[Secure-testing-commits] r1776 - in data: CAN DTSA

Joey Hess joeyh at costa.debian.org
Thu Sep 1 20:48:16 UTC 2005 

Author: joeyh
Date: 2005-09-01 20:48:13 +0000 (Thu, 01 Sep 2005)
New Revision: 1776

Modified:
   data/CAN/list
   data/DTSA/list
Log:
List versions in CAN/list that were covered by a DTSA so checklist will
know a CAN is fixed by a DTSA. This seems a bit hard to do every time we
make a new DTSA though.


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-01 20:37:43 UTC (rev 1775)
+++ data/CAN/list	2005-09-01 20:48:13 UTC (rev 1776)
@@ -109,7 +109,7 @@
 CAN-2005-2655 [Privilege escalation due to insufficient privilege drop in maildrop's lockmail]
 	NOTE: reserved
 	{DSA-791-1 DTSA-11-1}
-	- maildrop 1.5.3-2 (medium)
+	- maildrop 1.5.3-1.1etch1 (medium)
 CAN-2005-2654
 	NOTE: reserved
 CAN-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
@@ -190,10 +190,10 @@
 	NOTE: reserved
 CAN-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...)
 	{DSA-788-1 DTSA-1-1}
-	- kismet 2005.08.R1-1 (bug #323386; high)
+	- kismet 2005.08.R1-0.1etch1 (bug #323386; high)
 CAN-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows remote ...)
 	{DSA-788-1 DTSA-1-1}
-	- kismet 2005.08.R1-1 (bug #323386; high)
+	- kismet 2005.08.R1-0.1etch1 (bug #323386; high)
 CAN-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...)
 	NOTE: not-for-us (MS IE)
 CAN-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 ...)
@@ -736,7 +736,7 @@
 	NOTE: not-for-us (Novell eDirectory)
 CAN-2005-2547 (security.c in hcid for BlueZ 2.18 and earlier allows remote attackers ...)
 	{DSA-782-1}
-	- bluez-utils 2.19-1 (bug #323365; medium)
+	- bluez-utils 2.19-0.1etch1 (bug #323365; medium)
 CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
 	NOTE: not-for-us (Arab Portal)
 CAN-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat ...)
@@ -857,7 +857,7 @@
 CAN-2005-2492
 	NOTE: reserved
 CAN-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...)
-	- pcre3 6.3-1 (bug #324531; medium)
+	- pcre3 6.3-0.1etch1 (bug #324531; medium)
 	TODO: gnumeric seems to embed a copy of PCRE, check
 	- python2.1 2.1.3dfsg-3 (medium)
 	- python2.2 2.2.3dfsg-4 (medium)
@@ -1068,9 +1068,9 @@
 	- clamav-getfiles 0.5-1 (bug #321446; medium)
 begin claimed by neilm
 CAN-2005-XXXX [cgiwrap: Minimum UID does not include all system users]
-	- cgiwrap 3.9-3.1 (low)
+	- cgiwrap 3.9-3.0etch1 (low)
 CAN-2005-XXXX [cgiwrap: CGIs can be used to disclose system information]
-	- cgiwrap 3.9-3.1 (low)
+	- cgiwrap 3.9-3.0etch1 (low)
 CAN-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
 	- tutos 1.1.20031017-2.1 (medium)
 CAN-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows ...)
@@ -1115,7 +1115,7 @@
 CAN-2005-2448 (Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow ...)
 	{DTSA-4-1 DTSA-2-1}
 	- ekg 1:1.5+20050718+1.6rc3-1 (low)
-	- centericq 4.20.0-9 (bug #323185; medium)
+	- centericq 4.20.0-8etch1 (bug #323185; medium)
 CAN-2005-2447
 	NOTE: rejected
 CAN-2005-2446
@@ -1315,11 +1315,11 @@
 CAN-2005-2370 (Multiple "memory alignment errors" in libgadu, as used in ekg before ...)
 	{DSA-769-1 DTSA-5-1 DTSA-2-1}
 	- gaim 1:1.4.0-5 (low)
-	- centericq 4.20.0-9 (bug #323185; low)
+	- centericq 4.20.0-8etch1 (bug #323185; low)
 CAN-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before ...)
 	{DTSA-2-1}
 	TODO: check gaim and others that embed libgadu in source tree
-	- centericq 4.20.0-9 (bug #323185; medium)
+	- centericq 4.20.0-8etch1 (bug #323185; medium)
 CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external ...)
 	- vim 1:6.3-085+1 (bug #320017; medium)
 CAN-2005-2367 (Format string vulnerability in the proto_item_set_text function in ...)
@@ -1679,49 +1679,49 @@
 	NOTE: not-for-us (iCab)
 CAN-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone ...)
 	{DSA-781-1 DSA-779-1}
-	- mozilla-firefox 1.0.5-1 (high)
+	- mozilla-firefox 1.0.4-2sarge3 (high)
 	- mozilla 2:1.7.10-1 (high)
 	- mozilla-thunderbird 1.0.6-1 (high)
 CAN-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does ...)
 	{DSA-781-1 DSA-779-1}
-	- mozilla-firefox 1.0.5-1 (high)
+	- mozilla-firefox 1.0.4-2sarge3 (high)
 	- mozilla 2:1.7.10-1 (medium)
 	- mozilla-thunderbird 1.0.6-1 (medium)
 CAN-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly ...)
 	{DSA-779-1}
-	- mozilla-firefox 1.0.5-1 (medium)
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
 	- mozilla 2:1.7.10-1 (medium)
 CAN-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal information and ...)
 	{DSA-779-1}
-	- mozilla-firefox 1.0.5-1 (medium)
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
 CAN-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to ...)
 	{DSA-781-1 DSA-779-1}
-	- mozilla-firefox 1.0.5-1 (medium)
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
 	- mozilla 2:1.7.10-1 (medium)
 	- mozilla-thunderbird 1.0.6-1 (low)
 CAN-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 ...)
 	{DSA-781-1 DSA-779-1}
-	- mozilla-firefox 1.0.5-1 (high)
+	- mozilla-firefox 1.0.4-2sarge3 (high)
 	- mozilla 2:1.7.10-1 (medium)
 	- mozilla-thunderbird 1.0.6-1 (medium)
 CAN-2005-2264 (Firefox before 1.0.5 allows remote attackers to steal sensitive ...)
 	{DSA-779-1}
-	- mozilla-firefox 1.0.5-1 (medium)
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
 CAN-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla ...)
 	{DSA-779-1}
-	- mozilla-firefox 1.0.5-1 (medium)
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
 	- mozilla 2:1.7.10-1 (medium)
 CAN-2005-2262 (Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers ...)
 	{DSA-779-1}
-	- mozilla-firefox 1.0.5-1 (medium)
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
 CAN-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, ...)
 	{DSA-781-1 DSA-779-1}
-	- mozilla-firefox 1.0.5-1 (medium)
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
 	- mozilla 2:1.7.10-1 (medium)
 	- mozilla-thunderbird 1.0.6-1 (medium)
 CAN-2005-2260 (The browser user interface in Firefox before 1.0.5, Mozilla before ...)
 	{DSA-779-1}
-	- mozilla-firefox 1.0.5-1 (medium)
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
 	- mozilla 2:1.7.10-1 (medium)
 CAN-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of ...)
 	NOTE: not-for-us (magicHTML)
@@ -3683,7 +3683,8 @@
 	NOTE: rejected
 CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...)
 	{DSA-777-1 DSA-775-1}
-	- mozilla-firefox 1.0.4-3 (medium)
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
+	- mozilla 2:1.7.8-1sarge1 (medium)
 CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...)
 	NOTE: not-for-us (Microsoft)
 CAN-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...)
@@ -11862,8 +11863,8 @@
 	NOTE: upstream versions became vulnerable again, see
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850
 	NOTE: and were fixed again, it got CAN-2005-1937 for the reversion
-	- mozilla 1.6 (medium)
-	- mozilla-firefox 1.0.4-3 (medium)
+	- mozilla 2:1.7.8-1sarge1 (medium)
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
 CAN-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...)
 	NOTE: not-for-us (opera 7.50)
 CAN-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ...)

Modified: data/DTSA/list
===================================================================
--- data/DTSA/list	2005-09-01 20:37:43 UTC (rev 1775)
+++ data/DTSA/list	2005-09-01 20:48:13 UTC (rev 1776)
@@ -11,7 +11,7 @@
 	{CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270}
 	- mozilla-firefox 1.0.4-2sarge3 (high)
 [28 Aug 2005] DTSA-7-1 mozilla - frame injection spoofing
-	{CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270}
+	{CAN-2004-0718 CAN-2005-1937}
 	- mozilla 2:1.7.8-1sarge1 (high)
 [28 Aug 2005] DTSA-6-1 cgiwrap - multiple vulnerabilities
 	- cgiwrap 3.9-3.0etch1 (low)
@@ -22,7 +22,7 @@
 	{CAN-2005-1916 CAN-2005-1851 CAN-2005-1850 CAN-2005-1852 CAN-2005-2448}
 	- ekg 1:1.5+20050808+1.6rc3-0etch1 (low)
 [27 Aug 2005] DTSA-3-1 clamav - denial of service and privilege escalation
-	{CAN-2005-2070 CAN-2005-1923 CAN-2005-2056 CAN-2005-1922 CAN-2005-2450 }
+	{CAN-2005-2070 CAN-2005-1923 CAN-2005-2056 CAN-2005-1922 CAN-2005-2450}
 	- clamav 0.86.2-4etch1 (high)
 [27 Aug 2005] DTSA-2-1 centericq - multiple vulnerabilities
 	{CAN-2005-2448 CAN-2005-2370 CAN-2005-2369 CAN-2005-1914}

More information about the Secure-testing-commits mailing list