conquest - buffer overflow
- {CAN-2003-0933}
+ {CVE-2003-0933}
- conquest 7.2-5
[07 Nov 2003] DSA-397 postgresql - buffer overflow
- {CAN-2003-0901}
+ {CVE-2003-0901}
- postgresql 7.3.4
[29 Oct 2003] DSA-396 thttpd - missing input sanitizing, wrong calculation
- {CAN-2002-1562 CAN-2003-0899}
+ {CVE-2002-1562 CVE-2003-0899}
- thttpd 2.23beta1-2.3 (bug #216677)
[15 Oct 2003] DSA-395 tomcat4 - incorrect input handling
- {CAN-2003-0866}
+ {CVE-2003-0866}
- tomcat4 4.1.24-2
NOTE: another RC (unreproducible?) bug and missing deps (#263201)
NOTE: are keeping the fix out of testing
[11 Oct 2003] DSA-394 openssl095 - ASN.1 parsing vulnerability
- {CAN-2003-0543 CAN-2003-0544 CAN-2003-0545}
+ {CVE-2003-0543 CVE-2003-0544 CVE-2003-0545}
- openssl 0.9.7c
- openssl096 0.9.6k
[01 Oct 2003] DSA-393 openssl - denial of service
- {CAN-2003-0543 CAN-2003-0544 CAN-2003-0545}
+ {CVE-2003-0543 CVE-2003-0544 CVE-2003-0545}
- openssl 0.9.7c
- openssl096 0.9.6k
[29 Sep 2003] DSA-392 webfs - buffer overflows, file and directory exposure
- {CAN-2003-0832 CAN-2003-0833}
+ {CVE-2003-0832 CVE-2003-0833}
- webfs 1.20
[28 Sep 2003] DSA-391 freesweep - buffer overflow
- {CAN-2003-0828}
+ {CVE-2003-0828}
- freesweep 0.88-4.1
[26 Sep 2003] DSA-390 marbles - buffer overflow
- {CAN-2003-0830}
+ {CVE-2003-0830}
NOTE: not present in sid, sarge
[20 Sep 2003] DSA-389 ipmasq - insecure packet filtering rules
- {CAN-2003-0785}
+ {CVE-2003-0785}
- ipmasq 3.5.12
[19 Sep 2003] DSA-388 kdebase - several vulnerabilities
- {CAN-2003-0690 CAN-2003-0692}
+ {CVE-2003-0690 CVE-2003-0692}
- kdebase 4:3.2
[18 Sep 2003] DSA-387 gopher - buffer overflows
- {CAN-2003-0805}
+ {CVE-2003-0805}
- gopher 3.0.6
[18 Sep 2003] DSA-386 libmailtools-perl - input validation bug
- {CAN-2002-1271}
+ {CVE-2002-1271}
- libmailtools-perl 1.51 (bug #168381)
[18 Sep 2003] DSA-385 hztty - buffer overflows
- {CAN-2003-0783}
+ {CVE-2003-0783}
- hztty 2.0-6
[17 Sep 2003] DSA-384 sendmail - buffer overflows
- {CAN-2003-0681 CAN-2003-0694}
+ {CVE-2003-0681 CVE-2003-0694}
- sendmail 8.12.10-1
[17 Sep 2003] DSA-383 ssh-krb5 - possible remote vulnerability
- {CAN-2003-0693}
- {CAN-2003-0695}
- {CAN-2003-0682}
+ {CVE-2003-0693}
+ {CVE-2003-0695}
+ {CVE-2003-0682}
TODO: Screwy changelog does not make sense. Filed bug.
[16 Sep 2003] DSA-382 ssh - possible remote vulnerability
- {CAN-2003-0693}
+ {CVE-2003-0693}
- openssh 1:3.6.1p2-6.0
- {CAN-2003-0695}
+ {CVE-2003-0695}
- openssh 1:3.7.1
- {CAN-2003-0682}
+ {CVE-2003-0682}
- openssh 1:3.6.1p2-9
[13 Sep 2003] DSA-381 mysql - buffer overflow
- {CAN-2003-0780}
+ {CVE-2003-0780}
- mysql-dfsg 4.0.15-1
[12 Sep 2003] DSA-380 xfree86 - buffer overflows, denial of service
- {CAN-2003-0063}
+ {CVE-2003-0063}
- xfree86 4.2.1-11
- {CAN-2003-0071}
+ {CVE-2003-0071}
- xfree86 4.2.1-11
- {CAN-2002-0164}
+ {CVE-2002-0164}
- xfree86 4.2.1-11
- {CAN-2003-0730}
+ {CVE-2003-0730}
- xfree86 4.2.1-12
[11 Sep 2003] DSA-379 sane-backends - several vulnerabilities
- {CAN-2003-0773 CAN-2003-0774 CAN-2003-0775 CAN-2003-0776 CAN-2003-0777 CAN-2003-0778}
+ {CVE-2003-0773 CVE-2003-0774 CVE-2003-0775 CVE-2003-0776 CVE-2003-0777 CVE-2003-0778}
- sane-backends 1.0.11-1
[07 Sep 2003] DSA-378 mah-jong - buffer overflows, denial of service
- {CAN-2003-0705 CAN-2003-0706}
+ {CVE-2003-0705 CVE-2003-0706}
- mah-jong 1.5.6-2
[04 Sep 2003] DSA-377 wu-ftpd - insecure program execution
{CVE-1999-0997}
- wu-ftpd 2.6.2-15
[04 Sep 2003] DSA-376 exim - buffer overflow
- {CAN-2003-0743}
+ {CVE-2003-0743}
- exim 3.36-8
[29 Aug 2003] DSA-375 node - buffer overflow, format string
- {CAN-2003-0707 CAN-2003-0708}
+ {CVE-2003-0707 CVE-2003-0708}
- node 0.3.2-1
[26 Aug 2003] DSA-374 libpam-smb - buffer overflow
- {CAN-2003-0686}
+ {CVE-2003-0686}
NOTE: not in sid/sarge
[16 Aug 2003] DSA-373 autorespond - buffer overflow
- {CAN-2003-0654}
+ {CVE-2003-0654}
- autorespond 2.0.4-1
[16 Aug 2003] DSA-372 netris - buffer overflow
- {CAN-2003-0685}
+ {CVE-2003-0685}
- netris 0.52-1
[11 Aug 2003] DSA-371 perl - cross-site scripting
- {CAN-2003-0615}
+ {CVE-2003-0615}
- perl 5.8.0-19
[08 Aug 2003] DSA-370 pam-pgsql - format string
- {CAN-2003-0672}
+ {CVE-2003-0672}
- pam-pgsql 0.5.2-7
[08 Aug 2003] DSA-369 zblast - buffer overflow
- {CAN-2003-0613}
+ {CVE-2003-0613}
- zblast 1.2.1-7
[08 Aug 2003] DSA-368 xpcd - buffer overflow
- {CAN-2003-0649}
+ {CVE-2003-0649}
- xpcd 2.08-9
[08 Aug 2003] DSA-367 xtokkaetama - buffer overflow
- {CAN-2003-0652}
+ {CVE-2003-0652}
- xtokkaetama 1.0b-9
[05 Aug 2003] DSA-366 eroaster - insecure temporary file
- {CAN-2003-0656}
+ {CVE-2003-0656}
- eroaster 2.2.0-0.5-1
[05 Aug 2003] DSA-365 phpgroupware - several vulnerabilities
- {CAN-2003-0504 CAN-2003-0599 CAN-2003-0657}
+ {CVE-2003-0504 CVE-2003-0599 CVE-2003-0657}
- phpgroupware 0.9.14.007-1
[04 Aug 2003] DSA-364 man-db - buffer overflows, arbitrary command execution
- {CAN-2003-0620 CAN-2003-0645}
+ {CVE-2003-0620 CVE-2003-0645}
- man-db 2.4.1-13
[03 Aug 2003] DSA-363 postfix - denial of service, bounce-scanning
- {CAN-2003-0468 CAN-2003-0540}
+ {CVE-2003-0468 CVE-2003-0540}
- postfix 1.1.12
[02 Aug 2003] DSA-362 mindi - insecure temporary file
- {CAN-2003-0617}
+ {CVE-2003-0617}
- mindi 0.86-1
[01 Aug 2003] DSA-361 kdelibs, kdelibs-crypto - several vulnerabilities
- {CAN-2003-0459 CAN-2003-0370}
+ {CVE-2003-0459 CVE-2003-0370}
- kdelibs 4:3.1.3-1
[01 Aug 2003] DSA-360 xfstt - several vulnerabilities
- {CAN-2003-0581}
+ {CVE-2003-0581}
- xfstt 1.5-1
- {CAN-2003-0625}
+ {CVE-2003-0625}
- xfstt 1.5.1-1
[31 Jul 2003] DSA-359 atari800 - buffer overflows
- {CAN-2003-0630}
+ {CVE-2003-0630}
- atari800 1.3.1-2
[31 Jul 2003] DSA-358 linux-kernel-2.4.18 - several vulnerabilities
- {CAN-2003-0461 CAN-2003-0462 CAN-2003-0476 CAN-2003-0501 CAN-2003-0550 CAN-2003-0551 CAN-2003-0552 CAN-2003-0018 CAN-2003-0619 CAN-2003-0643}
+ {CVE-2003-0461 CVE-2003-0462 CVE-2003-0476 CVE-2003-0501 CVE-2003-0550 CVE-2003-0551 CVE-2003-0552 CVE-2003-0018 CVE-2003-0619 CVE-2003-0643}
NOTE: 2.4.18/2.4.20 not in unstable/testing. Did not check newer ones.
[31 Jul 2003] DSA-357 wu-ftpd - remote root exploit
- {CAN-2003-0466}
+ {CVE-2003-0466}
- wu-ftpd 2.6.2-12
[30 Jul 2003] DSA-356 xtokkaetama - buffer overflows
- {CAN-2003-0611}
+ {CVE-2003-0611}
- xtokkaetama 1.0b-8
[30 Jul 2003] DSA-355 gallery - cross-site scripting
- {CAN-2003-0614}
+ {CVE-2003-0614}
- gallery 1.3.4-3
[29 Jul 2003] DSA-354 xconq - buffer overflows
- {CAN-2003-0607}
+ {CVE-2003-0607}
- xconq 7.4.1-2.1 (bug #202963)
[29 Jul 2003] DSA-353 sup - insecure temporary file
- {CAN-2003-0606}
+ {CVE-2003-0606}
- sup 1.8-9
[22 Jul 2003] DSA-352 fdclone - insecure temporary directory
- {CAN-2003-0596}
+ {CVE-2003-0596}
- fdclone 2.04-1
[16 Jul 2003] DSA-351 php4 - cross-site scripting
- {CAN-2003-0442}
+ {CVE-2003-0442}
- php4 4:4.3.2+rc3-1
[15 Jul 2003] DSA-350 falconseye - buffer overflow
- {CAN-2003-0358}
+ {CVE-2003-0358}
NOTE: not in testing, fixed in unstable
- falconseye 1.9.3-9
[14 Jul 2003] DSA-349 nfs-utils - buffer overflow
- {CAN-2003-0252}
+ {CVE-2003-0252}
- nfs-utils 1:1.0.3-2
[11 Jul 2003] DSA-348 traceroute-nanog - integer overflow, buffer overflow
- {CAN-2003-0453}
+ {CVE-2003-0453}
- traceroute-nanog 6.1.1-1.3
[08 Jul 2003] DSA-347 teapop - SQL injection
- {CAN-2003-0515}
+ {CVE-2003-0515}
- teapop 0.3.5-2
[08 Jul 2003] DSA-346 phpsysinfo - directory traversal
- {CAN-2003-0536}
+ {CVE-2003-0536}
- phpsysinfo 2.1-1
[08 Jul 2003] DSA-345 xbl - buffer overflow
- {CAN-2003-0535}
+ {CVE-2003-0535}
- xbl 1.0k-6
[08 Jul 2003] DSA-344 unzip - directory traversal
- {CAN-2003-0282}
+ {CVE-2003-0282}
- unzip 5.50-3
[08 Jul 2003] DSA-343 skk, ddskk - insecure temporary file
- {CAN-2003-0539}
+ {CVE-2003-0539}
- skk 10.62a-6
- ddskk 12.1.cvs.20030622-1
[07 Jul 2003] DSA-342 mozart - unsafe mailcap configuration
- {CAN-2003-0538}
+ {CVE-2003-0538}
NOTE: mozart is not in sarge
- mozart 1.2.5.20030212-2
[07 Jul 2003] DSA-341 liece - insecure temporary file
- {CAN-2003-0537}
+ {CVE-2003-0537}
- liece 2.0+0.20030527cvs-1
[06 Jul 2003] DSA-340 x-face-el - insecure temporary file
- x-face-el 1.3.6.23-1
[06 Jul 2003] DSA-339 semi - insecure temporary file
- {CAN-2003-0440}
+ {CVE-2003-0440}
- semi 1.14.5+20030609-1 (bug #223456)
[29 Jun 2003] DSA-338 proftpd - SQL injection
- {CAN-2003-0500}
+ {CVE-2003-0500}
- proftpd 1.2.8-8
[29 Jun 2003] DSA-337 gtksee - buffer overflow
- {CAN-2003-0444}
+ {CVE-2003-0444}
- gtksee 0.5.6-1
[29 Jun 2003] DSA-336 linux-kernel-2.2.20 - several vulnerabilities
- {CAN-2002-1380 CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0364 CAN-2003-0246 CAN-2003-0244 CAN-2003-0247 CAN-2003-0248}
+ {CVE-2002-1380 CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0364 CVE-2003-0246 CVE-2003-0244 CVE-2003-0247 CVE-2003-0248}
- kernel-source-2.2.25 2.2.25-3
NOTE: did not check newer kernels
[28 Jun 2003] DSA-335 mantis - incorrect permissions
- {CAN-2003-0499}
+ {CVE-2003-0499}
- mantis 0.17.5-6
[28 Jun 2003] DSA-334 xgalaga - buffer overflows
- {CAN-2003-0454}
+ {CVE-2003-0454}
- xgalaga 2.0.34-22
[27 Jun 2003] DSA-333 acm - integer overflow
{CVE-2002-0391}
- acm 5.0-10
[27 Jun 2003] DSA-332 linux-kernel-2.4.17 - several vulnerabilities
- {CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364}
+ {CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364}
NOTE: note in the archive, and did not check newer kernels
[27 Jun 2003] DSA-331 imagemagick - insecure temporary file
- {CAN-2003-0455}
+ {CVE-2003-0455}
- imagemagick 4:5.5.7-1
[23 Jun 2003] DSA-330 tcptraceroute - failure to drop root privileges
- {CAN-2003-0489}
+ {CVE-2003-0489}
- tcptraceroute 1.4-4
[20 Jun 2003] DSA-329 osh - buffer overflows
- {CAN-2003-0452}
+ {CVE-2003-0452}
- osh 1.7-12
[19 Jun 2003] DSA-328 webfs - buffer overflow
- {CAN-2003-0445}
+ {CVE-2003-0445}
- webfs 1.20
[19 Jun 2003] DSA-327 xbl - buffer overflows
- {CAN-2003-0451}
+ {CVE-2003-0451}
- xbl 1.0k-5
[19 Jun 2003] DSA-326 orville-write - buffer overflows
- {CAN-2003-0441}
+ {CVE-2003-0441}
- orville-write 2.54-1
[19 Jun 2003] DSA-325 eldav - insecure temporary file
- {CAN-2003-0438}
+ {CVE-2003-0438}
- eldav 0.7.2-1
[18 Jun 2003] DSA-324 ethereal - several vulnerabilities
- {CAN-2003-0428 CAN-2003-0429 CAN-2003-0431 CAN-2003-0432}
+ {CVE-2003-0428 CVE-2003-0429 CVE-2003-0431 CVE-2003-0432}
- ethereal 0.9.13-1.
[16 Jun 2003] DSA-323 noweb - insecure temporary files
- {CAN-2003-0381}
+ {CVE-2003-0381}
- noweb 2.10c-3.1 (bug #271146)
[16 Jun 2003] DSA-322 typespeed - buffer overflow
- {CAN-2003-0435}
+ {CVE-2003-0435}
- typespeed 0.4.4
[13 Jun 2003] DSA-321 radiusd-cistron - buffer overflow
- {CAN-2003-0450}
+ {CVE-2003-0450}
- radiusd-cistron 1.6.6-2
[13 Jun 2003] DSA-320 mikmod - buffer overflow
- {CAN-2003-0427}
+ {CVE-2003-0427}
- mikmod 3.1.6-6
[12 Jun 2003] DSA-319 webmin - session ID spoofing
- {CAN-2003-0101}
+ {CVE-2003-0101}
- webmin 1.070-1
[12 Jun 2003] DSA-318 lyskom-server - denial of service
- {CAN-2003-0366}
+ {CVE-2003-0366}
- lyskom-server 2.0.7-2
[11 Jun 2003] DSA-317 cupsys - denial of service
- {CAN-2003-0195}
+ {CVE-2003-0195}
- cupsys 1.1.19final-1
[11 Jun 2003] DSA-316 nethack - buffer overflow, incorrect permissions
- {CAN-2003-0358 CAN-2003-0359}
+ {CVE-2003-0358 CVE-2003-0359}
- nethack 3.4.1-1
- slashem 0.0.6E4F8-6
- jnethack 1.1.5-15
NOTE: DSA contains some strange non-nethack version numbers
[11 Jun 2003] DSA-315 gnocatan - buffer overflows, denial of service
- {CAN-2003-0433}
+ {CVE-2003-0433}
- gnocatan 0.8.0-1 (bug #328136)
- pioneers <not-affected> (bug #328136)
NOTE: maintainer confirmed that the security fixes are included
[11 Jun 2003] DSA-314 atftp - buffer overflow
- {CAN-2003-0380}
+ {CVE-2003-0380}
- atftp 0.6.2
[11 Jun 2003] DSA-313 ethereal - buffer overflows, integer overflows
- {CAN-2003-0356 CAN-2003-0357}
+ {CVE-2003-0356 CVE-2003-0357}
- ethereal 0.9.12-1
[09 Jun 2003] DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities
- {CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248}
+ {CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248}
NOTE: not in unstable/testing. Did not check other versions.
[08 Jun 2003] DSA-311 linux-kernel-2.4.18 - several vulnerabilities
- {CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364}
+ {CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364}
NOTE: not in unstable/testing. Did not check other versions.
[08 Jun 2003] DSA-310 xaos - improper setuid-root execution
- {CAN-2003-0385}
+ {CVE-2003-0385}
- xaos 3.1r-4
[06 Jun 2003] DSA-309 eterm - buffer overflow
- {CAN-2003-0382}
+ {CVE-2003-0382}
- eterm 0.9.2-1
[06 Jun 2003] DSA-308 gzip - insecure temporary files
- {CVE-1999-1332 CAN-2003-0367}
+ {CVE-1999-1332 CVE-2003-0367}
- gzip 1.3.5-6
[27 May 2003] DSA-307 gps - multiple vulnerabilities
- {CAN-2003-0361 CAN-2003-0360 CAN-2003-0362}
+ {CVE-2003-0361 CVE-2003-0360 CVE-2003-0362}
- gps 1.1.0-1
[19 May 2003] DSA-306 ircii-pana - buffer overflows, integer overflow
- {CAN-2003-0321 CAN-2003-0322 CAN-2003-0328}
+ {CVE-2003-0321 CVE-2003-0322 CVE-2003-0328}
- ircii-pana 1:1.0-0c19-8
[15 May 2003] DSA-305 sendmail - insecure temporary files
- {CAN-2003-0308}
+ {CVE-2003-0308}
- sendmail 8.12.9-2
[15 May 2003] DSA-304 lv - privilege escalation
- {CAN-2003-0188}
+ {CVE-2003-0188}
- lv 4.49.5-2
[15 May 2003] DSA-303 mysql - privilege escalation
- {CAN-2003-0073}
+ {CVE-2003-0073}
- mysql-dfsg 4.0.12-2
- {CAN-2003-0150}
+ {CVE-2003-0150}
TODO: not sure if this is fixed
[07 May 2003] DSA-302 fuzz - privilege escalation
- {CAN-2003-0261}
+ {CVE-2003-0261}
- fuzz 0.6-7.1
[07 May 2003] DSA-301 libgtop - buffer overflow
- {CAN-2001-0928}
+ {CVE-2001-0928}
- libgtop 1.0.13-4
[06 May 2003] DSA-300 balsa - buffer overflow
- {CAN-2003-0167}
+ {CVE-2003-0167}
- balsa 2.0.10
[06 May 2003] DSA-299 leksbot - improper setuid-root execution
- {CAN-2003-0262}
+ {CVE-2003-0262}
- leksbot 1.2-5 (bug #186421)
[02 May 2003] DSA-298 epic4 - buffer overflows
- {CAN-2003-0323}
+ {CVE-2003-0323}
- epic4 1:1.1.11.20030409-1
[01 May 2003] DSA-297 snort - integer overflow, buffer overflow
- {CAN-2003-0033 CAN-2003-0209}
+ {CVE-2003-0033 CVE-2003-0209}
- snort 2.0.0-1
[30 Apr 2003] DSA-296 kdebase - insecure execution
- {CAN-2003-0204}
+ {CVE-2003-0204}
- kdebase 4:3.1.0-1
[30 Apr 2003] DSA-295 pptpd - buffer overflow
- {CAN-2003-0213}
+ {CVE-2003-0213}
- pptpd 1.1.4-0.b3.2
[23 Apr 2003] DSA-294 gkrellm-newsticker - missing quoting, incomplete parser
- {CAN-2003-0205 CAN-2003-0206}
+ {CVE-2003-0205 CVE-2003-0206}
NOTE: not in unstable/testing
[23 Apr 2003] DSA-293 kdelibs - insecure execution
- {CAN-2003-0204}
+ {CVE-2003-0204}
- kdebase 4:3.1.0-1
[22 Apr 2003] DSA-292 mime-support - insecure temporary file creation
- {CAN-2003-0214}
+ {CVE-2003-0214}
- mime-support 3.23-1
[22 Apr 2003] DSA-291 ircii - buffer overflows
- {CAN-2003-0323}
+ {CVE-2003-0323}
- ircii 20030315-1
[17 Apr 2003] DSA-290 sendmail-wide - char-to-int conversion
- {CAN-2003-0161}
+ {CVE-2003-0161}
- sendmail-wide 8.12.9+3.5Wbeta-1
[17 Apr 2003] DSA-289 rinetd - incorrect memory resizing
- {CAN-2003-0212}
+ {CVE-2003-0212}
- rinetd 0.61-2
[17 Apr 2003] DSA-288 openssl - several vulnerabilities
- {CAN-2003-0147 CAN-2003-0131}
+ {CVE-2003-0147 CVE-2003-0131}
- openssl 0.9.7b-1
- openssl096 0.9.6j-1
[15 Apr 2003] DSA-287 epic - buffer overflows
- {CAN-2003-0324}
+ {CVE-2003-0324}
- epic4 1:1.1.11.20030409-1
[14 Apr 2003] DSA-286 gs-common - insecure temporary file
- {CAN-2003-0207}
+ {CVE-2003-0207}
- gs-common 0.3.3.1
[14 Apr 2003] DSA-285 lprng - insecure temporary file
- {CAN-2003-0136}
+ {CVE-2003-0136}
- lprng 3.8.20-4.
[12 Apr 2003] DSA-284 kdegraphics - insecure execution
- {CAN-2003-0204}
+ {CVE-2003-0204}
- kdegraphics 4:3.1.0-1
[11 Apr 2003] DSA-283 xfsdump - insecure file creation
- {CAN-2003-0173}
+ {CVE-2003-0173}
- xfsdump 2.2.8-1
[09 Apr 2003] DSA-282 glibc - integer overflow
- {CAN-2003-0028}
+ {CVE-2003-0028}
- glibc 2.3.1-16
[08 Apr 2003] DSA-281 moxftp - buffer overflow
- {CAN-2003-0203}
+ {CVE-2003-0203}
- moxftp 2.2-18.20
[07 Apr 2003] DSA-280 samba - buffer overflow
- {CAN-2003-0201 CAN-2003-0196}
+ {CVE-2003-0201 CVE-2003-0196}
- samba 3.0
[07 Apr 2003] DSA-279 metrics - insecure temporary file creation
- {CAN-2003-0202}
+ {CVE-2003-0202}
NOTE: note in unstable/testing
[04 Apr 2003] DSA-278 sendmail - char-to-int conversion
- {CAN-2003-0161}
+ {CVE-2003-0161}
- sendmail 8.12.9-1
[03 Apr 2003] DSA-277 apcupsd - buffer overflows, format string
- {CAN-2003-0098 CAN-2003-0099}
+ {CVE-2003-0098 CVE-2003-0099}
- apcupsd 3.8.5-1.2
[03 Apr 2003] DSA-276 linux-kernel-s390 - local privilege escalation
- {CAN-2003-0127}
+ {CVE-2003-0127}
NOTE: this version is not in sarge, did not check others
[02 Apr 2003] DSA-275 lpr-ppd - buffer overflow
- {CAN-2003-0144}
+ {CVE-2003-0144}
- lpr-ppd 1:0.72-3
[28 Mar 2003] DSA-274 mutt - buffer overflow
- {CAN-2003-0167}
+ {CVE-2003-0167}
- mutt 1.4.0
[28 Mar 2003] DSA-273 krb4 - Cryptographic weakness
- {CAN-2003-0138 CAN-2003-0139}
+ {CVE-2003-0138 CVE-2003-0139}
- krb4 1.2.2-1
[28 Mar 2003] DSA-272 dietlibc - integer overflow
- {CAN-2003-0028}
+ {CVE-2003-0028}
- dietlibc 0.22-2
[27 Mar 2003] DSA-271 ecartis - unauthorized password change
- {CAN-2003-0162}
+ {CVE-2003-0162}
- ecartis 1.0.0+cvs.20030321-1
[27 Mar 2003] DSA-270 linux-kernel-mips - local privilege escalation
- {CAN-2003-0127}
+ {CVE-2003-0127}
NOTE: not in unstable/testing, did not check other versions
[26 Mar 2003] DSA-269 heimdal - Cryptographic weakness
- {CAN-2003-0138}
+ {CVE-2003-0138}
- heimdal 0.5.2-1
[25 Mar 2003] DSA-268 mutt - buffer overflow
- {CAN-2003-0140}
+ {CVE-2003-0140}
- mutt 1.5.4-1
[24 Mar 2003] DSA-267 lpr - buffer overflow
- {CAN-2003-0144}
+ {CVE-2003-0144}
- lpr 1:2000.05.07-4.20
[24 Mar 2003] DSA-266 krb5 - several vulnerabilities
- {CAN-2003-0028}
+ {CVE-2003-0028}
- krb5 1.3.3-2
NOTE: changelog does not mention this one, verified patch from
NOTE: Tom Yu was applied to this version.
- {CAN-2003-0072}
+ {CVE-2003-0072}
- krb5 1.2.7-3
NOTE: changelog does not mention this one, verified patch from
NOTE: upstream was applied to this version.
- {CAN-2003-0082}
+ {CVE-2003-0082}
- krb5 1.3.3-2
- {CAN-2003-0138 VU#623217}
+ {CVE-2003-0138 VU#623217}
- krb5 1.2.7-3
- {CAN-2003-0139 VU#442569}
+ {CVE-2003-0139 VU#442569}
- krb5 1.2.7-3
[21 Mar 2003] DSA-265 bonsai - several vulnerabilities
- {CAN-2003-0152 CAN-2003-0153 CAN-2003-0154 CAN-2003-0155}
+ {CVE-2003-0152 CVE-2003-0153 CVE-2003-0154 CVE-2003-0155}
- bonsai 1.3+cvs20030317-1
[19 Mar 2003] DSA-264 lxr - missing filename sanitizing
- {CAN-2003-0156}
+ {CVE-2003-0156}
- lxr 0.3-4
[17 Mar 2003] DSA-263 netpbm-free - math overflow errors
- {CAN-2003-0146}
+ {CVE-2003-0146}
- netpbm-free 2:9.20-9
[15 Mar 2003] DSA-262 samba - remote exploit
- {CAN-2003-0085 CAN-2003-0086}
+ {CVE-2003-0085 CVE-2003-0086}
- samba 2.2.8
[14 Mar 2003] DSA-261 tcpdump - infinite loop
- {CAN-2003-0093 CAN-2003-0145}
+ {CVE-2003-0093 CVE-2003-0145}
NOTE: DSA reports sid was not affected, sarge has sid version
[13 Mar 2003] DSA-260 file - buffer overflow
- {CAN-2003-0102}
+ {CVE-2003-0102}
- file 3.40-1.1
[12 Mar 2003] DSA-259 qpopper - mail user privilege escalation
- {CAN-2003-0143}
+ {CVE-2003-0143}
- qpopper 4.0.4-9
[10 Mar 2003] DSA-258 ethereal - format string vulnerability
- {CAN-2003-0081}
+ {CVE-2003-0081}
- ethereal 0.9.9-2
[04 Mar 2003] DSA-257 sendmail - remote exploit
- {CAN-2002-1337}
+ {CVE-2002-1337}
- sendmail 8.12.8
[28 Feb 2003] DSA-256 mhc - insecure temporary file
- {CAN-2003-0120}
+ {CVE-2003-0120}
- mhc 0.25+20030224-1
[27 Feb 2003] DSA-255 tcpdump - infinite loop
- {CAN-2003-0108 CAN-2002-0380}
+ {CVE-2003-0108 CVE-2002-0380}
- tcpdump 3.7.1-1.2
[27 Feb 2003] DSA-254 traceroute-nanog - buffer overflow
- {CAN-2002-1051 CAN-2002-1364 CAN-2002-1386 CAN-2002-1387}
+ {CVE-2002-1051 CVE-2002-1364 CVE-2002-1386 CVE-2002-1387}
- traceroute-nanog 6.3.0-1
[24 Feb 2003] DSA-253 openssl - information leak
- {CAN-2003-0078}
+ {CVE-2003-0078}
- openssl 0.9.7a-1
[21 Feb 2003] DSA-252 slocate - buffer overflow
- {CAN-2003-0056}
+ {CVE-2003-0056}
- slocate 2.7-1
[14 Feb 2003] DSA-251 w3m - missing HTML quoting
- {CAN-2002-1335 CAN-2002-1348}
+ {CVE-2002-1335 CVE-2002-1348}
- w3m 0.3.2.2-1
[12 Feb 2003] DSA-250 w3mmee-ssl - missing HTML quoting
- {CAN-2002-1335 CAN-2002-1348}
+ {CVE-2002-1335 CVE-2002-1348}
NOTE: not in sid/sarge
[11 Feb 2003] DSA-249 w3mmee - missing HTML quoting
- {CAN-2002-1335 CAN-2002-1348}
+ {CVE-2002-1335 CVE-2002-1348}
- w3mmee 0.3.p24.17-3
[31 Jan 2003] DSA-248 hypermail - buffer overflows
- {CAN-2003-0057}
+ {CVE-2003-0057}
- hypermail 2.1.6-1
[30 Jan 2003] DSA-247 courier-ssl - missing input sanitizing
- {CAN-2003-0040}
+ {CVE-2003-0040}
- courier 0.40.2-3
[29 Jan 2003] DSA-246 tomcat - information exposure, cross site scripting
- {CAN-2003-0042 CAN-2003-0043 CAN-2003-0044}
+ {CVE-2003-0042 CVE-2003-0043 CVE-2003-0044}
NOTE: tomcat not in sid/sarge
NOTE: tomcat4 not affected
[28 Jan 2003] DSA-245 dhcp3 - ignored counter boundary
- {CAN-2003-0039}
+ {CVE-2003-0039}
- dhcp3 1.1.2-1
[27 Jan 2003] DSA-244 noffle - buffer overflows
- {CAN-2003-0037}
+ {CVE-2003-0037}
- noffle 1.1.2-1
[24 Jan 2003] DSA-243 kdemultimedia - several vulnerabilities
- {CAN-2002-1393}
+ {CVE-2002-1393}
- kdemultimedia 4:3.1
[24 Jan 2003] DSA-242 kdebase - several vulnerabilities
- {CAN-2002-1393}
+ {CVE-2002-1393}
- kdebase 4:3.1
[24 Jan 2003] DSA-241 kdeutils - several vulnerabilities
- {CAN-2002-1393}
+ {CVE-2002-1393}
- kdeutils 4:3.1
[23 Jan 2003] DSA-240 kdegames - several vulnerabilities
- {CAN-2002-1393}
+ {CVE-2002-1393}
- kdegames 4:3.1
[23 Jan 2003] DSA-239 kdesdk - several vulnerabilities
- {CAN-2002-1393}
+ {CVE-2002-1393}
- kdesdk 4:3.1
[23 Jan 2003] DSA-238 kdepim - several vulnerabilities
- {CAN-2002-1393}
+ {CVE-2002-1393}
- kdepim 4:3.1
[22 Jan 2003] DSA-237 kdenetwork - several vulnerabilities
- {CAN-2002-1393}
+ {CVE-2002-1393}
- kdenetwork 4:3.1
[22 Jan 2003] DSA-236 kdelibs - several vulnerabilities
- {CAN-2002-1393}
+ {CVE-2002-1393}
- kdelibs 4:3.1
[22 Jan 2003] DSA-235 kdegraphics - several vulnerabilities
- {CAN-2002-1393}
+ {CVE-2002-1393}
- kdegraphics 4:3.1
[22 Jan 2003] DSA-234 kdeadmin - several vulnerabilities
- {CAN-2002-1393}
+ {CVE-2002-1393}
- kdeadmin 4:3.1
[21 Jan 2003] DSA-233 cvs - doubly freed memory
- {CAN-2003-0015}
+ {CVE-2003-0015}
- cvs 1.11.2-5.1
[20 Jan 2003] DSA-232 cupsys - several vulnerabilities
- {CAN-2002-1366 CAN-2002-1367 CAN-2002-1368 CAN-2002-1369 CAN-2002-1371 CAN-2002-1372 CAN-2002-1383 CAN-2002-1384}
+ {CVE-2002-1366 CVE-2002-1367 CVE-2002-1368 CVE-2002-1369 CVE-2002-1371 CVE-2002-1372 CVE-2002-1383 CVE-2002-1384}
- cupsys 1.1.18-1
[17 Jan 2003] DSA-231 dhcp3 - stack overflows
- {CAN-2003-0026}
+ {CVE-2003-0026}
- dhcp3 3.0+3.0.1rc11-1
[16 Jan 2003] DSA-230 bugzilla - insecure permissions, spurious backup files
NOTE: not in testing due to 3 newer security holes
- {CAN-2003-0012}
+ {CVE-2003-0012}
- bugzilla 2.16.2
- {CAN-2003-0013}
+ {CVE-2003-0013}
- bugzilla 2.16.2
[15 Jan 2003] DSA-229 imp - SQL injection
- {CAN-2003-0025}
+ {CVE-2003-0025}
NOTE: I think imp3 is ok.
[14 Jan 2003] DSA-228 libmcrypt - buffer overflows and memory leak
- {CAN-2003-0031 CAN-2003-0032}
+ {CVE-2003-0031 CVE-2003-0032}
- libmcrypt 2.5.5-1
[13 Jan 2003] DSA-227 openldap2 - buffer overflows and other bugs
- {CAN-2002-1378 CAN-2002-1379 CAN-2002-1508}
+ {CVE-2002-1378 CVE-2002-1379 CVE-2002-1508}
- openldap2 2.0.27-3
[10 Jan 2003] DSA-226 xpdf-i - integer overflow
- {CAN-2002-1384}
+ {CVE-2002-1384}
- xpdf 2.01-2
[09 Jan 2003] DSA-225 tomcat4 - source disclosure
- {CAN-2002-1394}
+ {CVE-2002-1394}
- tomcat4 4.1.16-1
NOTE: another RC (unreproducible?) bug and missing deps (#263201)
NOTE: are keeping the fix out of testing
NOTE: this is the second unfixed security hole in tomcat4 in testing..
[08 Jan 2003] DSA-224 canna - buffer overflow and more
- {CAN-2002-1158 CAN-2002-1159}
+ {CVE-2002-1158 CVE-2002-1159}
- canna 3.6p1-1
[07 Jan 2003] DSA-223 geneweb - information exposure
- {CAN-2002-1390}
+ {CVE-2002-1390}
- geneweb 4.09-1
[06 Jan 2003] DSA-222 xpdf - integer overflow
- {CAN-2002-1384}
+ {CVE-2002-1384}
- xpdf 2.01-2
[03 Jan 2003] DSA-221 mhonarc - cross site scripting
- {CAN-2002-1388}
+ {CVE-2002-1388}
- mhonarc 2.5.14-1
[02 Jan 2003] DSA-220 squirrelmail - cross site scripting
- {CAN-2002-1341}
+ {CVE-2002-1341}
- squirrelmail 1:1.3.2-2
------- These processed by Djoumé SALVETTI <salvetti at crans.org> -----
[31 Dec 2002] DSA-219 dhcpcd - remote command execution
- {CAN-2002-1403}
+ {CVE-2002-1403}
- dhcpcd 1:1.3.22pl2-2
[30 Dec 2002] DSA-218 bugzilla - cross site scripting
NOTE: not in testing, fixed in unstable (bugzilla 2.16.2-1).
[27 Dec 2002] DSA-217 typespeed - buffer overflow
- {CAN-2002-1389}
+ {CVE-2002-1389}
- typespeed 0.4.2-2
[24 Dec 2002] DSA-216 fetchmail - buffer overflow
- {CAN-2002-1365}
+ {CVE-2002-1365}
- fetchmail 6.2.0-1
[23 Dec 2002] DSA-215 cyrus-imapd - buffer overflow
- {CAN-2002-1580}
+ {CVE-2002-1580}
- cyrus-imapd 1.5.19-9.10
[20 Dec 2002] DSA-214 kdnetwork - buffer overflows
- {CAN-2002-1306}
+ {CVE-2002-1306}
- kdenetwork 4:2.2.2-14.20
NOTE: there is a typo in the DSA, the name of the package is kdenetwork.
[19 Dec 2002] DSA-213 libpng - buffer overflow
- {CAN-2002-1363}
+ {CVE-2002-1363}
- libpng 1.0.12-7
- libpng3 1.2.5-8
[17 Dec 2002] DSA-212 mysql - multiple problems
- {CAN-2002-1373 CAN-2002-1374 CAN-2002-1375 CAN-2002-1376}
+ {CVE-2002-1373 CVE-2002-1374 CVE-2002-1375 CVE-2002-1376}
- mysql-dfsg 4.0.7.gamma-1
[13 Dec 2002] DSA-211 micq - denial of service
- {CAN-2002-1362}
+ {CVE-2002-1362}
NOTE: not in testing nor unstable (was fixed in 0.4.9.4-1)
[13 Dec 2002] DSA-210 lynx - CRLF injection
- {CAN-2002-1405}
+ {CVE-2002-1405}
- lynx 2.8.4.1b-4
NOTE: lynx-ssl not in testing nor unstable.
[12 Dec 2002] DSA-209 wget - directory traversal
- {CAN-2002-1344}
+ {CVE-2002-1344}
- wget 1.8.2-8
[12 Dec 2002] DSA-208 perl - broken safe compartment
- {CAN-2002-1323}
+ {CVE-2002-1323}
- perl 5.8.0-14
[11 Dec 2002] DSA-207 tetex-bin - arbitrary command execution
- {CAN-2002-0836}
+ {CVE-2002-0836}
- tetex-bin 1.0.7+20021025-4
[10 Dec 2002] DSA-206 tcpdump - denial of service
- {CAN-2002-1350}
+ {CVE-2002-1350}
- tcpdump 3.7.2-1
[10 Dec 2002] DSA-205 gtetrinet - buffer overflow
- gtetrinet 0.4.4-1
NOTE: no CAN not CVE for this one
[05 Dec 2002] DSA-204 kdelibs - arbitrary program execution
- {CAN-2002-1281 CAN-2002-1282}
+ {CVE-2002-1281 CVE-2002-1282}
- kdelibs 4:3.1.0-1
[04 Dec 2002] DSA-203 smb2www - arbitrary command execution
- {CAN-2002-1342}
+ {CVE-2002-1342}
- smb2www 980804-17
[03 Dec 2002] DSA-202 im - insecure temporary files
- {CAN-2002-1395}
+ {CVE-2002-1395}
- im 1:141-20
[02 Dec 2002] DSA-201 freeswan - denial of service
- {CAN-2002-0666 VU#459371}
+ {CVE-2002-0666 VU#459371}
- freeswan 1.99-1
[22 Nov 2002] DSA-200 samba - remote exploit
- {CAN-2002-1318}
+ {CVE-2002-1318}
- samba 2.99.cvs.20020713-1
[19 Nov 2002] DSA-199 mhonarc - cross site scripting
- {CAN-2002-1307}
+ {CVE-2002-1307}
- mhonarc 2.5.13-1
[18 Nov 2002] DSA-198 nullmailer - denial of service
- {CAN-2002-1313}
+ {CVE-2002-1313}
- nullmailer 1.00RC5-17
[15 Nov 2002] DSA-197 courier - buffer overflow
- {CAN-2002-1311}
+ {CVE-2002-1311}
- courier 0.40.0-1
[14 Nov 2002] DSA-196 bind - several vulnerabilities
- {CAN-2002-0029 CAN-2002-1219 CAN-2002-1220 CAN-2002-1221}
+ {CVE-2002-0029 CVE-2002-1219 CVE-2002-1220 CVE-2002-1221}
- bind 1:8.3.3-3
[13 Nov 2002] DSA-195 apache-perl - several vulnerabilities
- {CAN-2002-0839 CAN-2002-0840 CAN-2002-0843 CAN-2001-0131 CAN-2002-1233}
+ {CVE-2002-0839 CVE-2002-0840 CVE-2002-0843 CVE-2001-0131 CVE-2002-1233}
- apache-perl 1.3.26-1.1-1.27-3-1
[12 Nov 2002] DSA-194 masqmail - buffer overflows
- {CAN-2002-1279}
+ {CVE-2002-1279}
- masqmail 0.2.15-1
[11 Nov 2002] DSA-193 kdenetwork - buffer overflow
- {CAN-2002-1247}
+ {CVE-2002-1247}
- kdenetwork 4:2.2.2-14.3
[08 Nov 2002] DSA-192 html2ps - arbitrary code execution
- {CAN-2002-1275}
+ {CVE-2002-1275}
- html2ps 1.0b3-2
[07 Nov 2002] DSA-191 squirrelmail - cross site scripting
- {CAN-2002-1131 CAN-2002-1132 CAN-2002-1276}
+ {CVE-2002-1131 CVE-2002-1132 CVE-2002-1276}
- squirrelmail 1:1.2.8-1.1
[07 Nov 2002] DSA-190 wmaker - buffer overflow
- {CAN-2002-1277}
+ {CVE-2002-1277}
- wmaker 0.80.1-4
[06 Nov 2002] DSA-189 luxman - local root exploit
- {CAN-2002-1245}
+ {CVE-2002-1245}
- luxman 0.41-19
[05 Nov 2002] DSA-188 apache-ssl - several vulnerabilities
TODO: The DSA is for apache-ssl, but the bug entries are for apache.
- {CAN-2002-0839 CAN-2002-0840 CAN-2002-0843}
+ {CVE-2002-0839 CVE-2002-0840 CVE-2002-0843}
- apache 1.3.27-0.1
- {CAN-2001-0131 CAN-2002-1233}
+ {CVE-2001-0131 CVE-2002-1233}
- apache 1.3.27-1
- TODO: CAN-2002-0843 appears to be listed twice in this DSA
+ TODO: CVE-2002-0843 appears to be listed twice in this DSA
TODO: (once with NO-CAN)
[04 Nov 2002] DSA-187 apache - several vulnerabilities
- {CAN-2002-0839 CAN-2002-0840 CAN-2002-0843}
+ {CVE-2002-0839 CVE-2002-0840 CVE-2002-0843}
- apache 1.3.27-0.1
- {CAN-2001-0131 CAN-2002-1233}
+ {CVE-2001-0131 CVE-2002-1233}
- apache 1.3.27-1
- TODO: CAN-2002-0843 appears to be listed twice in this DSA
+ TODO: CVE-2002-0843 appears to be listed twice in this DSA
TODO: (once with NO-CAN)
[01 Nov 2002] DSA-186 log2mail - buffer overflow
- {CAN-2002-1251}
+ {CVE-2002-1251}
- log2mail 0.2.6-1
[31 Oct 2002] DSA-185 heimdal - buffer overflow
- {CAN-2002-1235}
+ {CVE-2002-1235}
- heimdal 0.4e-22
[30 Oct 2002] DSA-184 krb4 - buffer overflow
- {CAN-2002-1235}
+ {CVE-2002-1235}
- krb4 1.1-11-8
[29 Oct 2002] DSA-183 krb5 - buffer overflow
- {CAN-2002-1235}
+ {CVE-2002-1235}
- krb5 1.2.6-2
[28 Oct 2002] DSA-182 kdegraphics - buffer overflow
- {CAN-2002-0838}
+ {CVE-2002-0838}
- kdegraphics 4:2.2.2-6.9
[22 Oct 2002] DSA-181 libapache-mod-ssl - cross site scripting
- {CAN-2002-1157}
+ {CVE-2002-1157}
- libapache-mod-ssl 2.8.9-2.3
[21 Oct 2002] DSA-180 nis - information leak
- {CAN-2002-1232}
+ {CVE-2002-1232}
- nis 3.9-6.2
[18 Oct 2002] DSA-179 gnome-gv - buffer overflow
- {CAN-2002-0838}
+ {CVE-2002-0838}
- gnome-gv 1.99.7-9
[17 Oct 2002] DSA-178 heimdal - remote command execution
- {CAN-2002-1225 CAN-2002-1226}
+ {CVE-2002-1225 CVE-2002-1226}
- heimdal 0.4e-21
[17 Oct 2002] DSA-177 pam - serious security violation
- {CAN-2002-1227}
+ {CVE-2002-1227}
- pam 0.76-6
[16 Oct 2002] DSA-176 gv - buffer overflow
- {CAN-2002-0838}
+ {CVE-2002-0838}
- gv 1:3.5.8-27
[15 Oct 2002] DSA-175 syslog-ng - buffer overflow
- {CAN-2002-1200}
+ {CVE-2002-1200}
- syslog-ng 1.5.21-1
[14 Oct 2002] DSA-174 heartbeat - buffer overflow
- {CAN-2002-1215}
+ {CVE-2002-1215}
- heartbeat 0.4.9.2-1
[09 Oct 2002] DSA-173 bugzilla - privilege escalation
- {CAN-2002-1196}
+ {CVE-2002-1196}
NOTE: not in testing, fixed in unstable (bugzilla 2.16.0-2.1)
[08 Oct 2002] DSA-172 tkmail - insecure temporary files
- {CAN-2002-1193}
+ {CVE-2002-1193}
NOTE: not in testing nor unstable (was fixed in 4.0beta9-9)
[07 Oct 2002] DSA-171 fetchmail - buffer overflows
- {CAN-2002-1175 CAN-2002-1174}
+ {CVE-2002-1175 CVE-2002-1174}
- fetchmail 6.1.0-1
NOTE: fetchmail-ssl not in testing, fixed in unstable (fetchmail-ssl 6.1.0-1)
[04 Oct 2002] DSA-170 tomcat4 - source code disclosure
- {CAN-2002-1148}
+ {CVE-2002-1148}
- tomcat4 4.1.12-1
NOTE: only 4.0.4-4 in testing (which seems to be vulnerable)
[25 Sep 2002] DSA-169 htcheck - cross site scripting
- {CAN-2002-1195}
+ {CVE-2002-1195}
- htcheck 1:1.1-1.2
[18 Sep 2002] DSA-168 php - bypassing safe_mode, CRLF injection
- {CAN-2002-0985 CAN-2002-0986}
+ {CVE-2002-0985 CVE-2002-0986}
- php3 3:3.0.18-23.2
- php4 4:4.2.3-3
NOTE: php3 is not in testing, it seems to be wait for tiff and gcc transition
NOTE: and is out of date on alpha and arm
[16 Sep 2002] DSA-167 kdelibs - cross site scripting
- {CAN-2002-1151}
+ {CVE-2002-1151}
- kdelibs 4:2.2.2-14
NOTE: there is a typo in the DSA that mentionned Konquerer instead of kdelibs
[13 Sep 2002] DSA-166 purity - buffer overflows
- {CAN-2002-1124}
+ {CVE-2002-1124}
- purity 1-16
[12 Sep 2002] DSA-165 postgresql - buffer overflows
- {CAN-2002-0972 CAN-2002-1398 CAN-2002-1400 CAN-2002-1401 CVE-2002-1402}
+ {CVE-2002-0972 CVE-2002-1398 CVE-2002-1400 CVE-2002-1401 CVE-2002-1402}
- postgresql 7.2.2-2
[10 Sep 2002] DSA-164 cacti - arbitrary code execution
- {CAN-2002-1477 CAN-2002-1478}
+ {CVE-2002-1477 CVE-2002-1478}
- cacti 0.6.8a-2
[09 Sep 2002] DSA-163 mhonarc - cross site scripting
{CVE-2002-0738}
- mhonarc 2.5.11-1
[06 Sep 2002] DSA-162 ethereal - buffer overflow
- {CAN-2002-0834}
+ {CVE-2002-0834}
- ethereal 0.9.6-1
[04 Sep 2002] DSA-161 mantis - privilege escalation
- {CAN-2002-1115 CAN-2002-1116}
+ {CVE-2002-1115 CVE-2002-1116}
- mantis 0.17.5-2
[03 Sep 2002] DSA-160 scrollkeeper - insecure temporary file creation
- {CAN-2002-0662}
+ {CVE-2002-0662}
- scrollkeeper 0.3.11-2
[28 Aug 2002] DSA-159 python - insecure temporary files
- {CAN-2002-1119}
+ {CVE-2002-1119}
- python2.1 2.1.3-6a
- python2.2 2.2.1-8
NOTE: python1.5 not in testing nor unstable (was fixed in 1.5.2-24)
@@ -2524,19 +2524,19 @@
{CVE-2002-0989}
- gaim 1:0.59.1-2
[23 Aug 2002] DSA-157 irssi-text - denial of service
- {CAN-2002-0983}
+ {CVE-2002-0983}
- irssi-text 0.8.5-2
[22 Aug 2002] DSA-156 epic4-script-light - arbitrary script execution
{CVE-2002-0984}
- epic4-script-light 1:2.7.30p5-2
[17 Aug 2002] DSA-155 kdelibs - privacy escalation with Konqueror
- {CAN-2002-0970}
+ {CVE-2002-0970}
- kdelibs 4:2.2.2-14
[15 Aug 2002] DSA-154 fam - privilege escalation
{CVE-2002-0875}
- fam 2.6.8-1
[14 Aug 2002] DSA-153 mantis - cross site code execution and privilege escalation
- {CAN-2002-1114 CAN-2002-1113 CAN-2002-1112 CAN-2002-1111 CAN-2002-1110}
+ {CVE-2002-1114 CVE-2002-1113 CVE-2002-1112 CVE-2002-1111 CVE-2002-1110}
- mantis 0.17.4a-2
[13 Aug 2002] DSA-152 l2tpd - missing random seed
{CVE-2002-0872 CVE-2002-0873}
@@ -2545,16 +2545,16 @@
{CVE-2002-0871}
- xinetd 1:2.3.7-1
[13 Aug 2002] DSA-150 interchange - illegal file exposition
- {CAN-2002-0874}
+ {CVE-2002-0874}
- interchange 4.8.6-1
[13 Aug 2002] DSA-149 glibc - integer overflow
{CVE-2002-0391}
- glibc 2.2.5-13
[12 Aug 2002] DSA-148 hylafax - buffer overflows and format string vulnerabilities
- {CVE-2002-1049 CVE-2002-1050 CAN-2001-1034}
+ {CVE-2002-1049 CVE-2002-1050 CVE-2001-1034}
- hylafax 4.1.2-2.1
[08 Aug 2002] DSA-147 mailman - cross-site scripting
- {CAN-2002-0388 CAN-2002-0855}
+ {CVE-2002-0388 CVE-2002-0855}
- mailman 2.0.12-1
[08 Aug 2002] DSA-146 dietlibc - integer overflow
{CVE-2002-0391}
@@ -2572,21 +2572,21 @@
{CVE-2002-0391}
- openafs 1.2.6-1
[01 Aug 2002] DSA-141 mpack - buffer overflow
- {CAN-2002-1425}
+ {CVE-2002-1425}
- mpack 1.5-9
[05 Aug 2002] DSA-140 libpng - buffer overflow
- {CAN-2002-0660 CAN-2002-0728}
+ {CVE-2002-0660 CVE-2002-0728}
- libpng 1.0.12-4
- libpng3 1.2.1-2
[01 Aug 2002] DSA-139 super - format string vulnerability
{CVE-2002-0817}
- super 3.18.0-3
[01 Aug 2002] DSA-138 gallery - remote exploit
- {CAN-2002-1412}
+ {CVE-2002-1412}
- gallery 1.3-3
[30 Jul 2002] DSA-137 mm - insecure temporary files
{CVE-2002-0658}
- mm 1.1.3-7
[30 Jul 2002] DSA-136 openssl - multiple remote exploits
- {CAN-2002-0655 CAN-2002-0656 CAN-2002-0657 CAN-2002-0659}
+ {CVE-2002-0655 CVE-2002-0656 CVE-2002-0657 CVE-2002-0659}
- openssl 0.9.6e-1
Modified: data/DTSA/advs/1-kismet.adv
===================================================================
--- data/DTSA/advs/1-kismet.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/1-kismet.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,20 +4,20 @@
vuln-type: various
problem-scope: remote
debian-specific: no
-cve: CAN-2005-2626 CAN-2005-2627
+cve: CVE-2005-2626 CVE-2005-2627
testing-fix: 2005.08.R1-0.1etch1
sid-fix: 2005.08.R1-1
upgrade: apt-get install kismet
Multiple security holes have been discovered in kismet:
- CAN-2005-2627
+ CVE-2005-2627
Multiple integer underflows in Kismet allow remote attackers to execute
arbitrary code via (1) kernel headers in a pcap file or (2) data frame
dissection, which leads to heap-based buffer overflows.
- CAN-2005-2626
+ CVE-2005-2626
Unspecified vulnerability in Kismet allows remote attackers to have an
unknown impact via unprintable characters in the SSID.
Modified: data/DTSA/advs/10-pcre.adv
===================================================================
--- data/DTSA/advs/10-pcre.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/10-pcre.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,7 +4,7 @@
vuln-type: buffer overflow
problem-scope: remote
debian-specific: no
-cve: CAN-2005-2491
+cve: CVE-2005-2491
testing-fix: 6.3-0.1etch1
sid-fix: 6.3-1
upgrade: apt-get install libpcre3
Modified: data/DTSA/advs/11-maildrop.adv
===================================================================
--- data/DTSA/advs/11-maildrop.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/11-maildrop.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,7 +4,7 @@
vuln-type: local privilege escalation
problem-scope: local
debian-specific: yes
-cve: CAN-2005-2655
+cve: CVE-2005-2655
testing-fix: 1.5.3-1.1etch1
sid-fix: 1.5.3-2
upgrade: apt-get install maildrop
Modified: data/DTSA/advs/12-vim.adv
===================================================================
--- data/DTSA/advs/12-vim.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/12-vim.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,7 +4,7 @@
vuln-type: modeline exploits
problem-scope: local
debian-specifc: no
-cve: CAN-2005-2368
+cve: CVE-2005-2368
testing-fix: 1:6.3-085+0.0etch1
sid-fix: 1:6.3-085+1
upgrade: apt-get install vim
Modified: data/DTSA/advs/13-evolution.adv
===================================================================
--- data/DTSA/advs/13-evolution.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/13-evolution.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,21 +4,21 @@
vuln-type: format string vulnerabilities
problem-scope: remote
debian-specifc: no
-cve: CAN-2005-2549 CAN-2005-2550
+cve: CVE-2005-2549 CVE-2005-2550
testing-fix: 2.2.3-2etch1
sid-fix: 2.2.3-3
upgrade: apt-get install evolution
Multiple vulnerabilities were discovered in evolution:
-CAN-2005-2549
+CVE-2005-2549
Multiple format string vulnerabilities in Evolution allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary code via
(1) full vCard data, (2) contact data from remote LDAP servers, or (3) task
list data from remote servers.
-CAN-2005-2550
+CVE-2005-2550
Format string vulnerability in Evolution allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via the
Modified: data/DTSA/advs/14-mozilla.adv
===================================================================
--- data/DTSA/advs/14-mozilla.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/14-mozilla.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,7 +4,7 @@
vuln-type: several
problem-scope: remote
debian-specifc: no
-cve: CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2263 CAN-2005-2265 CAN-2005-2266 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270
+cve: CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2263 CVE-2005-2265 CVE-2005-2266 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270
testing-fix: 2:1.7.8-1sarge2
sid-fix: 2:1.7.10-1
upgrade: apt-get install mozilla
@@ -15,49 +15,49 @@
named 1.7.8. The Common Vulnerabilities and Exposures project identifies the
following problems:
-CAN-2004-0718, CAN-2005-1937
+CVE-2004-0718, CVE-2005-1937
A vulnerability has been discovered in Mozilla that allows remote
attackers to inject arbitrary Javascript from one page into the
frameset of another site.
-CAN-2005-2260
+CVE-2005-2260
The browser user interface does not properly distinguish between
user-generated events and untrusted synthetic events, which makes
it easier for remote attackers to perform dangerous actions that
normally could only be performed manually by the user.
-CAN-2005-2261
+CVE-2005-2261
XML scripts ran even when Javascript disabled.
-CAN-2005-2263
+CVE-2005-2263
It is possible for a remote attacker to execute a callback
function in the context of another domain (i.e. frame).
-CAN-2005-2265
+CVE-2005-2265
Missing input sanitising of InstallVersion.compareTo() can cause
the application to crash.
-CAN-2005-2266
+CVE-2005-2266
Remote attackers could steal sensitive information such as cookies
and passwords from web sites by accessing data in alien frames.
-CAN-2005-2268
+CVE-2005-2268
It is possible for a Javascript dialog box to spoof a dialog box
from a trusted site and facilitates phishing attacks.
-CAN-2005-2269
+CVE-2005-2269
Remote attackers could modify certain tag properties of DOM nodes
that could lead to the execution of arbitrary script or code.
-CAN-2005-2270
+CVE-2005-2270
The Mozilla browser family does not properly clone base objects,
which allows remote attackers to execute arbitrary code.
Modified: data/DTSA/advs/15-php4.adv
===================================================================
--- data/DTSA/advs/15-php4.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/15-php4.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,7 +4,7 @@
vuln-type: several vulnerabilities
problem-scope: remote/local
debian-specifc: no
-cve: CAN-2005-1751 CAN-2005-1921 CAN-2005-2498
+cve: CVE-2005-1751 CVE-2005-1921 CVE-2005-2498
vendor-advisory:
testing-fix: 4.3.10-16etch1
sid-fix: 4.4.0-2
@@ -15,20 +15,20 @@
Vulnerabilities and Exposures project identifies the following
problems:
-CAN-2005-1751
+CVE-2005-1751
Eric Romang discovered insecure temporary files in the shtool
utility shipped with PHP that can exploited by a local attacker to
overwrite arbitrary files. Only this vulnerability affects
packages in oldstable.
-CAN-2005-1921
+CVE-2005-1921
GulfTech has discovered that PEAR XML_RPC is vulnerable to a
remote PHP code execution vulnerability that may allow an attacker
to compromise a vulnerable server.
-CAN-2005-2498
+CVE-2005-2498
Stefan Esser discovered another vulnerability in the XML-RPC
libraries that allows injection of arbitrary PHP code into eval()
Modified: data/DTSA/advs/16-linux-2.6.adv
===================================================================
--- data/DTSA/advs/16-linux-2.6.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/16-linux-2.6.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,7 +4,7 @@
vuln-type: several holes
problem-scope: remote
debian-specifc: no
-cve: CAN-2005-2098 CAN-2005-2099 CAN-2005-2456 CAN-2005-2617 CAN-2005-1913 CAN-2005-1761 CAN-2005-2457 CAN-2005-2458 CAN-2005-2459 CAN-2005-2548 CAN-2004-2302 CAN-2005-1765 CAN-2005-1762 CAN-2005-1761 CAN-2005-2555
+cve: CVE-2005-2098 CVE-2005-2099 CVE-2005-2456 CVE-2005-2617 CVE-2005-1913 CVE-2005-1761 CVE-2005-2457 CVE-2005-2458 CVE-2005-2459 CVE-2005-2548 CVE-2004-2302 CVE-2005-1765 CVE-2005-1762 CVE-2005-1761 CVE-2005-2555
testing-fix: 2.6.12-6
sid-fix: 2.6.12-6
upgrade: apt-get install linux-image-2.6-386; reboot
@@ -13,36 +13,36 @@
linux kernel. The Common Vulnerabilities and Exposures project identifies
the following problems:
-CAN-2004-2302
+CVE-2004-2302
Race condition in the sysfs_read_file and sysfs_write_file functions in
Linux kernel before 2.6.10 allows local users to read kernel memory and
cause a denial of service (crash) via large offsets in sysfs files.
-CAN-2005-1761
+CVE-2005-1761
Vulnerability in the Linux kernel allows local users to cause a
denial of service (kernel crash) via ptrace.
-CAN-2005-1762
+CVE-2005-1762
The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64
platform allows local users to cause a denial of service (kernel crash) via
a "non-canonical" address.
-CAN-2005-1765
+CVE-2005-1765
syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when
running in 32-bit compatibility mode, allows local users to cause a denial
of service (kernel hang) via crafted arguments.
-CAN-2005-1913
+CVE-2005-1913
When a non group-leader thread called exec() to execute a different program
while an itimer was pending, the timer expiry would signal the old group
leader task, which did not exist any more. This caused a kernel panic.
-CAN-2005-2098
+CVE-2005-2098
The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before
2.6.12.5 contains an error path that does not properly release the session
@@ -51,7 +51,7 @@
empty name string, (2) with a long name string, (3) with the key quota
reached, or (4) ENOMEM.
-CAN-2005-2099
+CVE-2005-2099
The Linux kernel before 2.6.12.5 does not properly destroy a keyring that
is not instantiated properly, which allows local users or remote attackers
@@ -59,7 +59,7 @@
that is not empty, which causes the creation to fail, leading to a null
dereference in the keyring destructor.
-CAN-2005-2456
+CVE-2005-2456
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c
in Linux kernel 2.6 allows local users to cause a denial of service (oops
@@ -67,41 +67,41 @@
larger than XFRM_POLICY_OUT, which is used as an index in the
sock->sk_policy array.
-CAN-2005-2457
+CVE-2005-2457
The driver for compressed ISO file systems (zisofs) in the Linux kernel
before 2.6.12.5 allows local users and remote attackers to cause a denial
of service (kernel crash) via a crafted compressed ISO file system.
-CAN-2005-2458
+CVE-2005-2458
inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows
remote attackers to cause a denial of service (kernel crash) via a
compressed file with "improper tables".
-CAN-2005-2459
+CVE-2005-2459
The huft_build function in inflate.c in the zlib routines in the Linux
kernel before 2.6.12.5 returns the wrong value, which allows remote
attackers to cause a denial of service (kernel crash) via a certain
compressed file that leads to a null pointer dereference, a different
- vulnerbility than CAN-2005-2458.
+ vulnerbility than CVE-2005-2458.
-CAN-2005-2548
+CVE-2005-2548
vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a denial
of service (kernel oops from null dereference) via certain UDP packets that
lead to a function call with the wrong argument, as demonstrated using
snmpwalk on snmpd.
-CAN-2005-2555
+CVE-2005-2555
Linux kernel 2.6.x does not properly restrict socket policy access to users
with the CAP_NET_ADMIN capability, which could allow local users to conduct
unauthorized activities via (1) ipv4/ip_sockglue.c and (2)
ipv6/ipv6_sockglue.c.
-CAN-2005-2617
+CVE-2005-2617
The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12
and later, on the amd64 architecture, does not check the return value of
Modified: data/DTSA/advs/17-lm-sensors.adv
===================================================================
--- data/DTSA/advs/17-lm-sensors.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/17-lm-sensors.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,7 +4,7 @@
vuln-type: insecure temporary file
problem-scope: local
debian-specifc: no
-cve: CAN-2005-2672
+cve: CVE-2005-2672
vendor-advisory:
testing-fix: 1:2.9.1-6etch1
sid-fix: 1:2.9.1-7
Modified: data/DTSA/advs/18-thunderbird.adv
===================================================================
--- data/DTSA/advs/18-thunderbird.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/18-thunderbird.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,7 +4,7 @@
vuln-type: multiple
problem-scope: remote/local
debian-specifc: yes/no
-cve: CAN-2005-2968, CAN-2005-2266, CAN-2005-2265, CAN-2005-2261, CAN-2005-1532, CAN-2005-1160, CAN-2005-1159, CAN-2005-0989
+cve: CVE-2005-2968, CVE-2005-2266, CVE-2005-2265, CVE-2005-2261, CVE-2005-1532, CVE-2005-1160, CVE-2005-1159, CVE-2005-0989
vendor-advisory:
testing-fix: xxx
sid-fix: xxx
@@ -12,37 +12,37 @@
xxx multiline description here
-CAN-2005-2968
+CVE-2005-2968
Thunderbird incorrectly escapes commands in input, fed to it through
the --compose option, which could lead to execution of arbitrary
shell commands.
-CAN-2005-2266
+CVE-2005-2266
Child frames may access parental frames, even if these are in
different access domains and may lead to information leakage of
cookies or pass words.
-CAN-2005-2265
+CVE-2005-2265
Incorrect type checks in InstallVersion.compareTo may lead to a
denial-of-service attack or possibly execution of arbitrary code.
-CAN-2005-2261
+CVE-2005-2261
XBL scripts are even run, if Javascript has been disabled.
-CAN-2005-1532
+CVE-2005-1532
Javascript is inproperly limits its privileges to the calling
context, which could lead to "non-DOM privilege override".
-CAN-2005-1160
+CVE-2005-1160
Overriding properties/methods of DOM nodes could lead to execution
of code with extended "chrome" privileges.
-CAN-2005-1159
+CVE-2005-1159
Native function implementations are not verified, causing Javascript
execution at improper memory addresses allowing denial of service and
potentially arbitrary code execution
-CAN-2005-0989
+CVE-2005-0989
The find_replen function in the Javascript engine allows remote
attackers to read portions of heap memory in a Javascript string via
the lambda replace method.
Modified: data/DTSA/advs/19-clamav.adv
===================================================================
--- data/DTSA/advs/19-clamav.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/19-clamav.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,18 +4,18 @@
vuln-type: buffer overflow and infinate loop problems
problem-scope: remote
debian-specific: no
-cve: CAN-2005-2919 CAN-2005-2920
+cve: CVE-2005-2919 CVE-2005-2920
testing-fix: 0.86.2-4etch2
sid-fix: 0.87-1
upgrade: apt-get upgrade
Multiple security holes were found in clamav:
-CAN-2005-2919
+CVE-2005-2919
A possible infinate loop has been discovered in libclamav/fsg.c
-CAN-2005-2920
+CVE-2005-2920
A possible buffer overflow has been found in libclamav/upx.c
Modified: data/DTSA/advs/2-centericq.adv
===================================================================
--- data/DTSA/advs/2-centericq.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/2-centericq.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,32 +4,32 @@
vuln-type: multiple vulnerabilities
problem-scope: local and remote
debian-specific: no
-cve: CAN-2005-2448 CAN-2005-2370 CAN-2005-2369 CAN-2005-1914
+cve: CVE-2005-2448 CVE-2005-2370 CVE-2005-2369 CVE-2005-1914
testing-fix: 4.20.0-8etch1
sid-fix: 4.20.0-9
upgrade: apt-get install centericq
centericq in testing is vulnerable to multiple security holes:
-CAN-2005-2448
+CVE-2005-2448
Multiple endianness errors in libgadu, which is embedded in centericq,
allow remote attackers to cause a denial of service (invalid behaviour in
applications) on big-endian systems.
-CAN-2005-2370
+CVE-2005-2370
Multiple memory alignment errors in libgadu, which is embedded in
centericq, allows remote attackers to cause a denial of service (bus error)
on certain architectures such as SPARC via an incoming message.
-CAN-2005-2369
+CVE-2005-2369
Multiple integer signedness errors in libgadu, which is embedded in
centericq, may allow remote attackers to cause a denial of service
or execute arbitrary code.
-CAN-2005-1914
+CVE-2005-1914
centericq creates temporary files with predictable file names, which
allows local users to overwrite arbitrary files via a symlink attack.
Modified: data/DTSA/advs/20-mailutils.adv
===================================================================
--- data/DTSA/advs/20-mailutils.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/20-mailutils.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,7 +4,7 @@
vuln-type: Format string vulnerability
problem-scope: remote
debian-specifc: no
-cve: CAN-2005-2878
+cve: CVE-2005-2878
vendor-advisory: http://savannah.gnu.org/patch/index.php?func=detailitem&item_id=4407
testing-fix: 1:0.6.90-2.1etch1
sid-fix: 1:0.6.90-3
@@ -12,7 +12,7 @@
A format string vulnerability has been discovered in Mailutils.
-CAN-2005-2878
+CVE-2005-2878
A format string vulnerability in search.c in the imap4d server in GNU
Mailutils 0.6 allows remote authenticated users to execute arbitrary code via
format string specifiers in the SEARCH command.
Modified: data/DTSA/advs/3-clamav.adv
===================================================================
--- data/DTSA/advs/3-clamav.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/3-clamav.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,40 +4,40 @@
vuln-type: denial of service and privilege escalation
problem-scope: remote
debian-specific: no
-cve: CAN-2005-2070 CAN-2005-1923 CAN-2005-2056 CAN-2005-1922 CAN-2005-2450
+cve: CVE-2005-2070 CVE-2005-1923 CVE-2005-2056 CVE-2005-1922 CVE-2005-2450
testing-fix: 0.86.2-4etch1
sid-fix: 0.86.2-1
upgrade: apt-get upgrade
Multiple security holes were found in clamav:
-CAN-2005-2070
+CVE-2005-2070
The ClamAV Mail fILTER (clamav-milter), when used in Sendmail using long
timeouts, allows remote attackers to cause a denial of service by keeping
an open connection, which prevents ClamAV from reloading.
-CAN-2005-1923
+CVE-2005-1923
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) allows remote
attackers to cause a denial of service (CPU consumption by infinite loop)
via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff,
which causes a zero-length read.
-CAN-2005-2056
+CVE-2005-2056
The Quantum archive decompressor in Clam AntiVirus (ClamAV) allows remote
attackers to cause a denial of service (application crash) via a crafted
Quantum archive.
-CAN-2005-1922
+CVE-2005-1922
The MS-Expand file handling in Clam AntiVirus (ClamAV) allows remote
attackers to cause a denial of service (file descriptor and memory
consumption) via a crafted file that causes repeated errors in the
cli_msexpand function.
-CAN-2005-2450
+CVE-2005-2450
Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file
format processors in libclamav for Clam AntiVirus (ClamAV) allow remote
Modified: data/DTSA/advs/4-ekg.adv
===================================================================
--- data/DTSA/advs/4-ekg.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/4-ekg.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,36 +4,36 @@
vuln-type: multiple vulnerabilities
problem-scope: local and remote
debian-specific: no
-cve: CAN-2005-1916 CAN-2005-1851 CAN-2005-1850 CAN-2005-1852 CAN-2005-2448
+cve: CVE-2005-1916 CVE-2005-1851 CVE-2005-1850 CVE-2005-1852 CVE-2005-2448
testing-fix: 1:1.5+20050808+1.6rc3-0etch1
sid-fix: 1:1.5+20050808+1.6rc3-1
upgrade: apt-get install libgadu3 ekg
Multiple vulnerabilities were discovered in ekg:
-CAN-2005-1916
+CVE-2005-1916
Eric Romang discovered insecure temporary file creation and arbitrary
command execution in a contributed script that can be exploited by a local
attacker.
-CAN-2005-1851
+CVE-2005-1851
Marcin Owsiany and Wojtek Kaniewski discovered potential shell command
injection in a contributed script.
-CAN-2005-1850
+CVE-2005-1850
Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file
creation in contributed scripts.
-CAN-2005-1852
+CVE-2005-1852
Multiple integer overflows in libgadu, as used in ekg, allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via an incoming message.
-CAN-2005-2448
+CVE-2005-2448
Multiple endianness errors in libgadu in ekg allow remote attackers to
cause a denial of service (invalid behaviour in applications) on
Modified: data/DTSA/advs/44-kdelibs.adv
===================================================================
--- data/DTSA/advs/44-kdelibs.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/44-kdelibs.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,7 +4,7 @@
vuln-type: insecure default permissions
problem-scope: local
debian-specifc: no
-cve: CAN-2005-1920
+cve: CVE-2005-1920
vendor-advisory:
testing-fix: 4:3.3.2-6.1etch1
sid-fix: 4:3.4.2-1
Modified: data/DTSA/advs/5-gaim.adv
===================================================================
--- data/DTSA/advs/5-gaim.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/5-gaim.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,26 +4,26 @@
vuln-type: multiple remote vulnerabilities
problem-scope: remote
debian-specific: no
-cve: CAN-2005-2102 CAN-2005-2370 CAN-2005-2103
+cve: CVE-2005-2102 CVE-2005-2370 CVE-2005-2103
testing-fix: 1:1.4.0-5etch2
sid-fix: 1:1.4.0-5
upgrade: apt-get install gaim
Multiple security holes were found in gaim:
-CAN-2005-2102
+CVE-2005-2102
The AIM/ICQ module in Gaim allows remote attackers to cause a denial of
service (application crash) via a filename that contains invalid UTF-8
characters.
-CAN-2005-2370
+CVE-2005-2370
Multiple memory alignment errors in libgadu, as used in gaim and other
packages, allow remote attackers to cause a denial of service (bus error)
on certain architectures such as SPARC via an incoming message.
-CAN-2005-2103
+CVE-2005-2103
Buffer overflow in the AIM and ICQ module in Gaim allows remote attackers
to cause a denial of service (application crash) and possibly execute
Modified: data/DTSA/advs/7-mozilla.adv
===================================================================
--- data/DTSA/advs/7-mozilla.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/7-mozilla.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,7 +4,7 @@
vuln-type: frame injection spoofing
problem-scope: remote
debian-specific: no
-cve: CAN-2004-0718 CAN-2005-1937
+cve: CVE-2004-0718 CVE-2005-1937
testing-fix: 2:1.7.8-1sarge1
sid-fix: 2:1.7.10-1
upgrade: apt-get install mozilla
Modified: data/DTSA/advs/8-mozilla-firefox.adv
===================================================================
--- data/DTSA/advs/8-mozilla-firefox.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/8-mozilla-firefox.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,7 +4,7 @@
vuln-type: several vulnerabilities (update)
problem-scope: remote
debian-specific: no
-cve: CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270
+cve: CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270
testing-fix: 1.0.4-2sarge3
sid-fix: 1.0.6-3
upgrade: apt-get install mozilla-firefox
@@ -18,65 +18,65 @@
Several problems were discovered in Mozilla Firefox:
-CAN-2004-0718 CAN-2005-1937
+CVE-2004-0718 CVE-2005-1937
A vulnerability has been discovered in Mozilla Firefox that allows remote
attackers to inject arbitrary Javascript from one page into the frameset of
another site.
-CAN-2005-2260
+CVE-2005-2260
The browser user interface does not properly distinguish between
user-generated events and untrusted synthetic events, which makes it easier
for remote attackers to perform dangerous actions that normally could only be
performed manually by the user.
-CAN-2005-2261
+CVE-2005-2261
XML scripts ran even when Javascript disabled.
-CAN-2005-2262
+CVE-2005-2262
The user can be tricked to executing arbitrary JavaScript code by using a
JavaScript URL as wallpaper.
-CAN-2005-2263
+CVE-2005-2263
It is possible for a remote attacker to execute a callback function in the
context of another domain (i.e. frame).
-CAN-2005-2264
+CVE-2005-2264
By opening a malicious link in the sidebar it is possible for remote
attackers to steal sensitive information.
-CAN-2005-2265
+CVE-2005-2265
Missing input sanitising of InstallVersion.compareTo() can cause the
application to crash.
-CAN-2005-2266
+CVE-2005-2266
Remote attackers could steal sensitive information such as cookies and
passwords from web sites by accessing data in alien frames.
-CAN-2005-2267
+CVE-2005-2267
By using standalone applications such as Flash and QuickTime to open a
javascript: URL, it is possible for a remote attacker to steal sensitive
information and possibly execute arbitrary code.
-CAN-2005-2268
+CVE-2005-2268
It is possible for a Javascript dialog box to spoof a dialog box from a
trusted site and facilitates phishing attacks.
-CAN-2005-2269
+CVE-2005-2269
Remote attackers could modify certain tag properties of DOM nodes that could
lead to the execution of arbitrary script or code.
-CAN-2005-2270
+CVE-2005-2270
The Mozilla browser family does not properly clone base objects, which allows
remote attackers to execute arbitrary code.
Modified: data/DTSA/advs/9-bluez-utils.adv
===================================================================
--- data/DTSA/advs/9-bluez-utils.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/9-bluez-utils.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,7 +4,7 @@
vuln-type: bad device name escaping
problem-scope: remote
debian-specific: no
-cve: CAN-2005-2547
+cve: CVE-2005-2547
testing-fix: 2.19-0.1etch1
sid-fix: 2.19-1
upgrade: apt-get install bluez-utils
Modified: data/DTSA/advs/nn-kernel-source-2.4.27.adv
===================================================================
--- data/DTSA/advs/nn-kernel-source-2.4.27.adv 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/advs/nn-kernel-source-2.4.27.adv 2005-10-19 23:10:21 UTC (rev 2462)
@@ -4,8 +4,8 @@
vuln-type: various
problem-scope: remote
debian-specifc: no
-cve: CAN-2005-2458, CAN-2005-2459, CAN-2005-1767, CAN-2005-2456,
-CAN-2005-1768, CAN-2005-0756 CAN-2005-0757, CAN-2005-1762, CAN-2005-1768
+cve: CVE-2005-2458, CVE-2005-2459, CVE-2005-1767, CVE-2005-2456,
+CVE-2005-1768, CVE-2005-0756 CVE-2005-0757, CVE-2005-1762, CVE-2005-1768
vendor-advisory:
testing-fix: 2.4.27-11
sid-fix: 2.4.27-11
Modified: data/DTSA/list
===================================================================
--- data/DTSA/list 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/DTSA/list 2005-10-19 23:10:21 UTC (rev 2462)
@@ -1,56 +1,56 @@
[August 26th, 2005] DTSA-1-1 kismet - various
- {CAN-2005-2626 CAN-2005-2627 }
+ {CVE-2005-2626 CVE-2005-2627 }
- kismet 2005.08.R1-0.1etch1 (high)
[August 28th, 2005] DTSA-2-1 centericq - multiple vulnerabilities
- {CAN-2005-2448 CAN-2005-2370 CAN-2005-2369 CAN-2005-1914 }
+ {CVE-2005-2448 CVE-2005-2370 CVE-2005-2369 CVE-2005-1914 }
- centericq 4.20.0-8etch1 (medium)
[August 28th, 2005] DTSA-3-1 clamav - denial of service and privilege escalation
- {CAN-2005-2070 CAN-2005-1923 CAN-2005-2056 CAN-2005-1922 CAN-2005-2450 }
+ {CVE-2005-2070 CVE-2005-1923 CVE-2005-2056 CVE-2005-1922 CVE-2005-2450 }
- clamav 0.86.2-4etch1 (high)
[August 28th, 2005] DTSA-4-1 ekg - multiple vulnerabilities
- {CAN-2005-1916 CAN-2005-1851 CAN-2005-1850 CAN-2005-1852 CAN-2005-2448 }
+ {CVE-2005-1916 CVE-2005-1851 CVE-2005-1850 CVE-2005-1852 CVE-2005-2448 }
- ekg 1:1.5+20050808+1.6rc3-0etch1 (high)
[August 28th, 2005] DTSA-5-1 gaim - multiple remote vulnerabilities
- {CAN-2005-2102 CAN-2005-2370 CAN-2005-2103 }
+ {CVE-2005-2102 CVE-2005-2370 CVE-2005-2103 }
- gaim 1:1.4.0-5etch2 (high)
[August 28th, 2005] DTSA-6-1 cgiwrap - multiple vulnerabilities
- cgiwrap 3.9-3.0etch1 (medium)
[August 28th, 2005] DTSA-7-1 mozilla - frame injection spoofing
- {CAN-2004-0718 CAN-2005-1937 }
+ {CVE-2004-0718 CVE-2005-1937 }
- mozilla 2:1.7.8-1sarge1 (medium)
[September 1st, 2005] DTSA-8-2 mozilla-firefox - several vulnerabilities (update)
- {CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 }
+ {CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270 }
- mozilla-firefox 1.0.4-2sarge3 (medium)
[August 31st, 2005] DTSA-9-1 bluez-utils - bad device name escaping
- {CAN-2005-2547 }
+ {CVE-2005-2547 }
- bluez-utils 2.19-0.1etch1 (high)
[August 29th, 2005] DTSA-10-1 pcre3 - buffer overflow
- {CAN-2005-2491 }
+ {CVE-2005-2491 }
- pcre3 6.3-0.1etch1 (high)
[August 29th, 2005] DTSA-11-1 maildrop - local privilege escalation
- {CAN-2005-2655 }
+ {CVE-2005-2655 }
- maildrop 1.5.3-1.1etch1 (medium)
[September 8th, 2005] DTSA-12-1 vim - modeline exploits
- {CAN-2005-2368 }
+ {CVE-2005-2368 }
- vim 1:6.3-085+0.0etch1 (medium)
[September 8th, 2005] DTSA-13-1 evolution - format string vulnerabilities
- {CAN-2005-2549 CAN-2005-2550 }
+ {CVE-2005-2549 CVE-2005-2550 }
- evolution 2.2.3-2etch1 (high)
[September 13th, 2005] DTSA-14-1 mozilla - several
- {CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2263 CAN-2005-2265 CAN-2005-2266 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 }
+ {CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2263 CVE-2005-2265 CVE-2005-2266 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270 }
- mozilla 2:1.7.8-1sarge2
[September 13th, 2005] DTSA-15-1 php4 - several vulnerabilities
- {CAN-2005-1751 CAN-2005-1921 CAN-2005-2498 }
+ {CVE-2005-1751 CVE-2005-1921 CVE-2005-2498 }
- php4 4:4.3.10-16etch1
[September 15th, 2005] DTSA-16-1 linux-2.6 - various
- {CAN-2005-2098 CAN-2005-2099 CAN-2005-2456 CAN-2005-2617 CAN-2005-1913 CAN-2005-1761 CAN-2005-2457 CAN-2005-2458 CAN-2005-2459 CAN-2005-2548 CAN-2004-2302 CAN-2005-1765 CAN-2005-1762 CAN-2005-2555 }
+ {CVE-2005-2098 CVE-2005-2099 CVE-2005-2456 CVE-2005-2617 CVE-2005-1913 CVE-2005-1761 CVE-2005-2457 CVE-2005-2458 CVE-2005-2459 CVE-2005-2548 CVE-2004-2302 CVE-2005-1765 CVE-2005-1762 CVE-2005-2555 }
- linux-2.6 2.6.12-6
[September 15th, 2005] DTSA-17-1 lm-sensors - insecure temporary file
- {CAN-2005-2672 }
+ {CVE-2005-2672 }
- lm-sensors 1:2.9.1-6etch1
[September 22nd, 2005] DTSA-19-1 clamav - buffer overflow and infinate loop problems
- {CAN-2005-2919 CAN-2005-2920 }
+ {CVE-2005-2919 CVE-2005-2920 }
- clamav 0.86.2-4etch2
[October 13th, 2005] DTSA-20-1 mailutils - Format string vulnerability
- {CAN-2005-2878 }
+ {CVE-2005-2878 }
- mailutils 1:0.6.90-2.1etch1
Modified: data/README
===================================================================
--- data/README 2005-10-19 23:08:35 UTC (rev 2461)
+++ data/README 2005-10-19 23:10:21 UTC (rev 2462)
@@ -21,7 +21,7 @@
The date of the advisory in the form dd Mmm YYYY (01 Nov 2004).
Optional, only given for DSAs at the moment.
id
- DSA-nnn-n, CAN-YYY-nnnn, CVE-YYY-nnnn, etc
+ DSA-nnn-n, CVE-YYY-nnnn, etc
description
Pretty much freeform description of the problem. Short and optional.
By convention, if it's taken from upstream data source
More information about the Secure-testing-commits
mailing list