Author: joeyh Date: 2005-09-08 13:49:59 +0000 (Thu, 08 Sep 2005) New Revision: 1852 Removed: data/DTSA/DTSA-1-1 data/DTSA/DTSA-10-1 data/DTSA/DTSA-11-1 data/DTSA/DTSA-2-1 data/DTSA/DTSA-3-1 data/DTSA/DTSA-4-1 data/DTSA/DTSA-5-1 data/DTSA/DTSA-6-1 data/DTSA/DTSA-7-1 data/DTSA/DTSA-8-1 data/DTSA/DTSA-8-2 data/DTSA/DTSA-9-1 Log: removing old texts od DTSAs, don''t see any need to keep these in svn since we have the advs directory and the dtsa script Deleted: data/DTSA/DTSA-1-1 ==================================================================--- data/DTSA/DTSA-1-1 2005-09-08 13:47:29 UTC (rev 1851) +++ data/DTSA/DTSA-1-1 2005-09-08 13:49:59 UTC (rev 1852) @@ -1,55 +0,0 @@ ------------------------------------------------------------------------------- -Debian Testing Security Advisory DTSA-1-1 http://secure-testing.debian.net -secure-testing-team@lists.alioth.debian.org Joey Hess -August 26th, 2005 ------------------------------------------------------------------------------- - -Package : kismet -Vulnerability : various -Problem-Scope : remote -Debian-specific: No -CVE ID : CAN-2005-2626 CAN-2005-2627 - -Multiple security holes have been discovered in kismet: - -CAN-2005-2627 - -Multiple integer underflows in Kismet allow remote attackers to execute -arbitrary code via (1) kernel headers in a pcap file or (2) data frame -dissection, which leads to heap-based buffer overflows. - -CAN-2005-2626 - -Unspecified vulnerability in Kismet allows remote attackers to have an -unknown impact via unprintable characters in the SSID. - -For the testing distribution (etch) this is fixed in version -2005.08.R1-0.1etch1 - -For the unstable distribution (sid) this is fixed in version -2005.08.R1-1 - -This upgrade is recommended if you use kismet. - -The Debian testing security team does not track security issues for then -stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, -the Debian security team will make an announcement once a fix is ready. - -Upgrade Instructions --------------------- - -To use the Debian testing security archive, add the following lines to -your /etc/apt/sources.list: - -deb http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free -deb-src http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free - -The archive signing key can be downloaded from -http://secure-testing.debian.net/ziyi-2005-7.asc - -To install the update, run this command as root: - -apt-get update && apt-get install kismet - -For further information about the Debian testing security team, please refer -to http://secure-testing.debian.net/ Deleted: data/DTSA/DTSA-10-1 ==================================================================--- data/DTSA/DTSA-10-1 2005-09-08 13:47:29 UTC (rev 1851) +++ data/DTSA/DTSA-10-1 2005-09-08 13:49:59 UTC (rev 1852) @@ -1,54 +0,0 @@ ------------------------------------------------------------------------------- -Debian Testing Security Advisory DTSA-10-1 http://secure-testing.debian.net -secure-testing-team@lists.alioth.debian.org Joey Hess -August 29th, 2005 ------------------------------------------------------------------------------- - -Package : pcre3 -Vulnerability : buffer overflow -Problem-Scope : remote -Debian-specific: No -CVE ID : CAN-2005-2491 - -An integer overflow in pcre_compile.c in Perl Compatible Regular Expressions -(PCRE) allows attackers to execute arbitrary code via quantifier values in -regular expressions, which leads to a heap-based buffer overflow. - -For the testing distribution (etch) this is fixed in version -6.3-0.1etch1 - -For the unstable distribution (sid) this is fixed in version -6.3-1 - -This upgrade is recommended if you use pcre3. - -The Debian testing security team does not track security issues for then -stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, -the Debian security team will make an announcement once a fix is ready. - -Upgrade Instructions --------------------- - -To use the Debian testing security archive, add the following lines to -your /etc/apt/sources.list: - -deb http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free -deb-src http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free - -The archive signing key can be downloaded from -http://secure-testing.debian.net/ziyi-2005-7.asc - -Before installing the update, please note that you will need to restart all -daemons that link with libpcre3 for the security fix to be used. Either -reboot your machine after the upgrade, or make a list of processes that are -using libpcre3, and restart them after the upgrade. To generate the list, -run this command before you upgrade: - -lsof /usr/lib/libpcre.so.3 - -To install the update, run this command as root: - -apt-get update && apt-get install libpcre3 - -For further information about the Debian testing security team, please refer -to http://secure-testing.debian.net/ Deleted: data/DTSA/DTSA-11-1 ==================================================================--- data/DTSA/DTSA-11-1 2005-09-08 13:47:29 UTC (rev 1851) +++ data/DTSA/DTSA-11-1 2005-09-08 13:49:59 UTC (rev 1852) @@ -1,49 +0,0 @@ ------------------------------------------------------------------------------- -Debian Testing Security Advisory DTSA-11-1 http://secure-testing.debian.net -secure-testing-team@lists.alioth.debian.org Andres Salomon -August 29th, 2005 ------------------------------------------------------------------------------- - -Package : maildrop -Vulnerability : local privilege escalation -Problem-Scope : local -Debian-specific: Yes -CVE ID : CAN-2005-2655 - -The lockmail binary shipped with maildrop allows for an attacker to -obtain an effective gid as group "mail". Debian ships the binary with its -setgid bit set, but the program does not drop privileges when run. It takes -an argument that is executed, and since it does not drop privileges, an -attacker can execute an arbitrary command with an effective gid of the "mail" -group. - -For the testing distribution (etch) this is fixed in version -1.5.3-1.1etch1 - -For the unstable distribution (sid) this is fixed in version -1.5.3-2 - -This upgrade is recommended if you use maildrop. - -The Debian testing security team does not track security issues for then -stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, -the Debian security team will make an announcement once a fix is ready. - -Upgrade Instructions --------------------- - -To use the Debian testing security archive, add the following lines to -your /etc/apt/sources.list: - -deb http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free -deb-src http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free - -The archive signing key can be downloaded from -http://secure-testing.debian.net/ziyi-2005-7.asc - -To install the update, run this command as root: - -apt-get update && apt-get install maildrop - -For further information about the Debian testing security team, please refer -to http://secure-testing.debian.net/ Deleted: data/DTSA/DTSA-2-1 ==================================================================--- data/DTSA/DTSA-2-1 2005-09-08 13:47:29 UTC (rev 1851) +++ data/DTSA/DTSA-2-1 2005-09-08 13:49:59 UTC (rev 1852) @@ -1,67 +0,0 @@ ------------------------------------------------------------------------------- -Debian Testing Security Advisory DTSA-2-1 http://secure-testing.debian.net -secure-testing-team@lists.alioth.debian.org Joey Hess -August 28th, 2005 ------------------------------------------------------------------------------- - -Package : centericq -Vulnerability : multiple vulnerabilities -Problem-Scope : local and remote -Debian-specific: No -CVE ID : CAN-2005-2448 CAN-2005-2370 CAN-2005-2369 CAN-2005-1914 - -centericq in testing is vulnerable to multiple security holes: - -CAN-2005-2448 - -Multiple endianness errors in libgadu, which is embedded in centericq, -allow remote attackers to cause a denial of service (invalid behaviour in -applications) on big-endian systems. - -CAN-2005-2370 - -Multiple memory alignment errors in libgadu, which is embedded in -centericq, allows remote attackers to cause a denial of service (bus error) -on certain architectures such as SPARC via an incoming message. - -CAN-2005-2369 - -Multiple integer signedness errors in libgadu, which is embedded in -centericq, may allow remote attackers to cause a denial of service -or execute arbitrary code. - -CAN-2005-1914 - -centericq creates temporary files with predictable file names, which -allows local users to overwrite arbitrary files via a symlink attack. - -For the testing distribution (etch) this is fixed in version -4.20.0-8etch1 - -For the unstable distribution (sid) this is fixed in version -4.20.0-9 - -This upgrade is recommended if you use centericq. - -The Debian testing security team does not track security issues for then -stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, -the Debian security team will make an announcement once a fix is ready. - -Upgrade Instructions --------------------- - -To use the Debian testing security archive, add the following lines to -your /etc/apt/sources.list: - -deb http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free -deb-src http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free - -The archive signing key can be downloaded from -http://secure-testing.debian.net/ziyi-2005-7.asc - -To install the update, run this command as root: - -apt-get update && apt-get install centericq - -For further information about the Debian testing security team, please refer -to http://secure-testing.debian.net/ Deleted: data/DTSA/DTSA-3-1 ==================================================================--- data/DTSA/DTSA-3-1 2005-09-08 13:47:29 UTC (rev 1851) +++ data/DTSA/DTSA-3-1 2005-09-08 13:49:59 UTC (rev 1852) @@ -1,76 +0,0 @@ ------------------------------------------------------------------------------- -Debian Testing Security Advisory DTSA-3-1 http://secure-testing.debian.net -secure-testing-team@lists.alioth.debian.org Joey Hess -August 28th, 2005 ------------------------------------------------------------------------------- - -Package : clamav -Vulnerability : denial of service and privilege escalation -Problem-Scope : remote -Debian-specific: No -CVE ID : CAN-2005-2070 CAN-2005-1923 CAN-2005-2056 CAN-2005-1922 CAN-2005-2450 - -Multiple security holes were found in clamav: - -CAN-2005-2070 - -The ClamAV Mail fILTER (clamav-milter), when used in Sendmail using long -timeouts, allows remote attackers to cause a denial of service by keeping -an open connection, which prevents ClamAV from reloading. - -CAN-2005-1923 - -The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) allows remote -attackers to cause a denial of service (CPU consumption by infinite loop) -via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, -which causes a zero-length read. - -CAN-2005-2056 - -The Quantum archive decompressor in Clam AntiVirus (ClamAV) allows remote -attackers to cause a denial of service (application crash) via a crafted -Quantum archive. - -CAN-2005-1922 - -The MS-Expand file handling in Clam AntiVirus (ClamAV) allows remote -attackers to cause a denial of service (file descriptor and memory -consumption) via a crafted file that causes repeated errors in the -cli_msexpand function. - -CAN-2005-2450 - -Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file -format processors in libclamav for Clam AntiVirus (ClamAV) allow remote -attackers to gain privileges via a crafted e-mail message. - -For the testing distribution (etch) this is fixed in version -0.86.2-4etch1 - -For the unstable distribution (sid) this is fixed in version -0.86.2-1 - -This upgrade is recommended if you use clamav. - -The Debian testing security team does not track security issues for then -stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, -the Debian security team will make an announcement once a fix is ready. - -Upgrade Instructions --------------------- - -To use the Debian testing security archive, add the following lines to -your /etc/apt/sources.list: - -deb http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free -deb-src http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free - -The archive signing key can be downloaded from -http://secure-testing.debian.net/ziyi-2005-7.asc - -To install the update, run this command as root: - -apt-get update && apt-get install upgrade - -For further information about the Debian testing security team, please refer -to http://secure-testing.debian.net/ Deleted: data/DTSA/DTSA-4-1 ==================================================================--- data/DTSA/DTSA-4-1 2005-09-08 13:47:29 UTC (rev 1851) +++ data/DTSA/DTSA-4-1 2005-09-08 13:49:59 UTC (rev 1852) @@ -1,72 +0,0 @@ ------------------------------------------------------------------------------- -Debian Testing Security Advisory DTSA-4-1 http://secure-testing.debian.net -secure-testing-team@lists.alioth.debian.org Joey Hess -August 28th, 2005 ------------------------------------------------------------------------------- - -Package : ekg -Vulnerability : multiple vulnerabilities -Problem-Scope : local and remote -Debian-specific: No -CVE ID : CAN-2005-1916 CAN-2005-1851 CAN-2005-1850 CAN-2005-1852 CAN-2005-2448 - -Multiple vulnerabilities were discovered in ekg: - -CAN-2005-1916 - -Eric Romang discovered insecure temporary file creation and arbitrary -command execution in a contributed script that can be exploited by a local -attacker. - -CAN-2005-1851 - -Marcin Owsiany and Wojtek Kaniewski discovered potential shell command -injection in a contributed script. - -CAN-2005-1850 - -Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file -creation in contributed scripts. - -CAN-2005-1852 - -Multiple integer overflows in libgadu, as used in ekg, allows remote -attackers to cause a denial of service (crash) and possibly execute -arbitrary code via an incoming message. - -CAN-2005-2448 - -Multiple endianness errors in libgadu in ekg allow remote attackers to -cause a denial of service (invalid behaviour in applications) on -big-endian systems. - -For the testing distribution (etch) this is fixed in version -1:1.5+20050808+1.6rc3-0etch1 - -For the unstable distribution (sid) this is fixed in version -1:1.5+20050808+1.6rc3-1 - -This upgrade is recommended if you use ekg. - -The Debian testing security team does not track security issues for then -stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, -the Debian security team will make an announcement once a fix is ready. - -Upgrade Instructions --------------------- - -To use the Debian testing security archive, add the following lines to -your /etc/apt/sources.list: - -deb http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free -deb-src http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free - -The archive signing key can be downloaded from -http://secure-testing.debian.net/ziyi-2005-7.asc - -To install the update, run this command as root: - -apt-get update && apt-get install libgadu3 ekg - -For further information about the Debian testing security team, please refer -to http://secure-testing.debian.net/ Deleted: data/DTSA/DTSA-5-1 ==================================================================--- data/DTSA/DTSA-5-1 2005-09-08 13:47:29 UTC (rev 1851) +++ data/DTSA/DTSA-5-1 2005-09-08 13:49:59 UTC (rev 1852) @@ -1,63 +0,0 @@ ------------------------------------------------------------------------------- -Debian Testing Security Advisory DTSA-5-1 http://secure-testing.debian.net -secure-testing-team@lists.alioth.debian.org Joey Hess -August 28th, 2005 ------------------------------------------------------------------------------- - -Package : gaim -Vulnerability : multiple remote vulnerabilities -Problem-Scope : remote -Debian-specific: No -CVE ID : CAN-2005-2102 CAN-2005-2370 CAN-2005-2103 - -Multiple security holes were found in gaim: - -CAN-2005-2102 - -The AIM/ICQ module in Gaim allows remote attackers to cause a denial of -service (application crash) via a filename that contains invalid UTF-8 -characters. - -CAN-2005-2370 - -Multiple memory alignment errors in libgadu, as used in gaim and other -packages, allow remote attackers to cause a denial of service (bus error) -on certain architectures such as SPARC via an incoming message. - -CAN-2005-2103 - -Buffer overflow in the AIM and ICQ module in Gaim allows remote attackers -to cause a denial of service (application crash) and possibly execute -arbitrary code via an away message with a large number of AIM substitution -strings, such as %t or %n. - -For the testing distribution (etch) this is fixed in version -1:1.4.0-5etch2 - -For the unstable distribution (sid) this is fixed in version -1:1.4.0-5 - -This upgrade is recommended if you use gaim. - -The Debian testing security team does not track security issues for then -stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, -the Debian security team will make an announcement once a fix is ready. - -Upgrade Instructions --------------------- - -To use the Debian testing security archive, add the following lines to -your /etc/apt/sources.list: - -deb http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free -deb-src http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free - -The archive signing key can be downloaded from -http://secure-testing.debian.net/ziyi-2005-7.asc - -To install the update, run this command as root: - -apt-get update && apt-get install gaim - -For further information about the Debian testing security team, please refer -to http://secure-testing.debian.net/ Deleted: data/DTSA/DTSA-6-1 ==================================================================--- data/DTSA/DTSA-6-1 2005-09-08 13:47:29 UTC (rev 1851) +++ data/DTSA/DTSA-6-1 2005-09-08 13:49:59 UTC (rev 1852) @@ -1,61 +0,0 @@ ------------------------------------------------------------------------------- -Debian Testing Security Advisory DTSA-6-1 http://secure-testing.debian.net -secure-testing-team@lists.alioth.debian.org Neil McGovern -August 28th, 2005 ------------------------------------------------------------------------------- - -Package : cgiwrap -Vulnerability : multiple vulnerabilities -Problem-Scope : remote -Debian-specific: No -CVE ID : - -Javier Fernández-Sanguino Peña discovered various vulnerabilities in cgiwrap: - -Minimum UID does not include all system users - -The CGIwrap program will not seteuid itself to uids below the ''minimum'' uid -to prevent scripts from being misused to compromise the system. However, -the Debian package sets the minimum uid to 100 when it should be 1000. - -CGIs can be used to disclose system information - -The cgiwrap (and php-cgiwrap) package installs some debugging CGIs -(actually symbolink links, which link to cgiwrap and are called ''cgiwrap'' -and ''nph-cgiwrap'' or link to php-cgiwrap). These CGIs should not be -installed in production environments as they disclose internal and -potentially sensible information. - -For the testing distribution (etch) this is fixed in version -3.9-3.0etch1 - -For the unstable distribution (sid) this is fixed in version -3.9-3.1 - -This upgrade is recommended if you use cgiwrap. - -The Debian testing security team does not track security issues for then -stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, -the Debian security team will make an announcement once a fix is ready. - -Upgrade Instructions --------------------- - -To use the Debian testing security archive, add the following lines to -your /etc/apt/sources.list: - -deb http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free -deb-src http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free - -The archive signing key can be downloaded from -http://secure-testing.debian.net/ziyi-2005-7.asc - -To install the update, run this command as root: -If you use cgiwrap: - apt-get update && apt-get install cgiwrap -If you use php-cgiwrap: - apt-get update && apt-get install php-cgiwrap - - -For further information about the Debian testing security team, please refer -to http://secure-testing.debian.net/ Deleted: data/DTSA/DTSA-7-1 ==================================================================--- data/DTSA/DTSA-7-1 2005-09-08 13:47:29 UTC (rev 1851) +++ data/DTSA/DTSA-7-1 2005-09-08 13:49:59 UTC (rev 1852) @@ -1,50 +0,0 @@ ------------------------------------------------------------------------------- -Debian Testing Security Advisory DTSA-7-1 http://secure-testing.debian.net -secure-testing-team@lists.alioth.debian.org Joey Hess -August 28th, 2005 ------------------------------------------------------------------------------- - -Package : mozilla -Vulnerability : frame injection spoofing -Problem-Scope : remote -Debian-specific: No -CVE ID : CAN-2004-0718 CAN-2005-1937 - -A vulnerability has been discovered in Mozilla that allows remote attackers -to inject arbitrary Javascript from one page into the frameset of another -site. Thunderbird is not affected by this and Galeon will be automatically -fixed as it uses Mozilla components. Mozilla Firefox is vulnerable and will -be covered by a separate advisory. - -Note that this is the same security fix put into stable in DSA-777. - -For the testing distribution (etch) this is fixed in version -2:1.7.8-1sarge1 - -For the unstable distribution (sid) this is fixed in version -2:1.7.10-1 - -This upgrade is recommended if you use mozilla. - -The Debian testing security team does not track security issues for then -stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, -the Debian security team will make an announcement once a fix is ready. - -Upgrade Instructions --------------------- - -To use the Debian testing security archive, add the following lines to -your /etc/apt/sources.list: - -deb http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free -deb-src http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free - -The archive signing key can be downloaded from -http://secure-testing.debian.net/ziyi-2005-7.asc - -To install the update, run this command as root: - -apt-get update && apt-get install mozilla - -For further information about the Debian testing security team, please refer -to http://secure-testing.debian.net/ Deleted: data/DTSA/DTSA-8-1 ==================================================================--- data/DTSA/DTSA-8-1 2005-09-08 13:47:29 UTC (rev 1851) +++ data/DTSA/DTSA-8-1 2005-09-08 13:49:59 UTC (rev 1852) @@ -1,117 +0,0 @@ ------------------------------------------------------------------------------- -Debian Testing Security Advisory DTSA-8-1 http://secure-testing.debian.net -secure-testing-team@lists.alioth.debian.org Joey Hess -September 1st, 2005 ------------------------------------------------------------------------------- - -Package : mozilla-firefox -Vulnerability : several vulnerabilities (update) -Problem-Scope : remote -Debian-specific: No -CVE ID : CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 - -We experienced that the update for Mozilla Firefox from DTSA-8-1 -unfortunately was a regression in several cases. Since the usual -praxis of backporting apparently does not work, this update is -basically version 1.0.6 with the version number rolled back, and hence -still named 1.0.4-*. For completeness below is the original advisory -text: - -Several problems were discovered in Mozilla Firefox: - -CAN-2004-0718 CAN-2005-1937 - -A vulnerability has been discovered in Mozilla Firefox that allows remote -attackers to inject arbitrary Javascript from one page into the frameset of -another site. - -CAN-2005-2260 - -The browser user interface does not properly distinguish between -user-generated events and untrusted synthetic events, which makes it easier -for remote attackers to perform dangerous actions that normally could only be -performed manually by the user. - -CAN-2005-2261 - -XML scripts ran even when Javascript disabled. - -CAN-2005-2262 - -The user can be tricked to executing arbitrary JavaScript code by using a -JavaScript URL as wallpaper. - -CAN-2005-2263 - -It is possible for a remote attacker to execute a callback function in the -context of another domain (i.e. frame). - -CAN-2005-2264 - -By opening a malicious link in the sidebar it is possible for remote -attackers to steal sensitive information. - -CAN-2005-2265 - -Missing input sanitising of InstallVersion.compareTo() can cause the -application to crash. - -CAN-2005-2266 - -Remote attackers could steal sensitive information such as cookies and -passwords from web sites by accessing data in alien frames. - -CAN-2005-2267 - -By using standalone applications such as Flash and QuickTime to open a -javascript: URL, it is possible for a remote attacker to steal sensitive -information and possibly execute arbitrary code. - -CAN-2005-2268 - -It is possible for a Javascript dialog box to spoof a dialog box from a -trusted site and facilitates phishing attacks. - -CAN-2005-2269 - -Remote attackers could modify certain tag properties of DOM nodes that could -lead to the execution of arbitrary script or code. - -CAN-2005-2270 - -The Mozilla browser family does not properly clone base objects, which allows -remote attackers to execute arbitrary code. - -Note that this is the same set of security fixes put into stable in -DSA-775 and DSA-779, and updated in DSA-779-2. - -For the testing distribution (etch) this is fixed in version -1.0.4-2sarge3 - -For the unstable distribution (sid) this is fixed in version -1.0.6-3 - -This upgrade is recommended if you use mozilla-firefox. - -The Debian testing security team does not track security issues for then -stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, -the Debian security team will make an announcement once a fix is ready. - -Upgrade Instructions --------------------- - -To use the Debian testing security archive, add the following lines to -your /etc/apt/sources.list: - -deb http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free -deb-src http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free - -The archive signing key can be downloaded from -http://secure-testing.debian.net/ziyi-2005-7.asc - -To install the update, run this command as root: - -apt-get update && apt-get install mozilla-firefoxFIXME, I''m broken - -For further information about the Debian testing security team, please refer -to http://secure-testing.debian.net/ Deleted: data/DTSA/DTSA-8-2 ==================================================================--- data/DTSA/DTSA-8-2 2005-09-08 13:47:29 UTC (rev 1851) +++ data/DTSA/DTSA-8-2 2005-09-08 13:49:59 UTC (rev 1852) @@ -1,117 +0,0 @@ ------------------------------------------------------------------------------- -Debian Testing Security Advisory DTSA-8-1 http://secure-testing.debian.net -secure-testing-team@lists.alioth.debian.org Joey Hess -September 1st, 2005 ------------------------------------------------------------------------------- - -Package : mozilla-firefox -Vulnerability : several vulnerabilities (update) -Problem-Scope : remote -Debian-specific: No -CVE ID : CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 - -We experienced that the update for Mozilla Firefox from DTSA-8-1 -unfortunately was a regression in several cases. Since the usual -praxis of backporting apparently does not work, this update is -basically version 1.0.6 with the version number rolled back, and hence -still named 1.0.4-*. For completeness below is the original advisory -text: - -Several problems were discovered in Mozilla Firefox: - -CAN-2004-0718 CAN-2005-1937 - -A vulnerability has been discovered in Mozilla Firefox that allows remote -attackers to inject arbitrary Javascript from one page into the frameset of -another site. - -CAN-2005-2260 - -The browser user interface does not properly distinguish between -user-generated events and untrusted synthetic events, which makes it easier -for remote attackers to perform dangerous actions that normally could only be -performed manually by the user. - -CAN-2005-2261 - -XML scripts ran even when Javascript disabled. - -CAN-2005-2262 - -The user can be tricked to executing arbitrary JavaScript code by using a -JavaScript URL as wallpaper. - -CAN-2005-2263 - -It is possible for a remote attacker to execute a callback function in the -context of another domain (i.e. frame). - -CAN-2005-2264 - -By opening a malicious link in the sidebar it is possible for remote -attackers to steal sensitive information. - -CAN-2005-2265 - -Missing input sanitising of InstallVersion.compareTo() can cause the -application to crash. - -CAN-2005-2266 - -Remote attackers could steal sensitive information such as cookies and -passwords from web sites by accessing data in alien frames. - -CAN-2005-2267 - -By using standalone applications such as Flash and QuickTime to open a -javascript: URL, it is possible for a remote attacker to steal sensitive -information and possibly execute arbitrary code. - -CAN-2005-2268 - -It is possible for a Javascript dialog box to spoof a dialog box from a -trusted site and facilitates phishing attacks. - -CAN-2005-2269 - -Remote attackers could modify certain tag properties of DOM nodes that could -lead to the execution of arbitrary script or code. - -CAN-2005-2270 - -The Mozilla browser family does not properly clone base objects, which allows -remote attackers to execute arbitrary code. - -Note that this is the same set of security fixes put into stable in -DSA-775 and DSA-779, and updated in DSA-779-2. - -For the testing distribution (etch) this is fixed in version -1.0.4-2sarge3 - -For the unstable distribution (sid) this is fixed in version -1.0.6-3 - -This upgrade is recommended if you use mozilla-firefox. - -The Debian testing security team does not track security issues for then -stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, -the Debian security team will make an announcement once a fix is ready. - -Upgrade Instructions --------------------- - -To use the Debian testing security archive, add the following lines to -your /etc/apt/sources.list: - -deb http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free -deb-src http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free - -The archive signing key can be downloaded from -http://secure-testing.debian.net/ziyi-2005-7.asc - -To install the update, run this command as root: - -apt-get update && apt-get install mozilla-firefox - -For further information about the Debian testing security team, please refer -to http://secure-testing.debian.net/ Deleted: data/DTSA/DTSA-9-1 ==================================================================--- data/DTSA/DTSA-9-1 2005-09-08 13:47:29 UTC (rev 1851) +++ data/DTSA/DTSA-9-1 2005-09-08 13:49:59 UTC (rev 1852) @@ -1,46 +0,0 @@ ------------------------------------------------------------------------------- -Debian Testing Security Advisory DTSA-9-1 http://secure-testing.debian.net -secure-testing-team@lists.alioth.debian.org Joey Hess -August 31st, 2005 ------------------------------------------------------------------------------- - -Package : bluez-utils -Vulnerability : bad device name escaping -Problem-Scope : remote -Debian-specific: No -CVE ID : CAN-2005-2547 - -A bug in bluez-utils allows remote attackers to execute arbitrary commands -via shell metacharacters in the Bluetooth device name when invoking the PIN -helper. - -For the testing distribution (etch) this is fixed in version -2.19-0.1etch1 - -For the unstable distribution (sid) this is fixed in version -2.19-1 - -This upgrade is recommended if you use bluez-utils. - -The Debian testing security team does not track security issues for then -stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, -the Debian security team will make an announcement once a fix is ready. - -Upgrade Instructions --------------------- - -To use the Debian testing security archive, add the following lines to -your /etc/apt/sources.list: - -deb http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free -deb-src http://secure-testing.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free - -The archive signing key can be downloaded from -http://secure-testing.debian.net/ziyi-2005-7.asc - -To install the update, run this command as root: - -apt-get update && apt-get install bluez-utils - -For further information about the Debian testing security team, please refer -to http://secure-testing.debian.net/