Author: joeyh Date: 2005-09-07 17:08:19 +0000 (Wed, 07 Sep 2005) New Revision: 1842 Modified: data/DTSA/advs/0-hotzenplotz.adv data/DTSA/advs/1-kismet.adv data/DTSA/advs/10-pcre.adv data/DTSA/advs/11-maildrop.adv data/DTSA/advs/12-vim.adv data/DTSA/advs/2-centericq.adv data/DTSA/advs/3-clamav.adv data/DTSA/advs/4-ekg.adv data/DTSA/advs/5-gaim.adv data/DTSA/advs/6-cgiwrap.adv data/DTSA/advs/7-mozilla.adv data/DTSA/advs/8-mozilla-firefox.adv data/DTSA/advs/9-bluez-utils.adv data/DTSA/dtsa Log: add upgrade: field in advisory files, to get rid of the need to manually edit that FIXME every time Modified: data/DTSA/advs/0-hotzenplotz.adv ==================================================================--- data/DTSA/advs/0-hotzenplotz.adv 2005-09-07 16:56:57 UTC (rev 1841) +++ data/DTSA/advs/0-hotzenplotz.adv 2005-09-07 17:08:19 UTC (rev 1842) @@ -9,6 +9,7 @@ vendor-advisory: http://www.hotzenplotz.org/sec/buffer-overflow.html testing-fix: 3.14-1ts1 sid-fix: 3.14-2 +upgrade: apt-get install hotzenplotz User authentication in hotzenplotz does not verify the user name properly. A buffer overflow can be exploited to execute arbitrary code with elevated Modified: data/DTSA/advs/1-kismet.adv ==================================================================--- data/DTSA/advs/1-kismet.adv 2005-09-07 16:56:57 UTC (rev 1841) +++ data/DTSA/advs/1-kismet.adv 2005-09-07 17:08:19 UTC (rev 1842) @@ -8,6 +8,7 @@ cve: CAN-2005-2626 CAN-2005-2627 testing-fix: 2005.08.R1-0.1etch1 sid-fix: 2005.08.R1-1 +upgrade: apt-get install kismet Multiple security holes have been discovered in kismet: Modified: data/DTSA/advs/10-pcre.adv ==================================================================--- data/DTSA/advs/10-pcre.adv 2005-09-07 16:56:57 UTC (rev 1841) +++ data/DTSA/advs/10-pcre.adv 2005-09-07 17:08:19 UTC (rev 1842) @@ -8,6 +8,7 @@ cve: CAN-2005-2491 testing-fix: 6.3-0.1etch1 sid-fix: 6.3-1 +upgrade: apt-get install libpcre3 An integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) allows attackers to execute arbitrary code via quantifier values in Modified: data/DTSA/advs/11-maildrop.adv ==================================================================--- data/DTSA/advs/11-maildrop.adv 2005-09-07 16:56:57 UTC (rev 1841) +++ data/DTSA/advs/11-maildrop.adv 2005-09-07 17:08:19 UTC (rev 1842) @@ -8,6 +8,7 @@ cve: CAN-2005-2655 testing-fix: 1.5.3-1.1etch1 sid-fix: 1.5.3-2 +upgrade: apt-get install maildrop The lockmail binary shipped with maildrop allows for an attacker to obtain an effective gid as group "mail". Debian ships the binary with its Modified: data/DTSA/advs/12-vim.adv ==================================================================--- data/DTSA/advs/12-vim.adv 2005-09-07 16:56:57 UTC (rev 1841) +++ data/DTSA/advs/12-vim.adv 2005-09-07 17:08:19 UTC (rev 1842) @@ -8,6 +8,7 @@ cve: CAN-2005-2368 testing-fix: 1:6.3-085+0.0etch1 sid-fix: 1:6.3-085+1 +upgrade: apt-get install vim vim modelines allow files to execute arbitrary commands via shell metacharacters in the glob or expand commands of a foldexpr expression Modified: data/DTSA/advs/2-centericq.adv ==================================================================--- data/DTSA/advs/2-centericq.adv 2005-09-07 16:56:57 UTC (rev 1841) +++ data/DTSA/advs/2-centericq.adv 2005-09-07 17:08:19 UTC (rev 1842) @@ -8,6 +8,7 @@ cve: CAN-2005-2448 CAN-2005-2370 CAN-2005-2369 CAN-2005-1914 testing-fix: 4.20.0-8etch1 sid-fix: 4.20.0-9 +upgrade: apt-get install centericq centericq in testing is vulnerable to multiple security holes: Modified: data/DTSA/advs/3-clamav.adv ==================================================================--- data/DTSA/advs/3-clamav.adv 2005-09-07 16:56:57 UTC (rev 1841) +++ data/DTSA/advs/3-clamav.adv 2005-09-07 17:08:19 UTC (rev 1842) @@ -8,6 +8,7 @@ cve: CAN-2005-2070 CAN-2005-1923 CAN-2005-2056 CAN-2005-1922 CAN-2005-2450 testing-fix: 0.86.2-4etch1 sid-fix: 0.86.2-1 +upgrade: apt-get upgrade Multiple security holes were found in clamav: Modified: data/DTSA/advs/4-ekg.adv ==================================================================--- data/DTSA/advs/4-ekg.adv 2005-09-07 16:56:57 UTC (rev 1841) +++ data/DTSA/advs/4-ekg.adv 2005-09-07 17:08:19 UTC (rev 1842) @@ -8,6 +8,7 @@ cve: CAN-2005-1916 CAN-2005-1851 CAN-2005-1850 CAN-2005-1852 CAN-2005-2448 testing-fix: 1:1.5+20050808+1.6rc3-0etch1 sid-fix: 1:1.5+20050808+1.6rc3-1 +upgrade: apt-get install libgadu3 ekg Multiple vulnerabilities were discovered in ekg: Modified: data/DTSA/advs/5-gaim.adv ==================================================================--- data/DTSA/advs/5-gaim.adv 2005-09-07 16:56:57 UTC (rev 1841) +++ data/DTSA/advs/5-gaim.adv 2005-09-07 17:08:19 UTC (rev 1842) @@ -8,6 +8,7 @@ cve: CAN-2005-2102 CAN-2005-2370 CAN-2005-2103 testing-fix: 1:1.4.0-5etch2 sid-fix: 1:1.4.0-5 +upgrade: apt-get install gaim Multiple security holes were found in gaim: Modified: data/DTSA/advs/6-cgiwrap.adv ==================================================================--- data/DTSA/advs/6-cgiwrap.adv 2005-09-07 16:56:57 UTC (rev 1841) +++ data/DTSA/advs/6-cgiwrap.adv 2005-09-07 17:08:19 UTC (rev 1842) @@ -8,6 +8,7 @@ cve: testing-fix: 3.9-3.0etch1 sid-fix: 3.9-3.1 +upgrade: apt-get upgrade Javier Fernández-Sanguino Peña discovered various vulnerabilities in cgiwrap: Modified: data/DTSA/advs/7-mozilla.adv ==================================================================--- data/DTSA/advs/7-mozilla.adv 2005-09-07 16:56:57 UTC (rev 1841) +++ data/DTSA/advs/7-mozilla.adv 2005-09-07 17:08:19 UTC (rev 1842) @@ -8,6 +8,7 @@ cve: CAN-2004-0718 CAN-2005-1937 testing-fix: 2:1.7.8-1sarge1 sid-fix: 2:1.7.10-1 +upgrade: apt-get install mozilla A vulnerability has been discovered in Mozilla that allows remote attackers to inject arbitrary Javascript from one page into the frameset of another Modified: data/DTSA/advs/8-mozilla-firefox.adv ==================================================================--- data/DTSA/advs/8-mozilla-firefox.adv 2005-09-07 16:56:57 UTC (rev 1841) +++ data/DTSA/advs/8-mozilla-firefox.adv 2005-09-07 17:08:19 UTC (rev 1842) @@ -8,6 +8,7 @@ cve: CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 testing-fix: 1.0.4-2sarge3 sid-fix: 1.0.6-3 +upgrade: apt-get install mozilla-firefox We experienced that the update for Mozilla Firefox from DTSA-8-1 unfortunately was a regression in several cases. Since the usual Modified: data/DTSA/advs/9-bluez-utils.adv ==================================================================--- data/DTSA/advs/9-bluez-utils.adv 2005-09-07 16:56:57 UTC (rev 1841) +++ data/DTSA/advs/9-bluez-utils.adv 2005-09-07 17:08:19 UTC (rev 1842) @@ -8,6 +8,7 @@ cve: CAN-2005-2547 testing-fix: 2.19-0.1etch1 sid-fix: 2.19-1 +upgrade: apt-get install bluez-utils A bug in bluez-utils allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN Modified: data/DTSA/dtsa ==================================================================--- data/DTSA/dtsa 2005-09-07 16:56:57 UTC (rev 1841) +++ data/DTSA/dtsa 2005-09-07 17:08:19 UTC (rev 1842) @@ -36,6 +36,7 @@ descr = [] author = "" scope = "" + upgrade = "apt-get upgrade" debian_specific = False dtsa_id = "DTSA-" + id + "-" + str(sid) @@ -65,6 +66,8 @@ testing_fix = i[12:].strip() elif i.startswith("sid-fix:"): sid_fix = i[8:].strip() + elif i.startswith("upgrade:"): + upgrade = i[8:].strip() elif d: descr.append(i.strip()) elif i == "\n" and d == False: @@ -73,11 +76,11 @@ if len(cve) == 0: print "No CVE assignments seem to have been made for this issue" - export_html(src, date, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, dtsa_id, 1, author, scope, debian_specific) + export_html(src, date, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, dtsa_id, 1, author, scope, debian_specific, upgrade) print "A html representation has been generated as",dtsa_id + ".html" - export_ascii(src, date, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, dtsa_id, 1, author, scope, debian_specific) + export_ascii(src, date, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, dtsa_id, 1, author, scope, debian_specific, upgrade) print "A textual representation has been generated as", dtsa_id print "You can publish it with the sndadvisory script" @@ -103,7 +106,7 @@ l_f.write("\tTODO: unreleased\n") l_f.close() -def export_html(src, date, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, id, rev, author, scope, debian_specific): +def export_html(src, date, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, id, rev, author, scope, debian_specific, upgrade): html = open(os.getcwd() + "/" + id + ".html", "w") # Open, read, write and close the header @@ -158,7 +161,7 @@ html.write("<dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt>\n") html.write("\n") - html.write("<dd>apt-get update && apt-get install "+ src + " FIXME, I''m broken </dd>\n") + html.write("<dd>apt-get update && "+ upgrade + "</dd>\n") html.write("<br>\n") html.write("\n") # FIXME, use python-crypto for inclusion of SHA-1 checksums @@ -175,7 +178,7 @@ pass -def export_ascii(src, date, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, id, rev, author, scope, debian_specific): +def export_ascii(src, date, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, id, rev, author, scope, debian_specific, upgrade): ascii = open(os.getcwd() + "/" + id, "w") # FIXME: use a nice external template with alignment specifiers @@ -243,7 +246,7 @@ ascii.write("To install the update, run this command as root:\n") ascii.write("\n") - ascii.write("apt-get update && apt-get install "+ src + "FIXME, I''m broken \n") + ascii.write("apt-get update && "+ upgrade + "\n") ascii.write("\n") ascii.write("For further information about the Debian testing security team, please refer\n")