thr3ads.net - Secure testing commits - [Secure-testing-commits] r2506

If this information is useful, please help other people find it:
Share via:
Florian Weimer
2005-Oct-20 12:16 UTC
[Secure-testing-commits] r2506 - data/DSA

Author: fw
Date: 2005-10-20 12:16:07 +0000 (Thu, 20 Oct 2005)
New Revision: 2506

Modified:
   data/DSA/list
Log:
Add woody and sarge status for some DSAs.


Modified: data/DSA/list
==================================================================---
data/DSA/list	2005-10-20 12:14:18 UTC (rev 2505)
+++ data/DSA/list	2005-10-20 12:16:07 UTC (rev 2506)
@@ -12,861 +12,929 @@
 	NOTE: wrapper script in a vulnerable version.
 [13 Oct 2005] DSA-865-1 hylafax - insecure temporary files
 	{CVE-2005-3069}
-	- hylafax 1:4.2.2-1
+	[woody] - hylafax 1:4.1.1-3.2
+	[sarge] - hylafax 1:4.2.1-5sarge1
 	NOTE: not fixed in testing at time of DSA (missing arm)
 [13 Oct 2005] DSA-864-1 ruby1.8 - programming error
 	{CVE-2005-2337}
-	- ruby1.6 1.6.8-13
+	[sarge] - ruby1.8 1.8.2-7sarge2
 	NOTE: not fixed in testing at time of DSA (RC bugs)
 [12 Oct 2005] DSA-863-1 xine-lib - format string vulnerability
 	{CVE-2005-2967}
-	- xine-lib <unfixed> (bug #332919; medium)
+	[woody] - xine-lib 0.9.8-2woody4
+	[sarge] - xine-lib 1.0.1-1sarge1
 	NOTE: not fixed in testing at time of DSA (unfixed in sid)
 [11 Oct 2005] DSA-862-1 ruby1.6 - programming error
 	{CVE-2005-2337}
-	- ruby1.6 1.6.8-13
-	NOTE: fixed in testing at time of DSA
+	[sarge] - ruby1.6 1.6.8-12sarge1
+	NOTE: not fixed in testing at time of DSA (RC bugs)
 [11 Oct 2005] DSA-861-1 up-imap - buffer overflow
 	{CVE-2005-2933}
-	- uw-imap 7:2002edebian1-12
+	[sarge] - uw-imap 7:2002edebian1-11sarge1
 	NOTE: not fixed in testing at time of DSA (unfixed in sid)
 [11 Oct 2005] DSA-860-1 ruby - programming error
 	{CVE-2005-2337}
-	- ruby <removed>
+	[woody] - ruby 1.6.7-3woody5
 	NOTE: fixed in testing at time of DSA (woody-only DSA)
 [10 Oct 2005] DSA-859-1 xli - buffer overflows
 	{CVE-2005-3178}
-	- xli 1.17.0-20 (medium)
+	[woody] - xli 1.17.0-11woody2
+	[sarge] - xli 1.17.0-18sarge1
 	NOTE: not fixed in testing at time of DSA (unfixed in sid)
 [10 Oct 2005] DSA-858-1 xloadimage - buffer overflows
 	{CVE-2005-3178}
-	- xloadimage 4.1-15 (bug #332524; medium)
+	[woody] - xloadimage 4.1-10woody2 (bug #332524; medium)
+	[sarge] - xloadimage 4.1-14.3
 	NOTE: not fixed in testing at time of DSA (too young)
 [10 Oct 2005] DSA-857-1 graphviz - insecure temporary file
 	{CVE-2005-2965}
-	- graphviz 2.2.1-1sarge1 (low) 
+	[sarge] - graphviz 2.2.1-1sarge1 (low) 
 	NOTE: fixed in testing at time of DSA
 [10 Oct 2005] DSA-856-1 py2play - design error
 	{CVE-2005-2875}
-	- py2play 0.1.8-1 (bug #326976; medium)
+	[sarge] - py2play 0.1.7-1sarge1 (bug #326976; medium)
 	NOTE: fixed in testing at time of DSA
 [10 Oct 2005] DSA-855-1 weex - format string vulnerability
 	{CVE-2005-3150}
-	- weex 2.6.1-6sarge1 (bug #332424; medium)
+	[sarge] - weex 2.6.1-6sarge1 (bug #332424; medium)
+	[woody] - weex 2.6.1-4woody2 (bug #332424; medium)
 	NOTE: not fixed in testing at time of DSA (DSA fix propagated to sid)
 [09 Oct 2005] DSA-854-1 tcpdump - infinite loop
 	{CVE-2005-1267}
-	- tcpdump 3.9.0.cvs.20050614-1
+	[sarge] - tcpdump 3.8.3-5sarge1
+	[woody] - tcpdump <not-affected> (not affected according to DSA)
 	NOTE: fixed in testing at time of DSA
 [09 Oct 2005] DSA-853-1 ethereal - several
 	{CVE-2005-2360 CVE-2005-2361 CVE-2005-2363 CVE-2005-2364 CVE-2005-2365
CVE-2005-2366 CVE-2005-2367}
-	- ethereal 0.10.12-1
+	[woody] - ethereal 0.9.4-1woody13
+	[sarge] - ethereal 0.10.10-2sarge3
 	NOTE: not fixed in testing at time of DSA (not fixed in unstable)
 [08 Oct 2005] DSA-852-1 up-imapproxy - arbitrary code execution
 	{CVE-2005-2661}
-	- up-imapproxy 1.2.4-2
+	[sarge] - up-imapproxy 1.2.3-1sarge1
 	NOTE: not fixed in testing at time of DSA (not fixed in unstable)
 [08 Oct 2005] DSA-851-1 openvpn - denial of service
 	{CVE-2005-2531 CVE-2005-2532 CVE-2005-2533 CVE-2005-2534}
-	- openvpn 2.0.2-1
+	[sarge] - openvpn 2.0-1sarge1
 	NOTE: fixed in testing at time of DSA
 [08 Oct 2005] DSA-850-1 tcpdump - denial of service
 	{CVE-2005-1279}
-	- tcpdump 3.8.3-4
+	[woody] - tcpdump 3.6.2-2.9
 	NOTE: fixed in testing at time of DSA (woody-only DSA)
 [08 Oct 2005] DSA-849-1 shorewall - programming error
 	{CVE-2005-2317}
-	- shorewall 2.4.2-2
+	[woody] - shorewall <not-affected> (vulnerable code not yet present)
+	[sarge] - shorewall 2.2.3-2
 	NOTE: fixed in testing at time of DSA
 [08 Oct 2005] DSA-848-1 masqmail - several
 	{CVE-2005-2662 CVE-2005-2663}
-	- masqmail 0.2.20-1sarge1
+	[woody] - masqmail 0.1.16-2.2
+	[sarge] - masqmail 0.2.20-1sarge1
 	NOTE: not fixed in testing at time of DSA (not fixed in unstable)
 [08 Oct 2005] DSA-847-1 dia - missing input sanitising
 	{CVE-2005-2966}
-	- dia 0.94.0-15 (bug #330890; medium)
+	[sarge] - dia 0.94.0-7sarge1 (bug #330890; medium)
+	[woody] - dia <not-affected> (not affected according to DSA)
 	NOTE: not fixed in testing at time of DSA, missing sparc build, gcc-4.0
 [07 Oct 2005] DSA-846-1 cpio - several
 	{CVE-2005-1111 CVE-2005-1229}
-	- cpio 2.6-6
+	[woody] - cpio 2.4.2-39woody2
+	[sarge] - cpio 2.5-1.3
 	NOTE: fixed in testing at time of DSA
 [06 Oct 2005] DSA-845-1 mason - programming error
 	{CVE-2005-3118}
-	- mason 1.0.0-3
+	[woody] - mason 0.13.0.92-2woody1
+	[sarge] - mason 1.0.0-2.2
 	NOTE: fixed in testing at time of DSA
 [05 Oct 2005] DSA-844-1 mod-auth-shadow - programming error
 	{CVE-2005-2963}
-	- mod-auth-shadow 1.4-2 
+	[woody] - mod-auth-shadow 1.3-3.1woody.2
+	[sarge] - mod-auth-shadow 1.4-1sarge1
 	NOTE: not fixed in testing at time of DSA (missing m68k)
 [05 Oct 2005] DSA-843-1 arc - insecure temporary file
 	{CVE-2005-2945 CVE-2005-2992}
-	- arc 5.21m-1
+	[sarge] - arc 5.21l-1sarge1
 	NOTE: fixed in testing at time of DSA
 [04 Oct 2005] DSA-842-1 egroupware - missing input sanitising
 	{CVE-2005-2498}
-	- egroupware 1.0.0.009.dfsg-1
+	[sarge] - egroupware 1.0.0.007-2.dfsg-2sarge2
 	NOTE: fixed in testing at time of DSA
 [04 Oct 2005] DSA-841-1 mailutils - format string vulnerability
         {CVE-2005-2878}
-        - mailutils 1:0.6.90-2.1etch1
+	[woody] - mailutils <not-affected> (not affected according to DSA)
+        [sarge] - mailutils 1:0.6.1-4sarge1
 	NOTE: not fixed in testing at time of DSA (missing arm)
 [04 Jul 2005] DSA-840-1 drupal - missing input sanitising
 	{CVE-2005-2498}
-	- drupal 4.5.5-1
+	[sarge] - drupal 4.5.3-4
 	NOTE: fixed in testing at time of DSA
 [04 Oct 2005] DSA-839-1 apachetop - insecure temporary file
 	{CVE-2005-2660}
-	- apachetop 0.12.5-3
+	[sarge] - apachetop 0.12.5-1sarge1
 	NOTE: not fixed in testing at time of DSA (not built on m68k, waiting on
gcc-4)
 [03 Oct 2005] DSA-838-1 mozilla-firefox - multiple vulnerabilities
 	{CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704 CVE-2005-2705
CVE-2005-2706 CVE-2005-2707}
-	- mozilla-firefox 1.0.7-1
+	[sarge] - mozilla-firefox 1.0.4-2sarge5
 	NOTE: not fixed in testing at time of DSA (not built on arm, silly RC bugs)
 [02 Oct 2005] DSA-837-1 mozilla-firefox - buffer overflow
 	{CVE-2005-2871}
-	- mozilla-firefox 1.0.6-5 (medium)
+	[sarge] - mozilla-firefox 1.0.4-2sarge4 (medium; bug #327452)
 	NOTE: not fixed in testing at time of DSA (not built on arm, silly RC bugs)
 [01 Oct 2005] DSA-836-1 cfengine2 - insecure temporary files
 	{CVE-2005-2960 CVE-2005-3137}
-	- cfengine2 <unfixed> 
+	[sarge] - cfengine2 2.1.14-1sarge1
 	NOTE: not fixed in testing at time of DSA (unfixed in sid)
 	NOTE: No bug exists for this issue
 [01 Oct 2005] DSA-835-1 cfengine - insecure temporary files
 	{CVE-2005-2960 CVE-2005-3137}
-	- cfengine <unfixed>
+	[woody] - cfengine 1.6.3-9woody1
+	[sarge] - cfengine 1.6.5-1sarge1
 	NOTE: not fixed in testing at time of DSA (unfixed in sid)
 	NOTE: No bug exists for this issue
 [01 Oct 2005] DSA-834-1 prozilla - buffer overflow
 	{CVE-2005-2961}
+	[woody] - prozilla 1:1.3.6-3woody3
 	NOTE: Prozilla has been removed before Sarge release
 [30 Sep 2005] DSA-832-1 gopher - buffer overflows
 	{CVE-2005-2772}
-	- gopher 3.0.11
+	[woody] - gopher 3.0.3woody4
 	NOTE: fixed in testing at time of DSA
 [30 Sep 2005] DSA-831-1 mysql-dfsg-4.1 - several
 	{CVE-2005-2558}
-	- mysql-dfsg-4.1 4.1.14-2 (medium) 
-	- mysql-dfsg-5.0 5.0.11beta-3 (medium)
+	[sarge] - mysql-dfsg-4.1 4.1.11a-4sarge2
 	NOTE: not fixed in testing at time of DSA (waiting on gmp, missing builds)
 [30 Sep 2005] DSA-830-1 ntlmaps - wrong permissions
 	{CVE-2005-2962}
-	- ntlmaps 0.9.9-4 
+	[sarge] - ntlmaps 0.9.9-2sarge1
 	NOTE: fixed in testing at time of DSA
 [30 Sep 2005] DSA-829-1 mysql - several
 	{CVE-2005-2558}
-	- mysql-dfsg-4.1 4.1.14-2 (medium) 
-	- mysql-dfsg-5.0 5.0.11beta-3 (medium)
+	[woody] - mysql 3.23.49-8.14
 	NOTE: fixed in testing at time of DSA
 [30 Sep 2005] DSA-828-1 squid - several
 	{CVE-2005-2917}
-	- squid 2.5.10-6 (medium)
+	[woody] - squid <not-affected> (not affected according to DSA)
+	[sarge] - squid 2.5.9-10sarge2
 	NOTE: fixed in testing at time of DSA
 [30 Sep 2005] DSA-809-2 squid - assertion error
 	{CVE-2005-2794}
-	- squid 2.5.10-5 (medium)
+	[woody] - squid 2.4.6-2woody10
+	[sarge] - squid 2.5.9-10sarge1
 	NOTE: fixed in testing at time of DSA
+	NOTE: This is partly an update for another DSA.
 [29 Sep 2005] DSA-827-1 backupninja - insecure temporary file creation
-	- backupninja 0.8-2 (medium)	
+	{CVE-2005-3111}
+	[sarge] - backupninja 0.5-3sarge1 (medium)	
 	NOTE: not fixed in testing at time of DSA (too young 1/2 days)
 [29 Sep 2005] DSA-826-1 helix-player - multiple
 	{CVE-2005-1766 CVE-2005-2710}
-	- helix-player 1.0.6-1 (high)
+	[sarge] - helix-player 1.0.4-1sarge1 (high)
 	NOTE: not fixed in testing at time of DSA
 [29 Sep 2005] DSA-825-1 loop-aes-utils - privilege escalation
 	{CVE-2005-2876}
-	- loop-aes-utils 2.12p-9 (medium)
+	[sarge] - loop-aes-utils 2.12p-4sarge1 (medium)
 	NOTE: fixed in testing at the time of the DSA
 [29 Sep 2005] DSA-823-1 util-linux - privilege escalation
 	{CVE-2005-2876}
-	- util-linux 2.12p-8 (high)
+	[woody] - util-linux 2.11n-7woody1 (high)
+	[sarge] - util-linux 2.12p-4sarge1 (high)
 	NOTE: not fixed in testing at time of DSA
 [29 Sep 2005] DSA-822-1 gtkdiskfree - insecure temporary file creation
 	{CVE-2005-2918}
-	- gtkdiskfree 1.9.3-4sarge1 (medium)
+	[sarge] - gtkdiskfree 1.9.3-4sarge1 (bug #328566; medium)
 	NOTE: not fixed even in unstable at time of DSA
 [29 Sep 2005] DSA-824-1 clamav - infinite loop, buffer overflow
 	{CVE-2005-2919 CVE-2005-2920}
-	- clamav 0.87-1 (high)
+	[sarge] - clamav 0.84-2.sarge.4 (high)
 	NOTE: not fixed in testing at time of DSA
 [28 Sep 2005] DSA-797-2 zsync - buffer overflow
 	{CVE-2005-1849 CVE-2005-2096}
-	- zsync 0.3.3-1.sarge.1.2 (low)
-	NOTE: An upload to fix a FTBS
+	NOTE: An upload to fix a build failure on i386
 [28 Sep 2005] DSA-821-1 python2.3 - integer overflow
 	{CVE-2005-2491}
-	- python2.3 2.3.5-8 (medium)
+	[sarge] - python2.3 2.3.5-3sarge1 (medium)
 	NOTE: not fixed in testing at time of DSA (waiting on gmp)
+	NOTE: python2.3 is not in woody
 [24 Sep 2005] DSA-820-1 courier - missing input sanitising
 	{CVE-2005-2820}
-	- courier 0.47-9 (medium)
+	[woody] - courier 0.37.3-2.7 (medium)
+	[sarge] - courier 0.47-4sarge3 (medium)
 	NOTE: fixed in testing at time of DSA
 [23 Sep 2005] DSA-819-1 python2.1 - integer overflow
 	{CVE-2005-2491}
-	- python2.1 2.1.3dfsg-3 (medium)
+	[woody] - python2.1 2.1.3-3.4 (medium)
+	[sarge] - python2.1 2.1.3dfsg-1sarge1 (medium)
 	NOTE: not fixed in testing at time of DSA (waiting on gmp)
 [22 Sep 2005] DSA-818-1 kdeedu - insecure temporary files
 	{CVE-2005-2101}
-	- kdeedu 4:3.4.2-1
+	[sarge] - kdeedu 4:3.3.2-3.sarge.1 (low)
 	NOTE: not fixed in testing at time of DSA
+	NOTE: woody is not affected according to the DSA
 [22 Sep 2005] DSA-817-1 python2.2 - integer overflow
 	{CVE-2005-2491}
-	- python2.2 2.2.3dfsg-4 (medium)
+	[woody] - python2.2 2.2.1-4.8 (bug #324531; medium) 
+	[sarge] - python2.2 2.2.3dfsg-2sarge1 (bug #324531; medium)
 	NOTE: not fixed in testing at time of DSA (waiting on gmp)
 [19 Sep 2005] DSA-816-1 xfree86 - integer overflow
+	{ VU#102441 }
 	{CVE-2005-2495}
-	- xserver-xorg 6.8.2.dfsg.1-7
+	[woody] - xfree86 4.1.0-16woody7
+	[sarge] - xfree86 4.3.0.dfsg.1-14sarge1
 	NOTE: not fixed in testing at time of DSA (waiting on gcc, which is waiting on
gmp)
 [16 Sep 2005] DSA-815-1 kdebase - programming error
 	{CVE-2005-2494}
-	- kdebase 4:3.4.2-3 (medium)
+	[sarge] - kdebase 4:3.3.2-1sarge1 (bug #327039; medium)
+	[woody] - kdebase <not-affected> (according to the DSA)
 	NOTE: not fixed in testing at time of DSA (not even fixed in unstable)
 [15 Sep 2005] DSA-814-1 lm-sensors - insecure temporary file
 	{CVE-2005-2672}
-	- lm-sensors 1:2.9.1-6etch1
+	[sarge] - lm-sensors 1:2.9.1-1sarge2 (bug #324193)
+	[woody] - lm-sensors <not-affected> (according to DSA)
 	NOTE: not fixed in testing at time of DSA (waiting on rrdtool, which is
waiting on perl)
 [15 Sep 2005] DSA-813-1 centericq - several
 	{CVE-2005-2369 CVE-2005-2370 CVE-2005-2448}
-	- centericq 4.20.0-9
+	[woody] - centericq <not-affected> (according to DSA)
+	[sarge] - centericq 4.20.0-1sarge2
 	NOTE: fixed in testing in time of DSA
 [15 Sep 2005] DSA-812-1 turqstat - buffer overflow
 	{CVE-2005-2658}
-	- turqstat 2.2.4-1 (medium)
+	[woody] - turqstat 2.2.1woody1 (medium)
+	[sarge] - turqstat 2.2.2sarge1 (medium)
 	NOTE: not fixed in testing at time of DSA (waiting on qt, borked on m68k)
 [14 Sep 2005] DSA-811-1 common-lisp-controller - design error
 	{CVE-2005-2657}
-	- common-lisp-controller 4.18 (bug #328633; medium)
+	[woody] - common-lisp-controller <not-affected> (according to the DSA)
+	[sarge] - common-lisp-controller 4.15sarge2 (bug #328633; medium)
 	NOTE: not fixed in testing at time of DSA (too young, sid fix not yet
uploaded)
 [13 Sep 2005] DSA-810-1 mozilla - several
 	{CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2263
CVE-2005-2265 CVE-2005-2266 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270}
-	- mozilla 2:1.7.8-1sarge2 (medium)
+	[sarge] - mozilla 2:1.7.8-1sarge2 (medium)
 	NOTE: not fixed in testing at time of DSA (buggy and TBS)
 [13 Sep 2005] DSA-809-1 squid - several
 	{CVE-2005-2794 CVE-2005-2796}
-	- squid 2.5.10-5 (medium)
+	[sarge] - squid 2.5.9-10sarge1 (medium)
 	NOTE: not fixed in testing at time of DSA (too young)
 [12 Sep 2005] DSA-808-1 tdiary - design error
 	{CVE-2005-2411}
-	- tdiary 2.0.2-1 (medium)
+	[sarge] - tdiary 2.0.1-1sarge1 (medium)
 	NOTE: fixed in testing at time of DSA
 [12 Sep 2005] DSA-807-1 libapache-mod-ssl - acl restriction bypass
 	{CVE-2005-2700}
-	- libapache-mod-ssl 2.8.24-1 (medium) 
+	[woody] - libapache-mod-ssl 2.8.9-2.5 (medium)
+	[sarge] - libapache-mod-ssl 2.8.22-1sarge1 (medium)
 	NOTE: not fixed in testing at time of DSA (too young)
 [09 Sep 2005] DSA-806-1 gcvs - insecure temporary files
 	{CVE-2005-2693}
-	- gcvs 1.0final-7 (low)
+	[woody] - gcvs 1.0a7-2woody1 (low)
+	[sarge] - gcvs 1.0final-5sarge1 (low)
 	NOTE: fixed in testing at time of DSA
 [08 Sep 2005] DSA-805-1 apache2 - several
 	{CVE-2005-1268 CVE-2005-2088 CVE-2005-2700 CVE-2005-2728}
-	- apache2 2.0.54-5 (medium)
+	[sarge] - apache2 2.0.54-5 (medium)
 	NOTE: not fixed in testing at time of DSA (too young)
 [08 Sep 2005] DSA-804-1 kdelibs - insecure permissions
 	{CVE-2005-1920}
-	- kdelibs 4:3.4.2-1 (medium)
+	[sarge] - kdelibs 4:3.3.2-6.2 (medium)
 	NOTE: not fixed in testing at time of DSA (kde transition)
 [07 Sep 2005] DSA-803-1 apache - programming error
 	{CVE-2005-2088}
-	- apache 1.3.33-8 (medium)
+	[woody] - apache 1.3.26-0woody7 (medium)
+	[sarge] - apache 1.3.33-6sarge1 (medium)
 	NOTE: not fixed in testing at time of DSA (too young)
 [07 Sep 2005] DSA-802-1 cvs - insecure temporary files
 	{CVE-2005-2693}
-	- cvs 1:1.11.5-4 (low)
+	[woody] - cvs 1.11.1p1debian-13 (low)
+	NOTE: not exposed in sarge according to the DSA
 	NOTE: fixed in testing at time of DSA
 [05 Sep 2005] DSA-801-1 ntp - programming error
 	{CVE-2005-2496}
-	- ntp 1:4.2.0a+stable-2sarge1 (medium)
+	[sarge] - ntp 1:4.2.0a+stable-2sarge1 (medium)
+	[woody] - ntp <not-affected> (not affected according to DSA)
 	NOTE: not fixed in testing at time of DSA (RC bugs)
 [02 Sep 2005] DSA-800-1 pcre3 - integer overflow
 	{CVE-2005-2491}
-	- pcre3 6.3-0.1etch1 (high)
+	[woody] - pcre3 3.4-1.1woody1
+	[sarge] - pcre3 4.5-1.2sarge1
 	NOTE: not fixed in testing at time of DSA (glibc transition)
 	NOTE: however, fixed in secure-testing archive
 [02 Sep 2005] DSA-799-1 webcalendar - input validation
 	{CVE-2005-2717}
-	- webcalendar 0.9.45-7 (bug #326223; high)
+	[sarge] - webcalendar 0.9.45-4sarge2 (bug #326223; high)
 	NOTE: not fixed in testing at time of DSA (coordinated disclosure)
 [02 Sep 2005] DSA-798-1 phpgroupware - several
 	{CVE-2005-2498 CVE-2005-2600 CVE-2005-2761}
-	- phpgroupware 0.9.16.008-1 (high)
+	[woody] - phpgroupware <not-affected> (according to the DSA)
+	[sarge] - phpgroupware 0.9.16.005-3.sarge2 (high)
 	NOTE: not fixed in testing at time of DSA (too young)
 [01 Sep 2005] DSA-797-1 zsync - buffer overflow
 	{CVE-2005-1849 CVE-2005-2096}
-	- zsync 0.4.0-2 (medium) 
+	[sarge] - zsync 0.3.3-1.sarge.1 (medium) 
 	NOTE: fixed in testing at time of DSA
 [01 Sep 2005] DSA-796-1 affix - unsafe use of popen
 	{CVE-2005-2716}
-	- affix 2.1.2-3 (medium) 
+	[sarge] - affix 2.1.1-3 (medium) 
 	NOTE: not fixed in testing at time of DSA (glibc transition, builds)
 [01 Sep 2005] DSA-795-2 proftpd - format string error
 	{CVE-2005-2390}
-	- proftpd 1.2.10-20 (medium)
+	[woody] - proftpd <not-affected> (not affected according to the DSA)
+	[sarge] - proftpd 1.2.10-15sarge1 (medium)
 	NOTE: fixed in testing at time of DSA
 	NOTE: Initial -1 release had a build problem
 [01 Sep 2005] DSA-794-1 polygen - programming error
 	{CVE-2005-2656}
-	- polygen 1.0.6-9 (low)
+	[sarge] - polygen 1.0.6-7sarge1 (low)
 	NOTE: not fixed in testing at time of DSA (too young)
 [21 Aug 2005] DSA-779-2 mozilla-firefox - several
 	NOTE: Essentially 1.0.6 with rolled-back version number, backported version
had regressions
 	{CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264
CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269
CVE-2005-2270}
-	- mozilla-firefox 1.0.4-2sarge3 (medium)
+	[sarge] - mozilla-firefox 1.0.4-2sarge3 (medium)
 	NOTE: not fixed in testing at time of DSA (waiting on dependencies)
 	NOTE: Fixed in DTSA, which will have the same regressions, should be
checked/reverted
 [01 Sep 2005] DSA-793-1 courier - missing input sanitising
 	{CVE-2005-2724}
-	- courier 0.47-8 (medium)
+	[woody] - courier 0.37.3-2.6 (medium)
+	[sarge] - courier 0.47-4sarge2 (medium)
 	NOTE: not fixed in testing at time of DSA (glibc transition, too young)
 [31 Aug 2005] DSA-792-1 pstotext - missing input sanitising
 	{CVE-2005-2536}
-	- pstotext 1.9-2 (medium)
+	[woody] - pstotext 1.8g-5woody1 (medium)
+	[sarge] - pstotext 1.9-1sarge1 (medium)
 	NOTE: not fixed in testing at time of DSA (glibc transition, builds)
 [30 Aug 2005] DSA-791-1 maildrop - missing privilege release
 	{CVE-2005-2655}
-	- maildrop 1.5.3-1.1etch1 (medium)
+	[sarge] - maildrop 1.5.3-1.1sarge1
+	[woody] - maildrop <not-affected> (not affected according to the DSA)
 	NOTE: not fixed in testing at time of DSA (glibc transition)
 	NOTE: but fixed in secure-testing repo
 [30 Aug 2005] DSA-790-1 phpldapadmin - programming error
 	{CVE-2005-2654}
-	- phpldapadmin 0.9.6c-5 (medium)
+	[sarge] - phpldapadmin 0.9.5-3sarge2 (medium)
 	NOTE: fixed in testing at time of DSA
 [29 Aug 2005] DSA-789-1 php4 - several
 	{CVE-2005-1751 CVE-2005-1921 CVE-2005-2498}
-	- php4 4:4.3.10-16etch1 (high)
+	[woody] - php4 4:4.1.2-7.woody5 (high)
+	[sarge] - php4 4:4.3.10-16 (high)
 	NOTE: not fixed in testing at time of DSA (not uploaded yet)
 [29 Aug 2005] DSA-788-1 kismet - several
 	{CVE-2005-2626 CVE-2005-2627}
-	- kismet 2005.08.R1-1 (medium)
+	[woody] - kismet <not-affected> (not affected according to DSA)
+	[sarge] - kismet 2005.04.R1-1sarge1 (medium)
 	NOTE: not fixed in testing at time of DSA (glibc transition)
 	NOTE: but fixed in secure-testing repo
 [26 Aug 2005] DSA-787-1 backup-manager - insecure permissions and tempfile
 	{CVE-2005-1855 CVE-2005-1856}
-	- backup-manager 0.5.8-2 (medium)
+	[sarge] - backup-manager 0.5.7-1sarge1 (medium)
 	NOTE: fixed in testing at time of DSA
 [26 Aug 2005] DSA-786-1 simpleproxy - format string vulnerability
 	{CVE-2005-1857}
-	- simpleproxy 3.2-4 (medium)
+	[sarge] - simpleproxy 3.2-3sarge1 (medium)
 	NOTE: not fixed in testing at time of DSA (embargoed disclosure)
 [25 Aug 2005] DSA-785-1 libpam-ldap - authentication bypass
 	{CVE-2005-2641 CVE-2005-2069}
-	- libpam-ldap 178-1sarge1 (medium)
+	[woody] - libpam-ldap <not-affected> (not affected according to DSA)
+	[sarge] - libpam-ldap 178-1sarge1 (medium)
 	NOTE: not fixed in testing at time of DSA (embargoed disclosure)
 [25 Aug 2005] DSA-784-1 courier - programming error
 	{CVE-2005-2151}
-	- courier 0.47-6 (low)
+	[woody] - courier <not-affected> (no SPF support)
+	[sarge] - courier 0.47-4sarge1 (low)
 	NOTE: not fixed in testing at time of DSA (glibc transition)
 [24 Aug 2005] DSA-783-1 mysql-dfsg-4.1 - insecure temporary file
 	{CVE-2005-1636}
-	- mysql-dfsg-4.1 4.1.12 (medium; bug #319526)
-	NOTE: not fixed in testing at time of DSA (glibc transition)
-	- mysql-dfsg-5.0 5.0.11beta-3 (medium)
-	NOTE: not fixed in testing at time of DSA (glibc transition)
+	[sarge] - mysql-dfsg-4.1 4.1.11a-4sarge1 (low)
 [23 Aug 2005] DSA-782-1 bluez-utils - missing input sanitising
 	{CVE-2005-2547}
-	- bluez-utils 2.19-1 (high)
+	[sarge] - bluez-utils 2.15-1.1 (high)
 	NOTE: not fixed in testing at time of DSA (missing builds)
 [23 Aug 2005] DSA-781-1 mozilla-thunderbird - several
 	{CVE-2005-0989 CVE-2005-1159 CVE-2005-1160 CVE-2005-1532 CVE-2005-2261
CVE-2005-2265 CVE-2005-2266 CVE-2005-2269 CVE-2005-2270}
-	- mozilla-thunderbird 1.0.6-1 (medium)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.6 (medium)
 	NOTE: not fixed in testing at time of DSA (missing builds)
 [22 Aug 2005] DSA-780-1 kdegraphics - wrong input sanitising
 	{CVE-2005-2097}
-	- kdegraphics 4:3.4.2-1 (bug #322458; low)
+	[woody] - kdegraphics <not-affected> (not affected according to DSA)
+	[sarge] - kdegraphics 4:3.3.2-2sarge1 (bug #322458; low)
 	NOTE: not fixed in testing at time of DSA (nor in unstable; C++ ABI
transition)
 [21 Aug 2005] DSA-779-1 mozilla-firefox - several
 	{CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264
CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269
CVE-2005-2270}
-	- mozilla-firefox 1.0.4-2sarge3 (medium)
+	[sarge] - mozilla-firefox 1.0.4-2sarge2 (medium)
 	NOTE: not fixed in testing at time of DSA (build and deps)
 [19 Aug 2005] DSA-778-1 mantis - missing input sanitising
 	{CVE-2005-2556 CVE-2005-2557}
-	- mantis 0.19.2-4 (medium)
+	[sarge] - mantis 0.19.2-4 (medium)
 	NOTE: not fixed in testing at time of DSA (nor unstable)
 [17 Aug 2005] DSA-777-1 mozilla - frame injection spoofing
 	{CVE-2004-0718 CVE-2005-1937}
-	- mozilla 2:1.7.10-1 (medium)
+	[sarge] - mozilla 2:1.7.8-1sarge1 (medium)
 	NOTE: not fixed in testing at time of DSA (waiting on builds)
 [16 Aug 2005] DSA-776-1 clamav - integer overflows, infinite loop
 	{CVE-2005-2450}
-	- clamav 0.86.2-1 (medium)
+	[sarge] - clamav 0.84-2.sarge.2 (medium)
 	NOTE: not fixed in testing at time of DSA (waiting on dependencies)
 [12 Aug 2005] DSA-775-1 mozilla-firefox - frame injection spoofing
 	{CVE-2004-0718 CVE-2005-1937}
-	- mozilla-firefox 1.0.4-2sarge3 (medium)
+	[sarge] - mozilla-firefox 1.0.4-2sarge1 (medium)
 	NOTE: IMO the information about the sid fix in the DSA is wrong, pinged
security@
 	NOTE: fixed in testing at time of DSA
 [12 Aug 2005] DSA-774-1 fetchmail - buffer overflow
 	{CVE-2005-2335}
-	- fetchmail 6.2.5-16 (medium)
+	[woody] - fetchmail <not-affected> (not affected according to DSA)
+	[sarge] - fetchmail 6.2.5-12sarge1 (medium)
 	NOTE: fixed in testing at time of DSA
 [11 Aug 2005] DSA-773-1 New amd64 packages fix several bugs
 	NOTE: amd64 catch-up DSA, no new holes
 [03 Aug 2005] DSA-772-1 apt-cacher - missing input sanitising
 	{CVE-2005-1854}
-	- apt-cacher 0.9.10 (high)
+	[sarge] - apt-cacher 0.9.4sarge1 (high)
 	NOTE: not fixed in testing at time of DSA (not uploaded to unstable yet)
 [01 Aug 2005] DSA-771-1 pdns - several
-	{CVE-2005-2301 CVE-2005-2302} 
-	- pdns 2.9.18-1 (medium)
+	{CVE-2005-2301 CVE-2005-2302}
+	[sarge] - pdns 2.9.17-13sarge1 (medium)
 	NOTE: not fixed in testing at time of DSA (too young)
 [29 Jul 2005] DSA-770-1 gopher - insecure tmpfile handling
 	{CVE-2005-1853}
-	- gopher 3.0.10
+	[woody] - gopher 3.0.3woody3
+	[sarge] - gopher 3.0.7sarge1
 	NOTE: not fixed in testing at time of DSA (Debian server outage)
 [29 Jul 2005] DSA-769-1 gaim - memory alignment bug
 	{CVE-2005-2370}
-	- gaim 1:1.4.0-5 (high)
+	[sarge] - gaim 1:1.2.1-1.4 (low)
 	NOTE: not fixed in testing at time of DSA (?)
 [27 Jul 2005] DSA-768-1 phpbb2 - missing input validation
 	{CVE-2005-2161}
-	- phpbb2 2.0.13-6sarge1
+	[sarge] - phpbb2 2.0.13+1-6sarge1
 	NOTE: not fixed in testing at time of DSA (Debian server outage)
 [27 Jul 2005] DSA-767-1 ekg - integer overflows
 	{CVE-2005-1852}
-	- ekg 1:1.5+20050718+1.6rc3-1 (medium)
+	[sarge] - ekg 1:1.5+20050411-5 (medium)
 	NOTE: not fixed in testing at time of DSA (Debian server outage)
 [26 Jul 2005] DSA-766-1 webcalendar - authorisation failure
 	{CVE-2005-2320}
-	- webcalendar 0.9.45-7 (medium)
+	[sarge] - webcalendar 0.9.45-4sarge1 (medium)
 	NOTE: not fixed in testing at time of DSA (Debian server outage)
 [22 Jul 2005] DSA-765-1 heimdal - buffer overflow
 	{CVE-2005-0469}
-	- heimdal 0.6.3-10 (medium)
+	[woody] - heimdal 0.4e-7.woody.11 (medium)
 	NOTE: fixed in testing at time of DSA
 [21 Jul 2005] DSA-764-1 cacti - several
 	{CVE-2005-1524 CVE-2005-1525 CVE-2005-1526 CVE-2005-2148 CVE-2005-2149}
-	- cacti 0.8.6f-1 (high)
+	[woody] - cacti 0.6.7-2.5 (high)
+	[sarge] - cacti 0.8.6c-7sarge2 (high)
 	NOTE: fixed in testing at time of DSA
 	NOTE: DSA information is incorrect, sid fix is 6f, not 6e
 [20 Jul 2005] DSA-763-1 zlib - buffer overflow
 	{CVE-2005-1849}
-	- zlib 1:1.2.3-1 (medium)
+	[woody] - zlib <not-affected> (vulnerable code introduced later)
+	[sarge] - zlib 1:1.2.2-4.sarge.2 (medium)
 	NOTE: not fixed in testing at time of DSA (only 1/2 days old, not built on
s390)
 [19 Jul 2005] DSA-762-1 affix - several
 	{CVE-2005-2250 CVE-2005-2277}
-	- affix 2.1.2-2 (medium)
+	[sarge] - affix 2.1.1-2 (medium)
 	NOTE: not fixed in testing at time of DSA (only 2/2 days old)
 [19 Jul 2005] DSA-761-2 heartbeat - insecure temporary files
 	{CVE-2005-2231}
-	- heartbeat 1.2.3-12 (medium)
+	[woody] - heartbeat 0.4.9.0l-7.3 (medium)
+	[sarge] - heartbeat 1.2.3-9sarge3 (medium)
 	NOTE: not fixed in testing at time of DSA (only 0/2 days old)
 [18 Jul 2005] DSA-760-1 ekg - several
 	{CVE-2005-1850 CVE-2005-1851 CVE-2005-1916}
-	- ekg 1:1.5+20050712+1.6rc2-1 (low)
+	[sarge] - ekg 1:1.5+20050411-4 (low)
 	NOTE: not fixed in testing at time of DSA (waiting on dependencies, not built
on five archs)
 [18 Jul 2005] DSA-759-1 phppgadmin - missing input sanitising
 	{CVE-2005-2256}
-	- phppgadmin 3.5.4-1 (medium)
+	[woody] - phppgadmin <not-affected> (not affected according to the DSA)
+	[sarge] - phppgadmin 3.5.2-5 (medium)
 	NOTE: not fixed in testing at time of DSA (only 0/10 days old)
 [18 Jul 2005] DSA-758-1 heimdal - buffer overflow
 	{CVE-2005-2040}
-	- heimdal 0.6.3-11 (medium)
+	[woody] - heimdal 0.4e-7.woody.10 (medium)
+	[sarge] - heimdal 0.6.3-10sarge1 (medium)
 	NOTE: not fixed in testing at time of DSA (waiting on dependencies)
 [17 Jul 2005] DSA-757-1 krb5 - buffer overflow, double-free memory
 	{CVE-2005-1689 CVE-2005-1174 CVE-2005-1175}
-	- krb5 1.3.6-4 (medium)
+	[woody] - krb5 1.2.4-5woody10 (medium)
+	[sarge] - krb5 1.3.6-2sarge2 (medium)
 	NOTE: not fixed in testing at time of DSA (waiting on dependencies, not built
on m68k)
 [14 Jul 2005] DSA-746-1 phpgroupware - remote command execution
 	{CVE-2005-1921}
-	- phpgroupware 0.9.16.006-1 (high)
+	[woody] - phpgroupware <unfixed> (high)
+	[sarge] - phpgroupware 0.9.16.005-3.sarge0 (high)
 	NOTE: fixed in testing at time of DSA
 [13 Jul 2005] DSA-756-1 squirrelmail - several
 	{CVE-2005-1769 CVE-2005-2095}
-	- squirrelmail 2:1.4.4-6 (medium)
+	[woody] - squirrelmail 1:1.2.6-4 (medium)
+	[sarge] - squirrelmail 2:1.4.4-6sarge1 (medium)
 	NOTE: not fixed in testing at time of DSA (only 0/2 days old)
 [13 Jul 2005] DSA-755-1 tiff - buffer overflow 
 	{CVE-2005-1544}
-	- tiff 3.7.2-3 (medium)
+	[woody] - tiff 3.5.5-7 (medium)
 	NOTE: fixed in testing at time of DSA
 [13 Jul 2005] DSA-754-1 centericq - insecure temporary file
 	{CVE-2005-1914}
-	- centericq 4.20.0-7 (low)
+	[woody] - centericq <not-affected> (not affected according to DSA)
+	[sarge] - centericq 4.20.0-1sarge1 (low)
 	NOTE: not fixed in testing at time of DSA (waiting on dependencies)
 [12 Jul 2005] DSA-753-1 gedit - format string
 	{CVE-2005-1686}
-	- gedit 2.10.3-1 (low)
+	[woody] - gedit <not-affected> (not affected according to DSA)
+	[sarge] - gedit 2.8.3-4sarge1 (low)
 	NOTE: not fixed in testing at time of DSA (waiting on dependencies)
 [11 Jul 2005] DSA-752-1 gzip - several
 	{CVE-2005-0988 CVE-2005-1228}
-	- gzip 1.3.5-10
+	[woody] - gzip 1.3.2-3woody5
 	NOTE: fixed in testing at time of DSA
-[11 Jul 2005] DSA-751-1 squid - IP spoofind
+[11 Jul 2005] DSA-751-1 squid - IP spoofing
 	{CVE-2005-1519}
-	- squid 2.5.9-9
+	[woody] - squid 2.4.6-2woody9
 	NOTE: fixed in testing at time of DSA
 [10 Jul 2005] DSA-748-1 ruby1.8 - bad default value
 	{CVE-2005-1992}
-	- ruby1.8 1.8.2-8 (medium)
+	[sarge] - ruby1.8 1.8.2-7sarge1 (medium)
 	NOTE: not fixed in testing at time of DSA (waiting on dependencies)
 [11 Jul 2005] DSA-750-1 dhcpcd - out-of-bound memory access
 	{CVE-2005-1848}
-	- dhcpcd 1:1.3.22pl4-22
+	[sarge] - dhcpcd 1:1.3.22pl4-21sarge1
 	NOTE: fixed in testing at time of DSA
 [10 Jul 2005] DSA-749-1 ettercap - format string error
 	{CVE-2005-1796}
-	- ettercap 1:0.7.3-1 (medium)
+	[sarge] - ettercap 1:0.7.1-1sarge1 (medium)
 	NOTE: fixed in testing at time of DSA
 [10 Jul 2005] DSA-747-1 egroupware - input validation error
 	{CVE-2005-1921}
-	- egroupware 1.0.0.007-3.dfsg-1 (high)
+	[sarge] - egroupware 1.0.0.007-2.dfsg-2sarge1 (high)
 	NOTE: not fixed in testing at time of DSA (only 1/2 days old)
 [10 Jul 2005] DSA-745-1 drupal - arbitrary command execution
-	{CVE-2005-1921 CVE-2005-2106 CVE-2005-2116}
-	- drupal 4.5.4-1 (high)
+	{CVE-2005-1921 CVE-2005-2106}
+	[sarge] - drupal 4.5.3-3 (high)
 	NOTE: fixed in testing at time of DSA
 [08 Jul 2005] DSA-744-1 fuse - programming error
 	{CVE-2005-1858}
-	- fuse 2.3.0-1
+	[sarge] - fuse 2.2.1-4sarge2
 	NOTE: fixed in testing at time of DSA
 [08 Jul 2005] DSA-743-1 ht - buffer overflows, integer overflows
 	{CVE-2005-1545 CVE-2005-1546}
-	- ht 0.8.0-3
+	[woody] - ht 0.5.0-1woody4
+	[sarge] - ht 0.8.0-2sarge4
 	NOTE: fixed in testing at time of DSA
 [09 Jul 2005] DSA-742-1 cvs - buffer overflow
 	{CVE-2005-0753}
-	- cvs 1:1.12.9-13 (high)
+	[woody] - cvs 1.11.1p1debian-12
 	NOTE: fixed in testing at time of DSA
 [07 Jul 2005] DSA-741-1 bzip2 - infinite loop
 	{CVE-2005-1260}
-	- bzip2 1.0.2-7 (low)
+	[woody] - bzip2 1.0.2-1.woody5 (low)
 	NOTE: fixed in testing at time of DSA
 [06 Jul 2005] DSA-740-1 zlib - buffer overflow
 	{CVE-2005-2096}
-	- zlib 1:1.2.2-7 (medium)
+	[woody] - zlib <not-affected> (vulnerability was introduced later)
+	[sarge] - zlib 1:1.2.2-4.sarge.1 (medium)
 	NOTE: anything statically linking zlib needs rebuild
 	NOTE: not fixed in testing at time of DSA (embargoed disclosure)
 [06 Jul 2005] DSA-739-1 trac - missing input sanitising
 	{CVE-2005-2007}
-	- trac 0.8.4-1 (medium)
+	[sarge] - trac 0.8.1-3sarge2 (medium)
 	NOTE: fixed in testing at time of DSA
 [19 May 2005] DSA-725-2 ppxp - missing privilege release
 	{CVE-2005-0392}
-	- ppxp 0.2001080415-11
+	[sarge] - ppxp 0.2001080415-10sarge2
 	NOTE: fixed in testing at time of DSA
 [05 Jul 2005] DSA-738-1 razor - email header parsing error
 	{CVE-2005-2024}
-	- razor 2.720-1 (low)
+	[woody] - razor <not-affected> (not affected according to DSA)
+	[sarge] - razor 2.670-1sarge2 (low)
 	NOTE: not fixed in testing at time of DSA (not built on arm)
 [05 Jul 2005] DSA-737-1 clamav - various DOS vulnerabilities
 	{CVE-2005-1922 CVE-2005-1923 CVE-2005-2056 CVE-2005-2070}
-	- clamav 0.86.1-1 (medium)
+	[sarge] - clamav 0.84-2.sarge.1 (medium)
 	NOTE: not fixed in testing at time of DSA (uploaded with low urgency only, one
fix missing for sid)
 [05 Jul 2005] DSA-734-1 gaim - denial of service
 	{CVE-2005-1269 CVE-2005-1934}
-	- gaim 1:1.3.1-1
+	[woody] - gaim <not-affected> (DSA: "does not seem to be
affected")
+	[sarge] - gaim 1:1.2.1-1.3
 	NOTE: not fixed in testing at time of DSA (not built on sparc)
 [01 Jul 2005] DSA-736-2 spamassassin - mail header parsing error
 	{CVE-2005-1266}
-	- spamassassin 3.0.4-1 (medium)
+	[woody] - spamassassin <not-affected> (not vulnerable according to DSA)
+	[sarge] - spamassassin 3.0.3-2
 	NOTE: fixed in testing at time of DSA
+	NOTE: Some architectures were not ready, that''s why another DSA was
+	NOTE: issued.
 [01 Jul 2005] DSA-736-1 spamassassin - mail header parsing error
 	{CVE-2005-1266}
-	- spamassassin 3.0.4-1 (medium)
+	[woody] - spamassassin <not-affected> (not vulnerable according to DSA)
+	[sarge] - spamassassin 3.0.3-2
 	NOTE: fixed in testing at time of DSA
 [08 Jul 2005] DSA-735-2 sudo - pathname validation race
 	{CVE-2005-1993}
-	- sudo 1.6.8p9-1 (medium)
+	[woody] - sudo 1.6.6-1.3woody1 (medium)
+	[sarge] - sudo 1.6.8p7-1.1sarge1 (medium)
 	NOTE: fixed in testing at time of DSA
+	NOTE: Some architectures were not ready, that''s why another DSA was
+	NOTE: issued.
 [01 Jul 2005] DSA-735-1 sudo - pathname validation race
 	{CVE-2005-1993}
-	- sudo 1.6.8p9-1 (medium)
+	[woody] - sudo 1.6.6-1.3woody1 (medium)
+	[sarge] - sudo 1.6.8p7-1.1sarge1 (medium)
 	NOTE: not fixed in testing at time of DSA
 [30 Jun 2005] DSA-733-1 crip - insecure temporary files
 	{CVE-2005-0393}
-	- crip 3.5-1sarge2 (low)
+	[sarge] - crip 3.5-1sarge2 (low)
 	NOTE: not fixed in testing at time of DSA (reserved)
 [03 Jun 2005] DSA-732-1 mailutils - several
         {CVE-2005-1520 CVE-2005-1521 CVE-2005-1522 CVE-2005-1523}
-        - mailutils 1:0.6.1-4
+        [woody] - mailutils 20020409-1woody2
 	NOTE: fixed in testing at time of DSA
 [02 Jun 2005] DSA-731-1 krb4 - buffer overflows
-	{CVE-2005-0468 CVE-2005-0469} 
-	- krb4 1.2.2-11.2
+	{CVE-2005-0468 CVE-2005-0469}
+	[woody] - krb4 1.1-8-2.4
 	NOTE: fixed in testing at time of DSA
 [27 May 2005] DSA-730-1 bzip2 - race condition
 	{CVE-2005-0953}
-	- bzip2 1.0.2-6
+	[woody] - bzip2 1.0.2-1.woody2
 	NOTE: fixed in testing at time of DSA
 [26 May 2005] DSA-729-1 php4 - missing input sanitising
 	{CVE-2005-0525}
-	- php4 4:4.3.10-10
+	[woody] - php4 4:4.1.2-7.woody4
 	NOTE: fixed in testing at time of DSA
 [25 May 2005] DSA-728-1 qpopper - missing privilege release
 	{CVE-2005-1151 CVE-2005-1152}
-	- qpopper 4.0.5-4sarge1
+	[woody] - qpopper 4.0.4-2.woody.5
 	NOTE: fixed in testing at time of DSA by security team
 [20 May 2005] DSA-727-1 libconvert-uulib-perl - buffer overflow
 	{CVE-2005-1349}
-	- libconvert-uulib-perl 1.0.5.1-1
+	[woody] - libconvert-uulib-perl 0.201-2woody1
 	NOTE: fixed in testing at time of DSA
 [20 May 2005] DSA-726-1 oops - format string vulnerability
 	{CVE-2005-1121}
-	- oops <unfixed> (bug #307360; high)
+	[woody] - oops 1.5.19.cvs.20010818-0.1woody1
 	NOTE: not in testing at time of DSA
 [19 May 2005] DSA-725-1 ppxp - missing privilege release
 	{CVE-2005-0392}
-	- ppxp 0.2001080415-11
+	[woody] - ppxp 0.2001080415-6woody2
 	NOTE: not fixed in testing at time of DSA
 [18 May 2005] DSA-724-1 phpsysinfo - design flaw
 	{CVE-2005-0870}
-	- phpsysinfo 2.3-3
+	[woody] - phpsysinfo 2.0-3woody2
 	NOTE: fixed in testing at time of DSA
 [09 May 2005] DSA-723-1 xfree86 - buffer overflow
 	{CVE-2005-0605}
-	- xfree86 4.3.0.dfsg.1-13
+	[woody] - xfree86 4.1.0-16woody6
 	NOTE: not fixed in testing at time of DSA
 [09 May 2005] DSA-722-1 smail - buffer overflow
 	{CVE-2005-0892}
+	[woody] - smail 3.2.0.114-4woody1
 	NOTE: Package not in testing at time of DSA
 [06 May 2005] DSA-721-1 squid - design flaw
 	{CVE-2005-1345}
-	- squid 2.5.9-7
+	[woody] - squid 2.4.6-2woody8
 	NOTE: not fixed in testing at time of DSA
 [03 May 2005] DSA-720-1 smartlist - wrong input processing
 	{CVE-2005-0157}
-	- smartlist 3.15-18
+	[woody] - smartlist 3.15-5.woody.1
 	NOTE: fixed in testing at time of DSA
 [28 Apr 2005] DSA-719-1 prozilla - format string problems
 	{CVE-2005-0523}
-	- prozilla 1:1.3.7.4-1
+	[woody] - prozilla 1:1.3.6-3woody2
 	NOTE: fixed in testing at time of DSA
 [28 Apr 2005] DSA-718-1 ethereal - buffer overflow
 	{CVE-2005-0739}
-	- ethereal 0.10.10-1
+	[woody] - ethereal 0.9.4-1woody12
 	NOTE: fixed in testing at time of DSA
 [27 Apr 2005] DSA-717-1 lsh-utils - buffer overflow, typo
 	{CVE-2003-0826 CVE-2005-0814}
-	- lsh-utils 2.0.1-2
+	[woody] - lsh-utils 1.2.5-2woody3
 	NOTE: fixed in testing at time of DSA
 [27 Apr 2005] DSA-716-1 gaim - denial of service
 	{CVE-2005-0472}
-	- gaim 1:1.1.3-1
+	[woody] - gaim 1:0.58-2.5
 	NOTE: fixed in testing at time of DSA
 [27 Apr 2005] DSA-715-1 cvs - several
 	{CVE-2004-1342 CVE-2004-1343}
-	- cvs 1:1.12.9-12
+	[woody] - cvs 1.11.1p1debian-10
 	NOTE: not fixed in testing at time of DSA
 [26 Apr 2005] DSA-714-1 kdelibs - several
 	{CVE-2005-1046}
-	- kdelibs 4:3.3.2-5
+	[woody] - kdelibs 4:2.2.2-13.woody.14
 	NOTE: not fixed in testing at time of DSA
 [21 Apr 2005] DSA-701-2 samba - integer overflows
 	NOTE: only a bug in the backported fix to stable, testing is ok
 [21 Apr 2005] DSA-713-1 junkbuster - several
 	{CVE-2005-1108 CVE-2005-1109}
+	[woody] - junkbuster 2.0.2-0.2woody1
 	NOTE: package not in testing/unstable
 [19 Apr 2005] DSA-712-1 geneweb - insecure file operations
 	{CVE-2005-0391}
-	- geneweb 4.10-7
+	[woody] - geneweb 4.06-2woody1
 	NOTE: fixed in testing at time of DSA
 [19 Apr 2005] DSA-711-1 info2www - missing input sanitising
 	{CVE-2004-1341}
-	- info2www 1.2.2.9-23
+	[woody] - info2www 1.2.2.9-20woody1
 	NOTE: fixed in testing at time of DSA
 [18 Apr 2005] DSA-710-1 gtkhtml - null pointer dereference
 	{CVE-2003-0541}
-	- gtkhtml 1.0.4-6.2
+	[woody] - gtkhtml 1.0.2-1.woody1
 	NOTE: fixed in testing at time of DSA
 [15 Apr 2005] DSA-709-1 libexif - buffer overflow
 	{CVE-2005-0664}
-	- libexif 0.6.9-5
+	[woody] - libexif 0.5.0-1woody1 (bug #298464)
 [15 Apr 2005] DSA-708-1 php3 - missing input sanitising
 	{CVE-2005-0525}
-	- php3 3:3.0.18-31
+	[woody] - php3 3:3.0.18-23.1woody3 (bug #302701)
 [13 Apr 2005] DSA-707-1 mysql - several
-	{CVE-2004-0957 CVE-2005-0709 CVE-2005-0710 CVE-2005-0711} 
-	- mysql-dfsg 4.0.24-5
-	- mysql-dfsg-4.1 4.1.10a-6
+	{CVE-2004-0957 CVE-2005-0709 CVE-2005-0710 CVE-2005-0711}
+	[woody] - mysql 3.23.49-8.11
 	NOTE: not fixed in testing at time of DSA
 [13 Apr 2005] DSA-706-1 axel - buffer overflow
 	{CVE-2005-0390}
-	- axel 1.0b-1
+	[woody] - axel 1.0a-1woody1
 	NOTE: fixed in testing at time of DSA
 [04 Apr 2005] DSA-705-1 wu-ftpd - missing input sanitising
-	{CVE-2005-0256 CVE-2003-0854}
-	- wu-ftpd 2.6.2-19
+	{CVE-2005-0256}
+	{CVE-2003-0854}
+	[woody] - wu-ftpd 2.6.2-3woody5
+	NOTE: DSA mentions CVE-2003-0854 as fixed, but this update only 
+	NOTE: contains a workaround.
 [04 Apr 2005] DSA-704-1 remstats - tempfile, missing input sanitising
 	{CVE-2005-0387 CVE-2005-0388}
-	- remstats 1.0.13a-5
+	[woody] - remstats 1.00a4-8woody1
 	NOTE: not fixed in testing at time of DSA
 [01 Apr 2005] DSA-703-1 krb5 - buffer overflows
 	{CVE-2005-0468 CVE-2005-0469}
-	- krb5 1.3.6-1
+	[woody] - krb5 1.2.4-5woody8
 [01 Apr 2005] DSA-702-1 imagemagick - several
 	{CVE-2005-0397 CVE-2005-0759 CVE-2005-0760 CVE-2005-0762}
-	- imagemagick 6:6.0.6.2-2.2
+	[woody] - imagemagick 4:5.4.4.5-1woody6
 [31 Mar 2005] DSA-701-1 samba - integer overflows
 	{CVE-2004-1154}
-	- samba 3.0.10-1
+	[woody] - samba 2.2.3a-15
 [30 Mar 2005] DSA-700-1 mailreader - missing input sanitising
 	{CVE-2005-0386}
-	- mailreader 2.3.29-11
+	[woody] - mailreader 2.3.29-5woody2
 	NOTE: not fixed in testing at time of DSA
 [29 Mar 2005] DSA-699-1 netkit-telnet-ssl - buffer overflow
 	{CVE-2005-0469}
-	- netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036)
+	[woody] - netkit-telnet-ssl 0.17.17+0.1-2woody4
 	NOTE: not fixed in testing at time of DSA
 [29 Mar 2005] DSA-698-1 mc - buffer overflow
 	{CVE-2005-0763}
-	NOTE: Not clear which unstable/testing version fixed this,
-	NOTE: but advisory says it''s fixed.
+	[woody] - mc 4.5.55-1.2woody6
+	NOTE: Seems to be a "fix the fix", correcting a previous DSA.
 [29 Mar 2005] DSA-697-1 netkit-telnet - buffer overflow
 	{CVE-2005-0469}
-	- netkit-telnet 0.17-28
+	[woody] - netkit-telnet 0.17-18woody3
 	NOTE: not fixed in testing at time of DSA
 [22 Mar 2005] DSA-696-1 perl - design flaw
 	{CVE-2005-0448}
-	- perl 5.8.4-8
+	[woody] - perl 5.6.1-8.9
 	NOTE: fixed in testing at time of DSA
+	NOTE: (sid version in DSA is 5.8.4-8, but 5.8.4-7 is more correct)
 [21 Mar 2005] DSA-695-1 xli - buffer overflow, input sanitising, integer
overflow
 	{CVE-2001-0775 CVE-2005-0638 CVE-2005-0639}
-	- xli 1.17.0-18
+	[woody] - xli 1.17.0-11woody1
 	NOTE: not fixed in testing at time of DSA
 [21 Mar 2005] DSA-694-1 xloadimage - missing input sanitising, integer overflow
 	{CVE-2005-0638 CVE-2005-0639}
-	- xloadimage 4.1-14.2
+	[woody] - xloadimage 4.1-10woody1
 	NOTE: not fixed in testing at time of DSA
 [14 Mar 2005] DSA-693-1 luxman - buffer overflow
 	{CVE-2005-0385}
 	NOTE: not fixed in testing at time of DSA
 	NOTE: not in unstable at time of DSA though DSA claimed it was
-	- luxman 0.41-20
+	[woody] - luxman 0.41-17.2
 [14 Mar 2005] DSA-662-2 squirrelmail - several
 	NOTE: only an update to a prior DSA, did not affct sid/sarge.
 [08 Mar 2005] DSA-692-1 kppp - design flaw
 	{CVE-2005-0205}
-	- kppp 4:3.1.6
+	[woody] - kdenetwork 4:2.2.2-14.7
 	NOTE: fixed in testing at time of DSA
 [07 Mar 2005] DSA-691-1 abuse - several 
 	{CVE-2005-0098 CVE-2005-0099}
+	[woody] - abuse 2.00+-3woody4
 	NOTE: not in unstable/testing
 [25 Feb 2005] DSA-690-1 bsmtpd - missing input sanitising
 	{CVE-2005-0107}
-	- bsmtpd 2.3pl8b-16
+	[woody] - bsmtpd 2.3pl8b-12woody1
 	NOTE: not fixed in testing at time of DSA
 [23 Feb 2005] DSA-689-1 libapache-mod-python - missing input sanitising
 	{CVE-2005-0088}
-	- libapache-mod-python 2:2.7.10-4
+	[woody] - libapache-mod-python 2:2.7.8-0.0woody5
 	NOTE: fixed in testing at time of DSA
-	- libapache2-mod-python 3.1.3-3
-	NOTE: fixed in testing at time of DSA
 [23 Feb 2005] DSA-688-1 squid - mising input sanitising
 	{CVE-2005-0446}
-	- squid 2.5.8-3
+	[woody] - squid 2.4.6-2woody7
 	NOTE: fixed in testing at time of DSA
 [21 Feb 2005] DSA-674-3 mailman - cross-site scripting, directory traversal
 	NOTE: only fixed bug in DSA
 [18 Feb 2005] DSA-687-1 bidwatcher - format string
 	{CVE-2005-0158}
-	- bidwatcher 1.3.17-1
+	[woody] - bidwatcher 1.3.3-1woody1
 	NOTE: not fixed in testing at time of DSA
 [17 Feb 2005] DSA-686-1 gftp - missing input sanitising
 	{CVE-2005-0372}
-	- gftp 2.0.18-1
+	[woody] - gftp 2.0.11-1woody1
 	NOTE: not fixed in testing at time of DSA
 [17 Feb 2005] DSA-685-1 emacs21 - format string
 	{CVE-2005-0100}
-	- emacs21 21.3+1-9
+	[woody] - emacs21 21.2-1woody3
 	NOTE: not fixed in testing at time of DSA
 [16 Feb 2005] DSA-684-1 typespeed - format string
 	{CVE-2005-0105}
-	- typespeed 0.4.4-8
+	[woody] - typespeed 0.4.4-8
 	NOTE: not fixed in testing at time of DSA
 [15 Feb 2005] DSA-683-1 postgresql - buffer overflows
 	{CVE-2005-0245 CVE-2005-0247}
-	- postgresql 7.4.7-2
+	[woody] - postgresql 7.2.1-2woody8
 	NOTE: fixed in testing at time of DSA
 [15 Feb 2005] DSA-682-1 awstats - missing input sanitising
 	{CVE-2005-0363}
-	- awstats 6.2-1.2
+	[woody] - awstats 4.0-0.woody.2
 	NOTE: not fixed in testing at time of DSA
 [14 Feb 2005] DSA-681-1 synaesthesia - privilege escalation
 	{CVE-2005-0070}
+	[woody] - synaesthesia 2.1-2.1woody3
 	NOTE: does not apply for sarge, program is not setuid anymore
 [14 Feb 2005] DSA-680-1 htdig - unsanitised input
 	{CVE-2005-0085}
-	- htdig 1:3.1.6-11
+	[woody] - htdig 3.1.6-3woody1
 	NOTE: fixed in testing at time of DSA
 [14 Feb 2005] DSA-679-1 toolchain-source - insecure temporary files
 	{CVE-2005-0159}
-	- toolchain-source 3.4-5
+	[woody] - toolchain-source 3.0.4-1woody1
 	NOTE: not fixed in testing at time of DSA
 [11 Feb 2005] DSA-678-1 netkit-rwho - missing input validation
 	{CVE-2004-1180}
-	- netkit-rwho 0.17-8
+	[woody] - netkit-rwho 0.17-4woody2
 	NOTE: not fixed in testing at time of DSA
 [11 Feb 2005] DSA-677-1 sympa - buffer overflow
 	{CVE-2005-0073}
-	- sympa 4.1.2-2.1
+	[woody] - sympa 3.3.3-3woody2
 	NOTE: not fixed in testing at time of DSA
 [11 Feb 2005] DSA-676-1 xpcd - buffer overflow
 	{CVE-2005-0074}
-	- xpcd 2.08-11.1 (bug #294793)
+	[woody] - xpcd 2.08-8woody3 (bug #294793)
 	NOTE: not fixed in testing at time of DSA
 [11 Feb 2005] DSA-674-2 mailman - cross-site scripting, directory traversal
 	NOTE: only fixed bug in DSA
 [10 Feb 2005] DSA-675-1 hztty - privilege escalation
 	{CVE-2005-0019}
-	- hztty 2.0-6.1
+	[woody] - hztty 2.0-5.2woody2
 	NOTE: not fixed in testing at time of DSA
 [10 Feb 2005] DSA-674-1 mailman - cross-site scripting, directory traversal
-	{CVE-2004-1177}
-	- mailman 2.1.5-5
-	NOTE: fixed in testing at time of DSA
-	{CVE-2005-0202}
-	- mailman 2.1.5-6
+	{CVE-2004-1177 CVE-2005-0202}
+	[woody] - mailman 2.0.11-1woody11
 	NOTE: not fixed in testing at time of DSA
 [10 Feb 2005] DSA-673-1 evolution - integer overflow
 	{CVE-2005-0102}
-	- evolution 2.0.3-1.2
+	[woody] - evolution 1.0.5-1woody2
 	NOTE: fixed in testing at time of DSA
 [09 Feb 2005] DSA-672-1 xview - buffer overflows
 	{CVE-2005-0076}
-	- xview 3.2p1.4-19
+	[woody] - xview 3.2p1.4-16woody2
 	NOTE: not fixed in testing at time of DSA
 [08 Feb 2005] DSA-671-1 xemacs21 - format string
 	{CVE-2005-0100}
 	NOTE: not fixed in testing at time of DSA
-	- xemacs21 21.4.16-2
+	[woody] - xemacs21 21.4.6-8woody2
 [08 Feb 2005] DSA-670-1 emacs20 - format string
 	{CVE-2005-0100}
+	[woody] - emacs20 20.7-13.3
 	NOTE: also affects emacs21 in unstable, fixed
 [04 Feb 2005] DSA-669-1 php3 - several
 	{CVE-2004-0594 CVE-2004-0595}
-	- php3 3:3.0.18-27
+	[woody] - php3 3:3.0.18-23.1woody2
 	NOTE: fixed in testing at time of DSA
 [04 Feb 2005] DSA-668-1 postgresql - privilege escalation
 	{CVE-2005-0227}
-	- postgresql 7.4.7-1
+	[woody] - postgresql 7.2.1-2woody7
 	NOTE: not fixed in testing at time of DSA
 [04 Feb 2005] DSA-667-1 squid - several
-	{CVE-2005-0173 CVE-2005-0175 CVE-2005-0194 CVE-2005-0211} 
-	- squid 2.5.7-7
+	{CVE-2005-0173 CVE-2005-0175 CVE-2005-0194 CVE-2005-0211}
+	[woody] - squid 2.4.6-2woody6
 	NOTE: not fixed in testing at time of DSA
 [04 Feb 2005] DSA-666-1 python2.2 - design flaw
 	{CVE-2005-0089}
-	- python2.2 2.2.3-14
-	- python2.3 2.3.4-20
-	- python2.4 2.4-5
+	[woody] - python2.2 2.2.1-4.7
 	NOTE: not fixed in testing at time of DSA
 [04 Feb 2005] DSA-665-1 ncpfs - missing privilege release
 	{CVE-2005-0013}
-	- ncpfs 2.2.6-1
+	[woody] - ncpfs 2.2.0.18-10woody2
 	NOTE: not fixed in testing at time of DSA
 [02 Feb 2005] DSA-664-1 cpio - broken file permissions
 	{CVE-1999-1572}
-	- cpio 2.5-1.2 (bug #293379)
+	[woody] - cpio 2.4.2-39woody1
 	NOTE: not fixed in testing at time of DSA
 [02 Feb 2005] DSA-663-1 prozilla - buffer overflows
 	{CVE-2004-1120}
-	- prozilla 1:1.3.7.3-1
+	[woody] - prozilla 1:1.3.6-3woody3
 	NOTE: fixed in testing at time of DSA
 [01 Feb 2005] DSA-662-1 squirrelmail - several
 	{CVE-2005-0104 CVE-2005-0152}
+	[woody] - squirrelmail 1:1.2.6-3
 	NOTE: CVE-2005-0152 only exists in 1.2.6 version
-	- squirrelmail 2:1.4.4
 	NOTE: fixed in testing at time of DSA
 [20 Apr 2005] DSA-661-2 f2c - insecure temporary files
 	{CVE-2005-0017 CVE-2005-0018}
-	- f2c 20020621-3.4 (bug #292792)
+	[woody] - f2c 20010821-3.2 (bug #292792)
 	NOTE: not fixed in testing at time of DSA
 [26 Jan 2005] DSA-660-1 kdebase - missing return value check
 	{CVE-2005-0078}
@@ -1544,7 +1612,7 @@
 	- xitalk 1.1.11-11
 [11 Mar 2004] DSA-461 calife - buffer overflow
 	{CVE-2004-0188}
-	- calife 2.8.6-1
+	[woody] - calife 2.8.4c-1woody1 (bug #235157)
 [10 Mar 2004] DSA-460 sysstat - insecure temporary file
 	{CVE-2004-0108}
 	- sysstat 5.0.2-1
Secure testing commits - Oct 2005 - r2506 - data/DSA

[Secure-testing-commits] r2506 - data/DSA
