Author: micah
Date: 2005-10-01 18:18:00 +0000 (Sat, 01 Oct 2005)
New Revision: 2263
Modified:
data/DSA/list
Log:
Removed extra spaces between curly braces in cross-refs
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-10-01 17:44:31 UTC (rev 2262)
+++ data/DSA/list 2005-10-01 18:18:00 UTC (rev 2263)
@@ -4,901 +4,901 @@
NOTE: not fixed in testing at time of DSA (unfixed in sid)
NOTE: No bug exists for this issue
[01 Oct 2005] DSA-835-1 cfengine - insecure temporary files
- { CAN-2005-2960 }
+ {CAN-2005-2960}
- cfengine <unfixed>
NOTE: not fixed in testing at time of DSA (unfixed in sid)
NOTE: No bug exists for this issue
[01 Oct 2005] DSA-834-1 prozilla - buffer overflow
- { CAN-2005-2961 }
+ {CAN-2005-2961}
NOTE: Prozilla has been removed before Sarge release
[30 Sep 2005] DSA-832-1 gopher - buffer overflows
- { CAN-2005-2772 }
+ {CAN-2005-2772}
- gopher 3.0.11
NOTE: fixed in testing at time of DSA
[30 Sep 2005] DSA-831-1 mysql-dfsg-4.1 - several
- { CAN-2005-2558 }
+ {CAN-2005-2558}
- mysql-dfsg-4.1 4.1.14-2 (medium)
- mysql-dfsg-5.0 5.0.11beta-3 (medium)
NOTE: fixed in testing at time of DSA
[30 Sep 2005] DSA-830-1 ntmlaps - wrong permissions
- { CAN-2005-2962 }
+ {CAN-2005-2962}
- ntmlaps 0.9.9-4
NOTE: fixed in testing at time of DSA
[30 Sep 2005] DSA-829-1 mysql - several
- { CAN-2005-2558 }
+ {CAN-2005-2558}
- mysql-dfsg-4.1 4.1.14-2 (medium)
- mysql-dfsg-5.0 5.0.11beta-3 (medium)
NOTE: fixed in testing at time of DSA
[30 Sep 2005] DSA-828-1 squid - several
- { CAN-2005-2917 }
+ {CAN-2005-2917}
- squid 2.5.10-6 (medium)
NOTE: fixed in testing at time of DSA
[30 Sep 2005] DSA-809-2 squid - assertion error
- { CAN-2005-2794 }
+ {CAN-2005-2794}
- squid 2.5.10-5 (medium)
NOTE: fixed in testing at time of DSA
[29 Sep 2005] DSA-827-1 backupninja - insecure temporary file creation
- backupninja 0.8-2 (medium)
NOTE: not fixed in testing at time of DSA (too young 1/2 days)
[29 Sep 2005] DSA-826-1 helix-player - multiple
- { CAN-2005-1766 CAN-2005-2710 }
+ {CAN-2005-1766 CAN-2005-2710}
- helix-player 1.0.6-1 (high)
NOTE: not fixed in testing at time of DSA
[29 Sep 2005] DSA-825-1 loop-aes-utils - privilege escalation
- { CAN-2005-2876 }
+ {CAN-2005-2876}
- loop-aes-utils 2.12p-9 (medium)
NOTE: fixed in testing at the time of the DSA
[29 Sep 2005] DSA-823-1 util-linux - privilege escalation
- { CAN-2005-2876 }
+ {CAN-2005-2876}
- util-linux 2.12p-8 (high)
NOTE: not fixed in testing at time of DSA
[29 Sep 2005] DSA-822-1 gtkdiskfree - insecure temporary file creation
- { CAN-2005-2918 }
+ {CAN-2005-2918}
- gtkdiskfree 1.9.3-4sarge1 (medium)
NOTE: not fixed even in unstable at time of DSA
[29 Sep 2005] DSA-824-1 clamav - infinite loop, buffer overflow
- { CAN-2005-2919 CAN-2005-2920 }
+ {CAN-2005-2919 CAN-2005-2920}
- clamav 0.87-1 (high)
NOTE: not fixed in testing at time of DSA
[28 Sep 2005] DSA-797-2 zsync - buffer overflow
- { CAN-2005-1849 CAN-2005-2096 }
+ {CAN-2005-1849 CAN-2005-2096}
- zsync 0.3.3-1.sarge.1.2 (low)
NOTE: An upload to fix a FTBS
[28 Sep 2005] DSA-821-1 python2.3 - integer overflow
- { CAN-2005-2491 }
+ {CAN-2005-2491}
- python2.3 2.3.5-8 (medium)
NOTE: not fixed in testing at time of DSA (waiting on gmp)
[24 Sep 2005] DSA-820-1 courier - missing input sanitising
- { CAN-2005-2820 }
+ {CAN-2005-2820}
- courier 0.47-9 (medium)
NOTE: fixed in testing at time of DSA
[23 Sep 2005] DSA-819-1 python2.1 - integer overflow
- { CAN-2005-2491 }
+ {CAN-2005-2491}
- python2.1 2.1.3dfsg-3 (medium)
NOTE: not fixed in testing at time of DSA (waiting on gmp)
[22 Sep 2005] DSA-818-1 kdeedu - insecure temporary files
- { CAN-2005-2101 }
+ {CAN-2005-2101}
- kdeedu 4:3.4.2-1
NOTE: not fixed in testing at time of DSA
[22 Sep 2005] DSA-817-1 python2.2 - integer overflow
- { CAN-2005-2491 }
+ {CAN-2005-2491}
- python2.2 2.2.3dfsg-4 (medium)
NOTE: not fixed in testing at time of DSA (waiting on gmp)
[19 Sep 2005] DSA-816-1 xfree86 - integer overflow
- { CAN-2005-2495 }
+ {CAN-2005-2495}
- xserver-xorg 6.8.2.dfsg.1-7
NOTE: not fixed in testing at time of DSA (waiting on gcc, which is waiting on
gmp)
[16 Sep 2005] DSA-815-1 kdebase - programming error
- { CAN-2005-2494 }
+ {CAN-2005-2494}
- kdebase 4:3.4.2-3 (medium)
NOTE: not fixed in testing at time of DSA (not even fixed in unstable)
[15 Sep 2005] DSA-814-1 lm-sensors - insecure temporary file
- { CAN-2005-2672 }
+ {CAN-2005-2672}
- lm-sensors 1:2.9.1-6etch1
NOTE: not fixed in testing at time of DSA (waiting on rrdtool, which is
waiting on perl)
[15 Sep 2005] DSA-813-1 centericq - several
- { CAN-2005-2369 CAN-2005-2370 CAN-2005-2448 }
+ {CAN-2005-2369 CAN-2005-2370 CAN-2005-2448}
- centericq 4.20.0-9
NOTE: fixed in testing in time of DSA
[15 Sep 2005] DSA-812-1 turqstat - buffer overflow
- { CAN-2005-2658 }
+ {CAN-2005-2658}
- turqstat 2.2.4-1 (medium)
NOTE: not fixed in testing at time of DSA (waiting on qt, borked on m68k)
[14 Sep 2005] DSA-811-1 common-lisp-controller - design error
- { CAN-2005-2657 }
+ {CAN-2005-2657}
- common-lisp-controller 4.18 (bug #328633; medium)
NOTE: not fixed in testing at time of DSA (too young, sid fix not yet
uploaded)
[13 Sep 2005] DSA-810-1 mozilla - several
- { CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2263
CAN-2005-2265 CAN-2005-2266 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 }
+ {CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2263
CAN-2005-2265 CAN-2005-2266 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270}
- mozilla 2:1.7.8-1sarge2 (medium)
NOTE: not fixed in testing at time of DSA (buggy and TBS)
[13 Sep 2005] DSA-809-1 squid - several
- { CAN-2005-2794 CAN-2005-2796 }
+ {CAN-2005-2794 CAN-2005-2796}
- squid 2.5.10-5 (medium)
NOTE: not fixed in testing at time of DSA (too young)
[12 Sep 2005] DSA-808-1 tdiary - design error
- { CAN-2005-2411 }
+ {CAN-2005-2411}
- tdiary 2.0.2-1 (medium)
NOTE: fixed in testing at time of DSA
[12 Sep 2005] DSA-807-1 libapache-mod-ssl - acl restriction bypass
- { CAN-2005-2700 }
+ {CAN-2005-2700}
- libapache-mod-ssl 2.8.24-1 (medium)
NOTE: not fixed in testing at time of DSA (too young)
[09 Sep 2005] DSA-806-1 gcvs - insecure temporary files
- { CAN-2005-2693 }
+ {CAN-2005-2693}
- gcvs 1.0final-7 (low)
NOTE: fixed in testing at time of DSA
[08 Sep 2005] DSA-805-1 apache2 - several
- { CAN-2005-1268 CAN-2005-2088 CAN-2005-2700 CAN-2005-2728 }
+ {CAN-2005-1268 CAN-2005-2088 CAN-2005-2700 CAN-2005-2728}
- apache2 2.0.54-5 (medium)
NOTE: not fixed in testing at time of DSA (too young)
[08 Sep 2005] DSA-804-1 kdelibs - insecure permissions
- { CAN-2005-1920 }
+ {CAN-2005-1920}
- kdelibs 4:3.4.2-1 (medium)
NOTE: not fixed in testing at time of DSA (kde transition)
[07 Sep 2005] DSA-803-1 apache - programming error
- { CAN-2005-2088 }
+ {CAN-2005-2088}
- apache 1.3.33-8 (medium)
NOTE: not fixed in testing at time of DSA (too young)
[07 Sep 2005] DSA-802-1 cvs - insecure temporary files
- { CAN-2005-2693 }
+ {CAN-2005-2693}
- cvs 1:1.11.5-4 (low)
NOTE: fixed in testing at time of DSA
[05 Sep 2005] DSA-801-1 ntp - programming error
- { CAN-2005-2496 }
+ {CAN-2005-2496}
- ntp 1:4.2.0a+stable-2sarge1 (medium)
NOTE: not fixed in testing at time of DSA (RC bugs)
[02 Sep 2005] DSA-800-1 pcre3 - integer overflow
- { CAN-2005-2491 }
+ {CAN-2005-2491}
- pcre3 6.3-0.1etch1 (high)
NOTE: not fixed in testing at time of DSA (glibc transition)
NOTE: however, fixed in secure-testing archive
[02 Sep 2005] DSA-799-1 webcalendar - input validation
- { CAN-2005-2717 }
+ {CAN-2005-2717}
- webcalendar 0.9.45-7 (bug #326223; high)
NOTE: not fixed in testing at time of DSA (coordinated disclosure)
[02 Sep 2005] DSA-798-1 phpgroupware - several
- { CAN-2005-2498 CAN-2005-2600 CAN-2005-2761 }
+ {CAN-2005-2498 CAN-2005-2600 CAN-2005-2761}
- phpgroupware 0.9.16.008-1 (high)
NOTE: not fixed in testing at time of DSA (too young)
[01 Sep 2005] DSA-797-1 zsync - buffer overflow
- { CAN-2005-1849 CAN-2005-2096 }
+ {CAN-2005-1849 CAN-2005-2096}
- zsync 0.4.0-2 (medium)
NOTE: fixed in testing at time of DSA
[01 Sep 2005] DSA-796-1 affix - unsafe use of popen
- { CAN-2005-2716 }
+ {CAN-2005-2716}
- affix 2.1.2-3 (medium)
NOTE: not fixed in testing at time of DSA (glibc transition, builds)
[01 Sep 2005] DSA-795-2 proftpd - format string error
- { CAN-2005-2390 }
+ {CAN-2005-2390}
- proftpd 1.2.10-20 (medium)
NOTE: fixed in testing at time of DSA
NOTE: Initial -1 release had a build problem
[01 Sep 2005] DSA-794-1 polygen - programming error
- { CAN-2005-2656 }
+ {CAN-2005-2656}
- polygen 1.0.6-9 (low)
NOTE: not fixed in testing at time of DSA (too young)
[21 Aug 2005] DSA-779-2 mozilla-firefox - several
NOTE: Essentially 1.0.6 with rolled-back version number, backported version
had regressions
- { CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264
CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269
CAN-2005-2270 }
+ {CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264
CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269
CAN-2005-2270}
- mozilla-firefox 1.0.4-2sarge3 (medium)
NOTE: not fixed in testing at time of DSA (waiting on dependencies)
NOTE: Fixed in DTSA, which will have the same regressions, should be
checked/reverted
[01 Sep 2005] DSA-793-1 courier - missing input sanitising
- { CAN-2005-2724 }
+ {CAN-2005-2724}
- courier 0.47-8 (medium)
NOTE: not fixed in testing at time of DSA (glibc transition, too young)
[31 Aug 2005] DSA-792-1 pstotext - missing input sanitising
- { CAN-2005-2536 }
+ {CAN-2005-2536}
- pstotext 1.9-2 (medium)
NOTE: not fixed in testing at time of DSA (glibc transition, builds)
[30 Aug 2005] DSA-791-1 maildrop - missing privilege release
- { CAN-2005-2655 }
+ {CAN-2005-2655}
- maildrop 1.5.3-1.1etch1 (medium)
NOTE: not fixed in testing at time of DSA (glibc transition)
NOTE: but fixed in secure-testing repo
[30 Aug 2005] DSA-790-1 phpldapadmin - programming error
- { CAN-2005-2654 }
+ {CAN-2005-2654}
- phpldapadmin 0.9.6c-5 (medium)
NOTE: fixed in testing at time of DSA
[29 Aug 2005] DSA-789-1 php4 - several
- { CAN-2005-1751 CAN-2005-1921 CAN-2005-2498 }
+ {CAN-2005-1751 CAN-2005-1921 CAN-2005-2498}
- php4 4:4.3.10-16etch1 (high)
NOTE: not fixed in testing at time of DSA (not uploaded yet)
[29 Aug 2005] DSA-788-1 kismet - several
- { CAN-2005-2626 CAN-2005-2627 }
+ {CAN-2005-2626 CAN-2005-2627}
- kismet 2005.08.R1-1 (medium)
NOTE: not fixed in testing at time of DSA (glibc transition)
NOTE: but fixed in secure-testing repo
[26 Aug 2005] DSA-787-1 backup-manager - insecure permissions and tempfile
- { CAN-2005-1855 CAN-2005-1856 }
+ {CAN-2005-1855 CAN-2005-1856}
- backup-manager 0.5.8-2 (medium)
NOTE: fixed in testing at time of DSA
[26 Aug 2005] DSA-786-1 simpleproxy - format string vulnerability
- { CAN-2005-1857 }
+ {CAN-2005-1857}
- simpleproxy 3.2-4 (medium)
NOTE: not fixed in testing at time of DSA (embargoed disclosure)
[25 Aug 2005] DSA-785-1 libpam-ldap - authentication bypass
- { CAN-2005-2641 CAN-2005-2069 }
+ {CAN-2005-2641 CAN-2005-2069}
- libpam-ldap 178-1sarge1 (medium)
NOTE: not fixed in testing at time of DSA (embargoed disclosure)
[25 Aug 2005] DSA-784-1 courier - programming error
- { CAN-2005-2151 }
+ {CAN-2005-2151}
- courier 0.47-6 (low)
NOTE: not fixed in testing at time of DSA (glibc transition)
[24 Aug 2005] DSA-783-1 mysql-dfsg-4.1 - insecure temporary file
- { CAN-2005-1636 }
+ {CAN-2005-1636}
- mysql-dfsg-4.1 4.1.12 (medium; bug #319526)
NOTE: not fixed in testing at time of DSA (glibc transition)
- mysql-dfsg-5.0 5.0.11beta-3 (medium)
NOTE: not fixed in testing at time of DSA (glibc transition)
[23 Aug 2005] DSA-782-1 bluez-utils - missing input sanitising
- { CAN-2005-2547 }
+ {CAN-2005-2547}
- bluez-utils 2.19-1 (high)
NOTE: not fixed in testing at time of DSA (missing builds)
[23 Aug 2005] DSA-781-1 mozilla-thunderbird - several
- { CAN-2005-0989 CAN-2005-1159 CAN-2005-1160 CAN-2005-1532 CAN-2005-2261
CAN-2005-2265 CAN-2005-2266 CAN-2005-2269 CAN-2005-2270 }
+ {CAN-2005-0989 CAN-2005-1159 CAN-2005-1160 CAN-2005-1532 CAN-2005-2261
CAN-2005-2265 CAN-2005-2266 CAN-2005-2269 CAN-2005-2270}
- mozilla-thunderbird 1.0.6-1 (medium)
NOTE: not fixed in testing at time of DSA (missing builds)
[22 Aug 2005] DSA-780-1 kdegraphics - wrong input sanitising
- { CAN-2005-2097 }
+ {CAN-2005-2097}
- kdegraphics 4:3.4.2-1 (bug #322458; low)
NOTE: not fixed in testing at time of DSA (nor in unstable; C++ ABI
transition)
[21 Aug 2005] DSA-779-1 mozilla-firefox - several
- { CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264
CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269
CAN-2005-2270 }
+ {CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264
CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269
CAN-2005-2270}
- mozilla-firefox 1.0.4-2sarge3 (medium)
NOTE: not fixed in testing at time of DSA (build and deps)
[19 Aug 2005] DSA-778-1 mantis - missing input sanitising
- { CAN-2005-2556 CAN-2005-2557 }
+ {CAN-2005-2556 CAN-2005-2557}
- mantis 0.19.2-4 (medium)
NOTE: not fixed in testing at time of DSA (nor unstable)
[17 Aug 2005] DSA-777-1 mozilla - frame injection spoofing
- { CAN-2004-0718 CAN-2005-1937 }
+ {CAN-2004-0718 CAN-2005-1937}
- mozilla 2:1.7.10-1 (medium)
NOTE: not fixed in testing at time of DSA (waiting on builds)
[16 Aug 2005] DSA-776-1 clamav - integer overflows, infinite loop
- { CAN-2005-2450 }
+ {CAN-2005-2450}
- clamav 0.86.2-1 (medium)
NOTE: not fixed in testing at time of DSA (waiting on dependencies)
[12 Aug 2005] DSA-775-1 mozilla-firefox - frame injection spoofing
- { CAN-2004-0718 CAN-2005-1937 }
+ {CAN-2004-0718 CAN-2005-1937}
- mozilla-firefox 1.0.4-2sarge3 (medium)
NOTE: IMO the information about the sid fix in the DSA is wrong, pinged
security@
NOTE: fixed in testing at time of DSA
[12 Aug 2005] DSA-774-1 fetchmail - buffer overflow
- { CAN-2005-2335 }
+ {CAN-2005-2335}
- fetchmail 6.2.5-16 (medium)
NOTE: fixed in testing at time of DSA
[11 Aug 2005] DSA-773-1 New amd64 packages fix several bugs
NOTE: amd64 catch-up DSA, no new holes
[03 Aug 2005] DSA-772-1 apt-cacher - missing input sanitising
- { CAN-2005-1854 }
+ {CAN-2005-1854}
- apt-cacher 0.9.10 (high)
NOTE: not fixed in testing at time of DSA (not uploaded to unstable yet)
[01 Aug 2005] DSA-771-1 pdns - several
- { CAN-2005-2301 CAN-2005-2302 }
+ {CAN-2005-2301 CAN-2005-2302}
- pdns 2.9.18-1 (medium)
NOTE: not fixed in testing at time of DSA (too young)
[29 Jul 2005] DSA-770-1 gopher - insecure tmpfile handling
- { CAN-2005-1853 }
+ {CAN-2005-1853}
- gopher 3.0.10
NOTE: not fixed in testing at time of DSA (Debian server outage)
[29 Jul 2005] DSA-769-1 gaim - memory alignment bug
- { CAN-2005-2370 }
+ {CAN-2005-2370}
- gaim 1:1.4.0-5 (high)
NOTE: not fixed in testing at time of DSA (?)
[27 Jul 2005] DSA-768-1 phpbb2 - missing input validation
- { CAN-2005-2161 }
+ {CAN-2005-2161}
- phpbb2 2.0.13-6sarge1
NOTE: not fixed in testing at time of DSA (Debian server outage)
[27 Jul 2005] DSA-767-1 ekg - integer overflows
- { CAN-2005-1852 }
+ {CAN-2005-1852}
- ekg 1:1.5+20050718+1.6rc3-1 (medium)
NOTE: not fixed in testing at time of DSA (Debian server outage)
[26 Jul 2005] DSA-766-1 webcalendar - authorisation failure
- { CAN-2005-2320 }
+ {CAN-2005-2320}
- webcalendar 0.9.45-7 (medium)
NOTE: not fixed in testing at time of DSA (Debian server outage)
[22 Jul 2005] DSA-765-1 heimdal - buffer overflow
- { CAN-2005-0469 }
+ {CAN-2005-0469}
- heimdal 0.6.3-10 (medium)
NOTE: fixed in testing at time of DSA
[21 Jul 2005] DSA-764-1 cacti - several
- { CAN-2005-1524 CAN-2005-1525 CAN-2005-1526 CAN-2005-2148 CAN-2005-2149 }
+ {CAN-2005-1524 CAN-2005-1525 CAN-2005-1526 CAN-2005-2148 CAN-2005-2149}
- cacti 0.8.6f-1 (high)
NOTE: fixed in testing at time of DSA
NOTE: DSA information is incorrect, sid fix is 6f, not 6e
[20 Jul 2005] DSA-763-1 zlib - buffer overflow
- { CAN-2005-1849 }
+ {CAN-2005-1849}
- zlib 1:1.2.3-1 (medium)
NOTE: not fixed in testing at time of DSA (only 1/2 days old, not built on
s390)
[19 Jul 2005] DSA-762-1 affix - several
- { CAN-2005-2250 CAN-2005-2277 }
+ {CAN-2005-2250 CAN-2005-2277}
- affix 2.1.2-2 (medium)
NOTE: not fixed in testing at time of DSA (only 2/2 days old)
[19 Jul 2005] DSA-761-2 heartbeat - insecure temporary files
- { CAN-2005-2231 }
+ {CAN-2005-2231}
- heartbeat 1.2.3-12 (medium)
NOTE: not fixed in testing at time of DSA (only 0/2 days old)
[18 Jul 2005] DSA-760-1 ekg - several
- { CAN-2005-1850 CAN-2005-1851 CAN-2005-1916 }
+ {CAN-2005-1850 CAN-2005-1851 CAN-2005-1916}
- ekg 1:1.5+20050712+1.6rc2-1 (low)
NOTE: not fixed in testing at time of DSA (waiting on dependencies, not built
on five archs)
[18 Jul 2005] DSA-759-1 phppgadmin - missing input sanitising
- { CAN-2005-2256 }
+ {CAN-2005-2256}
- phppgadmin 3.5.4-1 (medium)
NOTE: not fixed in testing at time of DSA (only 0/10 days old)
[18 Jul 2005] DSA-758-1 heimdal - buffer overflow
- { CAN-2005-2040 }
+ {CAN-2005-2040}
- heimdal 0.6.3-11 (medium)
NOTE: not fixed in testing at time of DSA (waiting on dependencies)
[17 Jul 2005] DSA-757-1 krb5 - buffer overflow, double-free memory
- { CAN-2005-1689 CAN-2005-1174 CAN-2005-1175 }
+ {CAN-2005-1689 CAN-2005-1174 CAN-2005-1175}
- krb5 1.3.6-4 (medium)
NOTE: not fixed in testing at time of DSA (waiting on dependencies, not built
on m68k)
[14 Jul 2005] DSA-746-1 phpgroupware - remote command execution
- { CAN-2005-1921 }
+ {CAN-2005-1921}
- phpgroupware 0.9.16.006-1 (high)
NOTE: fixed in testing at time of DSA
[13 Jul 2005] DSA-756-1 squirrelmail - several
- { CAN-2005-1769 CAN-2005-2095 }
+ {CAN-2005-1769 CAN-2005-2095}
- squirrelmail 2:1.4.4-6 (medium)
NOTE: not fixed in testing at time of DSA (only 0/2 days old)
[13 Jul 2005] DSA-755-1 tiff - buffer overflow
- { CAN-2005-1544 }
+ {CAN-2005-1544}
- tiff 3.7.2-3 (medium)
NOTE: fixed in testing at time of DSA
[13 Jul 2005] DSA-754-1 centericq - insecure temporary file
- { CAN-2005-1914 }
+ {CAN-2005-1914}
- centericq 4.20.0-7 (low)
NOTE: not fixed in testing at time of DSA (waiting on dependencies)
[12 Jul 2005] DSA-753-1 gedit - format string
- { CAN-2005-1686 }
+ {CAN-2005-1686}
- gedit 2.10.3-1 (low)
NOTE: not fixed in testing at time of DSA (waiting on dependencies)
[11 Jul 2005] DSA-752-1 gzip - several
- { CAN-2005-0988 CAN-2005-1228 }
+ {CAN-2005-0988 CAN-2005-1228}
- gzip 1.3.5-10
NOTE: fixed in testing at time of DSA
[11 Jul 2005] DSA-751-1 squid - IP spoofind
- { CAN-2005-1519 }
+ {CAN-2005-1519}
- squid 2.5.9-9
NOTE: fixed in testing at time of DSA
[10 Jul 2005] DSA-748-1 ruby1.8 - bad default value
- { CAN-2005-1992 }
+ {CAN-2005-1992}
- ruby1.8 1.8.2-8 (medium)
NOTE: not fixed in testing at time of DSA (waiting on dependencies)
[11 Jul 2005] DSA-750-1 dhcpcd - out-of-bound memory access
- { CAN-2005-1848 }
+ {CAN-2005-1848}
- dhcpcd 1:1.3.22pl4-22
NOTE: fixed in testing at time of DSA
[10 Jul 2005] DSA-749-1 ettercap - format string error
- { CAN-2005-1796 }
+ {CAN-2005-1796}
- ettercap 1:0.7.3-1 (medium)
NOTE: fixed in testing at time of DSA
[10 Jul 2005] DSA-747-1 egroupware - input validation error
- { CAN-2005-1921 }
+ {CAN-2005-1921}
- egroupware 1.0.0.007-3.dfsg-1 (high)
NOTE: not fixed in testing at time of DSA (only 1/2 days old)
[10 Jul 2005] DSA-745-1 drupal - arbitrary command execution
- { CAN-2005-1921 CAN-2005-2106 CAN-2005-2116 }
+ {CAN-2005-1921 CAN-2005-2106 CAN-2005-2116}
- drupal 4.5.4-1 (high)
NOTE: fixed in testing at time of DSA
[08 Jul 2005] DSA-744-1 fuse - programming error
- { CAN-2005-1858 }
+ {CAN-2005-1858}
- fuse 2.3.0-1
NOTE: fixed in testing at time of DSA
[08 Jul 2005] DSA-743-1 ht - buffer overflows, integer overflows
- { CAN-2005-1545 CAN-2005-1546 }
+ {CAN-2005-1545 CAN-2005-1546}
- ht 0.8.0-3
NOTE: fixed in testing at time of DSA
[09 Jul 2005] DSA-742-1 cvs - buffer overflow
- { CAN-2005-0753 }
+ {CAN-2005-0753}
- cvs 1:1.12.9-13 (high)
NOTE: fixed in testing at time of DSA
[07 Jul 2005] DSA-741-1 bzip2 - infinite loop
- { CAN-2005-1260 }
+ {CAN-2005-1260}
- bzip2 1.0.2-7 (low)
NOTE: fixed in testing at time of DSA
[06 Jul 2005] DSA-740-1 zlib - buffer overflow
- { CAN-2005-2096 }
+ {CAN-2005-2096}
- zlib 1:1.2.2-7 (medium)
NOTE: anything statically linking zlib needs rebuild
NOTE: not fixed in testing at time of DSA (embargoed disclosure)
[06 Jul 2005] DSA-739-1 trac - missing input sanitising
- { CAN-2005-2007 }
+ {CAN-2005-2007}
- trac 0.8.4-1 (medium)
NOTE: fixed in testing at time of DSA
[19 May 2005] DSA-725-2 ppxp - missing privilege release
- { CAN-2005-0392 }
+ {CAN-2005-0392}
- ppxp 0.2001080415-11
NOTE: fixed in testing at time of DSA
[05 Jul 2005] DSA-738-1 razor - email header parsing error
- { CAN-2005-2024 }
+ {CAN-2005-2024}
- razor 2.720-1 (low)
NOTE: not fixed in testing at time of DSA (not built on arm)
[05 Jul 2005] DSA-737-1 clamav - various DOS vulnerabilities
- { CAN-2005-1922 CAN-2005-1923 CAN-2005-2056 CAN-2005-2070 }
+ {CAN-2005-1922 CAN-2005-1923 CAN-2005-2056 CAN-2005-2070}
- clamav 0.86.1-1 (medium)
NOTE: not fixed in testing at time of DSA (uploaded with low urgency only, one
fix missing for sid)
[05 Jul 2005] DSA-734-1 gaim - denial of service
- { CAN-2005-1269 CAN-2005-1934 }
+ {CAN-2005-1269 CAN-2005-1934}
- gaim 1:1.3.1-1
NOTE: not fixed in testing at time of DSA (not built on sparc)
[01 Jul 2005] DSA-736-2 spamassassin - mail header parsing error
- { CAN-2005-1266 }
+ {CAN-2005-1266}
- spamassassin 3.0.4-1 (medium)
NOTE: fixed in testing at time of DSA
[01 Jul 2005] DSA-736-1 spamassassin - mail header parsing error
- { CAN-2005-1266 }
+ {CAN-2005-1266}
- spamassassin 3.0.4-1 (medium)
NOTE: fixed in testing at time of DSA
[08 Jul 2005] DSA-735-2 sudo - pathname validation race
- { CAN-2005-1993 }
+ {CAN-2005-1993}
- sudo 1.6.8p9-1 (medium)
NOTE: fixed in testing at time of DSA
[01 Jul 2005] DSA-735-1 sudo - pathname validation race
- { CAN-2005-1993 }
+ {CAN-2005-1993}
- sudo 1.6.8p9-1 (medium)
NOTE: not fixed in testing at time of DSA
[30 Jun 2005] DSA-733-1 crip - insecure temporary files
- { CAN-2005-0393 }
+ {CAN-2005-0393}
- crip 3.5-1sarge2 (low)
NOTE: not fixed in testing at time of DSA (reserved)
[03 Jun 2005] DSA-732-1 mailutils - several
- { CAN-2005-1520 CAN-2005-1521 CAN-2005-1522 CAN-2005-1523 }
+ {CAN-2005-1520 CAN-2005-1521 CAN-2005-1522 CAN-2005-1523}
- mailutils 1:0.6.1-4
NOTE: fixed in testing at time of DSA
[02 Jun 2005] DSA-731-1 krb4 - buffer overflows
- { CAN-2005-0468 CAN-2005-0469 }
+ {CAN-2005-0468 CAN-2005-0469}
- krb4 1.2.2-11.2
NOTE: fixed in testing at time of DSA
[27 May 2005] DSA-730-1 bzip2 - race condition
- { CAN-2005-0953 }
+ {CAN-2005-0953}
- bzip2 1.0.2-6
NOTE: fixed in testing at time of DSA
[26 May 2005] DSA-729-1 php4 - missing input sanitising
- { CAN-2005-0525 }
+ {CAN-2005-0525}
- php4 4:4.3.10-10
NOTE: fixed in testing at time of DSA
[25 May 2005] DSA-728-1 qpopper - missing privilege release
- { CAN-2005-1151 CAN-2005-1152 }
+ {CAN-2005-1151 CAN-2005-1152}
- qpopper 4.0.5-4sarge1
NOTE: fixed in testing at time of DSA by security team
[20 May 2005] DSA-727-1 libconvert-uulib-perl - buffer overflow
- { CAN-2005-1349 }
+ {CAN-2005-1349}
- libconvert-uulib-perl 1.0.5.1-1
NOTE: fixed in testing at time of DSA
[20 May 2005] DSA-726-1 oops - format string vulnerability
- { CAN-2005-1121 }
+ {CAN-2005-1121}
- oops <unfixed> (bug #307360; high)
NOTE: not in testing at time of DSA
[19 May 2005] DSA-725-1 ppxp - missing privilege release
- { CAN-2005-0392 }
+ {CAN-2005-0392}
- ppxp 0.2001080415-11
NOTE: not fixed in testing at time of DSA
[18 May 2005] DSA-724-1 phpsysinfo - design flaw
- { CAN-2005-0870 }
+ {CAN-2005-0870}
- phpsysinfo 2.3-3
NOTE: fixed in testing at time of DSA
[09 May 2005] DSA-723-1 xfree86 - buffer overflow
- { CAN-2005-0605 }
+ {CAN-2005-0605}
- xfree86 4.3.0.dfsg.1-13
NOTE: not fixed in testing at time of DSA
[09 May 2005] DSA-722-1 smail - buffer overflow
- { CAN-2005-0892 }
+ {CAN-2005-0892}
NOTE: Package not in testing at time of DSA
[06 May 2005] DSA-721-1 squid - design flaw
- { CAN-2005-1345 }
+ {CAN-2005-1345}
- squid 2.5.9-7
NOTE: not fixed in testing at time of DSA
[03 May 2005] DSA-720-1 smartlist - wrong input processing
- { CAN-2005-0157 }
+ {CAN-2005-0157}
- smartlist 3.15-18
NOTE: fixed in testing at time of DSA
[28 Apr 2005] DSA-719-1 prozilla - format string problems
- { CAN-2005-0523 }
+ {CAN-2005-0523}
- prozilla 1:1.3.7.4-1
NOTE: fixed in testing at time of DSA
[28 Apr 2005] DSA-718-1 ethereal - buffer overflow
- { CAN-2005-0739 }
+ {CAN-2005-0739}
- ethereal 0.10.10-1
NOTE: fixed in testing at time of DSA
[27 Apr 2005] DSA-717-1 lsh-utils - buffer overflow, typo
- { CAN-2003-0826 CAN-2005-0814 }
+ {CAN-2003-0826 CAN-2005-0814}
- lsh-utils 2.0.1-2
NOTE: fixed in testing at time of DSA
[27 Apr 2005] DSA-716-1 gaim - denial of service
- { CAN-2005-0472 }
+ {CAN-2005-0472}
- gaim 1:1.1.3-1
NOTE: fixed in testing at time of DSA
[27 Apr 2005] DSA-715-1 cvs - several
- { CAN-2004-1342 CAN-2004-1343 }
+ {CAN-2004-1342 CAN-2004-1343}
- cvs 1:1.12.9-12
NOTE: not fixed in testing at time of DSA
[26 Apr 2005] DSA-714-1 kdelibs - several
- { CAN-2005-1046 }
+ {CAN-2005-1046}
- kdelibs 4:3.3.2-5
NOTE: not fixed in testing at time of DSA
[21 Apr 2005] DSA-701-2 samba - integer overflows
NOTE: only a bug in the backported fix to stable, testing is ok
[21 Apr 2005] DSA-713-1 junkbuster - several
- { CAN-2005-1108 CAN-2005-1109 }
+ {CAN-2005-1108 CAN-2005-1109}
NOTE: package not in testing/unstable
[19 Apr 2005] DSA-712-1 geneweb - insecure file operations
- { CAN-2005-0391 }
+ {CAN-2005-0391}
- geneweb 4.10-7
NOTE: fixed in testing at time of DSA
[19 Apr 2005] DSA-711-1 info2www - missing input sanitising
- { CAN-2004-1341 }
+ {CAN-2004-1341}
- info2www 1.2.2.9-23
NOTE: fixed in testing at time of DSA
[18 Apr 2005] DSA-710-1 gtkhtml - null pointer dereference
- { CAN-2003-0541 }
+ {CAN-2003-0541}
- gtkhtml 1.0.4-6.2
NOTE: fixed in testing at time of DSA
[15 Apr 2005] DSA-709-1 libexif - buffer overflow
- { CAN-2005-0664 }
+ {CAN-2005-0664}
- libexif 0.6.9-5
[15 Apr 2005] DSA-708-1 php3 - missing input sanitising
- { CAN-2005-0525 }
+ {CAN-2005-0525}
- php3 3:3.0.18-31
[13 Apr 2005] DSA-707-1 mysql - several
- { CAN-2004-0957 CAN-2005-0709 CAN-2005-0710 CAN-2005-0711 }
+ {CAN-2004-0957 CAN-2005-0709 CAN-2005-0710 CAN-2005-0711}
- mysql-dfsg 4.0.24-5
- mysql-dfsg-4.1 4.1.10a-6
NOTE: not fixed in testing at time of DSA
[13 Apr 2005] DSA-706-1 axel - buffer overflow
- { CAN-2005-0390 }
+ {CAN-2005-0390}
- axel 1.0b-1
NOTE: fixed in testing at time of DSA
[04 Apr 2005] DSA-705-1 wu-ftpd - missing input sanitising
- { CAN-2005-0256 CAN-2003-0854 }
+ {CAN-2005-0256 CAN-2003-0854}
- wu-ftpd 2.6.2-19
[04 Apr 2005] DSA-704-1 remstats - tempfile, missing input sanitising
- { CAN-2005-0387 CAN-2005-0388 }
+ {CAN-2005-0387 CAN-2005-0388}
- remstats 1.0.13a-5
NOTE: not fixed in testing at time of DSA
[01 Apr 2005] DSA-703-1 krb5 - buffer overflows
- { CAN-2005-0468 CAN-2005-0469 }
+ {CAN-2005-0468 CAN-2005-0469}
- krb5 1.3.6-1
[01 Apr 2005] DSA-702-1 imagemagick - several
- { CAN-2005-0397 CAN-2005-0759 CAN-2005-0760 CAN-2005-0762 }
+ {CAN-2005-0397 CAN-2005-0759 CAN-2005-0760 CAN-2005-0762}
- imagemagick 6:6.0.6.2-2.2
[31 Mar 2005] DSA-701-1 samba - integer overflows
- { CAN-2004-1154 }
+ {CAN-2004-1154}
- samba 3.0.10-1
[30 Mar 2005] DSA-700-1 mailreader - missing input sanitising
- { CAN-2005-0386 }
+ {CAN-2005-0386}
- mailreader 2.3.29-11
NOTE: not fixed in testing at time of DSA
[29 Mar 2005] DSA-699-1 netkit-telnet-ssl - buffer overflow
- { CAN-2005-0469 }
+ {CAN-2005-0469}
- netkit-telnet-ssl 0.17.24+0.1-7.1
NOTE: not fixed in testing at time of DSA
[29 Mar 2005] DSA-698-1 mc - buffer overflow
- { CAN-2005-0763 }
+ {CAN-2005-0763}
NOTE: Not clear which unstable/testing version fixed this,
NOTE: but advisory says it''s fixed.
[29 Mar 2005] DSA-697-1 netkit-telnet - buffer overflow
- { CAN-2005-0469 }
+ {CAN-2005-0469}
- netkit-telnet 0.17-28
NOTE: not fixed in testing at time of DSA
[22 Mar 2005] DSA-696-1 perl - design flaw
- { CAN-2005-0448 }
+ {CAN-2005-0448}
- perl 5.8.4-8
NOTE: fixed in testing at time of DSA
[21 Mar 2005] DSA-695-1 xli - buffer overflow, input sanitising, integer
overflow
- { CAN-2001-0775 CAN-2005-0638 CAN-2005-0639 }
+ {CAN-2001-0775 CAN-2005-0638 CAN-2005-0639}
- xli 1.17.0-18
NOTE: not fixed in testing at time of DSA
[21 Mar 2005] DSA-694-1 xloadimage - missing input sanitising, integer overflow
- { CAN-2005-0638 CAN-2005-0639 }
+ {CAN-2005-0638 CAN-2005-0639}
- xloadimage 4.1-14.2
NOTE: not fixed in testing at time of DSA
[14 Mar 2005] DSA-693-1 luxman - buffer overflow
- { CAN-2005-0385 }
+ {CAN-2005-0385}
NOTE: not fixed in testing at time of DSA
NOTE: not in unstable at time of DSA though DSA claimed it was
- luxman 0.41-20
[14 Mar 2005] DSA-662-2 squirrelmail - several
NOTE: only an update to a prior DSA, did not affct sid/sarge.
[08 Mar 2005] DSA-692-1 kppp - design flaw
- { CAN-2005-0205 }
+ {CAN-2005-0205}
- kppp 4:3.1.6
NOTE: fixed in testing at time of DSA
[07 Mar 2005] DSA-691-1 abuse - several
- { CAN-2005-0098 CAN-2005-0099 }
+ {CAN-2005-0098 CAN-2005-0099}
NOTE: not in unstable/testing
[25 Feb 2005] DSA-690-1 bsmtpd - missing input sanitising
- { CAN-2005-0107 }
+ {CAN-2005-0107}
- bsmtpd 2.3pl8b-16
NOTE: not fixed in testing at time of DSA
[23 Feb 2005] DSA-689-1 libapache-mod-python - missing input sanitising
- { CAN-2005-0088 }
+ {CAN-2005-0088}
- libapache-mod-python 2:2.7.10-4
NOTE: fixed in testing at time of DSA
- libapache2-mod-python 3.1.3-3
NOTE: fixed in testing at time of DSA
[23 Feb 2005] DSA-688-1 squid - mising input sanitising
- { CAN-2005-0446 }
+ {CAN-2005-0446}
- squid 2.5.8-3
NOTE: fixed in testing at time of DSA
[21 Feb 2005] DSA-674-3 mailman - cross-site scripting, directory traversal
NOTE: only fixed bug in DSA
[18 Feb 2005] DSA-687-1 bidwatcher - format string
- { CAN-2005-0158 }
+ {CAN-2005-0158}
- bidwatcher 1.3.17-1
NOTE: not fixed in testing at time of DSA
[17 Feb 2005] DSA-686-1 gftp - missing input sanitising
- { CAN-2005-0372 }
+ {CAN-2005-0372}
- gftp 2.0.18-1
NOTE: not fixed in testing at time of DSA
[17 Feb 2005] DSA-685-1 emacs21 - format string
- { CAN-2005-0100 }
+ {CAN-2005-0100}
- emacs21 21.3+1-9
NOTE: not fixed in testing at time of DSA
[16 Feb 2005] DSA-684-1 typespeed - format string
- { CAN-2005-0105 }
+ {CAN-2005-0105}
- typespeed 0.4.4-8
NOTE: not fixed in testing at time of DSA
[15 Feb 2005] DSA-683-1 postgresql - buffer overflows
- { CAN-2005-0245 CAN-2005-0247 }
+ {CAN-2005-0245 CAN-2005-0247}
- postgresql 7.4.7-2
NOTE: fixed in testing at time of DSA
[15 Feb 2005] DSA-682-1 awstats - missing input sanitising
- { CAN-2005-0363 }
+ {CAN-2005-0363}
- awstats 6.2-1.2
NOTE: not fixed in testing at time of DSA
[14 Feb 2005] DSA-681-1 synaesthesia - privilege escalation
- { CAN-2005-0070 }
+ {CAN-2005-0070}
NOTE: does not apply for sarge, program is not setuid anymore
[14 Feb 2005] DSA-680-1 htdig - unsanitised input
- { CAN-2005-0085 }
+ {CAN-2005-0085}
- htdig 1:3.1.6-11
NOTE: fixed in testing at time of DSA
[14 Feb 2005] DSA-679-1 toolchain-source - insecure temporary files
- { CAN-2005-0159 }
+ {CAN-2005-0159}
- toolchain-source 3.4-5
NOTE: not fixed in testing at time of DSA
[11 Feb 2005] DSA-678-1 netkit-rwho - missing input validation
- { CAN-2004-1180 }
+ {CAN-2004-1180}
- netkit-rwho 0.17-8
NOTE: not fixed in testing at time of DSA
[11 Feb 2005] DSA-677-1 sympa - buffer overflow
- { CAN-2005-0073 }
+ {CAN-2005-0073}
- sympa 4.1.2-2.1
NOTE: not fixed in testing at time of DSA
[11 Feb 2005] DSA-676-1 xpcd - buffer overflow
- { CAN-2005-0074 }
+ {CAN-2005-0074}
- xpcd 2.08-11.1
NOTE: not fixed in testing at time of DSA
[11 Feb 2005] DSA-674-2 mailman - cross-site scripting, directory traversal
NOTE: only fixed bug in DSA
[10 Feb 2005] DSA-675-1 hztty - privilege escalation
- { CAN-2005-0019 }
+ {CAN-2005-0019}
- hztty 2.0-6.1
NOTE: not fixed in testing at time of DSA
[10 Feb 2005] DSA-674-1 mailman - cross-site scripting, directory traversal
- { CAN-2004-1177 }
+ {CAN-2004-1177}
- mailman 2.1.5-5
NOTE: fixed in testing at time of DSA
- { CAN-2005-0202 }
+ {CAN-2005-0202}
- mailman 2.1.5-6
NOTE: not fixed in testing at time of DSA
[10 Feb 2005] DSA-673-1 evolution - integer overflow
- { CAN-2005-0102 }
+ {CAN-2005-0102}
- evolution 2.0.3-1.2
NOTE: fixed in testing at time of DSA
[09 Feb 2005] DSA-672-1 xview - buffer overflows
- { CAN-2005-0076 }
+ {CAN-2005-0076}
- xview 3.2p1.4-19
NOTE: not fixed in testing at time of DSA
[08 Feb 2005] DSA-671-1 xemacs21 - format string
- { CAN-2005-0100 }
+ {CAN-2005-0100}
NOTE: not fixed in testing at time of DSA
- xemacs21 21.4.16-2
[08 Feb 2005] DSA-670-1 emacs20 - format string
- { CAN-2005-0100 }
+ {CAN-2005-0100}
NOTE: also affects emacs21 in unstable, fixed
[04 Feb 2005] DSA-669-1 php3 - several
- { CAN-2004-0594 CAN-2004-0595 }
+ {CAN-2004-0594 CAN-2004-0595}
- php3 3:3.0.18-27
NOTE: fixed in testing at time of DSA
[04 Feb 2005] DSA-668-1 postgresql - privilege escalation
- { CAN-2005-0227 }
+ {CAN-2005-0227}
- postgresql 7.4.7-1
NOTE: not fixed in testing at time of DSA
[04 Feb 2005] DSA-667-1 squid - several
- { CAN-2005-0173 CAN-2005-0175 CAN-2005-0194 CAN-2005-0211 }
+ {CAN-2005-0173 CAN-2005-0175 CAN-2005-0194 CAN-2005-0211}
- squid 2.5.7-7
NOTE: not fixed in testing at time of DSA
[04 Feb 2005] DSA-666-1 python2.2 - design flaw
- { CAN-2005-0089 }
+ {CAN-2005-0089}
- python2.2 2.2.3-14
- python2.3 2.3.4-20
- python2.4 2.4-5
NOTE: not fixed in testing at time of DSA
[04 Feb 2005] DSA-665-1 ncpfs - missing privilege release
- { CAN-2005-0013 }
+ {CAN-2005-0013}
- ncpfs 2.2.6-1
NOTE: not fixed in testing at time of DSA
[02 Feb 2005] DSA-664-1 cpio - broken file permissions
- { CAN-1999-1572 }
+ {CAN-1999-1572}
- cpio 2.5-1.2
NOTE: not fixed in testing at time of DSA
[02 Feb 2005] DSA-663-1 prozilla - buffer overflows
- { CAN-2004-1120 }
+ {CAN-2004-1120}
- prozilla 1:1.3.7.3-1
NOTE: fixed in testing at time of DSA
[01 Feb 2005] DSA-662-1 squirrelmail - several
- { CAN-2005-0104 CAN-2005-0152 }
+ {CAN-2005-0104 CAN-2005-0152}
NOTE: CAN-2005-0152 only exists in 1.2.6 version
- squirrelmail 2:1.4.4
NOTE: fixed in testing at time of DSA
[20 Apr 2005] DSA-661-2 f2c - insecure temporary files
- { CAN-2005-0017 CAN-2005-0018 }
+ {CAN-2005-0017 CAN-2005-0018}
- f2c 20020621-3.4 (bug #292792)
NOTE: not fixed in testing at time of DSA
[26 Jan 2005] DSA-660-1 kdebase - missing return value check
- { CAN-2005-0078 }
+ {CAN-2005-0078}
- kdebase 4:3.0.5
NOTE: fixed in testing at time of DSA
[26 Jan 2005] DSA-659-1 libpam-radius-auth - information leak, integer
underflow
- { CAN-2004-1340 CAN-2005-0108 }
+ {CAN-2004-1340 CAN-2005-0108}
- libpam-radius-auth 1.3.16-3
NOTE: 1/2 fixed in testing at time of DSA
[25 Jan 2005] DSA-658-1 libdbi-perl - insecure temporary file
- { CAN-2005-0077 }
+ {CAN-2005-0077}
- libdbi-perl 1.46-6
NOTE: not fixed in testing at time of DSA
[25 Jan 2005] DSA-657-1 xine-lib - buffer overflow
- { CAN-2004-1379 }
+ {CAN-2004-1379}
- xine-lib 1-rc6a-1
NOTE: fixed in testing at time of DSA
[25 Jan 2005] DSA-656-1 vdr - insecure file access
- { CAN-2005-0071 }
+ {CAN-2005-0071}
- vdr 1.2.6-6
NOTE: not fixed in testing at time of DSA
[25 Jan 2005] DSA-655-1 zhcon - missing privilege release
- { CAN-2005-0072 }
+ {CAN-2005-0072}
- zhcon 1:0.2.3-8.1
NOTE: not fixed in testing at time of DSA
[21 Jan 2005] DSA-654-1 enscript - several
- { CAN-2004-1184 CAN-2004-1185 CAN-2004-1186 }
+ {CAN-2004-1184 CAN-2004-1185 CAN-2004-1186}
- enscript 1.6.4-6
NOTE: not fixed in testing at time of DSA
[21 Jan 2005] DSA-653-1 ethereal - buffer overflow
- { CAN-2005-0084 }
+ {CAN-2005-0084}
- ethereal 0.10.9-1
NOTE: not fixed in testing at time of DSA
[21 Jan 2005] DSA-652-1 unarj
- { CAN-2004-0947 CAN-2004-1027 }
+ {CAN-2004-0947 CAN-2004-1027}
NOTE: not-for-us (unarj)
[20 Jan 2005] DSA-651-1 squid - buffer overflow, integer overflow
- { CAN-2005-0094 CAN-2005-0095 }
+ {CAN-2005-0094 CAN-2005-0095}
- squid 2.5.7-4
NOTE: not fixed in testing at time of DSA
[20 Jan 2005] DSA-650-1 sword - missing input sanitising
- { CAN-2005-0015 }
+ {CAN-2005-0015}
- sword 1.5.7-7
NOTE: not fixed in testing at time of DSA
[20 Jan 2005] DSA-649-1 xtrlock - buffer overflow
- { CAN-2005-0079 }
+ {CAN-2005-0079}
- xtrlock 2.0-9
NOTE: fixed in testing at time of DSA
[19 Jan 2005] DSA-648-1 xpdf - buffer overflow
- { CAN-2005-0064 }
+ {CAN-2005-0064}
- xpdf 3.00-12
NOTE: not fixed in testing at time of DSA
[19 Jan 2005] DSA-647-1 mysql - insecure temporary files
- { CAN-2005-0004 }
+ {CAN-2005-0004}
- mysql-dfsg 4.0.23-3
- mysql-dfsg-4.1 4.1.8a-6
NOTE: not fixed in testing at time of DSA
[19 Jan 2005] DSA-646-1 imagemagick - buffer overflow
- { CAN-2005-0005 }
+ {CAN-2005-0005}
- imagemagick 6:6.0.6.2-2
NOTE: not fixed in testing at time of DSA
[19 Jan 2005] DSA-645-1 cupsys - buffer overflow
- { CAN-2005-0064 }
+ {CAN-2005-0064}
NOTE: cupsys not affected in sarge, though other programs are vulnerable
NOTE: see CAN/list
NOTE: not fixed in testing at time of DSA
[18 Jan 2005] DSA-644-1 chbg - buffer overflow
- { CAN-2004-1264 }
+ {CAN-2004-1264}
- chbg 1.5-4
NOTE: fixed in testing at time of DSA
[18 Jan 2005] DSA-643-1 queue - buffer overflows
- { CAN-2004-0555 }
+ {CAN-2004-0555}
- queue 1.30.1-5
NOTE: not fixed in testing at time of DSA
[17 Jan 2005] DSA-642-1 gallery - several
- { CAN-2004-1106 }
+ {CAN-2004-1106}
- gallery 1.4.4-pl4-1
NOTE: fixed in testing at time of DSA
[17 Jan 2005] DSA-641-1 playmidi - buffer overflow
- { CAN-2005-0020 }
+ {CAN-2005-0020}
- playmidi 2.4debian-3
NOTE: not fixed in testing at time of DSA
[17 Jan 2005] DSA-640-1 gatos - buffer overflow
- { CAN-2005-0016 }
+ {CAN-2005-0016}
- gatos 0.0.5-15
NOTE: not fixed in testing at time of DSA
[14 Jan 2005] DSA-639-1 mc - several
- { CAN-2004-1004 CAN-2004-1005 CAN-2004-1009 CAN-2004-1090 CAN-2004-1091
CAN-2004-1092 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2004-1176 }
+ {CAN-2004-1004 CAN-2004-1005 CAN-2004-1009 CAN-2004-1090 CAN-2004-1091
CAN-2004-1092 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2004-1176}
NOTE: unstable not vulnerable according to DSA
NOTE: DSA was wrong..
- mc 1:4.6.0-4.6.1-pre3-1
NOTE: not fixed in testing at time of DSA
[13 Jan 2005] DSA-638-1 gopher - several
- { CAN-2004-0560 CAN-2004-0561 }
+ {CAN-2004-0560 CAN-2004-0561}
NOTE: not in sarge
[13 Jan 2005] DSA-637-1 exim-tls - buffer overflow
- { CAN-2005-0021 }
+ {CAN-2005-0021}
NOTE: not in sarge
[12 Jan 2005] DSA-636-1 glibc - insecure temporary files
- { CAN-2004-0968 }
+ {CAN-2004-0968}
- glibc 2.3.2.ds1-20
NOTE: fixed in testing at time of DSA
[12 Jan 2005] DSA-635-1 exim - buffer overflow
- { CAN-2005-0021 }
+ {CAN-2005-0021}
- exim4 4.34-10
NOTE: fixed in testing at time of DSA
- exim 3.36-13
NOTE: not fixed in testing at time of DSA
[11 Jan 2005] DSA-634-1 hylafax - weak hostname and username validation
- { CAN-2004-1182 }
+ {CAN-2004-1182}
- hylafax 1:4.2.1-1
NOTE: fixed in testing at time of DSA
[11 Jan 2005] DSA-633-1 bmv - insecure temporary file
- { CAN-2003-0014 }
+ {CAN-2003-0014}
- bmv 1.2-17
NOTE: fixed in testing at time of DSA
[10 Jan 2005] DSA-632-1 linpopup - buffer overflow
- { CAN-2004-1282 }
+ {CAN-2004-1282}
- linpopup 1.2.0-7
NOTE: fixed in testing at time of DSA
[10 Jan 2005] DSA-631-1 kdelibs - unsanitised input
- { CAN-2004-1165 }
+ {CAN-2004-1165}
- kdelibs 4:3.3.2-1
NOTE: not fixed in testing at time of DSA
[10 Jan 2005] DSA-630-1 lintian - insecure temporary directory
- { CAN-2004-1000 }
+ {CAN-2004-1000}
- lintian 1.23.6
NOTE: not fixed in testing at time of DSA
[07 Jan 2005] DSA-629-1 krb5 - buffer overflow
- { CAN-2004-1189 }
+ {CAN-2004-1189}
- krb5 1.3.6-1
NOTE: not fixed in testing at time of DSA
[06 Jan 2005] DSA-628-1 imlib2 - integer overflows
- { CAN-2004-1026 }
+ {CAN-2004-1026}
- imlib2 1.1.2-2.1
NOTE: not fixed in testing at time of DSA
[06 Jan 2005] DSA-627-1 namazu2 - unsanitised input
- { CAN-2004-1318 }
+ {CAN-2004-1318}
- namazu2 2.0.14-1
NOTE: not fixed in testing at time of DSA
[06 Jan 2005] DSA-626-1 tiff - unsanitised input
- { CAN-2004-1183 }
+ {CAN-2004-1183}
- libtiff4 3.6.1-5
NOTE: not fixed in testing at time of DSA
[05 Jan 2005] DSA-625-1 pcal - buffer overflows
- { CAN-2004-1289 }
+ {CAN-2004-1289}
- pcal 4.8.0-1
NOTE: not fixed in testing at time of DSA
[05 Jan 2005] DSA-624-1 zip - buffer overflow
- { CAN-2004-1010 }
+ {CAN-2004-1010}
- zip 2.30-8
NOTE: fixed in testing at time of DSA
[04 Jan 2005] DSA-623-1 nasm - buffer overflow
- { CAN-2004-1287 }
+ {CAN-2004-1287}
- nasm 0.98.38-1.1
[03 Jan 2005] DSA-622-1 htmlheadline - insecure temporary files
- { CAN-2004-1181 }
+ {CAN-2004-1181}
NOTE: not in unstable
[31 Dec 2004] DSA-621-1 cupsys - buffer overflow
- { CAN-2004-1125 }
+ {CAN-2004-1125}
- cupsys 1.1.22-2
[30 Dec 2004] DSA-620-1 perl - insecure temporary files / directories
{CAN-2004-0452 CAN-2004-0976}
@@ -2435,42 +2435,42 @@
{CVE-2002-0391}
- glibc 2.2.5-13
[12 Aug 2002] DSA-148 hylafax - buffer overflows and format string
vulnerabilities
- { CVE-2002-1049 CVE-2002-1050 CAN-2001-1034 }
+ {CVE-2002-1049 CVE-2002-1050 CAN-2001-1034}
- hylafax 4.1.2-2.1
[08 Aug 2002] DSA-147 mailman - cross-site scripting
- { CAN-2002-0388 CAN-2002-0855 }
+ {CAN-2002-0388 CAN-2002-0855}
- mailman 2.0.12-1
[08 Aug 2002] DSA-146 dietlibc - integer overflow
- { CVE-2002-0391 }
+ {CVE-2002-0391}
- dietlibc 0.20-0cvs20020808
[07 Aug 2002] DSA-145 tinyproxy - doubly freed memory
- { CVE-2002-0847 }
+ {CVE-2002-0847}
- tinyproxy 1.4.3-3
[06 Aug 2002] DSA-144 wwwoffle - improper input handling
- { CVE-2002-0818 }
+ {CVE-2002-0818}
- wwwoffle 2.7d-1
[05 Aug 2002] DSA-143 krb5 - integer overflow
- { CVE-2002-0391 }
+ {CVE-2002-0391}
- krb5 1.2.5-2
[05 Aug 2002] DSA-142 openafs - integer overflow
- { CVE-2002-0391 }
+ {CVE-2002-0391}
- openafs 1.2.6-1
[01 Aug 2002] DSA-141 mpack - buffer overflow
- { CAN-2002-1425 }
+ {CAN-2002-1425}
- mpack 1.5-9
[05 Aug 2002] DSA-140 libpng - buffer overflow
- { CAN-2002-0660 CAN-2002-0728 }
+ {CAN-2002-0660 CAN-2002-0728}
- libpng 1.0.12-4
- libpng3 1.2.1-2
[01 Aug 2002] DSA-139 super - format string vulnerability
- { CVE-2002-0817 }
+ {CVE-2002-0817}
- super 3.18.0-3
[01 Aug 2002] DSA-138 gallery - remote exploit
- { CAN-2002-1412 }
+ {CAN-2002-1412}
- gallery 1.3-3
[30 Jul 2002] DSA-137 mm - insecure temporary files
- { CVE-2002-0658 }
+ {CVE-2002-0658}
- mm 1.1.3-7
[30 Jul 2002] DSA-136 openssl - multiple remote exploits
- { CAN-2002-0655 CAN-2002-0656 CAN-2002-0657 CAN-2002-0659 }
+ {CAN-2002-0655 CAN-2002-0656 CAN-2002-0657 CAN-2002-0659}
- openssl 0.9.6e-1