Author: joeyh
Date: 2005-09-01 20:48:13 +0000 (Thu, 01 Sep 2005)
New Revision: 1776
Modified:
data/CAN/list
data/DTSA/list
Log:
List versions in CAN/list that were covered by a DTSA so checklist will
know a CAN is fixed by a DTSA. This seems a bit hard to do every time we
make a new DTSA though.
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-01 20:37:43 UTC (rev 1775)
+++ data/CAN/list 2005-09-01 20:48:13 UTC (rev 1776)
@@ -109,7 +109,7 @@
CAN-2005-2655 [Privilege escalation due to insufficient privilege drop in
maildrop''s lockmail]
NOTE: reserved
{DSA-791-1 DTSA-11-1}
- - maildrop 1.5.3-2 (medium)
+ - maildrop 1.5.3-1.1etch1 (medium)
CAN-2005-2654
NOTE: reserved
CAN-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to
symlink attacks]
@@ -190,10 +190,10 @@
NOTE: reserved
CAN-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow
remote ...)
{DSA-788-1 DTSA-1-1}
- - kismet 2005.08.R1-1 (bug #323386; high)
+ - kismet 2005.08.R1-0.1etch1 (bug #323386; high)
CAN-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows
remote ...)
{DSA-788-1 DTSA-1-1}
- - kismet 2005.08.R1-1 (bug #323386; high)
+ - kismet 2005.08.R1-0.1etch1 (bug #323386; high)
CAN-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause
a ...)
NOTE: not-for-us (MS IE)
CAN-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar
2.0.114.1 ...)
@@ -736,7 +736,7 @@
NOTE: not-for-us (Novell eDirectory)
CAN-2005-2547 (security.c in hcid for BlueZ 2.18 and earlier allows remote
attackers ...)
{DSA-782-1}
- - bluez-utils 2.19-1 (bug #323365; medium)
+ - bluez-utils 2.19-0.1etch1 (bug #323365; medium)
CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
NOTE: not-for-us (Arab Portal)
CAN-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in
PHPOpenChat ...)
@@ -857,7 +857,7 @@
CAN-2005-2492
NOTE: reserved
CAN-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular
...)
- - pcre3 6.3-1 (bug #324531; medium)
+ - pcre3 6.3-0.1etch1 (bug #324531; medium)
TODO: gnumeric seems to embed a copy of PCRE, check
- python2.1 2.1.3dfsg-3 (medium)
- python2.2 2.2.3dfsg-4 (medium)
@@ -1068,9 +1068,9 @@
- clamav-getfiles 0.5-1 (bug #321446; medium)
begin claimed by neilm
CAN-2005-XXXX [cgiwrap: Minimum UID does not include all system users]
- - cgiwrap 3.9-3.1 (low)
+ - cgiwrap 3.9-3.0etch1 (low)
CAN-2005-XXXX [cgiwrap: CGIs can be used to disclose system information]
- - cgiwrap 3.9-3.1 (low)
+ - cgiwrap 3.9-3.0etch1 (low)
CAN-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1
allow ...)
- tutos 1.1.20031017-2.1 (medium)
CAN-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1
allows ...)
@@ -1115,7 +1115,7 @@
CAN-2005-2448 (Multiple "endianness errors" in libgadu in ekg
before 1.6rc2 allow ...)
{DTSA-4-1 DTSA-2-1}
- ekg 1:1.5+20050718+1.6rc3-1 (low)
- - centericq 4.20.0-9 (bug #323185; medium)
+ - centericq 4.20.0-8etch1 (bug #323185; medium)
CAN-2005-2447
NOTE: rejected
CAN-2005-2446
@@ -1315,11 +1315,11 @@
CAN-2005-2370 (Multiple "memory alignment errors" in libgadu,
as used in ekg before ...)
{DSA-769-1 DTSA-5-1 DTSA-2-1}
- gaim 1:1.4.0-5 (low)
- - centericq 4.20.0-9 (bug #323185; low)
+ - centericq 4.20.0-8etch1 (bug #323185; low)
CAN-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg
before ...)
{DTSA-2-1}
TODO: check gaim and others that embed libgadu in source tree
- - centericq 4.20.0-9 (bug #323185; medium)
+ - centericq 4.20.0-8etch1 (bug #323185; medium)
CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external
...)
- vim 1:6.3-085+1 (bug #320017; medium)
CAN-2005-2367 (Format string vulnerability in the proto_item_set_text function
in ...)
@@ -1679,49 +1679,49 @@
NOTE: not-for-us (iCab)
CAN-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly
clone ...)
{DSA-781-1 DSA-779-1}
- - mozilla-firefox 1.0.5-1 (high)
+ - mozilla-firefox 1.0.4-2sarge3 (high)
- mozilla 2:1.7.10-1 (high)
- mozilla-thunderbird 1.0.6-1 (high)
CAN-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2
does ...)
{DSA-781-1 DSA-779-1}
- - mozilla-firefox 1.0.5-1 (high)
+ - mozilla-firefox 1.0.4-2sarge3 (high)
- mozilla 2:1.7.10-1 (medium)
- mozilla-thunderbird 1.0.6-1 (medium)
CAN-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly
...)
{DSA-779-1}
- - mozilla-firefox 1.0.5-1 (medium)
+ - mozilla-firefox 1.0.4-2sarge3 (medium)
- mozilla 2:1.7.10-1 (medium)
CAN-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal
information and ...)
{DSA-779-1}
- - mozilla-firefox 1.0.5-1 (medium)
+ - mozilla-firefox 1.0.4-2sarge3 (medium)
CAN-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child
frame to ...)
{DSA-781-1 DSA-779-1}
- - mozilla-firefox 1.0.5-1 (medium)
+ - mozilla-firefox 1.0.4-2sarge3 (medium)
- mozilla 2:1.7.10-1 (medium)
- mozilla-thunderbird 1.0.6-1 (low)
CAN-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2
and 7.2 ...)
{DSA-781-1 DSA-779-1}
- - mozilla-firefox 1.0.5-1 (high)
+ - mozilla-firefox 1.0.4-2sarge3 (high)
- mozilla 2:1.7.10-1 (medium)
- mozilla-thunderbird 1.0.6-1 (medium)
CAN-2005-2264 (Firefox before 1.0.5 allows remote attackers to steal sensitive
...)
{DSA-779-1}
- - mozilla-firefox 1.0.5-1 (medium)
+ - mozilla-firefox 1.0.4-2sarge3 (medium)
CAN-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and
Mozilla ...)
{DSA-779-1}
- - mozilla-firefox 1.0.5-1 (medium)
+ - mozilla-firefox 1.0.4-2sarge3 (medium)
- mozilla 2:1.7.10-1 (medium)
CAN-2005-2262 (Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote
attackers ...)
{DSA-779-1}
- - mozilla-firefox 1.0.5-1 (medium)
+ - mozilla-firefox 1.0.4-2sarge3 (medium)
CAN-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before
1.7.9, ...)
{DSA-781-1 DSA-779-1}
- - mozilla-firefox 1.0.5-1 (medium)
+ - mozilla-firefox 1.0.4-2sarge3 (medium)
- mozilla 2:1.7.10-1 (medium)
- mozilla-thunderbird 1.0.6-1 (medium)
CAN-2005-2260 (The browser user interface in Firefox before 1.0.5, Mozilla
before ...)
{DSA-779-1}
- - mozilla-firefox 1.0.5-1 (medium)
+ - mozilla-firefox 1.0.4-2sarge3 (medium)
- mozilla 2:1.7.10-1 (medium)
CAN-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML
of ...)
NOTE: not-for-us (magicHTML)
@@ -3683,7 +3683,8 @@
NOTE: rejected
CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows
remote ...)
{DSA-777-1 DSA-775-1}
- - mozilla-firefox 1.0.4-3 (medium)
+ - mozilla-firefox 1.0.4-2sarge3 (medium)
+ - mozilla 2:1.7.8-1sarge1 (medium)
CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages
using the ...)
NOTE: not-for-us (Microsoft)
CAN-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network
...)
@@ -11862,8 +11863,8 @@
NOTE: upstream versions became vulnerable again, see
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850
NOTE: and were fixed again, it got CAN-2005-1937 for the reversion
- - mozilla 1.6 (medium)
- - mozilla-firefox 1.0.4-3 (medium)
+ - mozilla 2:1.7.8-1sarge1 (medium)
+ - mozilla-firefox 1.0.4-2sarge3 (medium)
CAN-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly
prevent a ...)
NOTE: not-for-us (opera 7.50)
CAN-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint
mapper ...)
Modified: data/DTSA/list
==================================================================---
data/DTSA/list 2005-09-01 20:37:43 UTC (rev 1775)
+++ data/DTSA/list 2005-09-01 20:48:13 UTC (rev 1776)
@@ -11,7 +11,7 @@
{CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2262
CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267
CAN-2005-2268 CAN-2005-2269 CAN-2005-2270}
- mozilla-firefox 1.0.4-2sarge3 (high)
[28 Aug 2005] DTSA-7-1 mozilla - frame injection spoofing
- {CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2262
CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267
CAN-2005-2268 CAN-2005-2269 CAN-2005-2270}
+ {CAN-2004-0718 CAN-2005-1937}
- mozilla 2:1.7.8-1sarge1 (high)
[28 Aug 2005] DTSA-6-1 cgiwrap - multiple vulnerabilities
- cgiwrap 3.9-3.0etch1 (low)
@@ -22,7 +22,7 @@
{CAN-2005-1916 CAN-2005-1851 CAN-2005-1850 CAN-2005-1852 CAN-2005-2448}
- ekg 1:1.5+20050808+1.6rc3-0etch1 (low)
[27 Aug 2005] DTSA-3-1 clamav - denial of service and privilege escalation
- {CAN-2005-2070 CAN-2005-1923 CAN-2005-2056 CAN-2005-1922 CAN-2005-2450 }
+ {CAN-2005-2070 CAN-2005-1923 CAN-2005-2056 CAN-2005-1922 CAN-2005-2450}
- clamav 0.86.2-4etch1 (high)
[27 Aug 2005] DTSA-2-1 centericq - multiple vulnerabilities
{CAN-2005-2448 CAN-2005-2370 CAN-2005-2369 CAN-2005-1914}