Author: joeyh
Date: 2005-07-01 02:58:11 +0000 (Fri, 01 Jul 2005)
New Revision: 1315
Modified:
data/CAN/list
data/DSA/list
Log:
dsas
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-06-30 21:14:14 UTC (rev 1314)
+++ data/CAN/list 2005-07-01 02:58:11 UTC (rev 1315)
@@ -3398,7 +3398,7 @@
CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly
handle ...)
- tcpdump 3.9.0.cvs.20050614-1 (medium)
CAN-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote
attackers to ...)
- - spamassassin (unfixed; bug #314447; medium)
+ - spamassassin 3.0.4-1 (bug #314447; medium)
CAN-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to
create ...)
- kernel-source-2.6.8 (unfixed; medium)
CAN-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the
wrong ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-06-30 21:14:14 UTC (rev 1314)
+++ data/DSA/list 2005-07-01 02:58:11 UTC (rev 1315)
@@ -1,78 +1,86 @@
+[01 Jul 2005] DSA-736-1 spamassassin - mail header parsing error
+ {CAN-2005-1266}
+ - spamassassin 3.0.4-1 (medium)
+ NOTE: fixed in testing at time of DSA
+[01 Jul 2005] DSA-735-1 sudo - pathname validation race
+ {CAN-2005-1993}
+ - sudo 1.6.8p9-1 (medium)
+ NOTE: not fixed in testing at time of DSA
[30 Jun 2005] DSA-733-1 crip - insecure temporary files
{CAN-2005-0393}
- crip 3.5-1sarge2 (low)
- NOTE: not fixed in testing in time of DSA (reserved)
+ NOTE: not fixed in testing at time of DSA (reserved)
[03 Jun 2005] DSA-732-1 mailutils - several
{CAN-2005-1520 CAN-2005-1521 CAN-2005-1522 CAN-2005-1523}
- mailutils 0.6.1-4
- NOTE: fixed in testing in time of DSA
+ NOTE: fixed in testing at time of DSA
[02 Jun 2005] DSA-731-1 krb4 - buffer overflows
{CAN-2005-0468 CAN-2005-0468}
- krb4 1.2.2-11.2
- NOTE: fixed in testing in time of DSA
+ NOTE: fixed in testing at time of DSA
[27 May 2005] DSA-730-1 bzip2 - race condition
{CAN-2005-0953}
- bzip2 1.0.2-6
- NOTE: fixed in testing in time of DSA
+ NOTE: fixed in testing at time of DSA
[26 May 2005] DSA-729-1 php4 - missing input sanitising
{CAN-2005-0525}
- php4 4.3.10-10
- NOTE: fixed in testing in time of DSA
+ NOTE: fixed in testing at time of DSA
[25 May 2005] DSA-728-1 qpopper - missing privilege release
{CAN-2005-1151 CAN-2005-1152}
- qpopper 4.0.5-4sarge1
- NOTE: fixed in testing in time of DSA by security team
+ NOTE: fixed in testing at time of DSA by security team
[20 May 2005] DSA-727-1 libconvert-uulib-perl - buffer overflow
{CAN-2005-1349}
- libconvert-uulib-perl 1.0.5.1-1
- NOTE: fixed in testing in time of DSA
+ NOTE: fixed in testing at time of DSA
[20 May 2005] DSA-726-1 oops - format string vulnerability
{CAN-2005-1121}
- oops (unfixed; bug #307360)
- NOTE: not in testing in time of DSA
+ NOTE: not in testing at time of DSA
[19 May 2005] DSA-725-1 ppxp - missing privilege release
{CAN-2005-0392}
- ppxp 0.2001080415-11
- NOTE: not fixed in testing in time of DSA
+ NOTE: not fixed in testing at time of DSA
[18 May 2005] DSA-724-1 phpsysinfo - design flaw
{CAN-2005-0870}
- phpsysinfo 2.3-3
- NOTE: fixed in testing in time of DSA
+ NOTE: fixed in testing at time of DSA
[09 May 2005] DSA-723-1 xfree86 - buffer overflow
{CAN-2005-0605}
- xfree86 4.3.0.dfsg.1-13
- NOTE: not fixed in testing in time of DSA
+ NOTE: not fixed in testing at time of DSA
[09 May 2005] DSA-722-1 smail - buffer overflow
{CAN-2005-0892}
NOTE: Package not in testing at time of DSA
[06 May 2005] DSA-721-1 squid - design flaw
{CAN-2005-1345}
- squid 2.5.9-7
- NOTE: not fixed in testing in time of DSA
+ NOTE: not fixed in testing at time of DSA
[03 May 2005] DSA-720-1 smartlist - wrong input processing
{CAN-2005-0157}
- smartlist 3.15-18
- NOTE: fixed in testing in time of DSA
+ NOTE: fixed in testing at time of DSA
[28 Apr 2005] DSA-719-1 prozilla - format string problems
{CAN-2005-0523}
- prozilla 1:1.3.7.4-1
- NOTE: fixed in testing in time of DSA
+ NOTE: fixed in testing at time of DSA
[28 Apr 2005] DSA-718-1 ethereal - buffer overflow
{CAN-2005-0739}
- ethereal 0.10.10-1
- NOTE: fixed in testing in time of DSA
+ NOTE: fixed in testing at time of DSA
[27 Apr 2005] DSA-717-1 lsh-utils - buffer overflow, typo
{CAN-2003-0826 CAN-2005-0814}
- lsh-utils 2.0.1-2
- NOTE: fixed in testing in time of DSA
+ NOTE: fixed in testing at time of DSA
[27 Apr 2005] DSA-716-1 gaim - denial of service
{CAN-2005-0472}
- gaim 1.1.3-1
- NOTE: fixed in testing in time of DSA
+ NOTE: fixed in testing at time of DSA
[27 Apr 2005] DSA-715-1 cvs - several
{CAN-2004-1342 CAN-2004-1343}
- cvs 1.12.9-12
- NOTE: not fixed in testing in time of DSA
+ NOTE: not fixed in testing at time of DSA
[26 Apr 2005] DSA-714-1 kdelibs - several
{CAN-2005-1046}
- kdelibs 4:3.3.2-5
@@ -89,7 +97,7 @@
[19 Apr 2005] DSA-711-1 info2www - missing input sanitising
{CAN-2004-1341}
- info2www 1.2.2.9-23
- NOTE: fixed in testing in time of DSA
+ NOTE: fixed in testing at time of DSA
[18 Apr 2005] DSA-710-1 gtkhtml - null pointer dereference
{CAN-2003-0541}
- gtkhtml 1.0.4-6.2
@@ -108,7 +116,7 @@
[13 Apr 2005] DSA-706-1 axel - buffer overflow
{CAN-2005-0390}
- axel 1.0b-1
- NOTE: fixed in testing in time of DSA
+ NOTE: fixed in testing at time of DSA
[04 Apr 2005] DSA-705-1 wu-ftpd - missing input sanitising
{CAN-2005-0256 CAN-2003-0854}
- wu-ftpd 2.6.2-19