Author: joeyh
Date: 2005-09-07 17:08:19 +0000 (Wed, 07 Sep 2005)
New Revision: 1842
Modified:
data/DTSA/advs/0-hotzenplotz.adv
data/DTSA/advs/1-kismet.adv
data/DTSA/advs/10-pcre.adv
data/DTSA/advs/11-maildrop.adv
data/DTSA/advs/12-vim.adv
data/DTSA/advs/2-centericq.adv
data/DTSA/advs/3-clamav.adv
data/DTSA/advs/4-ekg.adv
data/DTSA/advs/5-gaim.adv
data/DTSA/advs/6-cgiwrap.adv
data/DTSA/advs/7-mozilla.adv
data/DTSA/advs/8-mozilla-firefox.adv
data/DTSA/advs/9-bluez-utils.adv
data/DTSA/dtsa
Log:
add upgrade: field in advisory files, to get rid of the need to manually
edit that FIXME every time
Modified: data/DTSA/advs/0-hotzenplotz.adv
==================================================================---
data/DTSA/advs/0-hotzenplotz.adv 2005-09-07 16:56:57 UTC (rev 1841)
+++ data/DTSA/advs/0-hotzenplotz.adv 2005-09-07 17:08:19 UTC (rev 1842)
@@ -9,6 +9,7 @@
vendor-advisory: http://www.hotzenplotz.org/sec/buffer-overflow.html
testing-fix: 3.14-1ts1
sid-fix: 3.14-2
+upgrade: apt-get install hotzenplotz
User authentication in hotzenplotz does not verify the user name properly.
A buffer overflow can be exploited to execute arbitrary code with elevated
Modified: data/DTSA/advs/1-kismet.adv
==================================================================---
data/DTSA/advs/1-kismet.adv 2005-09-07 16:56:57 UTC (rev 1841)
+++ data/DTSA/advs/1-kismet.adv 2005-09-07 17:08:19 UTC (rev 1842)
@@ -8,6 +8,7 @@
cve: CAN-2005-2626 CAN-2005-2627
testing-fix: 2005.08.R1-0.1etch1
sid-fix: 2005.08.R1-1
+upgrade: apt-get install kismet
Multiple security holes have been discovered in kismet:
Modified: data/DTSA/advs/10-pcre.adv
==================================================================---
data/DTSA/advs/10-pcre.adv 2005-09-07 16:56:57 UTC (rev 1841)
+++ data/DTSA/advs/10-pcre.adv 2005-09-07 17:08:19 UTC (rev 1842)
@@ -8,6 +8,7 @@
cve: CAN-2005-2491
testing-fix: 6.3-0.1etch1
sid-fix: 6.3-1
+upgrade: apt-get install libpcre3
An integer overflow in pcre_compile.c in Perl Compatible Regular Expressions
(PCRE) allows attackers to execute arbitrary code via quantifier values in
Modified: data/DTSA/advs/11-maildrop.adv
==================================================================---
data/DTSA/advs/11-maildrop.adv 2005-09-07 16:56:57 UTC (rev 1841)
+++ data/DTSA/advs/11-maildrop.adv 2005-09-07 17:08:19 UTC (rev 1842)
@@ -8,6 +8,7 @@
cve: CAN-2005-2655
testing-fix: 1.5.3-1.1etch1
sid-fix: 1.5.3-2
+upgrade: apt-get install maildrop
The lockmail binary shipped with maildrop allows for an attacker to
obtain an effective gid as group "mail". Debian ships the binary
with its
Modified: data/DTSA/advs/12-vim.adv
==================================================================---
data/DTSA/advs/12-vim.adv 2005-09-07 16:56:57 UTC (rev 1841)
+++ data/DTSA/advs/12-vim.adv 2005-09-07 17:08:19 UTC (rev 1842)
@@ -8,6 +8,7 @@
cve: CAN-2005-2368
testing-fix: 1:6.3-085+0.0etch1
sid-fix: 1:6.3-085+1
+upgrade: apt-get install vim
vim modelines allow files to execute arbitrary commands via shell
metacharacters in the glob or expand commands of a foldexpr expression
Modified: data/DTSA/advs/2-centericq.adv
==================================================================---
data/DTSA/advs/2-centericq.adv 2005-09-07 16:56:57 UTC (rev 1841)
+++ data/DTSA/advs/2-centericq.adv 2005-09-07 17:08:19 UTC (rev 1842)
@@ -8,6 +8,7 @@
cve: CAN-2005-2448 CAN-2005-2370 CAN-2005-2369 CAN-2005-1914
testing-fix: 4.20.0-8etch1
sid-fix: 4.20.0-9
+upgrade: apt-get install centericq
centericq in testing is vulnerable to multiple security holes:
Modified: data/DTSA/advs/3-clamav.adv
==================================================================---
data/DTSA/advs/3-clamav.adv 2005-09-07 16:56:57 UTC (rev 1841)
+++ data/DTSA/advs/3-clamav.adv 2005-09-07 17:08:19 UTC (rev 1842)
@@ -8,6 +8,7 @@
cve: CAN-2005-2070 CAN-2005-1923 CAN-2005-2056 CAN-2005-1922 CAN-2005-2450
testing-fix: 0.86.2-4etch1
sid-fix: 0.86.2-1
+upgrade: apt-get upgrade
Multiple security holes were found in clamav:
Modified: data/DTSA/advs/4-ekg.adv
==================================================================---
data/DTSA/advs/4-ekg.adv 2005-09-07 16:56:57 UTC (rev 1841)
+++ data/DTSA/advs/4-ekg.adv 2005-09-07 17:08:19 UTC (rev 1842)
@@ -8,6 +8,7 @@
cve: CAN-2005-1916 CAN-2005-1851 CAN-2005-1850 CAN-2005-1852 CAN-2005-2448
testing-fix: 1:1.5+20050808+1.6rc3-0etch1
sid-fix: 1:1.5+20050808+1.6rc3-1
+upgrade: apt-get install libgadu3 ekg
Multiple vulnerabilities were discovered in ekg:
Modified: data/DTSA/advs/5-gaim.adv
==================================================================---
data/DTSA/advs/5-gaim.adv 2005-09-07 16:56:57 UTC (rev 1841)
+++ data/DTSA/advs/5-gaim.adv 2005-09-07 17:08:19 UTC (rev 1842)
@@ -8,6 +8,7 @@
cve: CAN-2005-2102 CAN-2005-2370 CAN-2005-2103
testing-fix: 1:1.4.0-5etch2
sid-fix: 1:1.4.0-5
+upgrade: apt-get install gaim
Multiple security holes were found in gaim:
Modified: data/DTSA/advs/6-cgiwrap.adv
==================================================================---
data/DTSA/advs/6-cgiwrap.adv 2005-09-07 16:56:57 UTC (rev 1841)
+++ data/DTSA/advs/6-cgiwrap.adv 2005-09-07 17:08:19 UTC (rev 1842)
@@ -8,6 +8,7 @@
cve:
testing-fix: 3.9-3.0etch1
sid-fix: 3.9-3.1
+upgrade: apt-get upgrade
Javier Fernández-Sanguino Peña discovered various vulnerabilities in cgiwrap:
Modified: data/DTSA/advs/7-mozilla.adv
==================================================================---
data/DTSA/advs/7-mozilla.adv 2005-09-07 16:56:57 UTC (rev 1841)
+++ data/DTSA/advs/7-mozilla.adv 2005-09-07 17:08:19 UTC (rev 1842)
@@ -8,6 +8,7 @@
cve: CAN-2004-0718 CAN-2005-1937
testing-fix: 2:1.7.8-1sarge1
sid-fix: 2:1.7.10-1
+upgrade: apt-get install mozilla
A vulnerability has been discovered in Mozilla that allows remote attackers
to inject arbitrary Javascript from one page into the frameset of another
Modified: data/DTSA/advs/8-mozilla-firefox.adv
==================================================================---
data/DTSA/advs/8-mozilla-firefox.adv 2005-09-07 16:56:57 UTC (rev 1841)
+++ data/DTSA/advs/8-mozilla-firefox.adv 2005-09-07 17:08:19 UTC (rev 1842)
@@ -8,6 +8,7 @@
cve: CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2262
CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267
CAN-2005-2268 CAN-2005-2269 CAN-2005-2270
testing-fix: 1.0.4-2sarge3
sid-fix: 1.0.6-3
+upgrade: apt-get install mozilla-firefox
We experienced that the update for Mozilla Firefox from DTSA-8-1
unfortunately was a regression in several cases. Since the usual
Modified: data/DTSA/advs/9-bluez-utils.adv
==================================================================---
data/DTSA/advs/9-bluez-utils.adv 2005-09-07 16:56:57 UTC (rev 1841)
+++ data/DTSA/advs/9-bluez-utils.adv 2005-09-07 17:08:19 UTC (rev 1842)
@@ -8,6 +8,7 @@
cve: CAN-2005-2547
testing-fix: 2.19-0.1etch1
sid-fix: 2.19-1
+upgrade: apt-get install bluez-utils
A bug in bluez-utils allows remote attackers to execute arbitrary commands
via shell metacharacters in the Bluetooth device name when invoking the PIN
Modified: data/DTSA/dtsa
==================================================================---
data/DTSA/dtsa 2005-09-07 16:56:57 UTC (rev 1841)
+++ data/DTSA/dtsa 2005-09-07 17:08:19 UTC (rev 1842)
@@ -36,6 +36,7 @@
descr = []
author = ""
scope = ""
+ upgrade = "apt-get upgrade"
debian_specific = False
dtsa_id = "DTSA-" + id + "-" + str(sid)
@@ -65,6 +66,8 @@
testing_fix = i[12:].strip()
elif i.startswith("sid-fix:"):
sid_fix = i[8:].strip()
+ elif i.startswith("upgrade:"):
+ upgrade = i[8:].strip()
elif d:
descr.append(i.strip())
elif i == "\n" and d == False:
@@ -73,11 +76,11 @@
if len(cve) == 0:
print "No CVE assignments seem to have been made for this issue"
- export_html(src, date, vuln_type, cve, testing_fix, sid_fix, descr,
vendor_advisory, dtsa_id, 1, author, scope, debian_specific)
+ export_html(src, date, vuln_type, cve, testing_fix, sid_fix, descr,
vendor_advisory, dtsa_id, 1, author, scope, debian_specific, upgrade)
print "A html representation has been generated as",dtsa_id +
".html"
- export_ascii(src, date, vuln_type, cve, testing_fix, sid_fix, descr,
vendor_advisory, dtsa_id, 1, author, scope, debian_specific)
+ export_ascii(src, date, vuln_type, cve, testing_fix, sid_fix, descr,
vendor_advisory, dtsa_id, 1, author, scope, debian_specific, upgrade)
print "A textual representation has been generated as", dtsa_id
print "You can publish it with the sndadvisory script"
@@ -103,7 +106,7 @@
l_f.write("\tTODO: unreleased\n")
l_f.close()
-def export_html(src, date, vuln_type, cve, testing_fix, sid_fix, descr,
vendor_advisory, id, rev, author, scope, debian_specific):
+def export_html(src, date, vuln_type, cve, testing_fix, sid_fix, descr,
vendor_advisory, id, rev, author, scope, debian_specific, upgrade):
html = open(os.getcwd() + "/" + id + ".html",
"w")
# Open, read, write and close the header
@@ -158,7 +161,7 @@
html.write("<dt>If you have the secure testing lines in your
sources.list, you can update by running this command as
root:</dt>\n")
html.write("\n")
- html.write("<dd>apt-get update && apt-get install "+
src + " FIXME, I''m broken </dd>\n")
+ html.write("<dd>apt-get update && "+ upgrade +
"</dd>\n")
html.write("<br>\n")
html.write("\n")
# FIXME, use python-crypto for inclusion of SHA-1 checksums
@@ -175,7 +178,7 @@
pass
-def export_ascii(src, date, vuln_type, cve, testing_fix, sid_fix, descr,
vendor_advisory, id, rev, author, scope, debian_specific):
+def export_ascii(src, date, vuln_type, cve, testing_fix, sid_fix, descr,
vendor_advisory, id, rev, author, scope, debian_specific, upgrade):
ascii = open(os.getcwd() + "/" + id, "w")
# FIXME: use a nice external template with alignment specifiers
@@ -243,7 +246,7 @@
ascii.write("To install the update, run this command as root:\n")
ascii.write("\n")
- ascii.write("apt-get update && apt-get install "+ src +
"FIXME, I''m broken \n")
+ ascii.write("apt-get update && "+ upgrade + "\n")
ascii.write("\n")
ascii.write("For further information about the Debian testing security
team, please refer\n")