/[secure-testing]/data/DSA/list
ViewVC logotype

Contents of /data/DSA/list

Parent Directory Parent Directory | Revision Log Revision Log

Revision 19042 - (show annotations) (download)
Mon Apr 23 17:18:44 2012 UTC (12 months, 4 weeks ago) by jmm
File size: 361926 byte(s) 
dropbear DSA
1 [23 Apr 2012] DSA-2456-1 dropbear - use after free
2 {CVE-2012-0920}
3 [squeeze] - dropbear 0.52-5+squeeze1
4 [20 Apr 2012] DSA-2455-1 typo3-src - cross site scripting
5 {CVE-2012-2112}
6 [squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze4
7 [19 Apr 2012] DSA-2454-1 openssl - multiple
8 {CVE-2006-7250 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110}
9 [squeeze] - openssl 0.9.8o-4squeeze11
10 [19 Apr 2012] DSA-2453-2 gajim - regression
11 {CVE-2012-2093 CVE-2012-2086 CVE-2012-2085}
12 [squeeze] - gajim 0.13.4-3+squeeze3
13 [16 Apr 2012] DSA-2453-1 gajim - several
14 {CVE-2012-2093 CVE-2012-2086 CVE-2012-2085}
15 [squeeze] - gajim 0.13.4-3+squeeze2
16 [13 Apr 2012] DSA-2452-1 apache2 - insecure default configuration
17 {CVE-2012-0216}
18 [squeeze] - apache2 2.2.16-6+squeeze7
19 [13 Apr 2012] DSA-2451-1 puppet - several
20 {CVE-2012-1906 CVE-2012-1986 CVE-2012-1987 CVE-2012-1988}
21 [squeeze] - puppet 2.6.2-5+squeeze5
22 [12 Apr 2012] DSA-2450-1 samba - privilege escalation
23 {CVE-2012-1182}
24 [squeeze] - samba 2:3.5.6~dfsg-3squeeze7
25 [12 Apr 2012] DSA-2449-1 sqlalchemy - missing input sanitization
26 {CVE-2012-0805}
27 [squeeze] - sqlalchemy 0.6.3-3+squeeze1
28 [08 Apr 2012] DSA-2448-1 inspircd - buffer overflow
29 {CVE-2012-1836}
30 [squeeze] - inspircd 1.1.22+dfsg-4+squeeze1
31 [wheezy] - inspircd 1.1.22+dfsg-4+wheezy1
32 [04 Apr 2012] DSA-2447-1 tiff - integer overflow
33 {CVE-2012-1173}
34 [squeeze] - tiff 3.9.4-5+squeeze4
35 [04 Apr 2012] DSA-2446-1 libpng - incorrect memory handling
36 {CVE-2011-3048}
37 [squeeze] - libpng 1.2.44-1+squeeze4
38 [31 Mar 2012] DSA-2442-2 openarena - UDP traffic amplification
39 [squeeze] - openarena 0.8.5-5+squeeze3
40 [31 Mar 2012] DSA-2445-1 typo3-src - several
41 {CVE-2012-1606 CVE-2012-1607 CVE-2012-1608}
42 [squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze3
43 [29 Mar 2012] DSA-2444-1 tryton-server - privilege escalation
44 {CVE-2012-0215}
45 [squeeze] - tryton-server 1.6.1-2+squeeze1
46 [26 Mar 2012] DSA-2443-1 linux-2.6 - several
47 {CVE-2009-4307 CVE-2011-1833 CVE-2011-4127 CVE-2011-4347 CVE-2012-0045 CVE-2012-1090 CVE-2012-1097}
48 [squeeze] - linux-2.6 2.6.32-41squeeze2
49 [26 Mar 2012] DSA-2442-1 openarena - UDP traffic amplification
50 {CVE-2010-5077}
51 [squeeze] - openarena 0.8.5-5+squeeze2
52 [25 Mar 2012] DSA-2441-1 gnutls26 - missing bounds check
53 {CVE-2012-1573}
54 [squeeze] - gnutls26 2.8.6-1+squeeze2
55 [24 Mar 2012] DSA-2440-1 libtasn1-3 - integer overflow
56 {CVE-2012-1569}
57 [squeeze] - libtasn1-3 2.7-1+squeeze+1
58 [22 Mar 2012] DSA-2439-1 libpng - buffer overflow
59 {CVE-2011-3045}
60 [squeeze] - libpng 1.2.44-1+squeeze3
61 [22 Mar 2012] DSA-2438-1 raptor - programming error
62 {CVE-2012-0037}
63 [squeeze] - raptor 1.4.21-2+squeeze1
64 [21 Mar 2012] DSA-2437-1 icedove - several
65 {CVE-2012-0455 CVE-2012-0456 CVE-2012-0458 CVE-2012-0461}
66 [squeeze] - icedove 3.0.11-1+squeeze8
67 [19 Mar 2012] DSA-2436-1 libapache2-mod-fcgid - inactive resource limits
68 {CVE-2012-1181}
69 [squeeze] - libapache2-mod-fcgid 1:2.3.6-1+squeeze1
70 [19 Mar 2012] DSA-2435-1 gnash - several
71 {CVE-2010-4337 CVE-2011-4328 CVE-2012-1175}
72 [squeeze] - gnash 0.8.8-5+squeeze1
73 [19 Mar 2012] DSA-2434-1 nginx - sensitive information leak
74 {CVE-2012-1180}
75 [squeeze] - nginx 0.7.67-3+squeeze2
76 [15 Mar 2012] DSA-2433-1 iceweasel - several
77 {CVE-2012-0455 CVE-2012-0456 CVE-2012-0458 CVE-2012-0461}
78 [squeeze] - iceweasel 3.5.16-13
79 [12 Mar 2012] DSA-2432-1 libyaml-libyaml-perl - format string vulnerability
80 {CVE-2012-1152}
81 [squeeze] - libyaml-libyaml-perl 0.33-1+squeeze1
82 [11 Mar 2012] DSA-2431-1 libdbd-pg-perl - format string vulnerabilities
83 {CVE-2012-1151}
84 [squeeze] - libdbd-pg-perl 2.17.1-2+squeeze1
85 [10 Mar 2012] DSA-2430-1 python-pam - double free
86 {CVE-2012-1502}
87 [squeeze] - python-pam 0.4.2-12.2+squeeze1
88 [07 Mar 2012] DSA-2429-1 mysql-5.1 - several
89 {CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101 CVE-2012-0102 CVE-2012-0112 CVE-2012-0113 CVE-2012-0114 CVE-2012-0115 CVE-2012-0116 CVE-2012-0118 CVE-2012-0119 CVE-2012-0120 CVE-2012-0484 CVE-2012-0485 CVE-2012-0490 CVE-2012-0492}
90 [squeeze] - mysql-5.1 5.1.61-0+squeeze1
91 [07 Mar 2012] DSA-2428-1 freetype - several
92 {CVE-2012-1133 CVE-2012-1134 CVE-2012-1136 CVE-2012-1142 CVE-2012-1144}
93 [squeeze] - freetype 2.4.2-2.1+squeeze4
94 [06 Mar 2012] DSA-2427-1 imagemagick - several
95 {CVE-2012-0247 CVE-2012-0248}
96 [squeeze] - imagemagick 8:6.6.0.4-3+squeeze1
97 [06 Mar 2012] DSA-2426-1 gimp - several
98 {CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-1782 CVE-2011-2896}
99 [squeeze] - gimp 2.6.10-1+squeeze3
100 [04 Mar 2012] DSA-2425-1 plib - buffer overflow
101 {CVE-2011-4620}
102 [squeeze] - plib 1.8.5-5+squeeze1
103 [04 Mar 2012] DSA-2424-1 libxml-atom-perl - XML entity expansion
104 {CVE-2012-1102}
105 [squeeze] - libxml-atom-perl 0.37-1+squeeze1
106 [02 Mar 2012] DSA-2423-1 movabletype-opensource - several
107 {CVE-2012-1497 CVE-2012-1262 CVE-2012-0320 CVE-2012-0319 CVE-2012-0318 CVE-2012-0317 CVE-2011-5085 CVE-2011-5084}
108 [squeeze] - movabletype-opensource 4.3.8+dfsg-0+squeeze2
109 [29 Feb 2012] DSA-2422-1 file - missing bounds check
110 {CVE-2012-1571}
111 [squeeze] - file 5.04-5+squeeze1
112 [29 Feb 2012] DSA-2421-1 moodle - several
113 {CVE-2011-4308 CVE-2011-4584 CVE-2011-4585 CVE-2011-4586 CVE-2011-4587 CVE-2011-4588 CVE-2012-0792 CVE-2012-0793 CVE-2012-0794 CVE-2012-0795 CVE-2012-0796}
114 [squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze3
115 [28 Feb 2012] DSA-2420-1 openjdk-6 - several
116 {CVE-2011-3377 CVE-2011-3563 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507}
117 [squeeze] - openjdk-6 6b18-1.8.13-0+squeeze1
118 [27 Feb 2012] DSA-2419-1 puppet - several
119 {CVE-2012-1053 CVE-2012-1054}
120 [squeeze] - puppet 2.6.2-5+squeeze4
121 [27 Feb 2012] DSA-2418-1 postgresql-8.4 - several
122 {CVE-2012-0866 CVE-2012-0867 CVE-2012-0868}
123 [squeeze] - postgresql-8.4 8.4.11-0squeeze1
124 [25 Feb 2012] DSA-2414-2 fex - regression
125 [squeeze] - fex 20100208+debian1-1+squeeze3
126 [22 Feb 2012] DSA-2417-1 libxml2 - denial of service
127 {CVE-2012-0841}
128 [squeeze] - libxml2 2.7.8.dfsg-2+squeeze3
129 [22 Feb 2012] DSA-2416-1 notmuch - information disclosure
130 {CVE-2012-1103}
131 [squeeze] - notmuch 0.3.1+squeeze1
132 [21 Feb 2012] DSA-2415-1 libmodplug - several
133 {CVE-2011-1761 CVE-2011-2911 CVE-2011-2912 CVE-2011-2913 CVE-2011-2914 CVE-2011-2915}
134 [squeeze] - libmodplug 1:0.8.8.1-1+squeeze2
135 [21 Feb 2012] DSA-2414-1 fex - cross-site scripting
136 {CVE-2012-0869 CVE-2012-1293}
137 [squeeze] - fex 20100208+debian1-1+squeeze2
138 [20 Feb 2012] DSA-2413-1 libarchive - buffer overflows
139 {CVE-2011-1777 CVE-2011-1778}
140 [squeeze] - libarchive 2.8.4-1+squeeze1
141 [19 Feb 2012] DSA-2412-1 libvorbis - buffer overflow
142 {CVE-2012-0444}
143 [squeeze] - libvorbis 1.3.1-1+squeeze1
144 [19 Feb 2012] DSA-2411-1 mumble - information disclosure
145 {CVE-2012-0863}
146 [squeeze] - mumble 1.2.2-6+squeeze1
147 [15 Feb 2012] DSA-2410-1 libpng - integer overflow
148 {CVE-2011-3026}
149 [squeeze] - libpng 1.2.44-1+squeeze2
150 [15 Feb 2012] DSA-2409-1 devscripts - several
151 {CVE-2012-0210 CVE-2012-0211 CVE-2012-0212}
152 [squeeze] - devscripts 2.10.69+squeeze2
153 [13 Feb 2012] DSA-2408-1 php5 - several
154 {CVE-2011-1072 CVE-2011-4153 CVE-2012-0781 CVE-2012-0788 CVE-2012-0831}
155 [squeeze] - php5 5.3.3-7+squeeze8
156 [09 Feb 2012] DSA-2407-1 cvs - heap overflow
157 {CVE-2012-0804}
158 [squeeze] - cvs 1:1.12.13-12+squeeze1
159 [09 Feb 2012] DSA-2406-1 icedove - several
160 {CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449}
161 [squeeze] - icedove 3.0.11-1+squeeze7
162 [06 Feb 2012] DSA-2405-1 apache2 - multiple issues
163 {CVE-2011-3368 CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 CVE-2012-0031 CVE-2012-0053}
164 [squeeze] - apache2 2.2.16-6+squeeze6
165 [lenny] - apache2 2.2.9-10+lenny12
166 [05 Feb 2012] DSA-2404-1 xen-qemu-dm-4.0 - buffer overflow
167 {CVE-2012-0029}
168 [squeeze] - xen-qemu-dm-4.0 4.0.1-2+squeeze1
169 [04 Feb 2012] DSA-2384-2 cacti - several
170 [lenny] - cacti 0.8.7b-2.1+lenny5
171 [02 Feb 2012] DSA-2403-1 php5 - code injection
172 {CVE-2012-0830}
173 [squeeze] - php5 5.3.3-7+squeeze7
174 [lenny] - php5 5.2.6.dfsg.1-1+lenny16
175 [02 Feb 2012] DSA-2402-1 iceape - several
176 {CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 }
177 [squeeze] - iceape 2.0.11-10
178 [02 Feb 2012] DSA-2401-1 tomcat6 - several
179 {CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 CVE-2011-3375 CVE-2011-4858 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 CVE-2012-0022 }
180 [squeeze] - tomcat6 6.0.35-1+squeeze2
181 [02 Feb 2012] DSA-2400-1 iceweasel - several
182 {CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 }
183 [squeeze] - iceweasel 3.5.16-12
184 [lenny] - xulrunner 1.9.0.19-16
185 [31 Jan 2012] DSA-2399-1 php5 - several
186 {CVE-2011-1938 CVE-2011-2483 CVE-2011-4566 CVE-2011-4885 CVE-2012-0057}
187 [squeeze] - php5 5.3.3-7+squeeze5
188 [lenny] - php5 5.2.6.dfsg.1-1+lenny14
189 [30 Jan 2012] DSA-2398-1 curl - several
190 {CVE-2011-3389 CVE-2012-0036 }
191 [lenny] - curl 7.18.2-8lenny6
192 [squeeze] - curl 7.21.0-2.1+squeeze1
193 [29 Jan 2012] DSA-2397-1 icu - buffer underflow
194 {CVE-2011-4599}
195 [squeeze] - icu 4.4.1-8
196 [lenny] - icu 3.8.1-3+lenny3
197 [27 Jan 2012] DSA-2396-1 qemu-kvm - buffer underflow
198 {CVE-2012-0029}
199 [squeeze] - qemu-kvm 0.12.5+dfsg-5+squeeze8
200 [27 Jan 2012] DSA-2395-1 wireshark - buffer underflow
201 {CVE-2011-3483 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066 CVE-2012-0067 CVE-2012-0068}
202 [squeeze] - wireshark 1.2.11-6+squeeze6
203 [25 Jan 2012] DSA-2394-1 libxml2 - several
204 {CVE-2011-0216 CVE-2011-2821 CVE-2011-2834 CVE-2011-3905 CVE-2011-3919}
205 [squeeze] - libxml2 2.7.8.dfsg-2+squeeze2
206 [lenny] - libxml2 2.6.32.dfsg-5+lenny5
207 [24 Jan 2012] DSA-2393-1 bip - buffer overflow
208 {CVE-2012-0806}
209 [squeeze] - bip 0.8.2-1squeeze4
210 [23 Jan 2012] DSA-2392-1 openssl - out-of-bounds read
211 {CVE-2012-0050}
212 [lenny] - openssl 0.9.8g-15+lenny16
213 [squeeze] - openssl 0.9.8o-4squeeze7
214 [23 Jan 2012] DSA-2301-2 rails - several
215 [squeeze] - rails 2.3.5-1.2+squeeze2
216 [lenny] - rails 2.1.0-7+lenny2
217 [22 Jan 2012] DSA-2391-1 phpmyadmin - several
218 {CVE-2011-1940 CVE-2011-3181 CVE-2011-4107}
219 [squeeze] - phpmyadmin 4:3.3.7-7
220 [15 Jan 2012] DSA-2390-1 openssl - several
221 {CVE-2011-4108 CVE-2011-4109 CVE-2011-4354 CVE-2011-4576 CVE-2011-4619}
222 [lenny] - openssl 0.9.8g-15+lenny15
223 [squeeze] - openssl 0.9.8o-4squeeze5
224 [15 Jan 2012] DSA-2389-1 linux-2.6 - several
225 {CVE-2011-2183 CVE-2011-2213 CVE-2011-2898 CVE-2011-3353 CVE-2011-4077 CVE-2011-4110 CVE-2011-4127 CVE-2011-4611 CVE-2011-4622 CVE-2011-4914}
226 [squeeze] - linux-2.6 2.6.32-39squeeze1
227 [14 Jan 2012] DSA-2388-1 t1lib - several
228 {CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554}
229 [squeeze] - t1lib 5.1.2-3+squeeze1
230 [lenny] - t1lib 5.1.2-3+lenny1
231 [11 Jan 2012] DSA-2387-1 simplesamlphp - cross site scripting
232 {CVE-2012-0040 CVE-2012-0908}
233 [squeeze] - simplesamlphp 1.6.3-3
234 [10 Jan 2012] DSA-2386-1 openttd - several
235 {CVE-2011-3341 CVE-2011-3342 CVE-2011-3343 }
236 [lenny] - openttd 0.6.2-1+lenny4
237 [squeeze] - openttd 1.0.4-4
238 [10 Jan 2012] DSA-2385-1 pdns - packet loop
239 {CVE-2012-0206}
240 [lenny] - pdns 2.9.21.2-1+lenny1
241 [squeeze] - pdns 2.9.22-8+squeeze1
242 [09 Jan 2012] DSA-2384-1 cacti - several
243 {CVE-2010-1644 CVE-2010-1645 CVE-2010-2543 CVE-2010-2545 CVE-2011-4824}
244 [lenny] - cacti 0.8.7b-2.1+lenny4
245 [squeeze] - cacti 0.8.7g-1+squeeze1
246 [08 Jan 2012] DSA-2383-1 super - buffer overflow
247 {CVE-2011-2776}
248 [lenny] - super 3.30.0-2+lenny1
249 [squeeze] - super 3.30.0-3+squeeze1
250 [07 Jan 2012] DSA-2382-1 ecryptfs-utils - multiple
251 {CVE-2011-1831 CVE-2011-1832 CVE-2011-1834 CVE-2011-1835 CVE-2011-1837 CVE-2011-3145}
252 [lenny] - ecryptfs-utils 68-1+lenny1
253 [squeeze] - ecryptfs-utils 83-4+squeeze1
254 [06 Jan 2012] DSA-2381-1 squid3 - invalid memory deallocation
255 {CVE-2011-4096}
256 [squeeze] - squid3 3.1.6-1.2+squeeze2
257 [04 Jan 2012] DSA-2380-1 foomatic-filters - shell command injection
258 {CVE-2011-2697 CVE-2011-2964}
259 [squeeze] - foomatic-filters 4.0.5-6+squeeze1
260 [lenny] - foomatic-filters 3.0.2-20080211-3.2+lenny1
261 [04 Jan 2012] DSA-2379-1 krb5 - several
262 {CVE-2011-1528 CVE-2011-1529}
263 [squeeze] - krb5 1.8.3+dfsg-4squeeze5
264 [03 Jan 2012] DSA-2378-1 ffmpeg - several
265 {CVE-2011-4351 CVE-2011-4353 CVE-2011-4364 CVE-2011-4579 }
266 [squeeze] - ffmpeg 4:0.5.6-3
267 [01 Jan 2012] DSA-2377-1 cyrus-imapd-2.2 - denial of service
268 {CVE-2011-3481}
269 [lenny] - cyrus-imapd-2.2 2.2.13-14+lenny6
270 [squeeze] - cyrus-imapd-2.2 2.2.13-19+squeeze3
271 [31 Dec 2011] DSA-2376-2 ipmitool - insecure pid file
272 {CVE-2011-4339}
273 [lenny] - ipmitool 1.8.9-2+squeeze1
274 [30 Dec 2011] DSA-2263-2 movabletype-opensource - several
275 [lenny] - movabletype-opensource 4.2.3-1+lenny3
276 [30 Dec 2011] DSA-2376-1 ipmitool - insecure pid file
277 {CVE-2011-4339}
278 [squeeze] - ipmitool 1.8.11-2+squeeze2
279 [26 Dec 2011] DSA-2375-1 krb5 - buffer overflow
280 {CVE-2011-4862}
281 [lenny] - krb5 1.6.dfsg.4~beta1-5lenny7
282 [squeeze] - krb5-appl 1:1.0.1-1.2
283 [26 Dec 2011] DSA-2374-1 openswan - implementation error
284 {CVE-2011-4073}
285 [squeeze] - openswan 1:2.6.28+dfsg-5+squeeze1
286 [lenny] - openswan 1:2.4.12+dfsg-1.3+lenny4
287 [25 Dec 2011] DSA-2373-1 inetutils - buffer overflow
288 {CVE-2011-4862}
289 [squeeze] - inetutils 2:1.6-3.1+squeeze1
290 [lenny] - inetutils 2:1.5.dfsg.1-9+lenny1
291 [25 Dec 2011] DSA-2372-1 heimdal - buffer overflow
292 {CVE-2011-4862}
293 [squeeze] - heimdal 1.4.0~git20100726.dfsg.1-2+squeeze1
294 [lenny] - heimdal 1.2.dfsg.1-2.1+lenny1
295 [24 Dec 2011] DSA-2371-1 jasper - buffer overflows
296 {CVE-2011-4516 CVE-2011-4517 }
297 [squeeze] - jasper 1.900.1-7+squeeze1
298 [lenny] - jasper 1.900.1-5.1+lenny2
299 [22 Dec 2011] DSA-2370-1 unbound - several
300 {CVE-2011-4528 CVE-2011-4869}
301 [lenny] - unbound 1.4.6-1~lenny2
302 [squeeze] - unbound 1.4.6-1+squeeze2
303 [21 Dec 2011] DSA-2369-1 libsoup2.4 - directory traversal
304 {CVE-2011-2524}
305 [squeeze] - libsoup2.4 2.30.2-1+squeeze1
306 [lenny] - libsoup2.4 2.4.1-2+lenny1
307 [20 Dec 2011] DSA-2368-1 lighttpd - several
308 {CVE-2011-4362 CVE-2011-3389}
309 [squeeze] - lighttpd 1.4.28-2+squeeze1
310 [lenny] - lighttpd 1.4.19-5+lenny3
311 [19 Dec 2011] DSA-2367-1 asterisk - several
312 {CVE-2011-4597 CVE-2011-4598}
313 [squeeze] - asterisk 1:1.6.2.9-2+squeeze4
314 [lenny] - asterisk 1:1.4.21.2~dfsg-3+lenny6
315 [18 Dec 2011] DSA-2366-1 mediawiki - multiple
316 {CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 CVE-2011-1587 CVE-2011-4360 CVE-2011-4361}
317 [squeeze] - mediawiki 1:1.15.5-2squeeze2
318 [lenny] - mediawiki 1:1.12.0-2lenny9
319 [18 Dec 2011] DSA-2365-1 dtc - several
320 {CVE-2011-3195 CVE-2011-3196 CVE-2011-3197 CVE-2011-3198 CVE-2011-3199}
321 [lenny] - dtc 0.29.18-1+lenny2
322 [18 Dec 2011] DSA-2364-1 xorg - incorrect permission check
323 {CVE-2011-4613}
324 [squeeze] - xorg 1:7.5+8+squeeze1
325 [16 Dec 2011] DSA-2363-1 tor - buffer overflow
326 {CVE-2011-2778}
327 [squeeze] - tor 0.2.2.35-1~squeeze+1
328 [lenny] - tor 0.2.1.32-1
329 [10 Dec 2011] DSA-2362-1 acpid - several
330 {CVE-2011-1159 CVE-2011-4578}
331 [lenny] - acpid 1.0.8-1lenny4
332 [squeeze] - acpid 1:2.0.7-1squeeze3
333 [07 Dec 2011] DSA-2361-1 chasen - buffer overflow
334 {CVE-2011-4000}
335 [squeeze] - chasen 2.4.4-11+squeeze2
336 [lenny] - chasen 2.4.4-2+lenny2
337 [06 Dec 2011] DSA-2359-1 mojarra - EL injection
338 {CVE-2011-4358 }
339 [squeeze] - mojarra 2.0.3-1+squeeze1
340 [05 Dec 2011] DSA-2358-1 openjdk-6 - several
341 {CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560}
342 [lenny] - openjdk-6 6b18-1.8.10-0~lenny2
343 [03 Dec 2011] DSA-2357-1 evince - several
344 {CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643}
345 [lenny] - evince 2.22.2-4~lenny2
346 [01 Dec 2011] DSA-2356-1 openjdk-6 - several
347 {CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560}
348 [squeeze] - openjdk-6 6b18-1.8.10-0+squeeze2
349 [30 Nov 2011] DSA-2355-1 clearsilver - format string vulnerability
350 {CVE-2011-4357}
351 [squeeze] - clearsilver 0.10.5-1+squeeze1
352 [lenny] - clearsilver 0.10.4-1.3+lenny1
353 [28 Nov 2011] DSA-2354-1 cups - several
354 {CVE-2011-2896 CVE-2011-3170 }
355 [squeeze] - cups 1.4.4-7+squeeze1
356 [lenny] - cups 1.3.8-1+lenny10
357 [24 Nov 2011] DSA-2353-1 ldns - buffer overflow
358 {CVE-2011-3581}
359 [squeeze] - ldns 1.6.6-2+squeeze1
360 [lenny] - ldns 1.4.0-1+lenny2
361 [22 Nov 2011] DSA-2352-1 puppet - programming error
362 {CVE-2011-3872}
363 [lenny] - puppet 0.24.5-3+lenny2
364 [squeeze] - puppet 2.6.2-5+squeeze3
365 [21 Nov 2011] DSA-2351-1 wireshark - buffer overflow
366 {CVE-2011-4102}
367 [squeeze] - wireshark 1.2.11-6+squeeze5
368 [lenny] - wireshark 1.0.2-3+lenny16
369 [20 Nov 2011] DSA-2350-1 freetype - missing input sanitising
370 {CVE-2011-3439}
371 [lenny] - freetype 2.3.7-2+lenny8
372 [squeeze] - freetype 2.4.2-2.1+squeeze3
373 [19 Nov 2011] DSA-2349-1 spip - several
374 [squeeze] - spip 2.1.1-3squeeze2
375 [17 Nov 2011] DSA-2348-1 systemtap - several
376 {CVE-2010-4170 CVE-2010-4171 CVE-2011-2503 }
377 [squeeze] - systemtap 1.2-5+squeeze1
378 [16 Nov 2011] DSA-2347-1 bind9 - improper assert
379 {CVE-2011-4313}
380 [lenny] - bind9 1:9.6.ESV.R4+dfsg-0+lenny4
381 [squeeze] - bind9 1:9.7.3.dfsg-1~squeeze4
382 [16 Nov 2011] DSA-2346-2 proftpd-dfsg - several
383 {CVE-2011-4130}
384 [lenny] - proftpd-dfsg 1.3.1-17lenny9
385 [15 Nov 2011] DSA-2346-1 proftpd-dfsg - several
386 {CVE-2011-4130}
387 [lenny] - proftpd-dfsg 1.3.1-17lenny8
388 [squeeze] - proftpd-dfsg 1.3.3a-6squeeze4
389 [11 Nov 2011] DSA-2345-1 icedove - several
390 {CVE-2011-3647 CVE-2011-3648 CVE-2011-3650}
391 [squeeze] - icedove 3.0.11-1+squeeze6
392 [11 Nov 2011] DSA-2344-1 python-django-piston - deserialization vulnerability
393 {CVE-2011-4103}
394 [squeeze] - python-django-piston 0.2.2-1+squeeze1
395 [09 Nov 2011] DSA-2343-1 openssl - CA trust revocation
396 [lenny] - openssl 0.9.8g-15+lenny14
397 [squeeze] - openssl 0.9.8o-4squeeze4
398 [09 Nov 2011] DSA-2342-1 iceape - several
399 {CVE-2011-3647 CVE-2011-3648 CVE-2011-3650}
400 [squeeze] - iceape 2.0.11-9
401 [09 Nov 2011] DSA-2341-1 iceweasel - several
402 {CVE-2011-3647 CVE-2011-3648 CVE-2011-3650}
403 [squeeze] - iceweasel 3.5.16-11
404 [lenny] - xulrunner 1.9.0.19-15
405 [07 Nov 2011] DSA-2340-1 postgresql - weak password hashing
406 {CVE-2011-2483}
407 [squeeze] - postgresql-8.4 8.4.9-0squeeze1
408 [lenny] - postgresql-8.3 8.3.16-0lenny1
409 [07 Nov 2011] DSA-2339-1 nss - several
410 {CVE-2011-3640}
411 [squeeze] - nss 3.12.8-1+squeeze4
412 [lenny] - nss 3.12.3.1-0lenny7
413 [07 Nov 2011] DSA-2338-1 moodle - several
414 {CVE-2011-4294 CVE-2011-4301 CVE-2011-4302 CVE-2011-4305 CVE-2011-4306}
415 [squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze2
416 [06 Nov 2011] DSA-2337-1 xen - several vulnerabilities
417 {CVE-2011-1166 CVE-2011-1583 CVE-2011-1898 CVE-2011-3262}
418 [squeeze] - xen 4.0.1-4
419 [05 Nov 2011] DSA-2336-1 ffmpeg - several
420 {CVE-2011-3504 CVE-2011-3973 CVE-2011-3974 CVE-2011-3362 }
421 [squeeze] - ffmpeg 4:0.5.5-1
422 [05 Nov 2011] DSA-2335-1 man2html - missing input sanitization
423 {CVE-2011-2770}
424 [lenny] - man2html 1.6f-3+lenny1
425 [squeeze] - man2html 1.6f+repack-1+squeeze1
426 [04 Nov 2011] DSA-2334-1 mahara - several
427 {CVE-2011-2771 CVE-2011-2772 CVE-2011-2773 CVE-2011-4118}
428 [lenny] - mahara 1.0.4-4+lenny11
429 [squeeze] - mahara 1.2.6-2+squeeze3
430 [31 Oct 2011] DSA-2333-1 phpldapadmin - several issues
431 {CVE-2011-4075 CVE-2011-4074}
432 [squeeze] - phpldapadmin 1.2.0.5-2+squeeze1
433 [lenny] - phpldapadmin 1.1.0.5-6+lenny2
434 [29 Oct 2011] DSA-2332-1 python-django - several issues
435 {CVE-2011-4136 CVE-2011-4137 CVE-2011-4138 CVE-2011-4139 CVE-2011-4140}
436 [squeeze] - python-django 1.2.3-3+squeeze2
437 [lenny] - python-django 1.0.2-1+lenny3
438 [28 Oct 2011] DSA-2331-1 tor - several
439 {CVE-2011-2768 CVE-2011-2769}
440 [squeeze] - tor 0.2.1.31-1
441 [lenny] - tor 0.2.1.31-1~lenny+1
442 [27 Oct 2011] DSA-2330-1 simplesamlphp - several
443 {CVE-2011-4625}
444 [squeeze] - simplesamlphp 1.6.3-2
445 [27 Oct 2011] DSA-2329-1 torque - buffer overflow
446 {CVE-2011-2193}
447 [squeeze] - torque 2.4.8+dfsg-9squeeze1
448 [24 Oct 2011] DSA-2328-1 freetype - missing input sanitising
449 {CVE-2011-3256 }
450 [lenny] - freetype 2.3.7-2+lenny7
451 [squeeze] - freetype 2.4.2-2.1+squeeze2
452 [24 Oct 2011] DSA-2327-1 libfcgi-perl - authentication bypass
453 {CVE-2011-2766}
454 [squeeze] - libfcgi-perl 0.71-1+squeeze1
455 [24 Oct 2011] DSA-2326-1 pam - several
456 {CVE-2011-3148 CVE-2011-3149}
457 [squeeze] - pam 1.1.1-6.1+squeeze1
458 [23 Oct 2011] DSA-2325-1 kfreebsd-8 - privilege escalation/denial of service
459 {CVE-2011-4062}
460 [squeeze] - kfreebsd-8 8.1+dfsg-8+squeeze2
461 [20 Oct 2011] DSA-2324-1 wireshark - programming error
462 {CVE-2011-3360}
463 [squeeze] - wireshark 1.2.11-6+squeeze4
464 [lenny] - wireshark 1.0.2-3+lenny15
465 [26 Oct 2011] DSA-2323-1 radvd - several
466 {CVE-2011-3601 CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 }
467 [squeeze] - radvd 1:1.6-1.1
468 [lenny] - radvd 1:1.1-3.1
469 [10 Oct 2011] DSA-2322-1 bugzilla - several
470 {CVE-2011-2979 CVE-2010-4567 CVE-2010-4568 CVE-2010-4572 CVE-2011-0046 CVE-2011-0048 CVE-2011-2379 CVE-2011-2380 CVE-2011-2381 CVE-2011-2978}
471 [squeeze] - bugzilla 3.6.2.0-4.4
472 [10 Oct 2011] DSA-2321-1 moin - cross-site scripting
473 {CVE-2011-1058}
474 [squeeze] - moin 1.9.3-1+squeeze1
475 [lenny] - moin 1.7.1-3+lenny6
476 [08 Oct 2011] DSA-2319-1 policykit-1 - race condition
477 {CVE-2011-1485}
478 [squeeze] - policykit-1 0.96-4+squeeze1
479 [06 Oct 2011] DSA-2318-1 cyrus-imapd-2.2 - several
480 {CVE-2011-3372 CVE-2011-3208}
481 [squeeze] - cyrus-imapd-2.2 2.2.13-19+squeeze2
482 [lenny] - cyrus-imapd-2.2 2.2.13-14+lenny5
483 [05 Oct 2011] DSA-2317-1 icedove - several
484 {CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 }
485 [squeeze] - icedove 3.0.11-1+squeeze5
486 [05 Oct 2011] DSA-2316-1 quagga - several
487 {CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327}
488 [lenny] - quagga 0.99.10-1lenny6
489 [squeeze] - quagga 0.99.17-2+squeeze3
490 [05 Oct 2011] DSA-2315-1 openoffice.org - multiple vulnerabilities
491 {CVE-2011-2713 }
492 [lenny] - openoffice.org 1:2.4.1+dfsg-1+lenny12
493 [squeeze] - openoffice.org 1:3.2.1-11+squeeze4
494 [29 Sep 2011] DSA-2314-1 puppet - several
495 {CVE-2011-3848 CVE-2011-3870 CVE-2011-3869 CVE-2011-3871}
496 [squeeze] - puppet 2.6.2-5+squeeze1
497 [29 Sep 2011] DSA-2313-1 iceweasel - several
498 {CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000}
499 [squeeze] - iceweasel 3.5.16-10
500 [lenny] - xulrunner 1.9.0.19-14
501 [29 Sep 2011] DSA-2312-1 iceape - several
502 {CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 }
503 [squeeze] - iceape 2.0.11-8
504 [27 Sep 2011] DSA-2311-1 openjdk-6 - several
505 {CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871}
506 [squeeze] - openjdk-6 6b18-1.8.9-0.1~squeeze1
507 [22 Sep 2011] DSA-2310-1 linux-2.6 - several issues
508 {CVE-2009-4067 CVE-2011-0712 CVE-2011-1020 CVE-2011-2208 CVE-2011-2209 CVE-2011-2211 CVE-2011-2213 CVE-2011-2484 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497 CVE-2011-2525 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191}
509 [lenny] - linux-2.6 2.6.26-26lenny4
510 [13 Sep 2011] DSA-2309-1 openssl - compromised certificate authority
511 {CVE-2011-1945}
512 [lenny] - openssl 0.9.8g-15+lenny12
513 [squeeze] - openssl 0.9.8o-4squeeze2
514 [12 Sep 2011] DSA-2308-1 mantis - several
515 {CVE-2011-3357 CVE-2011-3358 }
516 [squeeze] - mantis 1.1.8+dfsg-10squeeze1
517 [lenny] - mantis 1.1.6+dfsg-2lenny6
518 [11 Sep 2011] DSA-2307-1 chromium-browser - several
519 {CVE-2011-2359 CVE-2011-2800 CVE-2011-2818 }
520 [squeeze] - chromium-browser 6.0.472.63~r59945-5+squeeze6
521 [11 Sep 2011] DSA-2306-1 ffmpeg - several
522 {CVE-2010-3908 CVE-2010-4704 CVE-2011-0480 CVE-2011-0722 CVE-2011-0723 CVE-2011-2161 CVE-2011-2160 CVE-2011-2162}
523 [squeeze] - ffmpeg 4:0.5.4-1
524 [11 Sep 2011] DSA-2304-1 squid3 - buffer overflow
525 {CVE-2011-3205}
526 [squeeze] - squid3 3.1.6-1.2+squeeze1
527 [lenny] - squid3 3.0.STABLE8-3+lenny5
528 [08 Sep 2011] DSA-2305-1 vsftpd - denial of service
529 {CVE-2011-0762}
530 [squeeze] - vsftpd 2.3.2-3+squeeze2
531 [lenny] - vsftpd 2.0.7-1+lenny1
532 NOTE: additionally CVE-2011-2189 has been fixed for vsftpd by adding a kernel check
533 [08 Sep 2011] DSA-2303-1 linux-2.6 - several issues
534 {CVE-2011-1020 CVE-2011-1576 CVE-2011-2484 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497 CVE-2011-2517 CVE-2011-2525 CVE-2011-2700 CVE-2011-2723 CVE-2011-2905 CVE-2011-2909 CVE-2011-2918 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191}
535 [squeeze] - linux-2.6 2.6.32-35squeeze1
536 [07 Sep 2011] DSA-2302-1 bcfg2 - arbitrary code execution
537 {CVE-2011-3211}
538 [squeeze] - bcfg2 1.0.1-3+squeeze1
539 [lenny] - bcfg2 0.9.5.7-1.1+lenny1
540 [05 Sep 2011] DSA-2301-1 rails - several
541 {CVE-2011-2930 CVE-2011-2931 CVE-2011-3186 CVE-2009-4214}
542 [squeeze] - rails 2.3.5-1.2+squeeze1
543 [lenny] - rails 2.1.0-7+lenny1
544 [05 Sep 2011] DSA-2300-2 nss - compromised certificate authority
545 [squeeze] - nss 3.12.8-1+squeeze3
546 [lenny] - nss 3.12.3.1-0lenny6
547 [31 Aug 2011] DSA-2300-1 nss - compromised certificate authority
548 [squeeze] - nss 3.12.8-1+squeeze2
549 [lenny] - nss 3.12.3.1-0lenny5
550 [31 Aug 2011] DSA-2299-1 ca-certificates - untrusted root CA
551 [squeeze] - ca-certificates 20090814+nmu3
552 [29 Aug 2011] DSA-2298-1 apache2 - denial of service
553 {CVE-2011-3192}
554 [lenny] - apache2 2.2.9-10+lenny10
555 [squeeze] - apache2 2.2.16-6+squeeze2
556 [21 Aug 2011] DSA-2297-1 icedove - several
557 {CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984 }
558 [squeeze] - icedove 3.0.11-1+squeeze4
559 [17 Aug 2011] DSA-2296-1 iceweasel - several
560 {CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984 }
561 [squeeze] - iceweasel 3.5.16-9
562 [lenny] - xulrunner 1.9.0.19-13
563 [17 Aug 2011] DSA-2295-1 iceape - several
564 {CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984 }
565 [squeeze] - iceape 2.0.11-7
566 [14 Aug 2011] DSA-2294-1 freetype - missing input sanitization
567 {CVE-2011-0226}
568 [lenny] - freetype 2.3.7-2+lenny6
569 [squeeze] - freetype 2.4.2-2.1+squeeze1
570 [12 Aug 2011] DSA-2293-1 libxfont - buffer overflow
571 {CVE-2011-2895}
572 [lenny] - libxfont 1:1.3.3-2
573 [squeeze] - libxfont 1:1.4.1-3
574 [11 Aug 2011] DSA-2292-1 isc-dhcp - denial of service
575 {CVE-2011-2748 CVE-2011-2749}
576 [lenny] - dhcp3 3.1.1-6+lenny6
577 [squeeze] - isc-dhcp 4.1.1-P1-15+squeeze3
578 [08 Aug 2011] DSA-2291-1 squirrelmail - various issues
579 {CVE-2010-4554 CVE-2010-4555 CVE-2011-2023 CVE-2011-2752 CVE-2011-2753}
580 [lenny] - squirrelmail 2:1.4.15-4+lenny5
581 [squeeze] - squirrelmail 2:1.4.21-2
582 [07 Aug 2011] DSA-2290-1 samba - cross-side scripting
583 {CVE-2011-2522 CVE-2011-2694}
584 [lenny] - samba 2:3.2.5-4lenny15
585 [squeeze] - samba 2:3.5.6~dfsg-3squeeze5
586 [07 Aug 2011] DSA-2289-1 typo3-src - several
587 {CVE-2011-4626 CVE-2011-4627 CVE-2011-4628 CVE-2011-4629 CVE-2011-4630 CVE-2011-4631 CVE-2011-4632 CVE-2011-4900 CVE-2011-4901 CVE-2011-4902 CVE-2011-4903 CVE-2011-4904}
588 [lenny] - typo3-src 4.2.5-1+lenny8
589 [squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze1
590 [28 Jul 2011] DSA-2288-1 libsndfile - integer overflow
591 {CVE-2011-2696}
592 [squeeze] - libsndfile 1.0.21-3+squeeze1
593 [lenny] - libsndfile 1.0.17-4+lenny3
594 [28 Jul 2011] DSA-2287-1 libpng - several vulnerabilities
595 {CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692}
596 [squeeze] - libpng 1.2.44-1+squeeze1
597 [lenny] - libpng 1.2.27-2+lenny5
598 [26 Jul 2011] DSA-2286-1 phpymadmin - several
599 {CVE-2011-2505 CVE-2011-2506 CVE-2011-2507 CVE-2011-2508 CVE-2011-2642 CVE-2011-2719}
600 [squeeze] - phpmyadmin 4:3.3.7-6
601 [lenny] - phpmyadmin 4:2.11.8.1-5+lenny9
602 [26 Jul 2011] DSA-2285-1 mapserver - several
603 {CVE-2011-2703 CVE-2011-2704}
604 [squeeze] - mapserver 5.6.5-2+squeeze2
605 [lenny] - mapserver 5.0.3-3+lenny7
606 [25 Jul 2011] DSA-2284-1 opensaml2 - implementation error
607 {CVE-2011-1411}
608 [squeeze] - opensaml2 2.3-2+squeeze1
609 [lenny] - opensaml2 2.0-2+lenny3
610 [25 Jul 2011] DSA-2283-1 krb5-appl - programming error
611 {CVE-2011-1526}
612 [squeeze] - krb5-appl 1:1.0.1-1.1
613 [25 Jul 2011] DSA-2282-1 qemu-kvm - several
614 {CVE-2011-2212 CVE-2011-2527}
615 [squeeze] - qemu-kvm 0.12.5+dfsg-5+squeeze6
616 [21 Jul 2011] DSA-2281-1 opie - several
617 {CVE-2011-2489 CVE-2011-2490}
618 [squeeze] - opie 2.32.dfsg.1-0.2+squeeze1
619 [lenny] - opie 2.32-10.2+lenny2
620 [19 Jul 2011] DSA-2280-1 libvirt - several
621 {CVE-2011-2511 CVE-2011-1486}
622 [squeeze] - libvirt 0.8.3-5+squeeze2
623 [lenny] - libvirt 0.4.6-10+lenny2
624 [19 Jul 2011] DSA-2279-1 libapache2-mod-authnz-external - SQL injection
625 {CVE-2011-2688}
626 [squeeze] - libapache2-mod-authnz-external 3.2.4-2+squeeze1
627 [16 Jul 2011] DSA-2278-1 horde3 - several
628 {CVE-2010-3077 CVE-2010-3694}
629 [lenny] - horde3 3.2.2+debian0-2+lenny3
630 [16 Jul 2011] DSA-2254-2 oprofile - command injection
631 {CVE-2011-1760}
632 [squeeze] - oprofile 0.9.6-1.1+squeeze2
633 [lenny] - oprofile 0.9.3-2+lenny2
634 [11 Jul 2011] DSA-2276-2 asterisk - multiple issues
635 {CVE-2011-2529 CVE-2011-2535 CVE-2011-2536}
636 [squeeze] - asterisk 1:1.6.2.9-2+squeeze3
637 [lenny] - asterisk 1:1.4.21.2~dfsg-3+lenny3
638 [10 Jul 2011] DSA-2277-1 xml-security-c - buffer overflow
639 {CVE-2011-2516}
640 [lenny] - xml-security-c 1.4.0-3+lenny3
641 [squeeze] - xml-security-c 1.5.1-3+squeeze1
642 [10 Jul 2011] DSA-2276-1 asterisk - multiple issues
643 {CVE-2011-2529 CVE-2011-2535 CVE-2011-2536}
644 [squeeze] - asterisk 1:1.6.2.9-2+squeeze3
645 [lenny] - asterisk 1:1.4.21.2~dfsg-3+lenny3
646 [07 Jul 2011] DSA-2275-1 openoffice.org - buffer overflow
647 {CVE-2011-2685}
648 [squeeze] - openoffice.org 1:3.2.1-11+squeeze3
649 [lenny] - openoffice.org <not-affected> (Vulnerable code not present)
650 [07 Jul 2011] DSA-2274-1 wireshark - multiple
651 {CVE-2011-1590 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175}
652 [squeeze] - wireshark 1.2.11-6+squeeze2
653 [lenny] - wireshark 1.0.2-3+lenny14
654 [06 Jul 2011] DSA-2273-3 icedove - multiple issues
655 {CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2605}
656 [squeeze] - icedove 3.0.11-1+squeeze3
657 [05 Jul 2011] DSA-2272-1 bind9 - denial of service
658 {CVE-2011-2464}
659 [lenny] - bind9 1:9.6.ESV.R4+dfsg-0+lenny3
660 [squeeze] - bind9 1:9.7.3.dfsg-1~squeeze3
661 [02 Jul 2011] DSA-2271-1 curl - improper delegation of client credentials
662 {CVE-2011-2192 }
663 [lenny] - curl 7.18.2-8lenny5
664 [squeeze] - curl 7.21.0-2
665 [01 Jul 2011] DSA-2270-1 qemu-kvm - programming error
666 {CVE-2011-2512}
667 [squeeze] - qemu-kvm 0.12.5+dfsg-5+squeeze4
668 [01 Jul 2011] DSA-2269-1 iceape - several
669 {CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2605}
670 [squeeze] - iceape 2.0.11-6
671 [01 Jul 2011] DSA-2268-1 iceweasel - several
672 {CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2605 }
673 [squeeze] - iceweasel 3.5.16-8
674 [lenny] - xulrunner 1.9.0.19-12
675 [01 Jul 2011] DSA-2267-1 perl - restriction bypass
676 {CVE-2010-1447 }
677 [lenny] - perl 5.10.0-19lenny5
678 [squeeze] - perl 5.10.1-17squeeze2
679 [29 Jun 2011] DSA-2266-1 php5 - several
680 {CVE-2010-2531 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1153 CVE-2011-1466 CVE-2011-1471 CVE-2011-2202 }
681 [lenny] - php5 5.2.6.dfsg.1-1+lenny12
682 [squeeze] - php5 5.3.3-7+squeeze3
683 [20 Jun 2011] DSA-2265-1 perl - missing taint check
684 {CVE-2011-1487}
685 [lenny] - perl 5.10.0-19lenny4
686 [squeeze] - perl 5.10.1-17squeeze1
687 [18 Jun 2011] DSA-2264-1 linux-2.6 - several issues
688 {CVE-2010-2524 CVE-2010-4075 CVE-2010-4655 CVE-2011-0710 CVE-2011-1010 CVE-2011-1012 CVE-2011-1017 CVE-2011-1078 CVE-2011-1093 CVE-2011-1577 CVE-2011-1768 CVE-2011-2182 CVE-2010-3875 CVE-2011-0695 CVE-2011-0711 CVE-2011-0726 CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182 CVE-2011-1477 CVE-2011-1493 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1776 CVE-2011-2022 CVE-2011-4913}
689 [lenny] - linux-2.6 2.6.26-26lenny3
690 [16 Jun 2011] DSA-2263-1 movabletype-opensource - several
691 [squeeze] - movabletype-opensource 4.3.5+dfsg-2+squeeze2
692 [16 Jun 2011] DSA-2262-1 moodle - several
693 {CVE-2011-4133 CVE-2011-4278 CVE-2011-4283 CVE-2011-4286 CVE-2011-4288 CVE-2011-4290}
694 [squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze1
695 [15 Jun 2011] DSA-2261-1 redmine - several
696 {CVE-2011-4927 CVE-2011-4928 CVE-2011-4929}
697 [squeeze] - redmine 1.0.1-2
698 [14 Jun 2011] DSA-2260-1 rails - several
699 {CVE-2009-3086 CVE-2009-4214}
700 [lenny] - rails 2.1.0-7+lenny0.2
701 [12 Jun 2011] DSA-2259-1 fex - authentication bypass
702 {CVE-2011-1409}
703 [squeeze] - fex 20100208+debian1-1+squeeze1
704 [11 Jun 2011] DSA-2258-1 kolab-cyrus-imapd - implementation error
705 {CVE-2011-1926}
706 [squeeze] - kolab-cyrus-imapd 2.2.13-9.1
707 [lenny] - kolab-cyrus-imapd 2.2.13-5+lenny3
708 [10 Jun 2011] DSA-2257-1 vlc - buffer overflow
709 {CVE-2011-2194}
710 [squeeze] - vlc 1.1.3-1squeeze6
711 [09 Jun 2011] DSA-2256-1 tiff - buffer overflow
712 {CVE-2009-5022}
713 [squeeze] - tiff 3.9.4-5+squeeze2
714 [06 Jun 2011] DSA-2255-1 libxml2 - buffer overflow
715 {CVE-2011-1944}
716 [lenny] - libxml2 2.6.32.dfsg-5+lenny4
717 [squeeze] - libxml2 2.7.8.dfsg-2+squeeze1
718 [04 Jun 2011] DSA-2254-1 oprofile - command injection
719 {CVE-2011-1760}
720 [lenny] - oprofile 0.9.3-2+lenny1
721 [squeeze] - oprofile 0.9.6-1.1+squeeze1
722 [03 Jun 2011] DSA-2253-1 fontforge - buffer overflow
723 {CVE-2010-4259}
724 [lenny] - fontforge 0.0.20080429-1+lenny2
725 [02 Jun 2011] DSA-2252-1 dovecot - programming error
726 {CVE-2011-1929}
727 [squeeze] - dovecot 1:1.2.15-7
728 [02 Jun 2011] DSA-2251-1 subversion - several
729 {CVE-2011-1752 CVE-2011-1783 CVE-2011-1921}
730 [squeeze] - subversion 1.6.12dfsg-6
731 [lenny] - subversion 1.5.1dfsg1-7
732 [31 May 2011] DSA-2250-1 citadel - denial of service
733 {CVE-2011-1756}
734 [squeeze] - citadel 7.83-2squeeze2
735 [lenny] - citadel 7.37-8+lenny1
736 [31 May 2011] DSA-2249-1 jabberd14 - denial of service
737 {CVE-2011-1754}
738 [squeeze] - jabberd14 1.6.1.1-5+squeeze1
739 [31 May 2011] DSA-2248-1 ejabberd - denial of service
740 {CVE-2011-1753}
741 [squeeze] - ejabberd 2.1.5-3+squeeze1
742 [lenny] - ejabberd 2.0.1-6+lenny3
743 [31 May 2011] DSA-2247-1 rails - several vulnerabilities
744 {CVE-2011-0446 CVE-2011-0447}
745 [squeeze] - rails 2.3.5-1.2+squeeze0.1
746 [lenny] - rails 2.1.0-7+lenny0.1
747 [29 May 2011] DSA-2246-1 mahara - several vulnerabilities
748 {CVE-2011-1402 CVE-2011-1403 CVE-2011-1404 CVE-2011-1405 CVE-2011-1406 }
749 [lenny] - mahara 1.0.4-4+lenny10
750 [squeeze] - mahara 1.2.6-2+squeeze2
751 [29 May 2011] DSA-2245-1 chromium-browser - several vulnerabilities
752 {CVE-2011-1292 CVE-2011-1293 CVE-2011-1440 CVE-2011-1444 CVE-2011-1797 CVE-2011-1799 }
753 [squeeze] - chromium-browser 6.0.472.63~r59945-5+squeeze5
754 [27 May 2011] DSA-2244-1 bind9 - wrong boundary condition
755 {CVE-2011-1910}
756 [lenny] - bind9 1:9.6.ESV.R4+dfsg-0+lenny2
757 [squeeze] - bind9 1:9.7.3.dfsg-1~squeeze2
758 [27 May 2011] DSA-2243-1 unbound - design flaw
759 {CVE-2009-4008}
760 [lenny] - unbound 1.4.6-1~lenny1
761 [25 May 2011] DSA-2242-1 cyrus-imapd-2.2 - implementation error
762 {CVE-2011-1926 }
763 [lenny] - cyrus-imapd-2.2 2.2.13-14+lenny4
764 [squeeze] - cyrus-imapd-2.2 2.2.13-19+squeeze1
765 [24 May 2011] DSA-2241-1 qemu-kvm - implementation error
766 {CVE-2011-1751 }
767 [squeeze] - qemu-kvm 0.12.5+dfsg-5+squeeze2
768 [23 May 2011] DSA-2240-1 linux-2.6 - several issues
769 {CVE-2010-3875 CVE-2011-0695 CVE-2011-0711 CVE-2011-0726 CVE-2011-1016 CVE-2011-1017 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182 CVE-2011-1476 CVE-2011-1477 CVE-2011-1478 CVE-2011-1493 CVE-2011-1494 CVE-2011-1495 CVE-2011-1585 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1770 CVE-2011-1776 CVE-2011-2022 CVE-2011-4913}
770 [squeeze] - linux-2.6 2.6.32-34squeeze1
771 [24 May 2011] DSA-2239-1 libmojolicious-perl - several
772 {CVE-2010-4802 CVE-2010-4803 CVE-2011-1841 }
773 [squeeze] - libmojolicious-perl 0.999926-1+squeeze2
774 [19 May 2011] DSA-2238-1 vino - several
775 {CVE-2011-0904 CVE-2011-0905 }
776 [squeeze] - vino 2.28.2-2+squeeze1
777 [15 May 2011] DSA-2237-2 apr - denial of service
778 {CVE-2011-0419 CVE-2011-1928}
779 [lenny] - apr 1.2.12-5+lenny4
780 [squeeze] - apr 1.4.2-6+squeeze2
781 [12 May 2011] DSA-2236-1 exim4 - command injection
782 {CVE-2011-1407}
783 [squeeze] - exim4 4.72-6+squeeze2
784 [10 May 2011] DSA-2235-1 icedove - several
785 {CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 }
786 [squeeze] - icedove 3.0.11-1+squeeze2
787 [10 May 2011] DSA-2234-1 zodb - several
788 {CVE-2009-0668 CVE-2009-0669}
789 [lenny] - zodb 1:3.6.0-2+lenny3
790 [10 May 2011] DSA-2233-1 postfix - several
791 {CVE-2011-0411 CVE-2011-1720}
792 [lenny] - postfix 2.5.5-1.1+lenny1
793 [squeeze] - postfix 2.7.1-1+squeeze1
794 [06 May 2011] DSA-2232-1 exim4 - format string vulnerability
795 {CVE-2011-1764}
796 [squeeze] - exim4 4.72-6+squeeze1
797 [06 May 2011] DSA-2231-1 otrs2 - cross-site scripting
798 {CVE-2011-1518}
799 [squeeze] - otrs2 2.4.9+dfsg1-3+squeeze1
800 [01 May 2011] DSA-2230-1 qemu-kvm - several
801 {CVE-2011-0011 CVE-2011-1750 }
802 [squeeze] - qemu-kvm 0.12.5+dfsg-5+squeeze1
803 [01 May 2011] DSA-2229-1 spip - programming error
804 [squeeze] - spip 2.1.1-3squeeze1
805 [01 May 2011] DSA-2228-1 iceweasel - several
806 {CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 }
807 [squeeze] - iceweasel 3.5.16-7
808 [30 Apr 2011] DSA-2227-1 iceape - several
809 {CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 }
810 [squeeze] - iceape 2.0.11-5
811 [26 Apr 2011] DSA-2226-1 libmodplug - buffer overflow
812 {CVE-2011-1574 }
813 [lenny] - libmodplug 1:0.8.4-1+lenny2
814 [squeeze] - libmodplug 1:0.8.8.1-1+squeeze1
815 [24 Apr 2011] DSA-2225-1 asterisk - several
816 {CVE-2011-1147 CVE-2011-1174 CVE-2011-1175 CVE-2011-1507 CVE-2011-1599 }
817 [lenny] - asterisk 1:1.4.21.2~dfsg-3+lenny2.1
818 [squeeze] - asterisk 1:1.6.2.9-2+squeeze2
819 [20 Apr 2011] DSA-2224-1 openjdk-6 - several
820 {CVE-2010-4351 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472 CVE-2011-0025 CVE-2011-0706}
821 [lenny] - openjdk-6 6b18-1.8.7-2~lenny1
822 [squeeze] - openjdk-6 6b18-1.8.7-2~squeeze1
823 [20 Apr 2011] DSA-2223-1 doctrine - SQL injection
824 {CVE-2011-1522}
825 [squeeze] - doctrine 1.2.2-2+squeeze1
826 [20 Apr 2011] DSA-2222-1 tinyproxy - incorrect ACL processing
827 {CVE-2011-1499}
828 [squeeze] - tinyproxy 1.8.2-1squeeze1
829 [19 Apr 2011] DSA-2221-1 libmojolicious-perl - directory traversal
830 {CVE-2011-1589}
831 [squeeze] - libmojolicious-perl 0.999926-1+squeeze1
832 [19 Apr 2011] DSA-2220-1 request-tracker3.8 - several
833 {CVE-2011-1685 CVE-2011-1686 CVE-2011-1687 CVE-2011-1688 CVE-2011-1689 CVE-2011-1690 }
834 [lenny] - request-tracker3.6 3.6.7-5+lenny6
835 [squeeze] - request-tracker3.8 3.8.8-7+squeeze1
836 [18 Apr 2011] DSA-2219-1 xmlsec1 - file overwrite
837 {CVE-2011-1425}
838 [lenny] - xmlsec1 1.2.9-5+lenny1
839 [squeeze] - xmlsec1 1.2.14-1+squeeze1
840 [12 Apr 2011] DSA-2218-1 vlc - heap-based buffer overflow
841 {CVE-2011-1684}
842 [lenny] - vlc <not-affected> (Vulnerable code not present)
843 [squeeze] - vlc 1.1.3-1squeeze5
844 [10 Apr 2011] DSA-2217-1 dhcp3 - missing input sanitizing
845 {CVE-2011-0997}
846 [lenny] - dhcp3 3.1.1-6+lenny5
847 [10 Apr 2011] DSA-2216-1 isc-dhcp - missing input sanitizing
848 {CVE-2011-0997}
849 [squeeze] - isc-dhcp 4.1.1-P1-15+squeeze2
850 [09 Apr 2011] DSA-2215-1 gitolite - directory traversal
851 {CVE-2011-1572}
852 [squeeze] - gitolite 1.5.4-2+squeeze1
853 [08 Apr 2011] DSA-2214-1 ikiwiki - missing input validation
854 {CVE-2011-1401}
855 [lenny] - ikiwiki 2.53.6
856 [squeeze] - ikiwiki 3.20100815.7
857 [08 Apr 2011] DSA-2213-1 x11-xserver-utils - missing input sanitizing
858 {CVE-2011-0465}
859 [squeeze] - x11-xserver-utils 7.5+3
860 [lenny] - x11-xserver-utils 7.3+6
861 [07 Apr 2011] DSA-2212-1 tmux - privilege escalation
862 {CVE-2011-1496}
863 [squeeze] - tmux 1.3-2+squeeze1
864 [06 Apr 2011] DSA-2211-1 vlc - missing input sanitising
865 {CVE-2010-3275 CVE-2010-3276}
866 [squeeze] - vlc 1.1.3-1squeeze4
867 [lenny] - vlc 0.8.6.h-4+lenny3
868 [03 Apr 2011] DSA-2210-1 tiff - several
869 {CVE-2011-0191 CVE-2011-0192 CVE-2011-1167}
870 [squeeze] - tiff 3.9.4-5+squeeze1
871 [lenny] - tiff 3.8.2-11.4
872 [02 Apr 2011] DSA-2209-1 tgt - double free
873 {CVE-2011-0001}
874 [squeeze] - tgt 1:1.0.4-2squeeze1
875 [30 Mar 2011] DSA-2208-1 bind9 - denial of service
876 {CVE-2011-0414}
877 [squeeze] - bind9 1:9.7.3.dfsg-1~squeeze1
878 [30 Mar 2011] DSA-2207-1 tomcat5.5 - several
879 {CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2009-2693 CVE-2009-2902 CVE-2010-1157 CVE-2010-2227}
880 [lenny] - tomcat5.5 5.5.26-5lenny2
881 [29 Mar 2011] DSA-2206-1 mahara - several
882 {CVE-2011-0439 CVE-2011-0440}
883 [squeeze] - mahara 1.2.6-2+squeeze1
884 [lenny] - mahara 1.0.4-4+lenny8
885 [28 Mar 2011] DSA-2205-1 gdm3 - privilege escalation
886 {CVE-2011-0727 }
887 [squeeze] - gdm3 2.30.5-6squeeze2
888 [27 Mar 2011] DSA-2204-1 imp4 - Insufficient input sanitising
889 {CVE-2010-3695}
890 [lenny] - imp4 4.2-4lenny3
891 [23 Mar 2011] DSA-2202-1 apache2 - failure to drop root privileges
892 {CVE-2011-1176}
893 [squeeze] - apache2 2.2.16-6+squeeze1
894 [23 Mar 2011] DSA-2201-1 wireshark - several
895 {CVE-2011-0538 CVE-2011-0713 CVE-2011-1139 CVE-2011-1140 CVE-2011-1141}
896 [lenny] - wireshark 1.0.2-3+lenny13
897 [squeeze] - wireshark 1.2.11-6+squeeze1
898 [22 Mar 2011] DSA-2198-1 tex-common - insufficient input sanitizing
899 {CVE-2011-1400}
900 [lenny] - tex-common <not-affected> (shell_escape disabled)
901 [squeeze] - tex-common 2.08.1
902 [21 Mar 2011] DSA-2197-1 quagga - denial of service
903 {CVE-2010-1674 CVE-2010-1675}
904 [lenny] - quagga 0.99.10-1lenny5
905 [squeeze] - quagga 0.99.17-2+squeeze2
906 [19 Mar 2011] DSA-2196-1 maradns - buffer overflow
907 {CVE-2011-0520}
908 [lenny] - maradns 1.3.07.09-2.1
909 [19 Mar 2011] DSA-2195-1 php5 - several
910 {CVE-2011-0441 CVE-2010-3709 CVE-2010-3710 CVE-2010-3870 CVE-2010-4150 CVE-2010-1128}
911 [lenny] - php5 5.2.6.dfsg.1-1+lenny10
912 [squeeze] - php5 5.3.3-7+squeeze1
913 [18 Mar 2011] DSA-2194-1 libvirt - privilege escalation
914 {CVE-2011-1146}
915 [squeeze] - libvirt 0.8.3-5+squeeze1
916 [16 Mar 2011] DSA-2193-1 libcgroup - several
917 {CVE-2011-1006 CVE-2011-1022}
918 [squeeze] - libcgroup 0.36.2-3+squeeze1
919 [15 Mar 2011] DSA-2192-1 chromium-browser - several
920 {CVE-2011-0779 CVE-2011-1290}
921 [squeeze] - chromium-browser 6.0.472.63~r59945-5+squeeze4
922 [14 Mar 2011] DSA-2191-1 proftpd-dfsg - several
923 {CVE-2008-7265 CVE-2010-3867 CVE-2010-4652}
924 [lenny] - proftpd-dfsg 1.3.1-17lenny6
925 [11 Mar 2011] DSA-2190-1 wordpress - several
926 {CVE-2011-0700 CVE-2011-0701}
927 [squeeze] - wordpress 3.0.5+dfsg-0+squeeze1
928 [10 Mar 2011] DSA-2189-1 chromium-browser - several
929 {CVE-2011-1108 CVE-2011-1109 CVE-2011-1113 CVE-2011-1114 CVE-2011-1115 CVE-2011-1121 CVE-2011-1122 CVE-2011-1188 CVE-2011-1189 CVE-2011-1190 CVE-2011-1197 CVE-2011-1203}
930 [squeeze] - chromium-browser 6.0.472.63~r59945-5+squeeze3
931 [10 Mar 2011] DSA-2188-1 webkit - several
932 {CVE-2010-1783 CVE-2010-2901 CVE-2010-4199 CVE-2010-4040 CVE-2010-4492 CVE-2010-4493 CVE-2010-4577 CVE-2010-4578 CVE-2010-0474 CVE-2011-0482 CVE-2011-0778}
933 [squeeze] - webkit 1.2.7-0+squeeze1
934 [09 Mar 2011] DSA-2187-1 icedove - several
935 {CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059}
936 [squeeze] - icedove 3.0.11-1+squeeze1
937 [09 Mar 2011] DSA-2186-1 iceweasel - several
938 {CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059}
939 [squeeze] - iceweasel 3.5.16-5
940 [07 Mar 2011] DSA-2185-1 proftpd-dfsg - integer overflow
941 {CVE-2011-1137}
942 [squeeze] - proftpd-dfsg 1.3.3a-6squeeze1
943 [05 Mar 2011] DSA-2184-1 isc-dhcp - denial of service
944 {CVE-2011-0413}
945 [squeeze] - isc-dhcp 4.1.1-P1-15+squeeze1
946 [04 Mar 2011] DSA-2183-1 nbd - arbitrary code execution
947 {CVE-2011-0530}
948 [lenny] - nbd 1:2.9.11-3lenny1
949 [04 Mar 2011] DSA-2182-1 logwatch - remote code execution
950 {CVE-2011-1018}
951 [lenny] - logwatch 7.3.6.cvs20080702-2lenny1
952 [squeeze] - logwatch 7.3.6.cvs20090906-1squeeze1
953 [04 Mar 2011] DSA-2181-1 subversion - denial of service
954 {CVE-2011-0715}
955 [lenny] - subversion 1.5.1dfsg1-6
956 [squeeze] - subversion 1.6.12dfsg-5
957 [03 Mar 2011] DSA-2180-1 iceape - several
958 {CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059}
959 [squeeze] - iceape 2.0.11-3
960 [02 Mar 2011] DSA-2179-1 dtc - SQL injection
961 {CVE-2011-0434 CVE-2011-0435 CVE-2011-0436 CVE-2011-0437}
962 [lenny] - dtc 0.29.17-1+lenny1
963 [02 Mar 2011] DSA-2178-1 pango1.0 - NULL pointer dereference
964 {CVE-2011-0064}
965 [squeeze] - pango1.0 1.28.3-1+squeeze2
966 [02 Mar 2011] DSA-2177-1 pywebdav - SQL injection
967 {CVE-2011-0432}
968 [squeeze] - pywebdav 0.9.4-1+squeeze1
969 [02 Mar 2011] DSA-2176-1 cups - several
970 {CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941}
971 [lenny] - cups 1.3.8-1+lenny9
972 [28 Feb 2011] DSA-2175-1 samba - missing input sanisiting
973 {CVE-2011-0719}
974 [lenny] - samba 2:3.2.5-4lenny14
975 [squeeze] - samba 2:3.5.6~dfsg-3squeeze2
976 [26 Feb 2011] DSA-2174-1 avahi - denial of service
977 {CVE-2011-1002}
978 [lenny] - avahi 0.6.23-3lenny3
979 [squeeze] - avahi 0.6.27-2+squeeze1
980 [26 Feb 2011] DSA-2173-1 pam-pgsql - buffer overflow
981 [lenny] - pam-pgsql 0.6.3-2+lenny1
982 [squeeze] - pam-pgsql 0.7.1-4+squeeze1
983 [22 Feb 2011] DSA-2172-1 moodle - several
984 {CVE-2010-2795 CVE-2010-2796 CVE-2010-3690 CVE-2010-3691 CVE-2010-3692}
985 [lenny] - moodle 1.8.13-3
986 [21 Feb 2011] DSA-2171-1 asterisk - buffer overflow
987 {CVE-2011-0495}
988 [squeeze] - asterisk 1:1.6.2.9-2+squeeze1
989 [lenny] - asterisk 1:1.4.21.2~dfsg-3+lenny2
990 [18 Feb 2011] DSA-2170-1 mailman - several vulnerabilities
991 {CVE-2010-3089 CVE-2011-0707}
992 [lenny] - mailman 1:2.1.11-11+lenny2
993 [squeeze] - mailman 1:2.1.13-5
994 [16 Feb 2011] DSA-2169-1 telepathy-gabble - missing input validation
995 {CVE-2011-1000}
996 [squeeze] - telepathy-gabble 0.9.15-1+squeeze1
997 [lenny] - telepathy-gabble 0.7.6-1+lenny1
998 [16 Feb 2011] DSA-2168-1 openafs - several
999 {CVE-2011-0430 CVE-2011-0431}
1000 [squeeze] - openafs 1.4.12.1+dfsg-4
1001 [lenny] - openafs 1.4.7.dfsg1-6+lenny4
1002 [16 Feb 2011] DSA-2167-1 phpmyadmin - sql injection
1003 {CVE-2011-0987}
1004 [squeeze] - phpmyadmin 4:3.3.7-5
1005 [lenny] - phpmyadmin 4:2.11.8.1-5+lenny8
1006 [16 Feb 2011] DSA-2166-1 chromium-browser - several
1007 {CVE-2011-0777 CVE-2011-0778 CVE-2011-0783 CVE-2011-0983 CVE-2011-0981 CVE-2011-0984 CVE-2011-0985}
1008 [squeeze] - chromium-browser 6.0.472.63~r59945-5+squeeze2
1009 [16 Feb 2011] DSA-2165-1 ffmpeg-debian - buffer overflow
1010 {CVE-2010-3429 CVE-2010-4704 CVE-2010-4705}
1011 [lenny] - ffmpeg-debian 0.svn20080206-18+lenny3
1012 [16 Feb 2011] DSA-2164-1 shadow - missing input sanitization
1013 {CVE-2011-0721}
1014 [squeeze] - shadow 1:4.1.4.2+svn3283-2+squeeze1
1015 [14 Feb 2011] DSA-2161-2 openjdk-6 - several
1016 {CVE-2010-4476}
1017 [lenny] - openjdk-6 6b18-1.8.3-2~lenny1
1018 [14 Feb 2011] DSA-2163-1 python-django - multiple
1019 {CVE-2011-0696 CVE-2011-0697}
1020 [squeeze] - python-django 1.2.3-3+squeeze1
1021 [14 Feb 2011] DSA-2162-1 openssl - invalid memory access
1022 {CVE-2011-0014}
1023 [squeeze] - openssl 0.9.8o-4squeeze1
1024 [13 Feb 2011] DSA-2161-1 openjdk-6 - denial of service
1025 {CVE-2010-4476}
1026 [squeeze] - openjdk-6 6b18-1.8.3-2+squeeze1
1027 [13 Feb 2011] DSA-2160-1 tomcat6 - several
1028 {CVE-2010-3718 CVE-2011-0013 CVE-2011-0534}
1029 [squeeze] - tomcat6 6.0.28-9+squeeze1
1030 [10 Feb 2011] DSA-2159-1 vlc - missing input sanitising
1031 {CVE-2011-0531}
1032 [squeeze] - vlc 1.1.3-1squeeze3
1033 [09 Feb 2011] DSA-2158-1 cgiirc - cross-site-scripting
1034 {CVE-2011-0050}
1035 [lenny] - cgiirc 0.5.9-3lenny3
1036 [squeeze] - cgiirc 0.5.9-3squeeze1
1037 [03 Feb 2011] DSA-2157-1 postgresql-8.3 - buffer overflow
1038 {CVE-2010-4015}
1039 [lenny] - postgresql-8.3 8.3.14-0lenny1
1040 [squeeze] - postgresql-8.4 8.4.7-0squeeze2
1041 [31 Jan 2011] DSA-2156-1 pcsc-lite - buffer overflow
1042 {CVE-2010-4531}
1043 [lenny] - pcsc-lite 1.4.102-1+lenny4
1044 [30 Jan 2011] DSA-2155-1 freetype - several
1045 {CVE-2010-3814 CVE-2010-3855}
1046 [lenny] - freetype 2.3.7-2+lenny5
1047 [30 Jan 2011] DSA-2154-1 exim4 - privilege escalation
1048 {CVE-2010-4345 CVE-2011-0017}
1049 [lenny] - exim4 4.69-9+lenny3
1050 [30 Jan 2011] DSA-2153-1 linux-2.6 - several issues
1051 {CVE-2010-0435 CVE-2010-3699 CVE-2010-4158 CVE-2010-4162 CVE-2010-4163 CVE-2010-4242 CVE-2010-4243 CVE-2010-4248 CVE-2010-4249 CVE-2010-4258 CVE-2010-4342 CVE-2010-4346 CVE-2010-4526 CVE-2010-4527 CVE-2010-4529 CVE-2010-4565 CVE-2010-4649 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521}
1052 [lenny] - linux-2.6 2.6.26-26lenny2
1053 [lenny] - user-mode-linux 2.6.26-1um-2+26lenny2
1054 [27 Jan 2011] DSA-2152-1 hplip - buffer overflow
1055 {CVE-2010-4267}
1056 [lenny] - hplip 2.8.6.b-4+lenny1
1057 [26 Jan 2011] DSA-2151-1 openoffice.org - several vulnerabilities
1058 {CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453 CVE-2010-3454 CVE-2010-3689 CVE-2010-4253 CVE-2010-4643}
1059 [lenny] - openoffice.org 1:2.4.1+dfsg-1+lenny11
1060 [22 Jan 2011] DSA-2150-1 request-tracker3.6 - salt password hashing
1061 {CVE-2011-0009}
1062 [lenny] - request-tracker3.6 3.6.7-5+lenny5
1063 [20 Jan 2011] DSA-2149-1 dbus - denial of service
1064 {CVE-2010-4352}
1065 [lenny] - dbus 1.2.1-5+lenny2
1066 [17 Jan 2011] DSA-2148-1 tor - several
1067 {CVE-2011-0015 CVE-2011-0016 CVE-2011-0427 CVE-2011-0490 CVE-2011-0491 CVE-2011-0492 CVE-2011-0493}
1068 [lenny] - tor 0.2.1.29-1~lenny+1
1069 [16 Jan 2011] DSA-2147-1 pimd - insecure temporary files
1070 {CVE-2011-0007}
1071 [lenny] - pimd 2.1.0-alpha29.17-8.1lenny1
1072 [16 Jan 2011] DSA-2146-1 mydms - directory traversal
1073 {CVE-2010-2006}
1074 [lenny] - mydms 1.7.0-1+lenny1
1075 [16 Jan 2011] DSA-2145-1 libsmi - buffer overflow
1076 {CVE-2010-2891}
1077 [lenny] - libsmi 0.4.7+dfsg-0.2
1078 [15 Jan 2011] DSA-2144-1 wireshark - buffer overflow
1079 {CVE-2010-4538}
1080 [lenny] - wireshark 1.0.2-3+lenny12
1081 [14 Jan 2011] DSA-2143-1 mysql-dfsg-5.0 - several vulnerabilities
1082 {CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3840}
1083 [lenny] - mysql-dfsg-5.0 5.0.51a-24+lenny5
1084 [11 Jan 2011] DSA-2122-2 glibc - privilege escalation
1085 {CVE-2010-3847 CVE-2010-3856}
1086 [lenny] - glibc 2.7-18lenny7
1087 [06 Jan 2011] DSA-2142-1 dpkg - directory traversal
1088 {CVE-2010-1679 CVE-2011-0402}
1089 [lenny] - dpkg 1.14.31
1090 [06 Jan 2011] DSA-2141-2 nss - protocol design flaw
1091 {CVE-2009-3555}
1092 [lenny] - nss 3.12.3.1-0lenny3
1093 [06 Jan 2011] DSA-2141-1 openssl - protocol design flaw
1094 {CVE-2009-3555 CVE-2010-4180}
1095 [lenny] - openssl 0.9.8g-15+lenny11
1096 [05 Jan 2011] DSA-2140-1 libapache2-mod-fcgid - stack overflow
1097 {CVE-2010-3872}
1098 [lenny] - libapache2-mod-fcgid 1:2.2-1+lenny1
1099 [31 Dec 2010] DSA-2139-1 phpmyadmin - several
1100 {CVE-2010-4329 CVE-2010-4480 CVE-2010-4481}
1101 [lenny] - phpmyadmin 4:2.11.8.1-5+lenny7
1102 [29 Dec 2010] DSA-2138-1 wordpress - SQL injection
1103 {CVE-2010-4257}
1104 [lenny] - wordpress 2.5.1-11+lenny4
1105 [26 Dec 2010] DSA-2137-1 libxml2 - several vulnerabilities
1106 {CVE-2010-4494}
1107 [lenny] - libxml2 2.6.32.dfsg-5+lenny3
1108 [21 Dec 2010] DSA-2136-1 tor - potential code execution
1109 {CVE-2010-1676}
1110 [lenny] - tor 0.2.1.26-1~lenny+4
1111 [21 Dec 2010] DSA-2135-1 xpdf - several vulnerabilities
1112 {CVE-2010-3702 CVE-2010-3704}
1113 [lenny] - xpdf 3.02-1.4+lenny3
1114 [18 Dec 2010] DSA-2134-1 upcoming changes in advisory format
1115 NOTE: Announcement that md5sums will be dropped from future Debian Security Advisories
1116 [13 Dec 2010] DSA-2133-1 collectd - denial of service
1117 {CVE-2010-4336}
1118 [lenny] - collectd 4.4.2-3+lenny1
1119 [11 Dec 2010] DSA-2132-1 xulrunner - several vulnerabilities
1120 {CVE-2010-3767 CVE-2010-3769 CVE-2010-3770 CVE-2010-3771 CVE-2010-3772 CVE-2010-3773 CVE-2010-3775 CVE-2010-3776 CVE-2010-3778}
1121 [lenny] - xulrunner 1.9.0.19-7
1122 [10 Dec 2010] DSA-2130-1 bind9 - denial of service
1123 {CVE-2010-3613 CVE-2010-3614 CVE-2010-3762}
1124 [lenny] - bind9 1:9.6.ESV.R3+dfsg-0+lenny1
1125 [10 Dec 2010] DSA-2131-1 exim4 - remote code execution
1126 {CVE-2010-4344}
1127 [lenny] - exim4 4.69-9+lenny1
1128 [01 Dec 2010] DSA-2129-1 krb5 - checksum verification weakness
1129 {CVE-2010-1323}
1130 [lenny] - krb5 1.6.dfsg.4~beta1-5lenny6
1131 [01 Dec 2010] DSA-2128-1 libxml2 - potential code execution
1132 {CVE-2010-4008}
1133 [lenny] - libxml2 2.6.32.dfsg-5+lenny2
1134 [28 Nov 2010] DSA-2127-1 wireshark - denial of service
1135 {CVE-2010-3445}
1136 [lenny] - wireshark 1.0.2-3+lenny11
1137 [26 Nov 2010] DSA-2126-1 linux-2.6 - several issues
1138 {CVE-2010-2963 CVE-2010-3067 CVE-2010-3296 CVE-2010-3297 CVE-2010-3310 CVE-2010-3432 CVE-2010-3437 CVE-2010-3442 CVE-2010-3448 CVE-2010-3477 CVE-2010-3705 CVE-2010-3848 CVE-2010-3849 CVE-2010-3850 CVE-2010-3858 CVE-2010-3859 CVE-2010-3873 CVE-2010-3874 CVE-2010-3875 CVE-2010-3876 CVE-2010-3877 CVE-2010-3880 CVE-2010-4072 CVE-2010-4073 CVE-2010-4074 CVE-2010-4078 CVE-2010-4079 CVE-2010-4080 CVE-2010-4081 CVE-2010-4083 CVE-2010-4157 CVE-2010-4160 CVE-2010-4164}
1139 [lenny] - linux-2.6 2.6.26-26lenny1
1140 [22 Nov 2010] DSA-2125-1 openssl - buffer overflow
1141 {CVE-2010-3864}
1142 [lenny] - openssl 0.9.8g-15+lenny9
1143 [01 Nov 2010] DSA-2124-1 xulrunner - several vulnerabilities
1144 {CVE-2010-0654 CVE-2010-2769 CVE-2010-3174 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3183 CVE-2010-3765}
1145 [lenny] - xulrunner 1.9.0.19-6
1146 [01 Nov 2010] DSA-2123-1 nss - cryptographic weaknesses
1147 {CVE-2010-3170 CVE-2010-3173}
1148 [lenny] - nss 3.12.3.1-0lenny2
1149 [22 Oct 2010] DSA-2122-1 glibc - local privilege escalation
1150 {CVE-2010-3847 CVE-2010-3856}
1151 [lenny] - glibc 2.7-18lenny6
1152 [19 Oct 2010] DSA-2121-1 typo3-src - several vulnerabilities
1153 {CVE-2010-3714 CVE-2010-3715 CVE-2010-3716 CVE-2010-3717 CVE-2010-4068}
1154 [lenny] - typo3-src 4.2.5-1+lenny6
1155 [12 Oct 2010] DSA-2120-1 postgresql-8.3 - privilege escalation
1156 {CVE-2010-3433}
1157 [lenny] - postgresql-8.3 8.3.12-0lenny1
1158 [12 Oct 2010] DSA-2119-1 poppler - several vulnerabilities
1159 {CVE-2010-3702 CVE-2010-3704}
1160 [lenny] - poppler 0.8.7-4
1161 [08 Oct 2010] DSA-2118-1 subversion - authentication bypass
1162 {CVE-2010-3315}
1163 [lenny] - subversion 1.5.1dfsg1-5
1164 [04 Oct 2010] DSA-2117-1 apr-util - denial of service
1165 {CVE-2010-1623}
1166 [lenny] - apr-util 1.2.12+dfsg-8+lenny5
1167 [04 Oct 2010] DSA-2116-1 freetype - integer overflow
1168 {CVE-2010-3311}
1169 [lenny] - freetype 2.3.7-2+lenny4
1170 [29 Sep 2010] DSA-2115-1 moodle - several vulnerabilities
1171 {CVE-2009-4300 CVE-2009-4304 CVE-2010-1613 CVE-2010-1614 CVE-2010-1615 CVE-2010-1616 CVE-2010-1617 CVE-2010-1618 CVE-2010-1619 CVE-2010-2228 CVE-2010-2229 CVE-2010-2230 CVE-2010-2231}
1172 [lenny] - moodle 1.8.13-1
1173 [26 Sep 2010] DSA-2114-1 git-core
1174 {CVE-2010-2542}
1175 [lenny] - git-core 1:1.5.6.5-3+lenny3.1
1176 [20 Sep 2010] DSA-2113-1 drupal6 - several vulnerabilities
1177 {CVE-2010-3091 CVE-2010-3092 CVE-2010-3093 CVE-2010-3094 CVE-2010-3685 CVE-2010-3686}
1178 [lenny] - drupal6 6.6-3lenny6
1179 [20 Sep 2010] DSA-2112-1 bzip2 - integer overflow
1180 {CVE-2010-0405}
1181 [lenny] - bzip2 1.0.5-1+lenny1
1182 [19 Sep 2010] DSA-2111-1 squid3 - denial of service
1183 {CVE-2010-3072}
1184 [lenny] - squid3 3.0.STABLE8-3+lenny4
1185 [17 Sep 2010] DSA-2110-1 linux-2.6 - several issues
1186 {CVE-2010-2492 CVE-2010-2954 CVE-2010-3078 CVE-2010-3080 CVE-2010-3081}
1187 [lenny] - linux-2.6 2.6.26-25lenny1
1188 [16 Sep 2010] DSA-2109-1 samba - buffer overflow
1189 {CVE-2010-3069}
1190 [lenny] - samba 2:3.2.5-4lenny13
1191 [14 Sep 2010] DSA-2108-1 cvsnt - arbitrary code execution
1192 {CVE-2010-1326}
1193 [lenny] - cvsnt 2.5.03.2382-3.3+lenny1
1194 [11 Sep 2010] DSA-2097-2 phpmyadmin - several vulnerabilities
1195 {CVE-2010-3055 CVE-2010-3056}
1196 [lenny] - phpmyadmin 4:2.11.8.1-5+lenny6
1197 [09 Sep 2010] DSA-2107-1 couchdb - arbitrary code execution
1198 {CVE-2010-2953}
1199 [lenny] - couchdb 0.8.0-2+lenny1
1200 [08 Sep 2010] DSA-2106-1 xulrunner - several vulnerabilities
1201 {CVE-2010-2760 CVE-2010-2763 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169}
1202 [lenny] - xulrunner 1.9.0.19-4
1203 [07 Sep 2010] DSA-2105-1 freetype - several vulnerabilities
1204 {CVE-2010-1797 CVE-2010-2541 CVE-2010-2805 CVE-2010-2806 CVE-2010-2807 CVE-2010-2808 CVE-2010-3053}
1205 [lenny] - freetype 2.3.7-2+lenny3
1206 [06 Sep 2010] DSA-2104-1 quagga - denial of service
1207 {CVE-2010-2948 CVE-2010-2949}
1208 [lenny] - quagga 0.99.10-1lenny3
1209 [05 Sep 2010] DSA-2103-1 smbind - sql injection
1210 {CVE-2010-3076}
1211 [lenny] - smbind 0.4.7-3+lenny1
1212 [03 Sep 2010] DSA-2102-1 barnowl - arbitrary code execution
1213 {CVE-2010-2725}
1214 [lenny] - barnowl 1.0.1-4+lenny2
1215 [31 Aug 2010] DSA-2101-1 wireshark - several vulnerabilities
1216 {CVE-2010-2994 CVE-2010-2995}
1217 [lenny] - wireshark 1.0.2-3+lenny10
1218 [30 Aug 2010] DSA-2100-1 openssl - double free
1219 {CVE-2010-2939}
1220 [lenny] - openssl 0.9.8g-15+lenny8
1221 [30 Aug 2010] DSA-2099-1 openoffice.org - several vulnerabilities
1222 {CVE-2010-2935 CVE-2010-2936}
1223 [lenny] - openoffice.org 1:2.4.1+dfsg-1+lenny8
1224 [29 Aug 2010] DSA-2098-1 typo3-src - several vulnerabilities
1225 {CVE-2010-3659 CVE-2010-3660 CVE-2010-3661 CVE-2010-3662 CVE-2010-3663 CVE-2010-3664 CVE-2010-3665 CVE-2010-3666 CVE-2010-3667 CVE-2010-3668 CVE-2010-3669 CVE-2010-3670 CVE-2010-3671 CVE-2010-3672 CVE-2010-3673 CVE-2010-3674}
1226 [lenny] - typo3-src 4.2.5-1+lenny4
1227 [29 Aug 2010] DSA-2097-1 phpmyadmin - several vulnerabilities
1228 {CVE-2010-3055 CVE-2010-3056}
1229 [lenny] - phpmyadmin 4:2.11.8.1-5+lenny5
1230 [24 Aug 2010] DSA-2096-1 zope-ldapuserfolder - authentication
1231 {CVE-2010-2944}
1232 [lenny] - zope-ldapuserfolder 2.9-1+lenny1
1233 [23 Aug 2010] DSA-2095-1 lvm2 - denial of service
1234 {CVE-2010-2526}
1235 [lenny] - lvm2 2.02.39-8
1236 [19 Aug 2010] DSA-2094-1 linux-2.6 - several issues
1237 {CVE-2009-4895 CVE-2010-2226 CVE-2010-2240 CVE-2010-2248 CVE-2010-2521 CVE-2010-2798 CVE-2010-2803 CVE-2010-2959 CVE-2010-3015}
1238 [lenny] - linux-2.6 2.6.26-24lenny1
1239 [19 Aug 2010] DSA-2093-1 ghostscript - several vulnerabilities
1240 {CVE-2009-4897 CVE-2010-1628}
1241 [lenny] - ghostscript 8.62.dfsg.1-3.2lenny5
1242 [17 Aug 2010] DSA-2092-1 lxr-cvs - cross-site scripting
1243 {CVE-2009-4497 CVE-2010-1448 CVE-2010-1625}
1244 [lenny] - lxr-cvs 0.9.5+cvs20071020-1+lenny1
1245 [12 Aug 2010] DSA-2091-1 squirrelmail - cross-site request forgery
1246 {CVE-2009-2964 CVE-2010-2813}
1247 [lenny] - squirrelmail 2:1.4.15-4+lenny3.1
1248 [06 Aug 2010] DSA-2090-1 socat - arbitrary code execution
1249 {CVE-2010-2799}
1250 [lenny] - socat 1.6.0.1-1+lenny1
1251 [06 Aug 2010] DSA-2089-1 php5 - several vulnerabilities
1252 {CVE-2010-1917 CVE-2010-2225 CVE-2010-3065}
1253 [lenny] - php5 5.2.6.dfsg.1-1+lenny9
1254 [05 Aug 2010] DSA-2088-1 wget - potential code execution
1255 {CVE-2010-2252}
1256 [lenny] - wget 1.11.4-2+lenny2
1257 [04 Aug 2010] DSA-2087-1 cabextract - arbitrary code execution
1258 {CVE-2010-2801}
1259 [lenny] - cabextract 1.2-3+lenny1
1260 [04 Aug 2010] DSA-2086-1 avahi - denial of service
1261 {CVE-2009-0758 CVE-2010-2244}
1262 [lenny] - avahi 0.6.23-3lenny2
1263 [03 Aug 2010] DSA-2085-1 lftp - file overwrite vulnerability
1264 {CVE-2010-2251}
1265 [lenny] - lftp 3.7.3-1+lenny1
1266 [03 Aug 2010] DSA-2084-1 tiff - arbitrary code execution
1267 {CVE-2010-1411}
1268 [lenny] - tiff 3.8.2-11.3
1269 [02 Aug 2010] DSA-2083-1 moin - cross-site scripting
1270 {CVE-2010-2487}
1271 [lenny] - moin 1.7.1-3+lenny5
1272 [02 Aug 2010] DSA-2082-1 gmime2.2 - arbitrary code execution
1273 {CVE-2010-0409}
1274 [lenny] - gmime2.2 2.2.22-2+lenny2
1275 [01 Aug 2010] DSA-2081-1 libmikmod - arbitrary code execution
1276 {CVE-2009-3995 CVE-2010-2546 CVE-2010-2971}
1277 [lenny] - libmikmod 3.1.11-6.0.1+lenny1
1278 [01 Aug 2010] DSA-2080-1 ghostscript - several vulnerabilities
1279 {CVE-2007-6725 CVE-2008-3522 CVE-2008-6679 CVE-2009-0196 CVE-2009-0792 CVE-2009-4270 CVE-2010-1869}
1280 [lenny] - ghostscript 8.62.dfsg.1-3.2lenny4
1281 [31 Jul 2010] DSA-2079-1 mapserver - arbitrary code execution
1282 {CVE-2010-2539 CVE-2010-2540}
1283 [lenny] - mapserver 5.0.3-3+lenny5
1284 [31 Jul 2010] DSA-2078-1 kvirc - arbitrary IRC command execution
1285 {CVE-2010-2785}
1286 [lenny] - kvirc 2:3.4.0-6
1287 [29 Jul 2010] DSA-2077-1 openldap - potential code execution
1288 {CVE-2010-0211 CVE-2010-0212}
1289 [lenny] - openldap 2.4.11-1+lenny2
1290 [28 Jul 2010] DSA-2076-1 gnupg2 - execution of arbitrary code
1291 {CVE-2010-2547}
1292 [lenny] - gnupg2 2.0.9-3.1+lenny1
1293 [27 Jul 2010] DSA-2075-1 xulrunner - several vulnerabilities
1294 {CVE-2010-0182 CVE-2010-0654 CVE-2010-1205 CVE-2010-1208 CVE-2010-1211 CVE-2010-1214 CVE-2010-2751 CVE-2010-2753 CVE-2010-2754}
1295 [lenny] - xulrunner 1.9.0.19-3
1296 [21 Jul 2010] DSA-2074-1 ncompress - execution of arbitrary code
1297 {CVE-2010-0001}
1298 [lenny] - ncompress 4.2.4.2-1+lenny1
1299 [20 Jul 2010] DSA-2073-1 mlmmj - directory traversal
1300 {CVE-2009-4896}
1301 [lenny] - mlmmj 1.2.15-1.1+lenny1
1302 [19 Jul 2010] DSA-2072-1 libpng - several vulnerabilities
1303 {CVE-2010-1205 CVE-2010-2249}
1304 [lenny] - libpng 1.2.27-2+lenny4
1305 [14 Jul 2010] DSA-2071-1 libmikmod - several vulnerabilities
1306 {CVE-2009-3995 CVE-2009-3996}
1307 [lenny] - libmikmod 3.1.11-6+lenny1
1308 [14 Jul 2010] DSA-2070-1 freetype - several vulnerabilities
1309 {CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527}
1310 [lenny] - freetype 2.3.7-2+lenny2
1311 [11 Jul 2010] DSA-2069-1 znc - denial of service
1312 {CVE-2010-2488}
1313 [lenny] - znc 0.058-2+lenny4
1314 [11 Jul 2010] DSA-2068-1 python-cjson - denial of service
1315 {CVE-2010-1666}
1316 [lenny] - python-cjson 1.0.5-1+lenny1
1317 [02 Jul 2010] DSA-2067-1 mahara - several vulnerabilities
1318 {CVE-2010-1667 CVE-2010-1668 CVE-2010-1670 CVE-2010-2479}
1319 [lenny] - mahara 1.0.4-4+lenny6
1320 [01 Jul 2010] DSA-2066-1 wireshark - several vulnerabilities
1321 {CVE-2010-2283 CVE-2010-2284 CVE-2010-2285 CVE-2010-2286 CVE-2010-2287}
1322 [lenny] - wireshark 1.0.2-3+lenny9
1323 [27 Jun 2010] DSA-2065-1 kvirc - several vulnerabilities
1324 {CVE-2010-2451 CVE-2010-2452}
1325 [lenny] - kvirc 2:3.4.0-5
1326 [27 Jun 2010] DSA-2064-1 xulrunner - several vulnerabilities
1327 {CVE-2010-0183 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202}
1328 [lenny] - xulrunner 1.9.0.19-2
1329 [17 Jun 2010] DSA-2063-1 pmount - denial of service
1330 {CVE-2010-2192}
1331 [lenny] - pmount 0.9.18-2+lenny1
1332 [17 Jun 2010] DSA-2062-1 sudo - environment sanitization bypass
1333 {CVE-2010-1646}
1334 [lenny] - sudo 1.6.9p17-3
1335 [16 Jun 2010] DSA-2061-1 samba - arbitrary code execution
1336 {CVE-2010-2063}
1337 [lenny] - samba 2:3.2.5-4lenny12
1338 [13 Jun 2010] DSA-2060-1 cacti - SQL injection
1339 {CVE-2010-2092}
1340 [lenny] - cacti 0.8.7b-2.1+lenny3
1341 [10 Jun 2010] DSA-2059-1 pcsc-lite - privilege escalation
1342 {CVE-2010-0407}
1343 [lenny] - pcsc-lite 1.4.102-1+lenny1
1344 [10 Jun 2010] DSA-2058-1 glibc - several vulnerabilities
1345 {CVE-2008-1391 CVE-2009-4880 CVE-2009-4881 CVE-2010-0296 CVE-2010-0830}
1346 [lenny] - glibc 2.7-18lenny4
1347 [07 Jun 2010] DSA-2057-1 mysql-dfsg-5.0 - several
1348 {CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850}
1349 [lenny] - mysql-dfsg-5.0 5.0.51a-24+lenny4
1350 [06 Jun 2010] DSA-2056-1 zonecheck - cross-site scripting
1351 {CVE-2009-4882 CVE-2010-2155}
1352 [lenny] - zonecheck 2.0.4-13lenny1
1353 [05 Jun 2010] DSA-2055-1 openoffice.org - arbitrary code execution
1354 {CVE-2010-0395}
1355 [lenny] - openoffice.org 1:2.4.1+dfsg-1+lenny7
1356 [04 Jun 2010] DSA-2054-1 bind9 - cache poisoning
1357 {CVE-2010-0097 CVE-2010-0290 CVE-2010-0382}
1358 [lenny] - bind9 1:9.6.ESV.R1+dfsg-0+lenny1
1359 [25 May 2010] DSA-2053-1 linux-2.6 - several issues
1360 {CVE-2009-4537 CVE-2010-0727 CVE-2010-1083 CVE-2010-1084 CVE-2010-1086 CVE-2010-1087 CVE-2010-1088 CVE-2010-1162 CVE-2010-1173 CVE-2010-1187 CVE-2010-1437 CVE-2010-1446 CVE-2010-1451}
1361 [lenny] - linux-2.6 2.6.26-22lenny1
1362 [24 May 2010] DSA-2052-1 krb5 - denial of service
1363 {CVE-2010-1321}
1364 [lenny] - krb5 1.6.dfsg.4~beta1-5lenny4
1365 [24 May 2010] DSA-2051-1 postgresql-8.3 - several
1366 {CVE-2010-0442 CVE-2010-1169 CVE-2010-1170 CVE-2010-1975 CVE-2010-1447}
1367 [lenny] - postgresql-8.3 8.3.11-0lenny1
1368 [24 May 2010] DSA-2050-1 kdegraphics - several vulnerabilities
1369 {CVE-2009-1188 CVE-2009-3603 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609}
1370 [lenny] - kdegraphics 4:3.5.9-3+lenny3
1371 [22 May 2010] DSA-2048-1 dvipng - arbitrary code execution
1372 {CVE-2010-0829}
1373 [lenny] - dvipng 1.11-1+lenny1
1374 [23 May 2010] DSA-2049-1 barnowl - arbitrary code execution
1375 {CVE-2010-0793}
1376 [lenny] - barnowl 1.0.1-4+lenny1
1377 [17 May 2010] DSA-2047-1 aria2 - directory traversal
1378 {CVE-2010-1512}
1379 [lenny] - aria2 0.14.0-1+lenny2
1380 [13 May 2010] DSA-2046-1 phpgroupware - several vulnerabilities
1381 {CVE-2010-0403 CVE-2010-0404}
1382 [lenny] - phpgroupware 1:0.9.16.012+dfsg-8+lenny2
1383 [11 May 2010] DSA-2045-1 libtheora - arbitrary code execution
1384 {CVE-2009-3389}
1385 [lenny] - libtheora 1.0~beta3-1+lenny1
1386 [11 May 2010] DSA-2044-1 mplayer - arbitrary code execution
1387 {CVE-2010-2062}
1388 [lenny] - mplayer 1:1.0~rc2-17+lenny3.2
1389 [11 May 2010] DSA-2043-1 vlc - arbitrary code execution
1390 {CVE-2010-2062}
1391 [lenny] - vlc 0.8.6.h-4+lenny2.3
1392 [05 May 2010] DSA-2042-1 iscsitarget - arbitrary code execution
1393 {CVE-2010-0743}
1394 [lenny] - iscsitarget 0.4.16+svn162-3.1+lenny1
1395 [03 May 2010] DSA-2041-1 mediawiki - cross-site request forgery
1396 {CVE-2010-1150}
1397 [lenny] - mediawiki 1:1.12.0-2lenny5
1398 [02 May 2010] DSA-2040-1 squidguard - several vulnerabilities
1399 {CVE-2009-3700 CVE-2009-3826}
1400 [lenny] - squidguard 1.2.0-8.4+lenny1
1401 [26 Apr 2010] DSA-2021-2 spamass-milter - regression fix
1402 {CVE-2010-1132}
1403 [lenny] - spamass-milter 0.3.1-8+lenny2
1404 [23 Apr 2010] DSA-2039-1 cacti - missing input sanitising
1405 {CVE-2010-1431}
1406 [lenny] - cacti 0.8.7b-2.1+lenny2
1407 [18 Apr 2010] DSA-2038-1 pidgin - denial of service
1408 {CVE-2010-0420 CVE-2010-0423 CVE-2010-0277 CVE-2009-3084 CVE-2009-3083}
1409 [lenny] - pidgin 2.4.3-4lenny6
1410 [17 Apr 2010] DSA-2037-1 kdebase - privilege escalation
1411 {CVE-2010-0436}
1412 [lenny] - kdebase 4:3.5.9.dfsg.1-6+lenny1
1413 [17 Apr 2010] DSA-2036-1 jasper - denial of service
1414 {CVE-2007-2721}
1415 [lenny] - jasper 1.900.1-5.1+lenny1
1416 [17 Apr 2010] DSA-2035-1 apache2 - several issues
1417 {CVE-2010-0408 CVE-2010-0434}
1418 [lenny] - apache2 2.2.9-10+lenny7
1419 [17 Apr 2010] DSA-2034-1 phpmyadmin - several vulnerabilities
1420 {CVE-2008-7251 CVE-2008-7252 CVE-2009-4605}
1421 [lenny] - phpmyadmin 4:2.11.8.1-5+lenny4
1422 [15 Apr 2010] DSA-2033-1 ejabberd - denial of service
1423 {CVE-2010-0305}
1424 [lenny] - ejabberd 2.0.1-6+lenny2
1425 [11 Apr 2010] DSA-2032-1 libpng - several vulnerabilities
1426 {CVE-2009-2042 CVE-2010-0205}
1427 [lenny] - libpng 1.2.27-2+lenny3
1428 [11 Apr 2010] DSA-2031-1 krb5 - denial of service
1429 {CVE-2010-0629}
1430 [lenny] - krb5 1.6.dfsg.4~beta1-5lenny3
1431 [06 Apr 2010] DSA-2030-1 mahara - sql injection
1432 {CVE-2010-0400}
1433 [lenny] - mahara 1.0.4-4+lenny5
1434 [05 Apr 2010] DSA-2029-1 imlib2 - arbitrary code execution
1435 {CVE-2008-6079}
1436 [lenny] - imlib2 1.4.0-1.2+lenny1
1437 [05 Apr 2010] DSA-2028-1 xpdf - several vulnerabilities
1438 {CVE-2009-1188 CVE-2009-3603 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609}
1439 [lenny] - xpdf 3.02-1.4+lenny2
1440 [03 Apr 2010] DSA-2027-1 xulrunner - several vulnerabilities
1441 {CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179}
1442 [lenny] - xulrunner 1.9.0.19-1
1443 [02 Apr 2010] DSA-2026-1 netpbm-free - buffer overflow
1444 {CVE-2009-4274}
1445 [lenny] - netpbm-free 2:10.0-12+lenny1
1446 [31 Mar 2010] DSA-2025-1 icedove - several vulnerabilities
1447 {CVE-2009-2404 CVE-2009-2408 CVE-2009-2463 CVE-2009-3072 CVE-2009-3075 CVE-2010-0163}
1448 [lenny] - icedove 2.0.0.24-0lenny1
1449 [31 Mar 2010] DSA-2024-1 moin - cross-site scripting
1450 {CVE-2010-0828}
1451 [lenny] - moin 1.7.1-3+lenny4
1452 [28 Mar 2010] DSA-2023-1 curl - arbitrary code execution
1453 {CVE-2010-0734}
1454 [lenny] - curl 7.18.2-8lenny4
1455 [23 Mar 2010] DSA-2022-1 mediawiki - several vulnerabilities
1456 {CVE-2010-1189 CVE-2010-1190}
1457 [lenny] - mediawiki 1:1.12.0-2lenny4
1458 [22 Mar 2010] DSA-2021-1 spamass-milter - remote command execution
1459 {CVE-2010-1132}
1460 [lenny] - spamass-milter 0.3.1-8+lenny1
1461 [20 Mar 2010] DSA-2020-1 ikiwiki - cross-site scripting
1462 {CVE-2010-1195}
1463 [lenny] - ikiwiki 2.53.5
1464 [20 Mar 2010] DSA-2019-1 pango1.0 - denial of service
1465 {CVE-2010-0421}
1466 [lenny] - pango1.0 1.20.5-5+lenny1
1467 [18 Mar 2010] DSA-2018-1 php5 - null pointer dereference
1468 {CVE-2010-0397}
1469 [lenny] - php5 5.2.6.dfsg.1-1+lenny8
1470 [15 Mar 2010] DSA-2017-1 pulseaudio - insecure temporary directory
1471 [lenny] - pulseaudio 0.9.10-3+lenny2
1472 {CVE-2009-1299}
1473 [15 Mar 2010] DSA-2015-1 drbd8 linux-modules-extra-2.6 - privilege escalation
1474 {CVE-2010-0747}
1475 [lenny] - drbd8 2:8.0.14-2+lenny1
1476 [lenny] - linux-modules-extra-2.6 2.6.26-6+lenny3
1477 [13 Mar 2010] DSA-2016-1 drupal6 - several vulnerabilities
1478 {CVE-2010-2473 CVE-2010-2472 CVE-2010-2471 CVE-2010-2250}
1479 [lenny] - drupal6 6.6-3lenny5
1480 [12 Mar 2010] DSA-2014-1 moin - several vulnerabilities
1481 {CVE-2010-0668 CVE-2010-0669 CVE-2010-0717}
1482 [lenny] - moin 1.7.1-3+lenny3
1483 [11 Mar 2010] DSA-2013-1 egroupware - several vulnerabilities
1484 {CVE-2010-3313 CVE-2010-3314}
1485 [lenny] - egroupware 1.4.004-2.dfsg-4.2
1486 [11 Mar 2010] DSA-2012-1 linux-2.6 - several issues
1487 {CVE-2009-3725 CVE-2010-0622}
1488 [lenny] - linux-2.6 2.6.26-21lenny4
1489 [10 Mar 2010] DSA-2011-1 dpkg - path traversal
1490 {CVE-2010-0396}
1491 [lenny] - dpkg 1.14.29
1492 [10 Mar 2010] DSA-2010-1 kvm - several vulnerabilities
1493 {CVE-2010-0298 CVE-2010-0306 CVE-2010-0309 CVE-2010-0419}
1494 [lenny] - kvm 72+dfsg-5~lenny5
1495 [09 Mar 2010] DSA-2009-1 tdiary - cross-site scripting
1496 {CVE-2010-0726}
1497 [lenny] - tdiary 2.2.1-1+lenny1
1498 [08 Mar 2010] DSA-2008-1 typo3-src - several vulnerabilities
1499 [lenny] - typo3-src 4.2.5-1+lenny3
1500 [03 Mar 2010] DSA-2007-1 cups - arbitrary code execution
1501 {CVE-2010-0393}
1502 [lenny] - cups 1.3.8-1+lenny8
1503 [02 Mar 2010] DSA-2006-1 sudo - several vulnerabilities
1504 {CVE-2010-0426 CVE-2010-0427}
1505 [lenny] - sudo 1.6.9p17-2+lenny1
1506 [27 Feb 2010] DSA-2005-1 linux-2.6.24 - several vulnerabilities
1507 {CVE-2009-2691 CVE-2009-2695 CVE-2009-3080 CVE-2009-3726 CVE-2009-3889 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021 CVE-2009-4138 CVE-2009-4308 CVE-2009-4536 CVE-2009-4538 CVE-2010-0003 CVE-2010-0007 CVE-2010-0291 CVE-2010-0410 CVE-2010-0415 CVE-2010-0622}
1508 [etch] - linux-2.6.24 2.6.24-6~etchnhalf.9etch3
1509 [28 Feb 2010] DSA-2004-1 samba - several vulnerabilities
1510 {CVE-2010-0787 CVE-2010-0547}
1511 [lenny] - samba 2:3.2.5-4lenny9
1512 NOTE: Initial DSA released as CVE-2009-3297
1513 [22 Feb 2010] DSA-2003-1 linux-2.6 - several vulnerabilities
1514 {CVE-2009-3080 CVE-2009-3726 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021 CVE-2009-4536 CVE-2010-0007 CVE-2010-0410 CVE-2010-0415 CVE-2010-0622}
1515 [etch] - linux-2.6 2.6.18.dfsg.1-26etch2
1516 [19 Feb 2010] DSA-2002-1 polipo - denial of service
1517 {CVE-2009-3305 CVE-2009-4413}
1518 [lenny] - polipo 1.0.4-1+lenny1
1519 [19 Feb 2010] DSA-2001-1 php5 - multiple vulnerabilities
1520 {CVE-2009-4142 CVE-2009-4143}
1521 [lenny] - php5 5.2.6.dfsg.1-1+lenny6
1522 [18 Feb 2010] DSA-2000-1 ffmpeg-debian - several vulnerabilities
1523 {CVE-2009-4631 CVE-2009-4632 CVE-2009-4633 CVE-2009-4634 CVE-2009-4635 CVE-2009-4636 CVE-2009-4637 CVE-2009-4638 CVE-2009-4640}
1524 [lenny] - ffmpeg-debian 0.svn20080206-18+lenny1
1525 [18 Feb 2010] DSA-1999-1 xulrunner - several vulnerabilities
1526 {CVE-2009-1571 CVE-2009-3988 CVE-2010-0159 CVE-2010-0162 CVE-2010-0167 CVE-2010-0169 CVE-2010-0171}
1527 [lenny] - xulrunner 1.9.0.18-1
1528 [17 Feb 2010] DSA-1998-1 kdelibs - arbitrary code execution
1529 {CVE-2009-0689}
1530 [lenny] - kdelibs 4:3.5.10.dfsg.1-0lenny4
1531 [14 Feb 2010] DSA-1997-1 mysql-dfsg-5.0 - several vulnerabilities
1532 {CVE-2009-4019 CVE-2009-4030 CVE-2009-4484}
1533 [etch] - mysql-dfsg-5.0 5.0.32-7etch12
1534 [lenny] - mysql-dfsg-5.0 5.0.51a-24+lenny3
1535 [12 Feb 2010] DSA-1996-1 linux-2.6 - several vulnerabilities
1536 {CVE-2009-3939 CVE-2009-4027 CVE-2009-4536 CVE-2009-4538 CVE-2010-0003 CVE-2010-0007 CVE-2010-0291 CVE-2010-0298 CVE-2010-0306 CVE-2010-0307 CVE-2010-0309 CVE-2010-0410 CVE-2010-0415}
1537 [lenny] - linux-2.6 2.6.26-21lenny3
1538 [12 Feb 2010] DSA-1995-1 openoffice.org - several
1539 {CVE-2009-0217 CVE-2009-2949 CVE-2009-2950 CVE-2009-3301 CVE-2009-3302 CVE-2010-0136}
1540 [etch] - openoffice.org 2.0.4.dfsg.2-7etch9
1541 [lenny] - openoffice.org 1:2.4.1+dfsg-1+lenny6
1542 [11 Feb 2010] DSA-1994-1 ajaxterm - session hijacking
1543 {CVE-2009-1629}
1544 [etch] - ajaxterm 0.9-2+etch1
1545 [lenny] - ajaxterm 0.10-2+lenny1
1546 [10 Feb 2010] DSA-1993-1 otrs2 - SQL injection
1547 {CVE-2010-0438}
1548 [lenny] - otrs2 2.2.7-2lenny3
1549 [04 Feb 2010] DSA-1992-1 chrony - denial of service
1550 {CVE-2010-0292 CVE-2010-0293 CVE-2010-0294}
1551 [etch] - chrony 1.21z-5+etch1
1552 [lenny] - chrony 1.23-6+lenny1
1553 [04 Feb 2010] DSA-1991-1 squid squid3 - denial of service
1554 {CVE-2009-2855 CVE-2010-0308}
1555 [etch] - squid3 3.0.PRE5-5+etch2
1556 [etch] - squid 2.6.5-6etch5
1557 [lenny] - squid 2.7.STABLE3-4.1lenny1
1558 [lenny] - squid3 3.0.STABLE8-3+lenny3
1559 [03 Feb 2010] DSA-1990-2 trac-git - regression fix
1560 {CVE-2010-0394}
1561 [lenny] - trac-git 0.0.20080710-3+lenny2
1562 [03 Feb 2010] DSA-1990-1 trac-git - code execution
1563 {CVE-2010-0394}
1564 [lenny] - trac-git 0.0.20080710-3+lenny1
1565 [02 Feb 2010] DSA-1989-1 fuse - denial of service
1566 {CVE-2010-0789}
1567 [etch] - fuse 2.5.3-4.4+etch1
1568 [lenny] - fuse 2.7.4-1.1+lenny1
1569 NOTE: Used to be CVE-2009-3297
1570 [02 Feb 2010] DSA-1988-1 qt4-x11 - several vulnerabilities
1571 {CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1699 CVE-2009-1711 CVE-2009-1712 CVE-2009-1713 CVE-2009-1725 CVE-2009-2700}
1572 [lenny] - qt4-x11 4.4.3-1+lenny1
1573 [02 Feb 2010] DSA-1986-1 moodle - several vulnerabilities
1574 {CVE-2009-4297 CVE-2009-4298 CVE-2009-4299 CVE-2009-4301 CVE-2009-4302 CVE-2009-4303 CVE-2009-4305}
1575 [lenny] - moodle 1.8.2.dfsg-3+lenny3
1576 [02 Feb 2010] DSA-1987-1 lighttpd - denial of service
1577 {CVE-2010-0295}
1578 [etch] - lighttpd 1.4.13-4etch12
1579 [lenny] - lighttpd 1.4.19-5+lenny1
1580 [31 Jan 2010] DSA-1841-2 git-core - correct build failure introduced in DSA-1841-1
1581 {CVE-2009-2108}
1582 [etch] - git-core 1:1.4.4.4-4+etch4
1583 [lenny] - git-core 1:1.5.6.5-3+lenny3
1584 [31 Jan 2010] DSA-1985-1 sendmail - insufficient input validation
1585 {CVE-2009-4565}
1586 [etch] - sendmail 8.13.8-3+etch1
1587 [lenny] - sendmail 8.14.3-5+lenny1
1588 [30 Jan 2010] DSA-1983-1 wireshark - several vulnerabilities
1589 {CVE-2009-4377 CVE-2010-0304}
1590 [lenny] - wireshark 1.0.2-3+lenny8
1591 [30 Jan 2010] DSA-1984-1 libxerces2-java - denial of service
1592 {CVE-2009-2625}
1593 [etch] - libxerces2-java 2.8.1-1+etch1
1594 [lenny] - libxerces2-java 2.9.1-2+lenny1
1595 [29 Jan 2010] DSA-1982-1 hybserv - denial of service
1596 {CVE-2010-0303}
1597 [etch] - hybserv 1.9.2-4+etch1
1598 [lenny] - hybserv 1.9.2-4+lenny2
1599 [28 Jan 2010] DSA-1968-2 pdns-recursor - cache poisoning
1600 {CVE-2009-4010}
1601 [etch] - pdns-recursor 3.1.4+v3.1.7-0+etch1
1602 [28 Jan 2010] DSA-1981-1 maildrop - privilege escalation
1603 {CVE-2010-0301}
1604 [etch] - maildrop 2.0.2-11+etch1
1605 [lenny] - maildrop 2.0.4-3+lenny1
1606 [27 Jan 2010] DSA-1980-1 ircd-hybrid ircd-ratbox - arbitrary code execution
1607 {CVE-2009-4016 CVE-2010-0300}
1608 [lenny] - ircd-ratbox 2.2.8.dfsg-2+lenny1
1609 [etch] - ircd-hybrid 1:7.2.2.dfsg.2-3+etch1
1610 [lenny] - ircd-hybrid 1:7.2.2.dfsg.2-4+lenny1
1611 [27 Jan 2009] DSA-1979-1 lintian - multiple vulnerabilities
1612 {CVE-2009-4013 CVE-2009-4014 CVE-2009-4015}
1613 [etch] - lintian 1.23.28+etch1
1614 [lenny] - lintian 1.24.2.1+lenny1
1615 [26 Jan 2010] DSA-1978-1 phpgroupware - several vulnerabilities
1616 {CVE-2009-4414 CVE-2009-4415 CVE-2009-4416}
1617 [lenny] - phpgroupware 1:0.9.16.012+dfsg-8+lenny1
1618 [25 Jan 2010] DSA-1977-1 python - several vulnerabilities
1619 {CVE-2008-2316 CVE-2009-3560 CVE-2009-3720}
1620 [etch] - python2.4 2.4.4-3+etch3
1621 [etch] - python2.5 2.5-5+etch2
1622 [lenny] - python2.4 2.4.6-1+lenny1
1623 [lenny] - python2.5 2.5.2-15+lenny1
1624 [22 Jan 2010] DSA-1976-1 dokuwiki - several vulnerabilities
1625 {CVE-2010-0287 CVE-2010-0288 CVE-2010-0289}
1626 [lenny] - dokuwiki 0.0.20080505-4+lenny1
1627 [20 Jan 2010] DSA-1975-1 etch - end of life
1628 NOTE: End of life of etch is on Feb 15th
1629 [20 Jan 2010] DSA-1974-1 gzip - arbitrary code execution
1630 {CVE-2006-4334 CVE-2009-2624 CVE-2010-0001}
1631 [etch] - gzip 1.3.5-15+etch1
1632 [lenny] - gzip 1.3.12-6+lenny1
1633 [19 Jan 2010] DSA-1973-1 glibc - information disclosure
1634 {CVE-2010-0015}
1635 [etch] - glibc 2.3.6.ds1-13etch10
1636 [lenny] - glibc 2.7-18lenny2
1637 [17 Jan 2010] DSA-1972-1 audiofile - buffer overflow
1638 {CVE-2008-5824}
1639 [lenny] - audiofile 0.2.6-7+lenny1
1640 [etch] - audiofile 0.2.6-6+etch1
1641 [15 Jan 2010] DSA-1971-1 libthai - arbitrary code execution
1642 {CVE-2009-4012}
1643 [etch] - libthai 0.1.6-1+etch1
1644 [lenny] - libthai 0.1.9-4+lenny1
1645 [13 Jan 2010] DSA-1970-1 openssl - denial of service
1646 {CVE-2009-4355}
1647 [lenny] - openssl 0.9.8g-15+lenny6
1648 [12 Jan 2010] DSA-1969-1 krb5 - denial of service
1649 {CVE-2009-4212}
1650 [etch] - krb5 1.4.4-7etch8
1651 [lenny] - krb5 1.6.dfsg.4~beta1-5lenny2
1652 [08 Jan 2010] DSA-1968-1 pdns-recursor - potential code execution
1653 {CVE-2009-4009 CVE-2009-4010}
1654 [lenny] - pdns-recursor 3.1.7-1+lenny1
1655 [07 Jan 2010] DSA-1967-1 transmission - directory traversal
1656 {CVE-2010-0012}
1657 [lenny] - transmission 1.22-1+lenny2
1658 [07 Jan 2010] DSA-1966-1 horde3 - cross-site scripting
1659 {CVE-2009-3237 CVE-2009-3701 CVE-2009-4363}
1660 [etch] - horde3 3.1.3-4etch7
1661 [lenny] - horde3 3.2.2+debian0-2+lenny2
1662 [06 Jan 2010] DSA-1965-1 phpldapadmin - remote file inclusion
1663 {CVE-2009-4427}
1664 [lenny] - phpldapadmin 1.1.0.5-6+lenny1
1665 [31 Dec 2009] DSA-1964-1 postgresql-7.4 postgresql-8.1 postgresql-8.3 - several vulnerabilities
1666 {CVE-2009-4034 CVE-2009-4136}
1667 [etch] - postgresql-8.1 8.1.19-0etch1
1668 [etch] - postgresql-7.4 1:7.4.27-0etch1
1669 [lenny] - postgresql-8.3 8.3.9-0lenny1
1670 [31 Dec 2009] DSA-1953-2 expat - regression fix
1671 {CVE-2009-3560}
1672 [etch] - expat 1.95.8-3.4+etch3
1673 [lenny] - expat 2.0.1-4+lenny3
1674 [29 Dec 2009] DSA-1958-1 libtool - privilege escalation
1675 {CVE-2009-3736}
1676 [etch] - libtool 1.5.22-4+etch1
1677 [lenny] - libtool 1.5.26-4+lenny1
1678 [28 Dec 2009] DSA-1957-1 aria2 - arbitrary code execution
1679 {CVE-2009-3575}
1680 [lenny] - aria2 0.14.0-1+lenny1
1681 [23 Dec 2009] DSA-1963-1 unbound - DNSSEC validation
1682 {CVE-2009-3602}
1683 [lenny] - unbound 1.0.2-1+lenny1
1684 [23 Dec 2009] DSA-1962-1 kvm - several vulnerabilities
1685 {CVE-2009-3638 CVE-2009-3722 CVE-2009-4031}
1686 [lenny] - kvm 72+dfsg-5~lenny4
1687 [23 Dec 2009] DSA-1961-1 bind9 - cache poisoning
1688 {CVE-2009-4022}
1689 [etch] - bind9 1:9.3.4-2etch6
1690 [lenny] - bind9 1:9.5.1.dfsg.P3-1+lenny1
1691 [19 Dec 2009] DSA-1960-1 acpid - weak file permissions
1692 {CVE-2009-4235}
1693 [etch] - acpid 1.0.4-5etch2
1694 [lenny] - acpid 1.0.8-1lenny2
1695 [19 Dec 2009] DSA-1959-1 ganeti - arbitrary command execution
1696 {CVE-2009-4261}
1697 [lenny] - ganeti 1.2.6-3+lenny2
1698 [16 Dec 2009] DSA-1956-1 xulrunner - several vulnerabilities
1699 {CVE-2009-3979 CVE-2009-3981 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986}
1700 [lenny] - xulrunner 1.9.0.16-1
1701 [16 Dec 2009] DSA-1955-1 network-manager network-manager-applet - information disclosure
1702 {CVE-2009-0365}
1703 [etch] - network-manager 0.6.4-6+etch1
1704 [lenny] - network-manager-applet 0.6.6-4+lenny1
1705 [16 Dec 2009] DSA-1954-1 cacti - insufficient input sanitising
1706 {CVE-2007-3112 CVE-2007-3113 CVE-2009-4032}
1707 [etch] - cacti 0.8.6i-3.6
1708 [lenny] - cacti 0.8.7b-2.1+lenny1
1709 [15 Dec 2009] DSA-1953-1 expat - denial of service
1710 {CVE-2009-3560}
1711 [etch] - expat 1.95.8-3.4+etch2
1712 [lenny] - expat 2.0.1-4+lenny2
1713 [15 Dec 2009] DSA-1952-1 asterisk - several vulnerabilities
1714 {CVE-2007-2383 CVE-2008-3903 CVE-2008-7220 CVE-2009-0041 CVE-2009-3727 CVE-2009-4055}
1715 [lenny] - asterisk 1:1.4.21.2~dfsg-3+lenny1
1716 [15 Dec 2009] DSA-1951-1 firefox-sage - insufficient input sanitizing
1717 {CVE-2009-4102}
1718 [etch] - firefox-sage 1.3.6-4etch1
1719 [lenny] - firefox-sage 1.4.2-0.1+lenny1
1720 [12 Dec 2009] DSA-1950-1 webkit - several vulnerabilities
1721 {CVE-2009-0945 CVE-2009-1681 CVE-2009-1684 CVE-2009-1687 CVE-2009-1690 CVE-2009-1692 CVE-2009-1693 CVE-2009-1694 CVE-2009-1695 CVE-2009-1697 CVE-2009-1698 CVE-2009-1710 CVE-2009-1711 CVE-2009-1712 CVE-2009-1714 CVE-2009-1725}
1722 [lenny] - webkit 1.0.1-4+lenny2
1723 [12 Dec 2009] DSA-1949-1 php-net-ping - arbitrary code execution
1724 {CVE-2009-4024}
1725 [etch] - php-net-ping 2.4.2-1+etch1
1726 [lenny] - php-net-ping 2.4.2-1+lenny1
1727 [08 Dec 2009] DSA-1948-1 ntp - denial of service
1728 {CVE-2009-3563}
1729 [etch] - ntp 1:4.2.2.p4+dfsg-2etch4
1730 [lenny] - ntp 1:4.2.4p4+dfsg-8lenny3
1731 [07 Dec 2009] DSA-1947-1 opensaml2 shibboleth-sp shibboleth-sp2 - cross-site scripting
1732 {CVE-2009-3300}
1733 [etch] - shibboleth-sp 1.3f.dfsg1-2+etch2
1734 [lenny] - opensaml2 2.0-2+lenny2
1735 [lenny] - shibboleth-sp2 2.0.dfsg1-4+lenny2
1736 [lenny] - shibboleth-sp 1.3.1.dfsg1-3+lenny2
1737 [04 Dec 2009] DSA-1946-1 belpic - cryptographic weakness
1738 {CVE-2009-0049}
1739 [etch] - belpic 2.5.9-7.etch.1
1740 [03 Dec 2009] DSA-1945-1 gforge - denial of service
1741 {CVE-2009-3304}
1742 [etch] - gforge 4.5.14-22etch13
1743 [lenny] - gforge 4.7~rc2-7lenny3
1744 [03 Dec 2009] DSA-1944-1 request-tracker3.4 request-tracker3.6 - session hijack vulnerability
1745 {CVE-2009-3585 CVE-2009-4151}
1746 [etch] - request-tracker3.6 3.6.1-4+etch1
1747 [etch] - request-tracker3.4 3.4.5-2+etch1
1748 [lenny] - request-tracker3.6 3.6.7-5+lenny3
1749 [02 Dec 2009] DSA-1943-1 openldap openldap2.3 - SSL certificate
1750 {CVE-2009-3767}
1751 [etch] - openldap2.3 2.3.30-5+etch3
1752 [lenny] - openldap 2.4.11-1+lenny1
1753 [29 Nov 2009] DSA-1942-1 wireshark - several vulnerabilities
1754 {CVE-2009-1829 CVE-2009-2560 CVE-2009-2562 CVE-2009-3241 CVE-2009-3550 CVE-2009-3829}
1755 [etch] - wireshark 0.99.4-5.etch.4
1756 [lenny] - wireshark 1.0.2-3+lenny7
1757 [25 Nov 2009] DSA-1941-1 poppler - several vulnerabilities
1758 {CVE-2009-0755 CVE-2009-1187 CVE-2009-3603 CVE-2009-3604 CVE-2009-3605 CVE-2009-3606 CVE-2009-3607 CVE-2009-3608 CVE-2009-3609 CVE-2009-3938}
1759 [lenny] - poppler 0.8.7-3
1760 [25 Nov 2009] DSA-1940-1 php5 - multiple issues
1761 {CVE-2009-2626 CVE-2009-2687 CVE-2009-3291 CVE-2009-3292 CVE-2009-4017}
1762 [etch] - php5 5.2.0+dfsg-8+etch16
1763 [lenny] - php5 5.2.6.dfsg.1-1+lenny4
1764 [24 Nov 2009] DSA-1939-1 libvorbis - several vulnerabilities
1765 {CVE-2009-2663 CVE-2009-3379}
1766 [etch] - libvorbis 1.1.2.dfsg-1.4+etch1
1767 [lenny] - libvorbis 1.2.0.dfsg-3.1+lenny1
1768 [23 Nov 2009] DSA-1938-1 php-mail - insufficient input sanitising
1769 {CVE-2009-4023 CVE-2009-4111}
1770 [etch] - php-mail 1.1.6-2+etch1
1771 [lenny] - php-mail 1.1.14-1+lenny1
1772 [21 Nov 2009] DSA-1937-1 gforge - cross-site scripting
1773 {CVE-2009-3303}
1774 [etch] - gforge 4.5.14-22etch12
1775 [lenny] - gforge 4.7~rc2-7lenny2
1776 [17 Nov 2009] DSA-1936-1 libgd2 - several vulnerabilities
1777 {CVE-2007-0455 CVE-2009-3546}
1778 [etch] - libgd2 2.0.33-5.2etch2
1779 [lenny] - libgd2 2.0.36~rc1~dfsg-3+lenny1
1780 [17 Nov 2009] DSA-1935-1 gnutls13 gnutls26 - SSL certificate
1781 {CVE-2009-2409 CVE-2009-2730}
1782 [etch] - gnutls13 1.4.4-3+etch5
1783 [lenny] - gnutls26 2.4.2-6+lenny2
1784 [16 Nov 2009] DSA-1934-1 apache2 - several issues
1785 {CVE-2009-3094 CVE-2009-3095 CVE-2009-3555}
1786 [etch] - apache2 2.2.3-4+etch11
1787 [lenny] - apache2 2.2.9-10+lenny6
1788 [10 Nov 2009] DSA-1933-1 cups cupsys - cross-site scripting
1789 {CVE-2009-2820}
1790 [etch] - cupsys 1.2.7-4+etch9
1791 [lenny] - cups 1.3.8-1+lenny7
1792 [08 Nov 2009] DSA-1932-1 pidgin - arbitrary code execution
1793 {CVE-2009-3615}
1794 [lenny] - pidgin 2.4.3-4lenny5
1795 [08 Nov 2009] DSA-1931-1 nspr - several vulnerabilities
1796 {CVE-2009-2463 CVE-2009-0689}
1797 [lenny] - nspr 4.7.1-5
1798 [07 Nov 2009] DSA-1930-1 drupal6 - several vulnerabilities
1799 {CVE-2009-2372 CVE-2009-2373 CVE-2009-2374}
1800 [lenny] - drupal6 6.6-3lenny3
1801 [05 Nov 2009] DSA-1929-1 linux-2.6 - several vulnerabilities
1802 {CVE-2009-1883 CVE-2009-2909 CVE-2009-3001 CVE-2009-3002 CVE-2009-3228 CVE-2009-3238 CVE-2009-3286 CVE-2009-3547 CVE-2009-3612 CVE-2009-3621}
1803 [etch] - linux-2.6 2.6.18.dfsg.1-26etch1
1804 [05 Nov 2009] DSA-1928-1 linux-2.6.24 - several vulnerabilities
1805 {CVE-2009-2846 CVE-2009-2847 CVE-2009-2848 CVE-2009-2849 CVE-2009-2903 CVE-2009-2908 CVE-2009-2909 CVE-2009-2910 CVE-2009-3001 CVE-2009-3002 CVE-2009-3228 CVE-2009-3238 CVE-2009-3286 CVE-2009-3547 CVE-2009-3612 CVE-2009-3613 CVE-2009-3620 CVE-2009-3621}
1806 [etch] - linux-2.6.24 2.6.24-6~etchnhalf.9etch1
1807 [05 Nov 2009] DSA-1927-1 linux-2.6 - several vulnerabilities
1808 {CVE-2009-3228 CVE-2009-3238 CVE-2009-3547 CVE-2009-3612 CVE-2009-3620 CVE-2009-3621 CVE-2009-3638}
1809 [lenny] - linux-2.6 2.6.26-19lenny2
1810 [04 Nov 2009] DSA-1926-1 typo3-src - several vulnerabilities
1811 {CVE-2009-3628 CVE-2009-3629 CVE-2009-3630 CVE-2009-3631 CVE-2009-3632 CVE-2009-3633 CVE-2009-3634 CVE-2009-3635 CVE-2009-3636}
1812 [etch] - typo3-src 4.0.2+debian-9
1813 [lenny] - typo3-src 4.2.5-1+lenny2
1814 [31 Oct 2009] DSA-1925-1 proftpd-dfsg - SSL certificate verification weakness
1815 {CVE-2009-3639}
1816 [etch] - proftpd-dfsg 1.3.0-19etch3
1817 [lenny] - proftpd-dfsg 1.3.1-17lenny4
1818 [31 Oct 2009] DSA-1924-1 mahara - several vulnerabilities
1819 {CVE-2009-3298 CVE-2009-3299}
1820 [lenny] - mahara 1.0.4-4+lenny4
1821 [27 Oct 2009] DSA-1923-1 libhtml-parser-perl - denial of service
1822 {CVE-2009-3627}
1823 [etch] - libhtml-parser-perl 3.55-1+etch1
1824 [lenny] - libhtml-parser-perl 3.56-1+lenny1
1825 [28 Oct 2009] DSA-1922-1 xulrunner - several vulnerabilities
1826 {CVE-2009-3007 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382 CVE-2009-3385}
1827 [lenny] - xulrunner 1.9.0.15-0lenny1
1828 [28 Oct 2009] DSA-1921-1 expat - denial of service
1829 {CVE-2009-3720}
1830 [etch] - expat 1.95.8-3.4+etch1
1831 [lenny] - expat 2.0.1-4+lenny1
1832 [26 Oct 2009] DSA-1920-1 nginx - denial of service
1833 {CVE-2009-3896}
1834 [etch] - nginx 0.4.13-2+etch3
1835 [lenny] - nginx 0.6.32-3+lenny3
1836 [25 Oct 2009] DSA-1919-1 smarty - several vulnerabilities
1837 {CVE-2008-4810 CVE-2009-1669}
1838 [etch] - smarty 2.6.14-1etch2
1839 [lenny] - smarty 2.6.20-1.2
1840 [25 Oct 2009] DSA-1918-1 phpmyadmin - several vulnerabilities
1841 {CVE-2009-3696 CVE-2009-3697}
1842 [etch] - phpmyadmin 4:2.9.1.1-13
1843 [lenny] - phpmyadmin 4:2.11.8.1-5+lenny3
1844 [24 Oct 2009] DSA-1917-1 mimetex - several vulnerabilities
1845 {CVE-2009-1382 CVE-2009-2459}
1846 [etch] - mimetex 1.50-1+etch1
1847 [lenny] - mimetex 1.50-1+lenny1
1848 [23 Oct 2009] DSA-1916-1 kdelibs - SSL certificate verification weakness
1849 {CVE-2009-2702}
1850 [etch] - kdelibs 4:3.5.5a.dfsg.1-8etch3
1851 [lenny] - kdelibs 4:3.5.10.dfsg.1-0lenny3
1852 [23 Oct 2009] DSA-1912-2 advi - arbitrary code execution
1853 {CVE-2009-2295 CVE-2009-2660 CVE-2009-3296}
1854 [etch] - advi 1.6.0-12+etch2
1855 [lenny] - advi 1.6.0-13+lenny2
1856 [22 Oct 2009] DSA-1915-1 linux-2.6 - several vulnerabilities
1857 {CVE-2009-2695 CVE-2009-2903 CVE-2009-2908 CVE-2009-2909 CVE-2009-2910 CVE-2009-3001 CVE-2009-3002 CVE-2009-3286 CVE-2009-3290 CVE-2009-3613}
1858 [lenny] - linux-2.6 2.6.26-19lenny1
1859 [22 Oct 2009] DSA-1914-1 mapserver - serveral vulnerabilities
1860 {CVE-2009-0839 CVE-2009-0840 CVE-2009-0841 CVE-2009-0842 CVE-2009-0843 CVE-2009-1176 CVE-2009-2281}
1861 [etch] - mapserver 4.10.0-5.1+etch4
1862 [lenny] - mapserver 5.0.3-3+lenny4
1863 [17 Oct 2009] DSA-1913-1 bugzilla - SQL injection
1864 {CVE-2009-3165}
1865 [lenny] - bugzilla 3.0.4.1-2+lenny2
1866 [16 Oct 2009] DSA-1912-1 camlimages - arbitrary code execution
1867 {CVE-2009-2660 CVE-2009-3296}
1868 [etch] - camlimages 2.20-8+etch3
1869 [lenny] - camlimages 1:2.2.0-4+lenny3
1870 [14 Oct 2009] DSA-1911-1 pygresql - missing escape function
1871 {CVE-2009-2940}
1872 [etch] - pygresql 1:3.8.1-1etch2
1873 [lenny] - pygresql 1:3.8.1-3+lenny1
1874 [14 Oct 2009] DSA-1910-1 mysql-ocaml - missing escape function
1875 {CVE-2009-2942}
1876 [etch] - mysql-ocaml 1.0.4-2+etch1
1877 [lenny] - mysql-ocaml 1.0.4-4+lenny1
1878 [14 Oct 2009] DSA-1909-1 postgresql-ocaml - missing escape function
1879 {CVE-2009-2943}
1880 [etch] - postgresql-ocaml 1.5.4-2+etch1
1881 [lenny] - postgresql-ocaml 1.7.0-3+lenny1
1882 [14 Oct 2009] DSA-1908-1 samba - several vulnerabilities
1883 {CVE-2009-2813 CVE-2009-2906 CVE-2009-2948}
1884 [lenny] - samba 2:3.2.5-4lenny7
1885 [13 Oct 2009] DSA-1907-1 kvm - several vulnerabilities
1886 {CVE-2008-5714 CVE-2009-3290}
1887 [lenny] - kvm 72+dfsg-5~lenny3
1888 [11 Oct 2009] DSA-1906-1 clamav - end-of-life announcement
1889 NOTE: [etch] - clamav <end-of-life> (upstream has discontinued providing virus signatures for versions prior to 0.95)
1890 NOTE: [lenny] - clamav <end-of-life> (upstream has discontinued providing virus signatures for versions prior to 0.95)
1891 [10 Oct 2009] DSA-1905-1 python-django - denial of service
1892 {CVE-2009-3695}
1893 [lenny] - python-django 1.0.2-1+lenny2
1894 [09 Oct 2009] DSA-1895-2 opensaml2, shibboleth-sp2 - interpretation conflict
1895 {CVE-2009-3474 CVE-2009-3475 CVE-2009-3476}
1896 [lenny] - opensaml2 2.0-2+lenny1
1897 [lenny] - shibboleth-sp2 2.0.dfsg1-4+lenny1
1898 [09 Oct 2009] DSA-1904-1 wget - SSL certificate verification weakness
1899 {CVE-2009-3490}
1900 [etch] - wget 1.10.2-2+etch1
1901 [lenny] - wget 1.11.4-2+lenny1
1902 [07 Oct 2009] DSA-1903-1 graphicsmagick - several
1903 {CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4988 CVE-2008-1096 CVE-2008-3134 CVE-2008-6070 CVE-2008-6071 CVE-2008-6072 CVE-2008-6621 CVE-2009-1882}
1904 [etch] - graphicsmagick 1.1.7-13+etch1
1905 [lenny] - graphicsmagick 1.1.11-3.2+lenny1
1906 [05 Oct 2009] DSA-1902-1 elinks - arbitrary code execution
1907 {CVE-2008-7224}
1908 [etch] - elinks 0.11.1-1.2etch2
1909 [05 Oct 2009] DSA-1901-1 mediawiki1.7 - several vulnerabilities
1910 {CVE-2008-5249 CVE-2008-5250 CVE-2008-5252 CVE-2009-0737}
1911 [etch] - mediawiki1.7 1.7.1-9etch1
1912 [02 Oct 2009] DSA-1900-1 postgresql-7.4 postgresql-8.1 postgresql-8.3 - various problems
1913 {CVE-2009-3229 CVE-2009-3230 CVE-2009-3231}
1914 [etch] - postgresql-7.4 1:7.4.26-0etch1
1915 [etch] - postgresql-8.1 8.1.18-0etch1
1916 [lenny] - postgresql-8.3 8.3.8-0lenny1
1917 [02 Oct 2009] DSA-1899-1 strongswan - denial of service
1918 {CVE-2009-1957 CVE-2009-1958 CVE-2009-2185 CVE-2009-2661}
1919 [etch] - strongswan 2.8.0+dfsg-1+etch2
1920 [lenny] - strongswan 4.2.4-5+lenny3
1921 [02 Oct 2009] DSA-1898-1 openswan - denial of service
1922 {CVE-2009-2185}
1923 [etch] - openswan 1:2.4.6+dfsg.2-1.1+etch2
1924 [lenny] - openswan 1:2.4.12+dfsg-1.3+lenny2
1925 [28 Sep 2009] DSA-1897-1 horde3 - arbitrary code execution
1926 {CVE-2009-3236 CVE-2009-4824 CVE-2008-7218}
1927 [etch] - horde3 3.1.3-4etch6
1928 [lenny] - horde3 3.2.2+debian0-2+lenny1
1929 [28 Sep 2009] DSA-1896-1 opensaml shibboleth-sp - potential code execution
1930 {CVE-2009-3474 CVE-2009-3475 CVE-2009-3476}
1931 [etch] - opensaml 1.1a-2+etch1
1932 [etch] - shibboleth-sp 1.3f.dfsg1-2+etch1
1933 [lenny] - opensaml 1.1.1-2+lenny1
1934 [lenny] - shibboleth-sp 1.3.1.dfsg1-3+lenny1
1935 [24 Sep 2009] DSA-1895-1 xmltooling - potential code execution
1936 {CVE-2009-3474 CVE-2009-3475 CVE-2009-3476}
1937 [lenny] - xmltooling 1.0-2+lenny1
1938 [24 Sep 2009] DSA-1894-1 newt - arbitrary code execution
1939 {CVE-2009-2905}
1940 [etch] - newt 0.52.2-10+etch1
1941 [lenny] - newt 0.52.2-11.3+lenny1
1942 [23 Sep 2009] DSA-1893-1 cyrus-imapd-2.2 kolab-cyrus-imapd - arbitrary code execution
1943 {CVE-2009-2632 CVE-2009-3235}
1944 [etch] - cyrus-imapd-2.2 2.2.13-10+etch4
1945 [etch] - kolab-cyrus-imapd 2.2.13-2+etch2
1946 [lenny] - cyrus-imapd-2.2 2.2.13-14+lenny3
1947 [lenny] - kolab-cyrus-imapd 2.2.13-5+lenny2
1948 [23 Sep 2009] DSA-1892-1 dovecot - arbitrary code execution
1949 {CVE-2009-2632 CVE-2009-3235}
1950 [etch] - dovecot 1.0.rc15-2etch5
1951 [lenny] - dovecot 1:1.0.15-2.3+lenny1
1952 [22 Sep 2009] DSA-1891-1 changetrack - arbitrary code execution
1953 {CVE-2009-3233}
1954 [etch] - changetrack 4.3-3+etch1
1955 [lenny] - changetrack 4.3-3+lenny1
1956 [19 Sep 2009] DSA-1890-1 wxwidgets2.6 wxwidgets2.8 wxwindows2.4 - arbitrary code execution
1957 {CVE-2009-2369}
1958 [etch] - wxwidgets2.6 2.6.3.2.1.5+etch1
1959 [etch] - wxwindows2.4 2.4.5.1.1+etch1
1960 [lenny] - wxwidgets2.8 2.8.7.1-1.1+lenny1
1961 [lenny] - wxwidgets2.6 2.6.3.2.2-3+lenny1
1962 [16 Sep 2009] DSA-1889-1 icu - programming error
1963 {CVE-2009-0153}
1964 [etch] - icu 3.6-2etch3
1965 [lenny] - icu 3.8.1-3+lenny2
1966 [16 Sep 2009] DSA-1888-1 openssl - cryptographic weakness
1967 {CVE-2009-2409}
1968 [etch] - openssl097 0.9.7k-3.1etch5
1969 [etch] - openssl 0.9.8c-4etch9
1970 [lenny] - openssl 0.9.8g-15+lenny5
1971 [15 Sep 2009] DSA-1887-1 rails - cross-site scripting
1972 {CVE-2009-3009}
1973 [lenny] - rails 2.1.0-7
1974 [14 Sep 2009] DSA-1886-1 iceweasel - several vulnerabilities
1975 {CVE-2009-1310 CVE-2009-3079}
1976 [lenny] - iceweasel 3.0.6-3
1977 [14 Sep 2009] DSA-1885-1 xulrunner - several vulnerabilities
1978 {CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078}
1979 [lenny] - xulrunner 1.9.0.14-0lenny1
1980 [14 Sep 2009] DSA-1883-2 nagios2 - regression fix
1981 {CVE-2007-5624 CVE-2007-5803 CVE-2008-1360}
1982 [etch] - nagios2 2.6-2+etch5
1983 [14 Sep 2009] DSA-1884-1 nginx - arbitrary code execution
1984 {CVE-2009-2629}
1985 [etch] - nginx 0.4.13-2+etch2
1986 [lenny] - nginx 0.6.32-3+lenny2
1987 [11 Sep 2009] DSA-1878-2 devscripts - regression fix
1988 {CVE-2009-2946}
1989 [etch] - devscripts 2.9.26etch5
1990 [lenny] - devscripts 2.10.35lenny7
1991 [10 Sep 2009] DSA-1883-1 nagios2 - several cross-site scriptings
1992 {CVE-2007-5624 CVE-2007-5803 CVE-2008-1360}
1993 [etch] - nagios2 2.6-2+etch4
1994 [09 Sep 2009] DSA-1882-1 xapian-omega - cross-site scripting
1995 {CVE-2009-2947}
1996 [etch] - xapian-omega 0.9.9-1+etch1
1997 [lenny] - xapian-omega 1.0.7-3+lenny1
1998 [07 Sep 2009] DSA-1881-1 cyrus-imapd - buffer overflow
1999 {CVE-2009-2632}
2000 [lenny] - cyrus-imapd-2.2 2.2.13-14+lenny1
2001 [etch] - cyrus-imapd-2.2 2.2.13-10+etch2
2002 [04 Sep 2009] DSA-1880-1 openoffice.org - arbitrary code execution
2003 {CVE-2009-0200 CVE-2009-0201 CVE-2009-2139}
2004 [lenny] - openoffice.org 1:2.4.1+dfsg-1+lenny3
2005 [etch] - openoffice.org 2.0.4.dfsg.2-7etch7
2006 [04 Sep 2009] DSA-1879-1 silc-client silc-toolkit - arbitrary code execution
2007 {CVE-2008-7159 CVE-2008-7160 CVE-2009-3051 CVE-2009-3163}
2008 [lenny] - silc-toolkit 1.1.7-2+lenny1
2009 [lenny] - silc-client 1.1.4-1+lenny1
2010 [02 Sep 2009] DSA-1878-1 devscripts - remote code execution
2011 {CVE-2009-2946}
2012 [etch] - devscripts 2.9.26etch4
2013 [lenny] - devscripts 2.10.35lenny6
2014 [02 Sep 2009] DSA-1877-1 mysql-dfsg-5.0 - arbitrary code
2015 {CVE-2009-2446}
2016 [etch] - mysql-dfsg-5.0 5.0.32-7etch11
2017 [lenny] - mysql-dfsg-5.0 5.0.51a-24+lenny2
2018 [01 Sep 2009] DSA-1876-1 dnsmasq - remote code execution
2019 {CVE-2009-2957 CVE-2009-2958}
2020 [lenny] - dnsmasq 2.45-1+lenny1
2021 [31 Aug 2009] DSA-1875-1 ikiwiki - information disclosure
2022 {CVE-2009-2944}
2023 [lenny] - ikiwiki 2.53.4
2024 [26 Aug 2009] DSA-1871-2 wordpress - regression fix
2025 {CVE-2008-1502 CVE-2008-4106 CVE-2008-4769 CVE-2008-4796 CVE-2008-5113 CVE-2008-6762 CVE-2008-6767 CVE-2009-2334 CVE-2009-2851 CVE-2009-2853 CVE-2009-2854}
2026 [etch] - wordpress 2.0.10-1etch5
2027 [26 Aug 2009] DSA-1874-1 nss - several vulnerabilities
2028 {CVE-2009-2404 CVE-2009-2408 CVE-2009-2409}
2029 [lenny] - nss 3.12.3.1-0lenny1
2030 [26 Aug 2009] DSA-1873-1 xulrunner - spoofing vulnerabilities
2031 {CVE-2009-2654 CVE-2009-2662 CVE-2009-2664}
2032 [lenny] - xulrunner 1.9.0.13-0lenny1
2033 [25 Aug 2009] DSA-1833-2 dhcp3 - arbitrary code execution
2034 {CVE-2009-0692 CVE-2009-1892}
2035 [lenny] - dhcp3 3.1.1-6+lenny3
2036 [24 Aug 2009] DSA-1872-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
2037 {CVE-2009-2698 CVE-2009-2846 CVE-2009-2847 CVE-2009-2848 CVE-2009-2849}
2038 [etch] - linux-2.6 2.6.18.dfsg.1-24etch4
2039 [etch] - fai-kernels 1.17+etch.24etch4
2040 [etch] - user-mode-linux 2.6.18-1um-2etch.24etch4
2041 [23 Aug 2009] DSA-1871-1 wordpress - several vulnerabilities
2042 {CVE-2008-1502 CVE-2008-4106 CVE-2008-4769 CVE-2008-4796 CVE-2008-5113 CVE-2008-6762 CVE-2008-6767 CVE-2009-2334 CVE-2009-2851 CVE-2009-2853 CVE-2009-2854}
2043 [etch] - wordpress 2.0.10-1etch4
2044 [lenny] - wordpress 2.5.1-11+lenny1
2045 [19 Aug 2009] DSA-1870-1 pidgin - insufficient input sanitization
2046 {CVE-2009-2694}
2047 [lenny] - pidgin 2.4.3-4lenny3
2048 [19 Aug 2009] DSA-1869-1 curl - SSL certificate verification weakness
2049 {CVE-2009-2417}
2050 [etch] - curl 7.15.5-1etch3
2051 [lenny] - curl 7.18.2-8lenny3
2052 [19 Aug 2009] DSA-1868-1 kde4libs - several vulnerabilities
2053 {CVE-2009-1687 CVE-2009-1690 CVE-2009-1698}
2054 [lenny] - kde4libs 4:4.1.0-3+lenny1
2055 [19 Aug 2009] DSA-1867-1 kdelibs - several vulnerabilities
2056 {CVE-2008-1671 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698}
2057 [etch] - kdelibs 4:3.5.5a.dfsg.1-8etch2
2058 [lenny] - kdelibs 4:3.5.10.dfsg.1-0lenny2
2059 [19 Aug 2009] DSA-1866-1 kdegraphics - several vulnerabilities
2060 {CVE-2009-0945 CVE-2009-1709}
2061 [etch] - kdegraphics 4:3.5.5-3etch4
2062 [lenny] - kdegraphics 4:3.5.9-3+lenny2
2063 [16 Aug 2009] DSA-1864-1 linux-2.6.24 - privilege escalation
2064 {CVE-2009-2692}
2065 [etch] - linux-2.6.24 2.6.24-6~etchnhalf.8etch3
2066 [16 Aug 2009] DSA-1865-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
2067 {CVE-2009-1385 CVE-2009-1389 CVE-2009-1630 CVE-2009-1633 CVE-2009-2692}
2068 [etch] - linux-2.6 2.6.18.dfsg.1-24etch3
2069 [etch] - user-mode-linux 2.6.18-1um-2etch.24etch3
2070 [etch] - fai-kernels 1.17+etch.24etch3
2071 [15 Aug 2009] DSA-1863-1 zope2.10 zope2.9 - arbitrary code execution
2072 {CVE-2009-0668 CVE-2009-0669}
2073 [lenny] - zope2.10 2.10.6-1+lenny1
2074 [etch] - zope2.9 2.9.6-4etch2
2075 [14 Aug 2009] DSA-1862-1 linux-2.6 - privilege escalation
2076 {CVE-2009-2692}
2077 [lenny] - linux-2.6 2.6.26-17lenny2
2078 [13 Aug 2009] DSA-1861-1 libxml - several issues
2079 {CVE-2009-2414 CVE-2009-2416}
2080 [etch] - libxml 1:1.8.17-14+etch1
2081 [12 Aug 2009] DSA-1860-1 ruby1.8 ruby1.9 - several issues
2082 {CVE-2009-0642 CVE-2009-1904}
2083 [etch] - ruby1.9 1.9.0+20060609-1etch5
2084 [etch] - ruby1.8 1.8.5-4etch5
2085 [lenny] - ruby1.8 1.8.7.72-3lenny1
2086 [lenny] - ruby1.9 1.9.0.2-9lenny1
2087 [10 Aug 2009] DSA-1859-1 libxml2 - several issues
2088 {CVE-2009-2414 CVE-2009-2416}
2089 [etch] - libxml2 2.6.27.dfsg-6+etch1
2090 [lenny] - libxml2 2.6.32.dfsg-5+lenny1
2091 [10 Aug 2009] DSA-1858-1 imagemagick - several vulnerabilities
2092 {CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097 CVE-2009-1882}
2093 [etch] - imagemagick 7:6.2.4.5.dfsg1-0.15+etch1
2094 [lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny3
2095 [10 Aug 2009] DSA-1857-1 camlimages - arbitrary code execution
2096 {CVE-2009-2660}
2097 [etch] - camlimages 2.20-8+etch2
2098 [lenny] - camlimages 1:2.2.0-4+lenny2
2099 [09 Aug 2009] DSA-1843-2 squid3 - regression fix
2100 {CVE-2009-2621 CVE-2009-2622}
2101 [lenny] - squid3 3.0.STABLE-3+lenny2
2102 [08 Aug 2009] DSA-1856-1 mantis - information leak
2103 [lenny] - mantis 1.1.6+dfsg-2lenny1
2104 [08 Aug 2009] DSA-1855-1 subversion - heap overflow
2105 {CVE-2009-2411}
2106 [etch] - subversion 1.4.2dfsg1-3
2107 [lenny] - subversion 1.5.1dfsg1-4
2108 [08 Aug 2009] DSA-1854-1 apr apr-util - arbitrary code execution
2109 {CVE-2009-2412}
2110 [etch] - apr-util 1.2.7+dfsg-2+etch3
2111 [etch] - apr 1.2.7-9
2112 [lenny] - apr-util 1.2.12+dfsg-8+lenny4
2113 [lenny] - apr 1.2.12-5+lenny1
2114 [07 Aug 2009] DSA-1853-1 memcached - arbitrary code execution
2115 {CVE-2009-2415}
2116 [etch] - memcached 1.1.12-1+etch1
2117 [lenny] - memcached 1.2.2-1+lenny1
2118 [07 Aug 2009] DSA-1852-1 fetchmail - SSL certificate verification weakness
2119 {CVE-2009-2666}
2120 [etch] - fetchmail 6.3.6-1etch2
2121 [lenny] - fetchmail 6.3.9~rc2-4+lenny1
2122 [06 Aug 2009] DSA-1851-1 gst-plugins-bad0.10 - arbitrary code execution
2123 {CVE-2009-1438}
2124 [etch] - gst-plugins-bad0.10 0.10.3-3.1+etch3
2125 [lenny] - gst-plugins-bad0.10 0.10.7-2+lenny2
2126 [04 Aug 2009] DSA-1850-1 libmodplug - arbitrary code execution
2127 {CVE-2009-1438 CVE-2009-1513}
2128 [etch] - libmodplug 1:0.7-5.2+etch1
2129 [lenny] - libmodplug 1:0.8.4-1+lenny1
2130 [02 Aug 2009] DSA-1849-1 xml-security-c - signature forgery
2131 {CVE-2009-0217}
2132 [etch] - xml-security-c 1.2.1-3+etch1
2133 [lenny] - xml-security-c 1.4.0-3+lenny2
2134 [02 Aug 2009] DSA-1848-1 znc - directory traversal
2135 {CVE-2009-2658}
2136 [etch] - znc 0.045-3+etch3
2137 [lenny] - znc 0.058-2+lenny3
2138 [29 Jul 2009] DSA-1847-1 bind9 - denial of service
2139 {CVE-2009-0696}
2140 [etch] - bind9 1:9.3.4-2etch5
2141 [lenny] - bind9 1:9.5.1.dfsg.P3-1
2142 [28 Jul 2009] DSA-1846-1 kvm - denial of service
2143 {CVE-2009-2287}
2144 [lenny] - kvm 72+dfsg-5~lenny2
2145 [28 Jun 2009] DSA-1845-1 linux-2.6 - several vulnerabilities
2146 {CVE-2009-1895 CVE-2009-2287 CVE-2009-2406 CVE-2009-2407}
2147 [lenny] - linux-2.6 2.6.26-17lenny1
2148 [28 Jul 2009] DSA-1844-1 linux-2.6.24 - several vulnerabilities
2149 {CVE-2009-1385 CVE-2009-1389 CVE-2009-1630 CVE-2009-1633 CVE-2009-1895 CVE-2009-1914 CVE-2009-1961 CVE-2009-2406 CVE-2009-2407}
2150 [etch] - linux-2.6.24 2.6.24-6~etchnhalf.8etch2
2151 [28 Jul 2009] DSA-1843-1 squid3 - denial of service
2152 {CVE-2009-2621 CVE-2009-2622}
2153 [etch] - squid <not-affected> (Vulnerable code introduced in 3.x)
2154 [lenny] - squid3 3.0.STABLE8-3+lenny1
2155 [28 Jul 2009] DSA-1842-1 openexr - several vulnerabilities
2156 {CVE-2009-1720 CVE-2009-1721 CVE-2009-1722}
2157 [etch] - openexr 1.2.2-4.3+etch2
2158 [lenny] - openexr 1.6.1-3+lenny3
2159 [25 Jul 2009] DSA-1841-1 git-core - denial of service
2160 {CVE-2009-2108}
2161 [etch] - git-core 1:1.4.4.4-4+etch3
2162 [lenny] - git-core 1:1.5.6.5-3+lenny2
2163 [23 Jul 2009] DSA-1840-1 xulrunner - several vulnerabilities
2164 {CVE-2009-2462 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2470 CVE-2009-2471 CVE-2009-2472}
2165 [lenny] - xulrunner 1.9.0.12-0lenny1
2166 [19 Jul 2009] DSA-1839-1 gst-plugins-good0.10 - arbitrary code execution
2167 {CVE-2009-1932}
2168 [etch] - gst-plugins-good0.10 0.10.4-4+etch1
2169 [lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny2
2170 [18 Jul 2009] DSA-1838-1 pulseaudio - privilege escalation
2171 {CVE-2009-1894}
2172 [lenny] - pulseaudio 0.9.10-3+lenny1
2173 [18 Jul 2009] DSA-1837-1 dbus - denial of service
2174 {CVE-2009-1189}
2175 [etch] - dbus 1.0.2-1+etch3
2176 [lenny] - dbus 1.2.1-5+lenny1
2177 [16 Jul 2009] DSA-1836-1 fckeditor - arbitrary code execution
2178 {CVE-2009-2324 CVE-2009-2265}
2179 [lenny] - fckeditor 1:2.6.2-1lenny1
2180 [15 Jul 2009] DSA-1835-1 tiff - several vulnerabilities
2181 {CVE-2009-2285 CVE-2009-2347}
2182 [etch] - tiff 3.8.2-7+etch3
2183 [lenny] - tiff 3.8.2-11.2
2184 [15 Jul 2009] DSA-1834-1 apache2 apache2-mpm-itk - denial of service
2185 {CVE-2009-1891 CVE-2009-1890}
2186 [etch] - apache2 2.2.3-4+etch9
2187 [lenny] - apache2 2.2.9-10+lenny4
2188 [14 Jul 2009] DSA-1833-1 dhcp3 - arbitrary code execution
2189 {CVE-2009-0692}
2190 [etch] - dhcp3 3.0.4-13+etch2
2191 [lenny] - dhcp3 3.1.1-6+lenny2
2192 [13 Jul 2009] DSA-1832-1 camlimages - arbitrary code execution
2193 {CVE-2009-2295}
2194 [etch] - camlimages 2.20-8+etch1
2195 [lenny] - camlimages 1:2.2.0-4+lenny1
2196 [13 Jul 2009] DSA-1831-1 djbdns - privilege escalation
2197 {CVE-2009-0858}
2198 [lenny] - djbdns 1:1.05-4+lenny1
2199 [12 Jul 2009] DSA-1830-1 icedove - several vulnerabilities
2200 {CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1302 CVE-2009-1303 CVE-2009-1307 CVE-2009-1392 CVE-2009-1832 CVE-2009-1836 CVE-2009-1838 CVE-2009-1841 CVE-2009-2210 CVE-2009-2061}
2201 [lenny] - icedove 2.0.0.22-0lenny1
2202 [11 Jul 2009] DSA-1829-1 sork-passwd-h3 - cross-site scripting
2203 {CVE-2009-2360}
2204 [etch] - sork-passwd-h3 3.0-2+etch1
2205 [lenny] - sork-passwd-h3 3.0-2+lenny1
2206 [07 Jul 2009] DSA-1828-1 ocsinventory-agent - arbitrary code execution
2207 {CVE-2009-0667}
2208 [lenny] - ocsinventory-agent 1:0.0.9.2repack1-4lenny1
2209 [06 Jul 2009] DSA-1827-1 ipplan - cross-site scripting
2210 {CVE-2009-1732}
2211 [lenny] - ipplan 4.86a-7+lenny1
2212 [04 Jul 2009] DSA-1826-1 eggdrop - several vulnerabilities
2213 {CVE-2007-2807 CVE-2009-1789}
2214 [etch] - eggdrop 1.6.18-1etch2
2215 [lenny] - eggdrop 1.6.19-1.1+lenny1
2216 [03 Jul 2009] DSA-1825-1 nagios2 nagios3 - arbitrary code execution
2217 {CVE-2009-2288}
2218 [lenny] - nagios3 3.0.6-4~lenny2
2219 [etch] - nagios2 2.6-2+etch3
2220 [25 Jun 2009] DSA-1824-1 phpmyadmin - several vulnerabilities
2221 {CVE-2009-1150 CVE-2009-1151}
2222 [etch] - phpmyadmin 4:2.9.1.1-11
2223 [lenny] - phpmyadmin 4:2.11.8.1-5+lenny1
2224 [25 Jun 2009] DSA-1823-1 samba - several vulnerabilities
2225 {CVE-2009-1886 CVE-2009-1888}
2226 [lenny] - samba 2:3.2.5-4lenny6
2227 [23 Jun 2009] DSA-1822-1 mahara - cross-site scripting
2228 {CVE-2009-2170}
2229 [lenny] - mahara 1.0.4-4+lenny3
2230 [22 Jun 2009] DSA-1821-1 amule - insufficient input sanitising
2231 {CVE-2009-1440}
2232 [lenny] - amule 2.2.1-1+lenny2
2233 [18 Jun 2009] DSA-1820-1 xulrunner - several vulnerabilities
2234 {CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 CVE-2009-2061}
2235 [lenny] - xulrunner 1.9.0.11-0lenny1
2236 [18 Jun 2009] DSA-1819-1 vlc - several vulnerabilities
2237 {CVE-2008-1768 CVE-2008-1769 CVE-2008-1881 CVE-2008-2147 CVE-2008-2430 CVE-2008-3794 CVE-2008-4686 CVE-2008-5032}
2238 [etch] - vlc 0.8.6-svn20061012.debian-5.1+etch3
2239 [18 Jun 2009] DSA-1818-1 gforge - insufficient input sanitising
2240 {CVE-2009-4069 CVE-2009-4070}
2241 [etch] - gforge 4.5.14-22etch11
2242 [lenny] - gforge 4.7~rc2-7lenny1
2243 [17 Jun 2009] DSA-1817-1 ctorrent - arbitrary code execution
2244 {CVE-2009-1759}
2245 [lenny] - ctorrent 1.3.4-dnh3.2-1+lenny1
2246 [16 Jun 2009] DSA-1816-1 apache2 apache2-mpm-itk - privilege escalation
2247 {CVE-2009-1195}
2248 [etch] - apache2 2.2.3-4+etch8
2249 [lenny] - apache2 2.2.9-10+lenny3
2250 [14 Jun 2009] DSA-1815-1 libtorrent-rasterbar - denial of
2251 {CVE-2009-1760}
2252 [lenny] - libtorrent-rasterbar 0.13.1-2+lenny1
2253 [13 Jun 2009] DSA-1814-1 libsndfile - arbitrary code execution
2254 {CVE-2009-1788 CVE-2009-1791}
2255 [etch] - libsndfile 1.0.16-2+etch2
2256 [lenny] - libsndfile 1.0.17-4+lenny2
2257 [08 Jun 2009] DSA-1813-1 evolution-data-server - several vulnerabilities
2258 {CVE-2009-0547 CVE-2009-0582 CVE-2009-0587}
2259 [etch] - evolution-data-server 1.6.3-5etch2
2260 [lenny] - evolution-data-server 2.22.3-1.1+lenny1
2261 [04 Jun 2009] DSA-1812-1 apr-util - several vulnerabilities
2262 {CVE-2009-0023 CVE-2009-1955}
2263 [etch] - apr-util 1.2.7+dfsg-2+etch2
2264 [lenny] - apr-util 1.2.12+dfsg-8+lenny2
2265 [02 Jun 2009] DSA-1811-1 cups cupsys - denial of service
2266 {CVE-2009-0949}
2267 [etch] - cupsys 1.2.7-4+etch8
2268 [lenny] - cups 1.3.8-1+lenny6
2269 [02 Jun 2009] DSA-1810-1 libapache-mod-jk - information
2270 {CVE-2008-5519}
2271 [etch] - libapache-mod-jk 1:1.2.18-3etch2
2272 [lenny] - libapache-mod-jk 1:1.2.26-2+lenny1
2273 [01 Jun 2009] DSA-1809-1 linux-2.6 user-mode-linux - several vulnerabilities
2274 {CVE-2009-1184 CVE-2009-1630 CVE-2009-1633 CVE-2009-1758}
2275 [lenny] - user-mode-linux 2.6.26-1um-2+15lenny3
2276 [lenny] - linux-2.6 2.6.26-15lenny3
2277 [01 Jun 2009] DSA-1808-1 drupal6 - insufficient input sanitising
2278 {CVE-2009-1844}
2279 [lenny] - drupal6 6.6-3lenny2
2280 [01 Jun 2009] DSA-1807-1 cyrus-sasl2 cyrus-sasl2-heimdal - arbitrary code execution
2281 {CVE-2009-0688}
2282 [lenny] - cyrus-sasl2-heimdal 2.1.22.dfsg1-23+lenny1
2283 [lenny] - cyrus-sasl2 2.1.22.dfsg1-23+lenny1
2284 [etch] - cyrus-sasl2 2.1.22.dfsg1-8+etch1
2285 [24 May 2009] DSA-1806-1 cscope - arbitrary code execution
2286 {CVE-2009-0148}
2287 [lenny] - cscope 15.6-6+lenny1
2288 [etch] - cscope 15.6-2+etch1
2289 [22 May 2009] DSA-1805-1 pidgin - several vulnerabilities
2290 {CVE-2008-2927 CVE-2009-1373 CVE-2009-1375 CVE-2009-1376}
2291 [lenny] - pidgin 2.4.3-4lenny2
2292 [21 May 2009] DSA-1802-2 squirrelmail - incomplete fix
2293 {CVE-2009-1381}
2294 [etch] - squirrelmail 2:1.4.9a-5
2295 [lenny] - squirrelmail 2:1.4.15-4+lenny2
2296 [20 May 2009] DSA-1803-1 nsd nsd3 - denial of service
2297 {CVE-2009-1755}
2298 [etch] - nsd 2.3.6-1+etch1
2299 [lenny] - nsd 2.3.7-1.1+lenny1
2300 [lenny] - nsd3 3.0.7-3.lenny2
2301 [20 May 2009] DSA-1804-1 ipsec-tools - denial of service
2302 {CVE-2009-1574 CVE-2009-1632}
2303 [etch] - ipsec-tools 1:0.6.6-3.1etch3
2304 [lenny] - ipsec-tools 1:0.7.1-1.3+lenny2
2305 [19 May 2009] DSA-1802-1 squirrelmail - several vulnerabilities
2306 {CVE-2009-1578 CVE-2009-1579 CVE-2009-1580 CVE-2009-1581}
2307 [etch] - squirrelmail 2:1.4.9a-4
2308 [lenny] - squirrelmail 2:1.4.15-4+lenny1
2309 [19 May 2009] DSA-1801-1 ntp - several vulnerabilities
2310 {CVE-2009-0159 CVE-2009-1252}
2311 [etch] - ntp 1:4.2.2.p4+dfsg-2etch3
2312 [lenny] - ntp 1:4.2.4p4+dfsg-8lenny2
2313 [15 May 2009] DSA-1800-1 linux-2.6 user-mode-linux - several vulnerabilities
2314 {CVE-2009-0028 CVE-2009-0834 CVE-2009-0835 CVE-2009-0859 CVE-2009-1046 CVE-2009-1072 CVE-2009-1184 CVE-2009-1192 CVE-2009-1242 CVE-2009-1265 CVE-2009-1337 CVE-2009-1338 CVE-2009-1439}
2315 [lenny] - linux-2.6 2.6.26-15lenny2
2316 [lenny] - user-mode-linux 2.6.26-1um-2+15lenny2
2317 [11 May 2009] DSA-1799-1 qemu - several vulnerabilities
2318 {CVE-2008-0928 CVE-2008-1945 CVE-2008-4539}
2319 [etch] - qemu 0.8.2-4etch3
2320 [lenny] - qemu 0.9.1-10lenny1
2321 [10 May 2009] DSA-1798-1 pango1.0 - arbitrary code execution
2322 {CVE-2009-1194}
2323 [etch] - pango1.0 1.14.8-5+etch1
2324 [lenny] - pango1.0 1.20.5-3+lenny1
2325 [09 May 2009] DSA-1797-1 xulrunner - several vulnerabilities
2326 {CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1311 CVE-2009-1312}
2327 [lenny] - xulrunner 1.9.0.9-0lenny2
2328 [07 May 2009] DSA-1796-1 libwmf - denial of service
2329 {CVE-2009-1364}
2330 [etch] - libwmf 0.2.8.4-2+etch1
2331 [lenny] - libwmf 0.2.8.4-6+lenny1
2332 [07 May 2009] DSA-1795-1 ldns - arbitrary code execution
2333 {CVE-2009-1086}
2334 [lenny] - ldns 1.4.0-1+lenny1
2335 [06 May 2009] DSA-1794-1 linux-2.6 - multiple vulnerabilities
2336 {CVE-2008-4307 CVE-2008-5395 CVE-2008-5701 CVE-2008-5702 CVE-2008-5713 CVE-2009-0028 CVE-2009-0029 CVE-2009-0031 CVE-2009-0065 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0834 CVE-2009-0859 CVE-2009-1192 CVE-2009-1265 CVE-2009-1336 CVE-2009-1337 CVE-2009-1439}
2337 [etch] - linux-2.6 2.6.18.dfsg.1-24etch2
2338 [etch] - fai-kernels 1.17+etch.24etch2
2339 [etch] - user-mode-linux 2.6.18-1um-2etch.24etch2
2340 [06 May 2009] DSA-1793-1 kdegraphics - multiple vulnerabilities
2341 {CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183}
2342 [etch] - kdegraphics 4:3.5.5-3etch3
2343 [lenny] - kdegraphics 4:3.5.9-3+lenny1
2344 [06 May 2009] DSA-1792-1 drupal6 - multiple vulnerabilities
2345 {CVE-2009-1575 CVE-2009-1576}
2346 [lenny] - drupal6 6.6-3lenny1
2347 [06 May 2009] DSA-1791-1 moin - cross-site scripting
2348 {CVE-2009-1482}
2349 [lenny] - moin 1.7.1-3+lenny2
2350 [05 May 2009] DSA-1790-1 xpdf - multiple vulnerabilities
2351 {CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-0195}
2352 [etch] - xpdf 3.01-9.1+etch6
2353 [lenny] - xpdf 3.02-1.4+lenny1
2354 [04 May 2009] DSA-1789-1 php5 - several vulnerabilities
2355 {CVE-2008-2107 CVE-2008-2108 CVE-2008-5557 CVE-2008-5624 CVE-2008-5658 CVE-2008-5814 CVE-2009-0754 CVE-2009-1271}
2356 [etch] - php5 5.2.0+dfsg-8+etch15
2357 [lenny] - php5 5.2.6.dfsg.1-1+lenny3
2358 [04 May 2009] DSA-1788-1 quagga - denial of service
2359 {CVE-2009-1572}
2360 [lenny] - quagga 0.99.10-1lenny2
2361 [02 May 2009] DSA-1787-1 linux-2.6.24 - several vulnerabilities
2362 {CVE-2008-4307 CVE-2008-5079 CVE-2008-5395 CVE-2008-5700 CVE-2008-5701 CVE-2008-5702 CVE-2009-0028 CVE-2009-0029 CVE-2009-0031 CVE-2009-0065 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0745 CVE-2009-0834 CVE-2009-0859 CVE-2009-1046 CVE-2009-1192 CVE-2009-1242 CVE-2009-1265 CVE-2009-1337 CVE-2009-1338 CVE-2009-1439}
2363 [etch] - linux-2.6.24 2.6.24-6~etchnhalf.8etch1
2364 [02 May 2009] DSA-1786-1 acpid - denial of service
2365 {CVE-2009-0798}
2366 [etch] - acpid 1.0.4-5etch1
2367 [lenny] - acpid 1.0.8-1lenny1
2368 [01 May 2009] DSA-1785-1 wireshark - several vulnerabilities
2369 {CVE-2009-1210 CVE-2009-1268 CVE-2009-1269}
2370 [lenny] - wireshark 1.0.2-3+lenny5
2371 [30 Apr 2009] DSA-1784-1 freetype - arbitrary code execution
2372 {CVE-2009-0946}
2373 [etch] - freetype 2.2.1-5+etch4
2374 [lenny] - freetype 2.3.7-2+lenny1
2375 [29 Apr 2009] DSA-1783-1 mysql-dfsg-5.0 - several vulnerabilities
2376 {CVE-2008-3963 CVE-2008-4456}
2377 [etch] - mysql-dfsg-5.0 5.0.32-7etch10
2378 [lenny] - mysql-dfsg-5.0 5.0.51a-24+lenny1
2379 [29 Apr 2009] DSA-1782-1 mplayer - arbitrary code execution
2380 {CVE-2008-4866 CVE-2008-5616 CVE-2009-0385}
2381 [etch] - mplayer 1.0~rc1-12etch7
2382 [29 Apr 2009] DSA-1781-1 ffmpeg ffmpeg-debian - arbitrary code execution
2383 {CVE-2008-3162 CVE-2009-0385}
2384 [etch] - ffmpeg 0.cvs20060823-8+etch1
2385 [lenny] - ffmpeg-debian 0.svn20080206-17+lenny1
2386 [28 Apr 2009] DSA-1780-1 libdbd-pg-perl - potential code execution
2387 {CVE-2009-0663 CVE-2009-1341}
2388 [etch] - libdbd-pg-perl 1.49-2+etch1
2389 [26 Apr 2009] DSA-1779-1 apt - several vulnerabilities
2390 {CVE-2009-1300 CVE-2009-1358}
2391 [etch] - apt 0.6.46.4-0.1+etch1
2392 [lenny] - apt 0.7.20.2+lenny1
2393 [22 Apr 2009] DSA-1778-1 mahara - cross-site scripting
2394 {CVE-2009-0664}
2395 [lenny] - mahara 1.0.4-4+lenny2
2396 [21 Apr 2009] DSA-1776-1 slurm-llnl - privilege escalation
2397 {CVE-2009-2084}
2398 [lenny] - slurm-llnl 1.3.6-1lenny3
2399 [21 Apr 2009] DSA-1777-1 git-core - privilege escalation
2400 [etch] - git-core 1:1.4.4.4-4+etch2
2401 [lenny] - git-core 1:1.5.6.5-3+lenny1
2402 [20 Apr 2009] DSA-1775-1 php-json-ext - denial of service
2403 {CVE-2009-1271}
2404 [etch] - php-json-ext 1.2.1-3.2+etch1
2405 [17 Apr 2009] DSA-1774-1 ejabberd - cross-site scripting
2406 {CVE-2009-0934}
2407 [lenny] - ejabberd 2.0.1-6+lenny1
2408 [17 Apr 2009] DSA-1773-1 cups cupsys - arbitrary code execution
2409 {CVE-2009-0163}
2410 [etch] - cupsys 1.2.7-4etch7
2411 [lenny] - cups 1.3.8-1lenny5
2412 [16 Apr 2009] DSA-1772-1 udev - privilege escalation
2413 {CVE-2009-1185 CVE-2009-1186}
2414 [etch] - udev 0.105-4etch1
2415 [lenny] - udev 0.125-7+lenny1
2416 [15 Apr 2009] DSA-1771-1 clamav - several vulnerabilities
2417 {CVE-2008-6680 CVE-2009-1270 CVE-2009-1371}
2418 [etch] - clamav 0.90.1dfsg-4etch19
2419 [lenny] - clamav 0.94.dfsg.2-1lenny2
2420 [13 Apr 2009] DSA-1770-1 imp4 - cross-site scripting
2421 {CVE-2008-4182 CVE-2009-0930}
2422 [etch] - imp4 4.1.3-4etch1
2423 [11 Apr 2009] DSA-1769-1 openjdk-6 - arbitrary code execution
2424 {CVE-2006-2426 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1101}
2425 [lenny] - openjdk-6 6b11-9.1+lenny2
2426 [10 Apr 2009] DSA-1768-1 openafs - potential code execution
2427 {CVE-2009-1250 CVE-2009-1251}
2428 [etch] - openafs 1.4.2-6etch2
2429 [lenny] - openafs 1.4.7.dfsg1-6+lenny1
2430 [09 Apr 2009] DSA-1754-1 roundup - privilege escalation
2431 {CVE-2009-2737}
2432 [etch] - roundup 1.2.1-10+etch1
2433 [lenny] - roundup 1.4.4-4+lenny1
2434 [09 Apr 2009] DSA-1767-1 multipath-tools - denial of service
2435 {CVE-2009-0115}
2436 [etch] - multipath-tools 0.4.7-1.1etch2
2437 [lenny] - multipath-tools 0.4.8-14+lenny1
2438 [09 Apr 2009] DSA-1766-1 krb5 - several vulnerabilities
2439 {CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847}
2440 [etch] - krb5 1.4.4-7etch7
2441 [lenny] - krb5 1.6.dfsg.4~beta1-5lenny1
2442 [08 Apr 2009] DSA-1765-1 horde3 - several vulnerabilities
2443 {CVE-2008-3330 CVE-2008-5917 CVE-2009-0932}
2444 [etch] - horde3 3.1.3-4etch5
2445 [07 Apr 2009] DSA-1764-1 tunapie - several vulnerabilities
2446 {CVE-2009-1253 CVE-2009-1254}
2447 [lenny] - tunapie 2.1.8-2
2448 [06 Apr 2009] DSA-1763-1 openssl openssl097 - denial of service
2449 {CVE-2009-0590}
2450 [etch] - openssl097 0.9.7k-3.1etch3
2451 [etch] - openssl 0.9.8c-4etch5
2452 [lenny] - openssl 0.9.8g-15+lenny1
2453 [03 Apr 2009] DSA-1761-1 moodle - file disclosure
2454 {CVE-2009-1171}
2455 [etch] - moodle 1.6.3-2+etch3
2456 [lenny] - moodle 1.8.2.dfsg-3+lenny2
2457 [02 Apr 2009] DSA-1762-1 icu - cross site scripting
2458 {CVE-2008-1036}
2459 [etch] - icu 3.6-2etch2
2460 [lenny] - icu 3.8.1-3+lenny1
2461 [30 Mar 2009] DSA-1760-1 openswan - denial of service
2462 {CVE-2008-4190 CVE-2009-0790}
2463 [etch] - openswan 1:2.4.6+dfsg.2-1.1+etch1
2464 [lenny] - openswan 1:2.4.12+dfsg-1.3+lenny1
2465 [30 Mar 2009] DSA-1759-1 strongswan - denial of service
2466 {CVE-2009-0790}
2467 [etch] - strongswan 2.8.0+dfsg-1+etch1
2468 [lenny] - strongswan 4.2.4-5+lenny1
2469 [30 Mar 2009] DSA-1758-1 nss-ldapd - information disclosure
2470 {CVE-2009-1073}
2471 [lenny] - nss-ldapd 0.6.7.1
2472 [24 Mar 2009] DSA-1753-1 iceweasel - end-of-life announcement for iceweasel in oldstable
2473 NOTE: <end-of-life> (upstream iceweasel too volatile, solution: upgrade to security-supported iceweasel in lenny)
2474 NOTE: DSA issued to advise users to upgrade to lenny if they are interested in a security-supported iceweasel
2475 [08 Jul 2008] DSA-1605-1 glibc - DNS cache poisoning
2476 {CVE-2008-1447}
2477 NOTE: <unfixed> (backport too complicated, solution: install bind9 or use ip address spoofing protection)
2478 NOTE: DSA issued as an avisory about actions user can take to protect against this vulnerability
2479 [08 Jul 2008] DSA-1604-1 bind - DNS cache poisoning
2480 {CVE-2008-1447}
2481 NOTE: <unfixed> (backport too complicated, solution: upgrade to bind9 or have bind8 forward queries to a bind9 resolver)
2482 NOTE: DSA issued as an avisory about actions user can take to protect against this vulnerability
2483 [24 Mar 2008] DSA-1529-1 firebird - multiple vulnerabilities
2484 {CVE-2008-0387 CVE-2008-0467 CVE-2006-7211 CVE-2007-4664 CVE-2007-4665 CVE-2007-4666 CVE-2007-4667 CVE-2007-4668 CVE-2007-4669 CVE-2007-3527 CVE-2007-3181 CVE-2007-2606 CVE-2006-7212 CVE-2006-7213 CVE-2006-7214}
2485 NOTE: <unfixed> (backport too complicated, solution: use firebird packages in backports.org or isolate machine from internet)
2486 NOTE: DSA issued as an advisory about actions user can take to protect against these vulnabilities
2487 [25 Sep 2006] DSA-1184-2 kernel-source-2.6.8 - several vulnerabilities
2488 {CVE-2004-2660 CVE-2005-4798 CVE-2006-1052 CVE-2006-1343 CVE-2006-1528 CVE-2006-1855 CVE-2006-1856 CVE-2006-2444 CVE-2006-2446 CVE-2006-2935 CVE-2006-2936 CVE-2006-3468 CVE-2006-3745 CVE-2006-4093 CVE-2006-4145 CVE-2006-4535}
2489 [sarge] - kernel-source-2.6.8 2.6.8-16sarge5
2490 [sarge] - fai-kernels 1.9.1sarge4
2491 [25 Sep 2006] DSA-1183-1 kernel-source-2.4.27 - several vulnerabilities
2492 {CVE-2005-4798 CVE-2006-2935 CVE-2006-1528 CVE-2006-2444 CVE-2006-2446 CVE-2006-3745 CVE-2006-4535}
2493 [sarge] - kernel-source-2.4.27 2.4.27-10sarge4
2494 [sarge] - fai-kernels 1.9.1sarge4
2495 [sarge] - systemimager 3.2.3-6sarge3
2496 [01 Oct 2005] DSA-833-2 mysql-dfsg-4.1 - buffer overflow
2497 {CVE-2005-2558}
2498 [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge2
2499 [30 Mar 2009] DSA-1757-1 auth2db - SQL injection
2500 {CVE-2009-1208}
2501 [lenny] - auth2db 0.2.5-2+dfsg-1+lenny1
2502 [29 Mar 2009] DSA-1756-1 xulrunner - multiple vulnerabilities
2503 {CVE-2009-1044 CVE-2009-1169}
2504 [lenny] - xulrunner 1.9.0.7-0lenny2
2505 [25 Mar 2009] DSA-1755-1 systemtap - local privilege escalation
2506 {CVE-2009-0784}
2507 [lenny] - systemtap 0.0.20080705-1+lenny1
2508 [23 Mar 2009] DSA-1752-1 webcit - potential remote code execution
2509 {CVE-2009-0364}
2510 [lenny] - webcit 7.37-dfsg-7
2511 [22 Mar 2009] DSA-1751-1 xulrunner - several vulnerabilities
2512 {CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776}
2513 [lenny] - xulrunner 1.9.0.7-0lenny1
2514 [22 Mar 2009] DSA-1750-1 libpng - several vulnerabilities
2515 {CVE-2008-5907 CVE-2008-6218 CVE-2009-0040}
2516 [etch] - libpng 1.2.15~beta5-1+etch2
2517 [lenny] - libpng 1.2.27-2+lenny2
2518 [20 Mar 2009] DSA-1749-1 linux-2.6 - several vulnerabilities
2519 {CVE-2009-0029 CVE-2009-0031 CVE-2009-0065 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748}
2520 [lenny] - linux-2.6 2.6.26-13lenny2
2521 [20 Mar 2009] DSA-1748-1 libsoup - arbitrary code execution
2522 {CVE-2009-0585}
2523 [etch] - libsoup 2.2.98-2+etch1
2524 [20 Mar 2009] DSA-1747-1 glib2.0 - arbitrary code execution
2525 {CVE-2008-4316}
2526 [etch] - glib2.0 2.12.4-2+etch1
2527 [lenny] - glib2.0 2.16.6-1+lenny1
2528 [20 Mar 2009] DSA-1746-1 ghostscript gs-gpl - arbitrary code execution
2529 {CVE-2009-0583 CVE-2009-0584}
2530 [etch] - gs-gpl 8.54.dfsg.1-5etch2
2531 [lenny] - ghostscript 8.62.dfsg.1-3.2lenny1
2532 [20 Mar 2009] DSA-1745-1 lcms - arbitrary code execution
2533 {CVE-2009-0581 CVE-2009-0723 CVE-2009-0733}
2534 [etch] - lcms 1.15-1.1+etch2
2535 [lenny] - lcms 1.17.dfsg-1+lenny1
2536 [18 Mar 2009] DSA-1744-1 weechat - denial of service
2537 {CVE-2009-0661}
2538 [lenny] - weechat 0.2.6-1+lenny1
2539 [17 Mar 2009] DSA-1743-1 libtk-img - arbitrary code execution
2540 {CVE-2007-5137 CVE-2007-5378}
2541 [etch] - libtk-img 1:1.3-15etch3
2542 [lenny] - libtk-img 1:1.3-release-7+lenny1
2543 [16 Mar 2009] DSA-1742-1 libsndfile - arbitrary code execution
2544 {CVE-2009-0186}
2545 [etch] - libsndfile 1.0.16-2+etch1
2546 [lenny] - libsndfile 1.0.17-4+lenny1
2547 [14 Mar 2009] DSA-1741-1 psi - denial of service
2548 {CVE-2008-6393}
2549 [lenny] - psi 0.11-9
2550 [14 Mar 2009] DSA-1740-1 yaws - denial of service
2551 {CVE-2009-0751}
2552 [etch] - yaws 1.65-4etch1
2553 [lenny] - yaws 1.77-3+lenny1
2554 [13 Mar 2009] DSA-1739-1 mldonkey - information disclosure
2555 {CVE-2009-0753}
2556 [lenny] - mldonkey 2.9.5-2+lenny1
2557 [11 Mar 2009] DSA-1738-1 curl - arbitrary file access
2558 {CVE-2009-0037}
2559 [etch] - curl 7.15.5-1etch2
2560 [lenny] - curl 7.18.2-8lenny2
2561 [11 Mar 2009] DSA-1737-1 wesnoth - several vulnerabilities
2562 {CVE-2009-0366 CVE-2009-0367 CVE-2009-0878}
2563 [etch] - wesnoth 1.2-5
2564 [lenny] - wesnoth 1:1.4.4-2+lenny1
2565 [10 Mar 2009] DSA-1736-1 mahara - cross-site scripting
2566 {CVE-2009-0660}
2567 [lenny] - mahara 1.0.4-4+lenny1
2568 [10 Mar 2009] DSA-1735-1 znc - privilege escalation
2569 {CVE-2009-0759}
2570 [etch] - znc 0.045-3+etch2
2571 [lenny] - znc 0.058-2+lenny1
2572 [05 Mar 2009] DSA-1734-1 opensc - information disclosure
2573 {CVE-2009-0368}
2574 [lenny] - opensc 0.11.4-5+lenny1
2575 [03 Mar 2009] DSA-1733-1 vim - multiple vulnerabilities
2576 {CVE-2008-2712 CVE-2008-3074 CVE-2008-3075 CVE-2008-3076 CVE-2008-4101}
2577 [etch] - vim 1:7.0-122+1etch5
2578 [03 Mar 2009] DSA-1732-1 squid3 - denial of service
2579 {CVE-2009-0478}
2580 [etch] - squid3 3.0.PRE5-5+etch1
2581 [02 Mar 2009] DSA-1731-1 ndiswrapper - arbitrary code execution vulnerability
2582 {CVE-2008-4395}
2583 [etch] - ndiswrapper 1.28-1+etch1
2584 [02 Mar 2009] DSA-1730-1 proftpd-dfsg - SQL injection vulnerabilites
2585 {CVE-2009-0542 CVE-2009-0543}
2586 [lenny] - proftpd-dfsg 1.3.1-17lenny2
2587 [02 Mar 2009] DSA-1729-1 gst-plugins-bad0.10 - multiple vulnerabilities
2588 {CVE-2009-0386 CVE-2009-0387 CVE-2009-0397}
2589 [etch] - gst-plugins-bad0.10 0.10.3-3.1+etch1
2590 [27 Feb 2009] DSA-1728-1 dkim-milter - denial of service
2591 {CVE-2009-0770}
2592 [lenny] - dkim-milter 2.6.0.dfsg-1+lenny1
2593 [26 Feb 2009] DSA-1727-1 - SQL injection vulnerabilites
2594 {CVE-2009-0542 CVE-2009-0543}
2595 [lenny] - proftpd-dfsg 1.3.1-17lenny1
2596 [25 Feb 2009] DSA-1726-1 python-crypto - denial of service
2597 {CVE-2009-0544}
2598 [lenny] - python-crypto 2.0.1+dfsg1-2.3+lenny0
2599 [etch] - python-crypto 2.0.1+dfsg1-1.2+etch0
2600 [15 Feb 2009] DSA-1725-1 websvn - information leak
2601 {CVE-2009-0240}
2602 [lenny] - websvn 2.0-4+lenny1
2603 [13 Feb 2009] DSA-1724-1 - several vulnerabilities
2604 {CVE-2008-5153 CVE-2009-0500 CVE-2009-0502 CVE-2008-6125}
2605 [etch] - moodle 1.6.3-2+etch2
2606 [11 Feb 2009] DSA-1723-1 phpmyadmin - arbitrary code execution
2607 {CVE-2008-5621}
2608 [etch] - phpmyadmin 4:2.9.1.1-10
2609 [11 Feb 2009] DSA-1722-1 libpam-heimdal - local privilege
2610 {CVE-2009-0361}
2611 [etch] - libpam-heimdal 2.5-1etch1
2612 [11 Feb 2009] DSA-1721-1 libpam-krb5 - local privilege
2613 {CVE-2009-0360 CVE-2009-0361}
2614 [etch] - libpam-krb5 2.6-1etch1
2615 [10 Feb 2009] DSA-1720-1 typo3-src - several vulnerabilities
2616 [etch] - typo3-src 4.0.2+debian-8
2617 [10 Feb 2009] DSA-1719-1 gnutls13 - certificate validation
2618 {CVE-2008-4989}
2619 [etch] - gnutls13 1.4.4-3+etch3
2620 [08 Feb 2009] DSA-1718-1 boinc - validation bypass
2621 {CVE-2009-0126}
2622 [etch] - boinc 5.4.11-4+etch1
2623 [05 Feb 2009] DSA-1717-1 devil - buffer overflow
2624 {CVE-2008-5262}
2625 [etch] - devil 1.6.7-5+etch1
2626 [31 Jan 2009] DSA-1716-1 vnc4 - remote code execution
2627 {CVE-2008-4770}
2628 [etch] - vnc4 4.1.1+X4.3.0-21+etch1
2629 [29 Jan 2009] DSA-1715-1 moin - insufficient input sanitising
2630 {CVE-2009-0260 CVE-2009-0312}
2631 [etch] - moin 1.5.3-1.2etch2
2632 [28 Jan 2009] DSA-1714-1 rt2570 - arbitrary code execution
2633 {CVE-2009-0282}
2634 [etch] - rt2570 1.1.0+cvs20060620-3+etch1
2635 [28 Jan 2009] DSA-1713-1 rt2500 - arbitrary code execution
2636 {CVE-2009-0282}
2637 [etch] - rt2500 1.1.0+cvs20060620-3+etch1
2638 [28 Jan 2009] DSA-1712-1 rt2400 - arbitrary code execution
2639 {CVE-2009-0282}
2640 [etch] - rt2400 1.2.2+cvs20060620-4+etch1
2641 [26 Jan 2009] DSA-1711-1 typo3-src - remote code execution
2642 {CVE-2009-0255 CVE-2009-0256 CVE-2009-0257 CVE-2009-0258}
2643 [etch] - typo3-src 4.0.2+debian-7
2644 [25 Jan 2009] DSA-1710-1 ganglia-monitor-core - remote code execution
2645 {CVE-2009-0241}
2646 [etch] - ganglia-monitor-core 2.5.7-3.1etch1
2647 [21 Jan 2009] DSA-1709-1 shadow - privilege escalation
2648 {CVE-2008-5394}
2649 [etch] - shadow 1:4.0.18.1-7+etch1
2650 [19 Jan 2009] DSA-1708-1 git-core - remote code execution
2651 {CVE-2008-5516 CVE-2008-5517 CVE-2008-5916}
2652 [etch] - git-core 1:1.4.4.4-4+etch1
2653 [15 Jan 2009] DSA-1707-1 iceweasel - several vulnerabilities
2654 {CVE-2008-5500 CVE-2008-5503 CVE-2008-5504 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5510 CVE-2008-5511 CVE-2008-5512 CVE-2008-5513 CVE-2007-3074}
2655 [etch] - iceweasel 2.0.0.19-0etch1
2656 [15 Jan 2009] DSA-1706-1 amarok - arbitrary code execution
2657 {CVE-2009-0135 CVE-2009-0136}
2658 [etch] - amarok 1.4.4-4etch1
2659 [15 Jan 2009] DSA-1705-1 netatalk - arbitrary code execution
2660 {CVE-2008-5718}
2661 [etch] - netatalk 2.0.3-4+etch1
2662 [14 Jan 2009] DSA-1704-1 xulrunner - several vulnerabilities
2663 {CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 CVE-2007-3074}
2664 [etch] - xulrunner 1.8.0.15~pre080614i-0etch1
2665 [12 Jan 2009] DSA-1703-1 bind9 - cryptographic weakness
2666 {CVE-2009-0025}
2667 [etch] - bind9 1:9.3.4-2etch4
2668 [12 Jan 2009] DSA-1702-1 ntp - cryptographic weakness
2669 {CVE-2009-0021}
2670 [etch] - ntp 1:4.2.2.p4+dfsg-2etch1
2671 [12 Jan 2009] DSA-1701-1 openssl openssl097 - cryptographic weakness
2672 {CVE-2008-5077}
2673 [etch] - openssl097 0.9.7k-3.1etch2
2674 [etch] - openssl 0.9.8c-4etch4
2675 [11 Jan 2009] DSA-1700-1 lasso - validation bypass
2676 {CVE-2009-0050}
2677 [etch] - lasso 0.6.5-3+etch1
2678 [11 Jan 2009] DSA-1699-1 zaptel - privilege escalation
2679 {CVE-2008-5396 CVE-2008-5744}
2680 [etch] - zaptel 1:1.2.11.dfsg-1+etch1
2681 [09 Jan 2009] DSA-1698-1 gforge - SQL injection
2682 {CVE-2008-2381 CVE-2008-6189 CVE-2008-6188 CVE-2008-6187}
2683 [etch] - gforge 4.5.14-22etch10
2684 [07 Jan 2009] DSA-1697-1 iceape - several vulnerabilities
2685 {CVE-2008-0016 CVE-2008-0017 CVE-2008-0304 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2811 CVE-2008-2933 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4070 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 CVE-2008-5052 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 CVE-2007-3074}
2686 [etch] - iceape 1.0.13~pre080614i-0etch1
2687 [07 Jan 2009] DSA-1696-1 icedove - several vulnerabilities
2688 {CVE-2008-0016 CVE-2008-1380 CVE-2008-3835 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 CVE-2008-4070 CVE-2008-4582 CVE-2008-5012 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 CVE-2008-5052 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512}
2689 [etch] - icedove 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1
2690 [02 Jan 2009] DSA-1695-1 ruby1.8 ruby1.9 - denial of service
2691 {CVE-2008-3443}
2692 [etch] - ruby1.9 1.9.0+20060609-1etch4
2693 [etch] - ruby1.8 1.8.5-4etch4
2694 [02 Jan 2009] DSA-1694-1 xterm - remote code execution
2695 {CVE-2008-2383}
2696 [etch] - xterm 222-1etch3
2697 [27 Dec 2008] DSA-1693-1 phppgadmin - several vulnerabilities
2698 {CVE-2007-2865 CVE-2007-5728 CVE-2008-5587}
2699 [etch] - phppgadmin 4.0.1-3.1etch1
2700 [27 Dec 2008] DSA-1692-1 php-xajax - cross-site scripting
2701 {CVE-2007-2739}
2702 [etch] - php-xajax 0.2.4-2+etch1
2703 [22 Dec 2008] DSA-1691-1 moodle - several vulnerabilities
2704 {CVE-2007-3555 CVE-2008-1502 CVE-2008-3325 CVE-2008-3326 CVE-2008-4796 CVE-2008-4810 CVE-2008-4811 CVE-2008-5432 CVE-2008-6124}
2705 [etch] - moodle 1.6.3-2+etch1
2706 [22 Dec 2008] DSA-1690-1 avahi - denial of service
2707 {CVE-2007-3372 CVE-2008-5081}
2708 [etch] - avahi 0.6.16-3etch2
2709 [21 Dec 2008] DSA-1689-1 proftpd-dfsg - Cross-Site Request Forgery
2710 {CVE-2008-4242}
2711 [etch] - proftpd-dfsg 1.3.0-19etch2
2712 [20 Dec 2008] DSA-1688-1 courier-authlib - SQL injection
2713 {CVE-2008-2380 CVE-2008-2667}
2714 [etch] - courier-authlib 0.58-4+etch2
2715 [15 Dec 2008] DSA-1687-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
2716 {CVE-2008-3527 CVE-2008-3528 CVE-2008-4554 CVE-2008-4576 CVE-2008-4933 CVE-2008-4934 CVE-2008-5025 CVE-2008-5029 CVE-2008-5079 CVE-2008-5182 CVE-2008-5300}
2717 [etch] - fai-kernels 1.17+etch.23etch1
2718 [etch] - linux-2.6 2.6.18.dfsg.1-23etch1
2719 [etch] - user-mode-linux 2.6.18-1um-2etch.23etch1
2720 [14 Dec 2008] DSA-1686-1 no-ip - arbitrary code execution
2721 {CVE-2008-5297}
2722 [etch] - no-ip 2.1.1-4+etch1
2723 [12 Dec 2008] DSA-1685-1 uw-imap - multiple vulnerabilities
2724 {CVE-2008-5005 CVE-2008-5006}
2725 [etch] - uw-imap 7:2002edebian1-13.1+etch1
2726 [10 Dec 2008] DSA-1684-1 lcms - multiple vulnerabilities
2727 {CVE-2008-5316 CVE-2008-5317}
2728 [etch] - lcms 1.15-1.1+etch1
2729 [08 Dec 2008] DSA-1683-1 streamripper - potential code execution
2730 {CVE-2007-4337 CVE-2008-4829}
2731 [etch] - streamripper 1.61.27-1+etch1
2732 [07 Dec 2008] DSA-1682-1 squirrelmail - cross site scripting
2733 {CVE-2008-2379}
2734 [etch] - squirrelmail 2:1.4.9a-3
2735 [04 Dec 2008] DSA-1681-1 linux-2.6.24 - several vulnerabilities
2736 {CVE-2008-3528 CVE-2008-4554 CVE-2008-4576 CVE-2008-4618 CVE-2008-4933 CVE-2008-4934 CVE-2008-5025 CVE-2008-5029 CVE-2008-5134 CVE-2008-5182 CVE-2008-5300}
2737 [etch] - linux-2.6.24 2.6.24-6~etchnhalf.7
2738 [04 Dec 2008] DSA-1680-1 clamav - potential code execution
2739 {CVE-2008-5050 CVE-2008-5314}
2740 [etch] - clamav 0.90.1dfsg-4etch16
2741 [03 Dec 2008] DSA-1679-1 awstats - cross-site scripting
2742 {CVE-2008-3714 CVE-2008-5080}
2743 [etch] - awstats 6.5+dfsg-1+etch1
2744 [03 Dec 2008] DSA-1678-1 perl - privilege escalation
2745 {CVE-2004-0452 CVE-2005-0448 CVE-2008-5302 CVE-2008-5303}
2746 [etch] - perl 5.8.8-7etch5
2747 [02 Dec 2008] DSA-1677-1 cupsys - arbitrary code execution
2748 {CVE-2008-5286}
2749 [etch] - cupsys 1.2.7-4etch6
2750 [01 Dec 2008] DSA-1676-1 flamethrower - denial of service
2751 {CVE-2008-5141}
2752 [etch] - flamethrower 0.1.8-1+etch1
2753 [30 Nov 2008] DSA-1675-1 phpmyadmin - cross site scripting
2754 {CVE-2008-4326}
2755 [etch] - phpmyadmin 4:2.9.1.1-9
2756 [30 Nov 2008] DSA-1674-1 jailer - denial of service
2757 {CVE-2008-5139}
2758 [etch] - jailer 0.4-9+etch1
2759 [29 Nov 2008] DSA-1673-1 wireshark - several vulnerabilities
2760 {CVE-2008-3137 CVE-2008-3138 CVE-2008-3141 CVE-2008-3145 CVE-2008-3933 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685}
2761 [etch] - wireshark 0.99.4-5.etch.3
2762 [29 Nov 2008] DSA-1672-1 imlib2 - arbitrary code execution
2763 {CVE-2008-5187}
2764 [etch] - imlib2 1.3.0.0debian1-4+etch2
2765 [24 Nov 2008] DSA-1671-1 iceweasel - several vulnerabilities
2766 {CVE-2008-0017 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5019 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 CVE-2008-5052}
2767 [etch] - iceweasel 2.0.0.18-0etch1
2768 [24 Nov 2008] DSA-1670-1 enscript - arbitrary code execution
2769 {CVE-2008-3863 CVE-2008-4306 CVE-2008-5078}
2770 [etch] - enscript 1.6.4-11.1
2771 [23 Nov 2008] DSA-1669-1 xulrunner - several vulnerabilities
2772 {CVE-2008-0016 CVE-2008-0017 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 CVE-2008-5052 CVE-2008-4063 CVE-2008-4064}
2773 [etch] - xulrunner 1.8.0.15~pre080614h-0etch1
2774 [22 Nov 2008] DSA-1668-1 hf - execution of arbitrary code
2775 {CVE-2008-2378}
2776 [etch] - hf 0.7.3-4etch1
2777 [19 Nov 2009] DSA-1667-1 python2.4 - several vulnerabilities
2778 {CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144}
2779 [etch] - python2.4 2.4.4-3+etch2
2780 [17 Nov 2008] DSA-1666-1 libxml2 - several vulnerabilities
2781 {CVE-2008-4225 CVE-2008-4226}
2782 [etch] - libxml2 2.6.27.dfsg-6
2783 [12 Nov 2008] DSA-1665-1 libcdaudio - heap overflow
2784 {CVE-2008-5030}
2785 [etch] - libcdaudio 0.99.12p2-2+etch1
2786 [10 Nov 2008] DSA-1664-1 ekg - denial of service
2787 {CVE-2008-4776}
2788 [etch] - ekg 1:1.7~rc2-1etch2
2789 [09 Nov 2008] DSA-1663-1 net-snmp - several vulnerabilities
2790 {CVE-2008-0960 CVE-2008-2292 CVE-2008-4309}
2791 [etch] - net-snmp 5.2.3-7etch4
2792 [06 Nov 2008] DSA-1662-1 mysql-dfsg-5.0 - authorization bypass
2793 {CVE-2008-4098}
2794 [etch] - mysql-dfsg-5.0 5.0.32-7etch8
2795 [29 Oct 2008] DSA-1661-1 openoffice.org - several vulnerabilities
2796 {CVE-2008-2237 CVE-2008-2238}
2797 [etch] - openoffice.org 2.0.4.dfsg.2-7etch6
2798 [26 Oct 2008] DSA-1660-1 clamav - denial of service
2799 {CVE-2008-3912 CVE-2008-3913 CVE-2008-3914}
2800 [etch] - clamav 0.90.1dfsg-4etch15
2801 [23 Oct 2008] DSA-1659-1 libspf2 - potential remote code execution
2802 {CVE-2008-2469}
2803 [etch] - libspf2 1.2.5-4+etch1
2804 [22 Oct 2008] DSA-1658-1 dbus - denial of service
2805 {CVE-2008-3834}
2806 [etch] - dbus 1.0.2-1+etch2
2807 [20 Oct 2008] DSA-1657-1 qemu - denial of service
2808 {CVE-2008-4553}
2809 [etch] - qemu 0.8.2-4etch2
2810 [20 Oct 2008] DSA-1656-1 cupsys - several vulnerabilities
2811 {CVE-2008-3639 CVE-2008-3640 CVE-2008-3641}
2812 [etch] - cupsys 1.2.7-4etch5
2813 [16 Oct 2008] DSA-1655-1 linux-2.6.24 - several vulnerabilities
2814 {CVE-2008-1514 CVE-2008-3525 CVE-2008-3831 CVE-2008-4113 CVE-2008-4445}
2815 [etch] - linux-2.6.24 2.6.24-6~etchnhalf.6
2816 [14 Oct 2008] DSA-1654-1 libxml2 - execution of arbitrary code
2817 {CVE-2008-3529}
2818 [etch] - libxml2 2.6.27.dfsg-5
2819 [13 Oct 2008] DSA-1653-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
2820 {CVE-2007-6716 CVE-2008-1514 CVE-2008-3276 CVE-2008-3525 CVE-2008-3833 CVE-2008-4210 CVE-2008-4302}
2821 [etch] - fai-kernels 1.17+etch.22etch3
2822 [etch] - linux-2.6 2.6.18.dfsg.1-22etch3
2823 [etch] - user-mode-linux 2.6.18-1um-2etch.22etch3
2824 [12 Oct 2008] DSA-1652-1 ruby1.9 - several vulnerabilities
2825 {CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905}
2826 [etch] - ruby1.9 1.9.0+20060609-1etch3
2827 [12 Oct 2008] DSA-1651-1 ruby1.8 - several vulnerabilities
2828 {CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905}
2829 [etch] - ruby1.8 1.8.5-4etch3
2830 [12 Oct 2008] DSA-1650-1 openldap2.3 - denial of service
2831 {CVE-2008-2952}
2832 [etch] - openldap2.3 2.3.30-5+etch2
2833 [08 Oct 2008] DSA-1649-1 iceweasel - several vulnerabilities
2834 {CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069}
2835 [etch] - iceweasel 2.0.0.17-0etch1
2836 [08 Oct 2008] DSA-1648-1 mon - insecure temporary files
2837 {CVE-2008-4477}
2838 [etch] - mon 0.99.2-9+etch2
2839 [07 Oct 2008] DSA-1647-1 php5 - several vulnerabilities
2840 {CVE-2008-3658 CVE-2008-3659 CVE-2008-3660}
2841 [etch] - php5 5.2.0-8+etch13
2842 [07 Oct 2008] DSA-1646-2 squid - array bounds check
2843 {CVE-2007-6239 CVE-2008-1612}
2844 [etch] - squid 2.6.5-6etch4
2845 [06 Oct 2008] DSA-1645-1 lighttpd - various problems
2846 {CVE-2008-4298 CVE-2008-4359 CVE-2008-4360}
2847 [etch] - lighttpd 1.4.13-4etch11
2848 [05 Oct 2008] DSA-1644-1 mplayer - integer overflows
2849 {CVE-2008-3827}
2850 [etch] - mplayer 1.0~rc1-12etch5
2851 [05 Oct 2008] DSA-1643-1 feta - denial of service
2852 {CVE-2008-4440}
2853 [etch] - feta 1.4.15+etch1
2854 [20 Sep 2008] DSA-1642-1 horde3 - cross site scripting
2855 {CVE-2008-3823 CVE-2008-3824}
2856 [etch] - horde3 3.1.3-4etch4
2857 [20 Sep 2008] DSA-1641-1 phpmyadmin - several issues
2858 {CVE-2008-3197 CVE-2008-3456 CVE-2008-3457 CVE-2008-4096}
2859 [etch] - phpmyadmin 4:2.9.1.1-8
2860 [20 Sep 2008] DSA-1640-1 python-django - cross site request forgery
2861 {CVE-2007-5712 CVE-2008-3909}
2862 [etch] - python-django 0.95.1-1etch2
2863 [19 Sep 2008] DSA-1639-1 twiki - command execution
2864 {CVE-2008-3195}
2865 [etch] - twiki 1:4.0.5-9.1etch1
2866 [16 Sep 2008] DSA-1638-1 openssh - denial of service
2867 {CVE-2006-5051 CVE-2008-4109}
2868 [etch] - openssh 1:4.3p2-9etch3
2869 [15 Sep 2008] DSA-1637-1 git-core - buffer overflow
2870 {CVE-2008-3546}
2871 [etch] - git-core 1:1.4.4.4-2.1+etch1
2872 [11 Sep 2008] DSA-1636-1 linux-2.6.24 - several vulnerabilities
2873 {CVE-2008-3272 CVE-2008-3275 CVE-2008-3276 CVE-2008-3526 CVE-2008-3534 CVE-2008-3535 CVE-2008-3792 CVE-2008-3915}
2874 [etch] - linux-2.6.24 2.6.24-6~etchnhalf.5
2875 [10 Sep 2008] DSA-1635-1 freetype - multiple vulnerabilities
2876 {CVE-2008-1806 CVE-2008-1807 CVE-2008-1808}
2877 [etch] - freetype 2.2.1-5+etch3
2878 [01 Sep 2008] DSA-1634-1 wordnet - arbitrary code execution
2879 {CVE-2008-2149 CVE-2008-3908}
2880 [etch] - wordnet 1:2.1-4+etch1
2881 [01 Sep 2008] DSA-1633-1 slash - multiple vulnerabilities
2882 {CVE-2008-2231 CVE-2008-2553}
2883 [etch] - slash 2.2.6-8etch1
2884 [26 Aug 2008] DSA-1632-1 tiff - arbitrary code execution
2885 {CVE-2008-2327}
2886 [etch] - tiff 3.8.2-7+etch1
2887 [22 Aug 2008] DSA-1631-1 libxml2 - denial of service
2888 {CVE-2008-3281}
2889 [etch] - libxml2 2.6.27.dfsg-3
2890 [21 Aug 2008] DSA-1630-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
2891 {CVE-2007-6282 CVE-2008-0598 CVE-2008-2729 CVE-2008-2812 CVE-2008-2826 CVE-2008-2931 CVE-2008-3272 CVE-2008-3275}
2892 [etch] - fai-kernels 1.17+etch.22etch2
2893 [etch] - user-mode-linux 2.6.18-1um-2etch.22etch2
2894 [etch] - linux-2.6 2.6.18.dfsg.1-22etch2
2895 [19 Aug 2008] DSA-1629-2 postfix - privilege escalation
2896 {CVE-2008-2936}
2897 [etch] - postfix 2.3.8-2+etch1
2898 [18 Aug 2008] DSA-1629-1 postfix - privilege escalation
2899 {CVE-2008-2936}
2900 [etch] - postfix 2.3.8-2etch1
2901 [10 Aug 2008] DSA-1628-1 pdns - DNS spoofing
2902 {CVE-2008-3337}
2903 [etch] - pdns 2.9.20-8+etch1
2904 [04 Aug 2008] DSA-1627-2 opensc - smart card vulnerability
2905 {CVE-2008-2235 CVE-2008-3972}
2906 [etch] - opensc 0.11.1-2etch2
2907 [01 Aug 2008] DSA-1626-1 httrack - arbitrary code execution
2908 {CVE-2008-3429}
2909 [etch] - httrack 3.40.4-3.1+etch1
2910 [01 Aug 2008] DSA-1625-1 cupsys - arbitrary code execution
2911 {CVE-2008-0053 CVE-2008-1373 CVE-2008-1722}
2912 [etch] - cupsys 1.2.7-4etch4
2913 [31 Jul 2008] DSA-1624-1 libxslt - arbitrary code execution
2914 {CVE-2008-2935}
2915 [etch] - libxslt 1.1.19-3
2916 [31 Jul 2008] DSA-1623-1 dnsmasq - cache poisoning
2917 {CVE-2008-1447}
2918 [etch] - dnsmasq 2.35-1+etch4
2919 [31 Jul 2008] DSA-1622-1 newsx - arbitrary code execution
2920 {CVE-2008-3252}
2921 [etch] - newsx 1.6-2etch1
2922 [27 Jul 2008] DSA-1621-1 icedove - several vulnerabilities
2923 {CVE-2008-0304 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2802 CVE-2008-2803 CVE-2008-2807 CVE-2008-2809 CVE-2008-2811}
2924 [etch] - icedove 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1
2925 [27 Jul 2008] DSA-1620-1 python2.5 - several vulnerabilities
2926 {CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887}
2927 [etch] - python2.5 2.5-5+etch1
2928 [27 Jul 2008] DSA-1619-1 python-dns - DNS response spoofing
2929 {CVE-2008-1447 CVE-2008-4099 CVE-2008-4126}
2930 [etch] - python-dns 2.3.0-5.2+etch1
2931 [26 Jul 2008] DSA-1618-1 ruby1.9 - several vulnerabilities
2932 {CVE-2008-2376 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726}
2933 [etch] - ruby1.9 1.9.0+20060609-1etch2
2934 [25 Jul 2008] DSA-1617-1 refpolicy - incompatible policy
2935 {CVE-2008-1447}
2936 [etch] - refpolicy 0.0.20061018-5.1+etch1
2937 [24 Jul 2008] DSA-1616-2 clamav - denial of service
2938 {CVE-2008-2713 CVE-2008-3215}
2939 [etch] - clamav 0.90.1dfsg-3.1etch14
2940 [23 Jul 2008] DSA-1615-1 xulrunner - several vulnerabilities
2941 {CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2811 CVE-2008-2933}
2942 [etch] - xulrunner 1.8.0.15~pre080614d-0etch1
2943 [23 Jul 2008] DSA-1614-1 iceweasel - several vulnerabilities
2944 {CVE-2008-2785 CVE-2008-2933 CVE-2008-3198}
2945 [etch] - iceweasel 2.0.0.16-0etch1
2946 [22 Jul 2008] DSA-1613-1 libgd2 - multiple vulnerabilities
2947 {CVE-2007-2445 CVE-2007-2756 CVE-2007-3476 CVE-2007-3477 CVE-2007-3996}
2948 [etch] - libgd2 2.0.33-5.2etch1
2949 [21 Jul 2008] DSA-1612-1 ruby1.8 - several vulnerabilities
2950 {CVE-2008-2376 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726}
2951 [etch] - ruby1.8 1.8.5-4etch2
2952 [16 Jul 2008] DSA-1611-1 afuse - privilege escalation
2953 {CVE-2008-2232}
2954 [etch] - afuse 0.1.1-1+etch1
2955 [16 Jul 2008] DSA-1544-2 pdns-recursor - predictable randomness
2956 {CVE-2008-1637 CVE-2008-3217}
2957 [etch] - pdns-recursor 3.1.4-1+etch2
2958 [15 Jul 2008] DSA-1610-1 gaim - execution of arbitrary code
2959 {CVE-2008-2927}
2960 [etch] - gaim 1:2.0.0+beta5-10etch1
2961 [15 Jul 2008] DSA-1609-1 lighttpd - multiple DOS issues
2962 {CVE-2008-0983}
2963 [etch] - lighttpd 1.4.13-4etch9
2964 [13 Jul 2008] DSA-1608-1 mysql-dfsg-5.0 - authorization bypass
2965 {CVE-2008-2079 CVE-2008-4097}
2966 [etch] - mysql-dfsg-5.0 5.0.32-7etch6
2967 [11 Jul 2008] DSA-1607-1 iceweasel - several vulnerabilities
2968 {CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2811}
2969 [etch] - iceweasel 2.0.0.15-0etch1
2970 [09 Jul 2008] DSA-1606-1 poppler - execution of arbitrary code
2971 {CVE-2008-1693}
2972 [etch] - poppler 0.4.5-5.1etch3
2973 [08 Jul 2008] DSA-1603-1 bind9 - cache poisoning
2974 {CVE-2008-1447}
2975 [etch] - bind9 1:9.3.4-2etch3
2976 [05 Jul 2008] DSA-1602-1 pcre3 - arbitrary code execution
2977 {CVE-2008-2371}
2978 [etch] - pcre3 6.7+7.4-4
2979 [04 Jul 2008] DSA-1601-1 wordpress - several vulnerabilities
2980 {CVE-2007-1599 CVE-2008-0664}
2981 [etch] - wordpress 2.0.10-1etch3
2982 [01 Jul 2008] DSA-1600-1 sympa - denial of service
2983 {CVE-2008-1648}
2984 [etch] - sympa 5.2.3-1.2+etch1
2985 [26 Jun 2008] DSA-1599-1 dbus
2986 {CVE-2008-0595}
2987 [etch] - dbus 1.0.2-1+etch1
2988 [19 Jun 2008] DSA-1598-1 libtk-img - arbitrary code execution
2989 {CVE-2008-0553}
2990 [etch] - libtk-img 1:1.3-15etch2
2991 [12 Jun 2008] DSA-1597-1 mt-daapd - several vulnerabilities
2992 {CVE-2007-5824 CVE-2007-5825 CVE-2008-1771}
2993 [etch] - mt-daapd 0.2.4+r1376-1.1+etch1
2994 [12 Jun 2008] DSA-1596-1 typo3-src - several vulnerabilities
2995 {CVE-2008-2717 CVE-2008-2718}
2996 [etch] - typo3-src 4.0.2+debian-5
2997 [11 Jun 2008] DSA-1595-1 xorg-server - several vulnerabilities
2998 {CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362}
2999 [etch] - xorg-server 2:1.1.1-21etch5
3000 [10 Jun 2008] DSA-1594-1 imlib2
3001 {CVE-2008-2426}
3002 [etch] - imlib2 1.3.0.0debian1-4+etch1
3003 [09 Jun 2008] DSA-1593-1 tomcat5.5
3004 {CVE-2008-1947}
3005 [etch] - tomcat5.5 5.5.20-2etch3
3006 [09 Jun 2008] DSA-1592-1 linux-2.6 - overflow conditions
3007 {CVE-2008-1673 CVE-2008-2358}
3008 [etch] - linux-2.6 2.6.18.dfsg.1-18etch6
3009 [03 Jun 2008] DSA-1591-1 libvorbis - several vulnerabilities
3010 {CVE-2008-1419 CVE-2008-1420 CVE-2008-1423}
3011 [etch] - libvorbis 1.1.2.dfsg-1.4
3012 [30 May 2008] DSA-1590-1 samba - arbitrary code execution
3013 {CVE-2008-1105}
3014 [etch] - samba 3.0.24-6etch10
3015 [29 May 2008] DSA-1589-1 libxslt - arbitrary code execution
3016 {CVE-2008-1767}
3017 [etch] - libxslt 1.1.19-2
3018 [27 May 2008] DSA-1588-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
3019 {CVE-2007-6712 CVE-2008-1615 CVE-2008-2136 CVE-2008-2137}
3020 [etch] - linux-2.6 2.6.18.dfsg.1-18etch5
3021 [etch] - fai-kernels 1.17+etch.18etch5
3022 [etch] - user-mode-linux 2.6.18-1um-2etch.18etch5
3023 [26 May 2008] DSA-1587-1 mtr - execution of arbitrary code
3024 {CVE-2008-2357}
3025 [etch] - mtr 0.71-2etch1
3026 [22 May 2008] DSA-1586-1 xine-lib - multiple vulnerabilities
3027 {CVE-2008-1482 CVE-2008-1686 CVE-2008-1878}
3028 [etch] - xine-lib 1.1.2+dfsg-7
3029 [21 May 2008] DSA-1585-1 speex - integer overflow
3030 {CVE-2008-1686}
3031 [etch] - speex 1.1.12-3etch1
3032 [21 May 2008] DSA-1584-1 libfishsound - integer overflow
3033 {CVE-2008-1686}
3034 [etch] - libfishsound 0.7.0-2etch1
3035 [20 May 2008] DSA-1583-1 gnome-peercast - several vulnerabilities
3036 {CVE-2007-6454 CVE-2008-2040}
3037 [etch] - gnome-peercast 0.5.4-1.1etch0
3038 [20 May 2008] DSA-1582-1 peercast - arbitrary code execution
3039 {CVE-2008-2040}
3040 [etch] - peercast 0.1217.toots.20060314-1etch1
3041 [20 May 2008] DSA-1581-1 gnutls13 - potential code execution
3042 {CVE-2008-1948 CVE-2008-1949 CVE-2008-1950}
3043 [etch] - gnutls13 1.4.4-3+etch1
3044 [20 May 2008] DSA-1580-1 phpgedview - privilege escalation
3045 {CVE-2008-2064}
3046 [etch] - phpgedview 4.0.2.dfsg-4
3047 [18 May 2008] DSA-1579-1 netpbm-free - arbitrary code execution
3048 {CVE-2008-0554}
3049 [etch] - netpbm-free 2:10.0-11.1+etch1
3050 [17 May 2008] DSA-1578-1 php4 - several vulnerabilities
3051 {CVE-2007-3799 CVE-2007-3806 CVE-2007-3998 CVE-2007-4657 CVE-2008-2051}
3052 [etch] - php4 6:4.4.4-8+etch6
3053 [14 May 2008] DSA-1577-1 gforge - insecure temporary files
3054 {CVE-2008-0167}
3055 [etch] - gforge 4.5.14-22etch8
3056 [14 May 2008] DSA-1576-1 openssh openssh-blacklist - predictable randomness
3057 {CVE-2007-4752 CVE-2008-0166 CVE-2008-1483 CVE-2008-2285}
3058 [etch] - openssh 1:4.3p2-9etch2
3059 NOTE: The package should not be flagged as vulnerable because this is just
3060 NOTE: a band-aid for DSA-1571-1.
3061 [12 May 2008] DSA-1575-1 linux-2.6 - denial of service
3062 {CVE-2008-1669}
3063 [etch] - linux-2.6 2.6.18.dfsg.1-18etch4
3064 [12 May 2008] DSA-1574-1 icedove - several vulnerabilities
3065 {CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237}
3066 [etch] - icedove 1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1
3067 [11 May 2008] DSA-1573-1 rdesktop - several vulnerabilities
3068 {CVE-2008-1801 CVE-2008-1802 CVE-2008-1803}
3069 [etch] - rdesktop 1.5.0-1etch2
3070 [11 May 2008] DSA-1572-1 php5 - several vulnerabilities
3071 {CVE-2007-3806 CVE-2008-1384 CVE-2008-2050 CVE-2008-2051}
3072 [etch] - php5 5.2.0-8+etch11
3073 [13 May 2008] DSA-1571-1 openssl - predictable random number generator
3074 {CVE-2007-3108 CVE-2007-4995 CVE-2008-0166}
3075 [etch] - openssl 0.9.8c-4etch3
3076 [06 May 2008] DSA-1570-1 kazehakase - execution of arbitrary code
3077 {CVE-2006-7227 CVE-2006-7228 CVE-2006-7230 CVE-2007-1659 CVE-2007-1660 CVE-2007-1661 CVE-2007-1662 CVE-2007-4766 CVE-2007-4767 CVE-2007-4768}
3078 [etch] - kazehakase 0.4.2-1etch1
3079 [05 May 2008] DSA-1569-1 cacti - multiple vulnerabilities
3080 {CVE-2008-0783 CVE-2008-0785}
3081 [etch] - cacti 0.8.6i-3.3
3082 [05 May 2008] DSA-1568-1 b2evolution - cross site scripting
3083 {CVE-2007-0175}
3084 [etch] - b2evolution 0.9.2-3+etch1
3085 [05 May 2008] DSA-1567-1 blender - arbitrary code execution
3086 {CVE-2008-1102}
3087 [etch] - blender 2.42a-7.1+etch1
3088 [02 May 2008] DSA-1566-1 cpio - programming error
3089 {CVE-2007-4476}
3090 [etch] - cpio 2.6-18.1+etch1
3091 [01 May 2008] DSA-1565-1 linux-2.6 - several vulnerabilities
3092 {CVE-2008-1375 CVE-2008-1294 CVE-2007-6694 CVE-2008-0007}
3093 [etch] - linux-2.6 2.6.18.dfsg.1-18etch3
3094 [01 May 2008] DSA-1564-1 wordpress - several vulnerabilities
3095 {CVE-2008-2146 CVE-2007-0540 CVE-2007-3639 CVE-2007-4153 CVE-2007-4154}
3096 [etch] - wordpress 2.0.10-1etch2
3097 [30 Apr 2008] DSA-1563-1 asterisk - denial of service
3098 {CVE-2008-1897}
3099 [etch] - asterisk 1:1.2.13~dfsg-2etch4
3100 [28 Apr 2008] DSA-1562-1 iceape - arbitrary code execution
3101 {CVE-2008-1380}
3102 [etch] - iceape 1.0.13~pre080323b-0etch3
3103 [28 Apr 2008] DSA-1561-1 ltsp - information disclosure
3104 {CVE-2008-1293}
3105 [etch] - ltsp 0.99debian11+etch1
3106 [28 Apr 2008] DSA-1560-1 kronolith2 - cross site scripting
3107 {CVE-2008-1974}
3108 [etch] - kronolith2 2.1.4-1etch1
3109 [27 Apr 2008] DSA-1559-1 phpgedview - cross site scripting
3110 {CVE-2007-5051}
3111 [etch] - phpgedview 4.0.2.dfsg-3
3112 [24 Apr 2008] DSA-1558-1 xulrunner - arbitrary code execution
3113 {CVE-2008-1380}
3114 [etch] - xulrunner 1.8.0.15~pre080323b-0etch2
3115 [24 Apr 2008] DSA-1534-2 iceape - regression
3116 {CVE-2007-3738 CVE-2007-4879 CVE-2007-5338 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241}
3117 [etch] - iceape 1.0.13~pre080323b-0etch2
3118 [24 Apr 2008] DSA-1557-1 phpmyadmin - several vulnerabilities
3119 {CVE-2008-1149 CVE-2008-1567 CVE-2008-1924}
3120 [etch] - phpmyadmin 4:2.9.1.1-7
3121 [24 Apr 2008] DSA-1556-2 perl - denial of service
3122 {CVE-2008-1927}
3123 [etch] - perl 5.8.8-7etch3
3124 [23 Apr 2008] DSA-1555-1 iceweasel - arbitrary code execution
3125 {CVE-2008-1380}
3126 [etch] - iceweasel 2.0.0.14-0etch1
3127 [22 Apr 2008] DSA-1554-1 roundup - cross-site scripting vulnerability
3128 {CVE-2008-1474}
3129 [etch] - roundup 1.2.1-5+etch1
3130 [20 Apr 2008] DSA-1553-1 ikiwiki - cross-site request forgery
3131 {CVE-2008-0165}
3132 [etch] - ikiwiki 1.33.5
3133 [19 Apr 2008] DSA-1552-1 mplayer - arbitrary code execution
3134 {CVE-2008-1558}
3135 [etch] - mplayer 1.0~rc1-12etch3
3136 [19 Apr 2008] DSA-1551-1 python2.4 - several vulnerabilities
3137 {CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887}
3138 [etch] - python2.4 2.4.4-3+etch1
3139 [17 Apr 2008] DSA-1550-1 suphp
3140 {CVE-2008-1614}
3141 [etch] - suphp 0.6.2-1+etch0
3142 [17 Apr 2008] DSA-1549-1 clamav
3143 {CVE-2008-0314 CVE-2008-1100 CVE-2008-1833}
3144 [etch] - clamav 0.90.1dfsg-3etch11
3145 [17 Apr 2008] DSA-1548-1 xpdf
3146 {CVE-2008-1693}
3147 [etch] - xpdf 3.01-9.1+etch3
3148 [17 Apr 2008] DSA-1547-1 openoffice.org
3149 {CVE-2007-5745 CVE-2007-5746 CVE-2007-5747 CVE-2008-0320}
3150 [etch] - openoffice.org 2.0.4.dfsg.2-7etch5
3151 [sarge] - openoffice.org 1.1.3-9sarge9
3152 [10 Apr 2008] DSA-1546-1 gnumeric
3153 {CVE-2008-0668}
3154 [etch] - gnumeric 1.6.3-5.1+etch1
3155 [10 Apr 2008] DSA-1545-1 rsync
3156 {CVE-2008-1720}
3157 [etch] - rsync 2.6.9-2etch2
3158 [09 Apr 2008] DSA-1544-1 pdns-recursor - cache poisoning vulnerability
3159 {CVE-2008-1637}
3160 [etch] - pdns-recursor 3.1.4-1+etch1
3161 [09 Apr 2008] DSA-1543-1 vlc - several vulnerabilities
3162 {CVE-2007-6681 CVE-2007-6682 CVE-2007-6683 CVE-2008-0073 CVE-2008-0295 CVE-2008-0296 CVE-2008-0984 CVE-2008-1489}
3163 [etch] - vlc 0.8.6-svn20061012.debian-5.1+etch2
3164 [09 Apr 2008] DSA-1542-1 libcairo - arbitrary code execution
3165 {CVE-2007-5503}
3166 [etch] - libcairo 1.2.4-4.1+etch1
3167 [08 Apr 2008] DSA-1541-1 openldap2.3
3168 {CVE-2007-5707 CVE-2007-5708 CVE-2007-6698 CVE-2008-0658}
3169 [etch] - openldap2.3 2.3.30-5+etch1
3170 [07 Apr 2008] DSA-1540-1 lighttpd
3171 {CVE-2008-1531}
3172 [etch] - lighttpd 1.4.13-4etch7
3173 [04 Apr 2008] DSA-1539-1 mapserver - multiple vulnerabilities
3174 {CVE-2007-4542 CVE-2007-4629}
3175 [etch] - mapserver 4.10.0-5.1+etch2
3176 [04 Apr 2008] DSA-1538-1 alsaplayer - arbitrary code execution
3177 {CVE-2007-5301}
3178 [etch] - alsaplayer 0.99.76-9+etch1
3179 [02 Apr 2008] DSA-1537-1 xpdf
3180 {CVE-2007-4352 CVE-2007-5392 CVE-2007-5393}
3181 [etch] - xpdf 3.01-9.1+etch2
3182 [01 Apr 2008] DSA-1533-2 exiftags
3183 {CVE-2007-6354 CVE-2007-6355 CVE-2007-6356}
3184 [sarge] - exiftags 0.98-1.1+0sarge1
3185 [31 Mar 2008] DSA-1536-1 xine-lib - several vulnerabilities
3186 {CVE-2007-1246 CVE-2007-1387 CVE-2008-0073 CVE-2008-0486 CVE-2008-1161}
3187 [sarge] - xine-lib 1.0.1-1sarge7
3188 [etch] - xine-lib 1.1.2+dfsg-6
3189 [30 Mar 2008] DSA-1535-1 iceweasel
3190 {CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241}
3191 [etch] - iceweasel 2.0.0.13-0etch1
3192 [28 Mar 2008] DSA-1534-1 iceape
3193 {CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241 CVE-2007-6589 CVE-2008-0420}
3194 [etch] - iceape 1.0.13~pre080323b-0etch1
3195 [27 Mar 2008] DSA-1533-1 exiftags
3196 {CVE-2007-6354 CVE-2007-6355 CVE-2007-6356}
3197 [etch] - exiftags 0.98-1.1+etch1
3198 [27 Mar 2008] DSA-1532-1 xulrunner
3199 {CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241}
3200 [etch] - xulrunner 1.8.0.15~pre080323b-0etch1
3201 [27 Mar 2008] DSA-1531-2 policyd-weight - insecure temporary files
3202 {CVE-2008-1569 CVE-2008-1570}
3203 [etch] - policyd-weight 0.1.14-beta-6etch2
3204 [25 Mar 2008] DSA-1530-1 cupsys - multiple vulnerabilities
3205 {CVE-2008-0047 CVE-2008-0882}
3206 [etch] - cupsys 1.2.7-4etch3
3207 [24 Mar 2008] DSA-1528-1 serendipity - cross site scripting
3208 {CVE-2007-6205 CVE-2008-0124 CVE-2008-1476}
3209 [etch] - serendipity 1.0.4-1+etch1
3210 [24 Mar 2008] DSA-1527-1 debian-goodies - privilege escalation
3211 {CVE-2007-3912}
3212 [sarge] - debian-goodies 0.23+sarge1
3213 [etch] - debian-goodies 0.27+etch1
3214 [20 Mar 2008] DSA-1526-1 xwine
3215 {CVE-2008-0930 CVE-2008-0931}
3216 [etch] - xwine 1.0.1-1etch1
3217 [20 Mar 2008] DSA-1525-1 asterisk
3218 {CVE-2007-6430 CVE-2008-1332 CVE-2008-1333}
3219 [etch] - asterisk 1:1.2.13~dfsg-2etch3
3220 [18 Mar 2008] DSA-1524-1 krb5 - multiple vulnerabilities
3221 {CVE-2008-0062 CVE-2008-0063 CVE-2008-0947}
3222 [sarge] - krb5 1.3.6-2sarge6
3223 [etch] - krb5 1.4.4-7etch5
3224 [17 Mar 2008] DSA-1523-1 ikiwiki - cross-site scripting
3225 {CVE-2008-0808 CVE-2008-0809}
3226 [etch] - ikiwiki 1.33.4
3227 [17 Mar 2008] DSA-1522-1 unzip - potential code execution
3228 {CVE-2008-0888}
3229 [sarge] - unzip 5.52-1sarge5
3230 [etch] - unzip 5.52-9etch1
3231 [16 Mar 2008] DSA-1493-2 sdl-image1.2 - arbitrary code execution
3232 {CVE-2007-6697 CVE-2008-0544}
3233 [sarge] - sdl-image1.2 1.2.4-1etch1
3234 [etch] - sdl-image1.2 1.2.5-2+etch1
3235 [16 Mar 2008] DSA-1521-1 lighttpd - arbitrary file disclosure
3236 {CVE-2008-1270}
3237 [etch] - lighttpd 1.4.13-4etch6
3238 [16 Mar 2008] DSA-1520-1 smarty - arbitrary code execution
3239 {CVE-2008-1066}
3240 [sarge] - smarty 2.6.9-1sarge1
3241 [etch] - smarty 2.6.14-1etch1
3242 [15 Mar 2008] DSA-1519-1 horde3 - information disclosure
3243 {CVE-2008-1284}
3244 [sarge] - horde3 3.0.4-4sarge7
3245 [etch] - horde3 3.1.3-4etch3
3246 [15 Mar 2008] DSA-1518-1 backup-manager - information disclosure
3247 {CVE-2007-4656}
3248 [sarge] - backup-manager 0.5.7-1sarge2
3249 [etch] - backup-manager 0.7.5-4
3250 [15 Mar 2008] DSA-1517-1 ldapscripts - information disclosure
3251 {CVE-2007-5373}
3252 [etch] - ldapscripts 1.4-2etch1
3253 [14 Mar 2008] DSA-1516-1 dovecot - privilege escalation
3254 {CVE-2008-1199 CVE-2008-1218}
3255 [etch] - dovecot 1.0.rc15-2etch4
3256 [11 Mar 2008] DSA-1515-1 libnet-dns-perl - several vulnerabilities
3257 {CVE-2007-3377 CVE-2007-3409 CVE-2007-6341}
3258 [sarge] - libnet-dns-perl 0.48-1sarge1
3259 [etch] - libnet-dns-perl 0.59-1etch1
3260 [09 Mar 2008] DSA-1514-1 moin
3261 {CVE-2007-2423 CVE-2007-2637 CVE-2008-0780 CVE-2008-0781 CVE-2008-0782 CVE-2008-1098 CVE-2008-1099}
3262 [etch] - moin 1.5.3-1.2etch1
3263 [06 Mar 2008] DSA-1513-1 lighttpd - information disclosure
3264 {CVE-2008-1111}
3265 [etch] - lighttpd 1.4.13-4etch5
3266 [06 Mar 2008] DSA-1503-2 kernel-source-2.4.27 - several vulnerabilities
3267 {CVE-2004-2731 CVE-2006-4814 CVE-2006-5753 CVE-2006-5823 CVE-2006-6053 CVE-2006-6054 CVE-2006-6106 CVE-2007-1353 CVE-2007-1592 CVE-2007-2172 CVE-2007-2525 CVE-2007-3848 CVE-2007-4308 CVE-2007-4311 CVE-2007-5093 CVE-2007-6063 CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0007}
3268 [sarge] - kernel-source-2.4.27 2.4.27-10sarge7
3269 [05 Mar 2008] DSA-1512-1 evolution - remote code execution
3270 {CVE-2008-0072}
3271 [sarge] - evolution 2.0.4-2sarge3
3272 [etch] - evolution 2.6.3-6etch2
3273 [03 Mar 2008] DSA-1511-1 icu - multiple problems
3274 {CVE-2007-4770 CVE-2007-4771}
3275 [etch] - icu 3.6-2etch1
3276 [27 Feb 2008] DSA-1510-1 gs-esp gs-gpl - arbitrary code execution
3277 {CVE-2008-0411}
3278 [sarge] - gs-esp 7.07.1-9sarge1
3279 [sarge] - gs-gpl 8.01-6
3280 [etch] - gs-esp 8.15.3.dfsg.1-1etch1
3281 [etch] - gs-gpl 8.54.dfsg.1-5etch1
3282 [25 Feb 2008] DSA-1509-1 koffice - multiple vulnerabilities
3283 {CVE-2007-4352 CVE-2007-5392 CVE-2007-5393}
3284 [etch] - koffice 1:1.6.1-2etch2
3285 [25 Feb 2008] DSA-1508-1 sword - arbirary shell command execution
3286 {CVE-2008-0932}
3287 [sarge] - sword 1.5.7-7sarge1
3288 [etch] - sword 1.5.9-2etch1
3289 [24 Feb 2008] DSA-1507-1 turba2
3290 {CVE-2008-0807}
3291 [sarge] - turba2 2.0.2-1sarge1
3292 [etch] - turba2 2.1.3-1etch1
3293 [24 Feb 2008] DSA-1506-1 iceape - several vulnerabilities
3294 {CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594 CVE-2007-5947 CVE-2007-5959 CVE-2007-5960}
3295 [etch] - iceape 1.0.12~pre080131b-0etch1
3296 [22 Feb 2008] DSA-1505-1 alsa-driver alsa-modules-i386 - kernel memory leak
3297 {CVE-2007-4571}
3298 [sarge] - alsa-driver 1.0.8-7sarge1
3299 [sarge] - alsa-modules-i386 1.0.8+2sarge2
3300 [etch] - alsa-driver 1.0.13-5etch1
3301 [22 Feb 2008] DSA-1504-1 kernel-image-2.6.8 - several issues
3302 {CVE-2006-5823 CVE-2006-6054 CVE-2006-6058 CVE-2006-7203 CVE-2007-1353 CVE-2007-2172 CVE-2007-2525 CVE-2007-3105 CVE-2007-3739 CVE-2007-3740 CVE-2007-3848 CVE-2007-4133 CVE-2007-4308 CVE-2007-4573 CVE-2007-5093 CVE-2007-6063 CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0007}
3303 [sarge] - kernel-image-2.6.8-s390 2.6.8-6sarge1
3304 [sarge] - kernel-image-2.6.8-ia64 2.6.8-15sarge1
3305 [sarge] - fai-kernels 1.9.1sarge8
3306 [sarge] - kernel-image-2.6.8-amd64 2.6.8-17sarge1
3307 [sarge] - kernel-image-2.6.8-hppa 2.6.8-7sarge1
3308 [sarge] - kernel-image-2.6.8-sparc 2.6.8-16sarge1
3309 [sarge] - kernel-image-2.6.8-alpha 2.6.8-17sarge1
3310 [sarge] - kernel-image-2.6.8-i386 2.6.8-17sarge1
3311 [sarge] - kernel-source-2.6.8 2.6.8-17sarge1
3312 [sarge] - kernel-patch-powerpc-2.6.8 2.6.8-13sarge1
3313 [sarge] - kernel-image-2.6.8-m68k 2.6.8-5sarge1
3314 [22 Feb 2008] DSA-1503-1 kernelimage-2.4.27 - several issues
3315 {CVE-2004-2731 CVE-2006-4814 CVE-2006-5753 CVE-2006-5823 CVE-2006-6053 CVE-2006-6054 CVE-2006-6106 CVE-2007-1353 CVE-2007-1592 CVE-2007-2172 CVE-2007-2525 CVE-2007-3848 CVE-2007-4308 CVE-2007-4311 CVE-2007-5093 CVE-2007-6063 CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0007}
3316 [sarge] - kernel-latest-2.4-i386 101sarge2
3317 [sarge] - kernel-image-2.4.27-alpha 2.4.27-10sarge6
3318 [sarge] - kernel-image-2.4.27-m68k 2.4.27-3sarge6
3319 [sarge] - i2c 1:2.9.1-1sarge2
3320 [sarge] - systemimager 3.2.3-6sarge5
3321 [sarge] - kernel-latest-2.4-alpha 101sarge3
3322 [sarge] - kernel-patch-powerpc-2.4.27 2.4.27-10sarge6
3323 [sarge] - kernel-latest-2.4-sparc 42sarge3
3324 [sarge] - kernel-patch-2.4.27-mips 2.4.27-10.sarge4.040815-3
3325 [sarge] - pcmcia-modules-2.4.27-i386 3.2.5+2sarge2
3326 [sarge] - kernel-image-2.4.27-ia64 2.4.27-10sarge6
3327 [sarge] - mindi-kernel 2.4.27-2sarge5
3328 [sarge] - kernel-latest-2.4-s390 2.4.27-1sarge2
3329 [sarge] - hostap-modules-i386 1:0.3.7-1sarge3
3330 [sarge] - kernel-image-speakup-i386 2.4.27-1.1sarge5
3331 [sarge] - kernel-source-2.4.27 2.4.27-10sarge6
3332 [sarge] - kernel-image-2.4.27-arm 2.4.27-2sarge6
3333 [sarge] - kernel-image-2.4.27-i386 2.4.27-10sarge6
3334 [sarge] - kernel-image-2.4.27-sparc 2.4.27-9sarge6
3335 [sarge] - kernel-image-2.4.27-s390 2.4.27-2sarge6
3336 [22 Feb 2008] DSA-1502-1 wordpress - multiple vulnerabilities
3337 {CVE-2007-2821 CVE-2007-3238 CVE-2008-0193 CVE-2008-0194}
3338 [etch] - wordpress 2.0.10-1etch1
3339 [21 Feb 2008] DSA-1501-1 dspam - information disclosure
3340 {CVE-2007-6418}
3341 [etch] - dspam 3.6.8-5etch1
3342 [21 Feb 2008] DSA-1500-1 splitvt - privilege escalation
3343 {CVE-2008-0162}
3344 [etch] - splitvt 1.6.5-9etch1
3345 [19 Feb 2008] DSA-1499-1 pcre3 - arbitrary code execution
3346 {CVE-2008-0674}
3347 [sarge] - pcre3 4.5+7.4-2
3348 [etch] - pcre3 6.7+7.4-3
3349 [19 Feb 2008] DSA-1498-1 libimager-perl - buffer overflow
3350 {CVE-2007-2459}
3351 [etch] - libimager-perl 0.50-1etch1
3352 [16 Feb 2008] DSA-1497-1 clamav - several vulnerabilities
3353 {CVE-2007-6595 CVE-2008-0318}
3354 [etch] - clamav 0.90.1dfsg-3etch10
3355 [12 Feb 2008] DSA-1496-1 mplayer - arbitrary code execution
3356 {CVE-2008-0485 CVE-2008-0486 CVE-2008-0629 CVE-2008-0630}
3357 [etch] - mplayer 1.0~rc1-12etch2
3358 [12 Feb 2008] DSA-1495-1 nagios-plugins - several
3359 {CVE-2007-5198 CVE-2007-5623}
3360 [sarge] - nagios-plugins 1.4-6sarge1
3361 [etch] - nagios-plugins 1.4.5-1etch1
3362 [11 Feb 2008] DSA-1494-1 linux-2.6 - privilege escalation
3363 {CVE-2008-0163 CVE-2008-0600}
3364 [etch] - linux-2.6 2.6.18.dfsg.1-18etch1
3365 [10 Feb 2008] DSA-1493-1 sdl-image1.2
3366 {CVE-2007-6697 CVE-2008-0544}
3367 [sarge] - sdl-image1.2 1.2.4-1etch1
3368 [etch] - sdl-image1.2 1.2.5-2etch1
3369 [10 Feb 2008] DSA-1492-1 wml
3370 {CVE-2008-0665 CVE-2008-0666}
3371 [etch] - wml 2.0.11-1etch1
3372 [10 Feb 2008] DSA-1491-1 tk8.4 - arbitrary code execution
3373 {CVE-2008-0553}
3374 [sarge] - tk8.4 8.4.9-1sarge2
3375 [etch] - tk8.4 8.4.12-1etch2
3376 [10 Feb 2008] DSA-1490-1 tk8.3 - arbitrary code execution
3377 {CVE-2008-0553}
3378 [sarge] - tk8.3 8.3.5-4sarge1
3379 [etch] - tk8.3 8.3.5-6etch2
3380 [10 Feb 2008] DSA-1489-1 iceweasel - several vulnerabilities
3381 {CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594}
3382 [etch] - iceweasel 2.0.0.12-0etch1
3383 [09 Feb 2008] DSA-1488-1 phpbb2 - several vulnerabilities
3384 {CVE-2006-4758 CVE-2006-6508 CVE-2006-6839 CVE-2006-6840 CVE-2006-6841 CVE-2008-0471}
3385 [sarge] - phpbb2 2.0.13+1-6sarge4
3386 [etch] - phpbb2 2.0.21-7
3387 [08 Feb 2008] DSA-1487-1 libexif - several vulnerabilities
3388 {CVE-2007-2645 CVE-2007-6351 CVE-2007-6352}
3389 [sarge] - libexif 0.6.9-6sarge2
3390 [etch] - libexif 0.6.13-5etch2
3391 [05 Feb 2008] DSA-1486-1 gnatsweb - cross-site scripting
3392 {CVE-2007-2808}
3393 [etch] - gnatsweb 4.00-1etch1
3394 [10 Feb 2008] DSA-1485-2 icedove - several vulnerabilities
3395 {CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594}
3396 [etch] - icedove 1.5.0.13+1.5.0.15b.dfsg1-0etch2
3397 [10 Feb 2008] DSA-1484-1 xulrunner - several vulnerabilities
3398 {CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594 CVE-2008-0420}
3399 [etch] - xulrunner 1.8.0.15~pre080131b-0etch1
3400 [06 Feb 2008] DSA-1483-1 net-snmp - denial of service
3401 {CVE-2007-5846}
3402 [etch] - net-snmp 5.2.3-7etch2
3403 [05 Feb 2008] DSA-1482-1 squid - programming error
3404 {CVE-2007-6239}
3405 [etch] - squid 2.6.5-6etch1
3406 NOTE: temporary i386 update for sarge on: http://people.debian.org/~jmm/squid/
3407 [05 Feb 2008] DSA-1481-1 python-cherrypy - missing input sanitising
3408 {CVE-2008-0252}
3409 [etch] - python-cherrypy 2.2.1-3etch1
3410 [05 Feb 2008] DSA-1480-1 poppler - several vulnerabilities
3411 {CVE-2007-4352 CVE-2007-5392 CVE-2007-5393}
3412 [etch] - poppler 0.4.5-5.1etch2
3413 [29 Jan 2008] DSA-1479-1 linux-2.6
3414 {CVE-2007-2878 CVE-2007-4571 CVE-2007-6151 CVE-2008-0001}
3415 [etch] - linux-2.6 2.6.18.dfsg.1-17etch1
3416 [28 Jan 2008] DSA-1478-1 mysql-dfsg-5.0 - buffer overflows
3417 {CVE-2008-0226 CVE-2008-0227}
3418 [etch] - mysql-dfsg-5.0 5.0.32-7etch5
3419 [27 Jan 2008] DSA-1477-1 yarssr - missing input sanitising
3420 {CVE-2007-5837}
3421 [etch] - yarssr 0.2.2-1etch1
3422 [27 Jan 2008] DSA-1476-1 pulseaudio - programming error
3423 {CVE-2008-0008}
3424 [etch] - pulseaudio 0.9.5-5etch1
3425 [26 Jan 2008] DSA-1475-1 gforge - cross site scripting
3426 {CVE-2007-0176}
3427 [etch] - gforge 4.5.14-22etch5
3428 [21 Jan 2008] DSA-1474-1 exiv2 - arbitrary code execution
3429 {CVE-2007-6353}
3430 [etch] - exiv2 0.10-1.5
3431 [21 Jan 2008] DSA-1473-1 scponly - arbitrary code execution
3432 {CVE-2007-6350 CVE-2007-6415}
3433 [sarge] - scponly 4.0-1sarge2
3434 [etch] - scponly 4.6-1etch1
3435 [21 Jan 2008] DSA-1472-1 xine-lib - buffer overflow
3436 {CVE-2008-0225}
3437 [etch] - xine-lib 1.1.2+dfsg-5
3438 [sarge] - xine-lib 1.0.1-1sarge6
3439 [21 Jan 2008] DSA-1471-1 libvorbis - several vulnerabilities
3440 {CVE-2007-3106 CVE-2007-4029 CVE-2007-4065 CVE-2007-4066}
3441 [etch] - libvorbis 1.1.2.dfsg-1.3
3442 [sarge] - libvorbis 1.1.0-2
3443 [20 Jan 2008] DSA-1470-1 horde3 - missing input sanitising
3444 {CVE-2007-6018}
3445 [etch] - horde3 3.1.3-4etch2
3446 [sarge] - horde3 <not-affected> (Vulnerable code not present)
3447 [20 Jan 2008] DSA-1469-1 flac
3448 {CVE-2007-4619 CVE-2007-6277}
3449 [etch] - flac 1.1.2-8
3450 [sarge] - flac 1.1.1-5sarge1
3451 [20 Jan 2008] DSA-1468-1 tomcat5.5
3452 {CVE-2008-0128 CVE-2007-2450}
3453 [etch] - tomcat5.5 5.5.20-2etch2
3454 [19 Jan 2008] DSA-1467-1 mantis - several vulnerabilities
3455 {CVE-2006-6574 CVE-2007-6611}
3456 [sarge] - mantis 0.19.2-5sarge5
3457 [19 Jan 2008] DSA-1466-2 libxfont xfree86 xorg-server - several vulnerabilities
3458 {CVE-2007-5760 CVE-2007-5958 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006}
3459 [sarge] - xfree86 4.3.0.dfsg.1-14sarge7
3460 [etch] - xorg-server 2:1.1.1-21etch3
3461 [17 Jan 2008] DSA-1465-2 apt-listchanges - arbitrary code execution
3462 {CVE-2008-0302}
3463 [etch] - apt-listchanges 2.72.5etch2
3464 [15 Jan 2008] DSA-1464-1 syslog-ng - denial of service
3465 {CVE-2007-6437}
3466 [etch] - syslog-ng 2.0.0-1etch1
3467 [14 Jan 2008] DSA-1463-1 postgresql-7.4 - several
3468 {CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601}
3469 [etch] - postgresql-7.4 7.4.19-0etch1
3470 [sarge] - postgresql 7.4.7-6sarge6
3471 [13 Jan 2008] DSA-1462-1 hplip - missing input sanitising
3472 {CVE-2007-5208}
3473 [etch] - hplip 1.6.10-3etch1
3474 [13 Jan 2008] DSA-1461-1 libxml2 - denial of service
3475 {CVE-2007-6284}
3476 [etch] - libxml2 2.6.27.dfsg-2
3477 [sarge] - libxml2 2.6.16-7sarge1
3478 [13 Jan 2008] DSA-1460-1 postgresql-8.1 - several
3479 {CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601}
3480 [etch] - postgresql-8.1 8.1.11-0etch1
3481 [13 Jan 2008] DSA-1459-1 gforge - SQL injection
3482 {CVE-2008-0173}
3483 [sarge] - gforge 3.1-31sarge5
3484 [etch] - gforge 4.5.14-22etch4
3485 [10 Jan 2008] DSA-1458-1 openafs
3486 {CVE-2007-6599}
3487 [etch] - openafs 1.4.2-6etch1
3488 [sarge] - openafs 1.3.81-3sarge3
3489 [09 Jan 2008] DSA-1457-1 dovecot
3490 {CVE-2007-6598}
3491 [etch] - dovecot 1.0.rc15-2etch3
3492 [09 Jan 2008] DSA-1456-1 fail2ban
3493 {CVE-2007-4321}
3494 [etch] - fail2ban 0.7.5-2etch1
3495 [08 Jan 2008] DSA-1455-1 libarchive
3496 {CVE-2007-3641 CVE-2007-3644 CVE-2007-3645}
3497 [etch] - libarchive 1.2.53-2etch1
3498 [07 Jan 2008] DSA-1454-1 freetype - arbitrary code execution
3499 {CVE-2007-1351}
3500 [etch] - freetype 2.2.1-5+etch2
3501 [07 Jan 2008] DSA-1453-1 tomcat5 - several vulnerabilities
3502 {CVE-2007-3382 CVE-2007-3385 CVE-2007-5461}
3503 [etch] - tomcat5 5.0.30-12etch1
3504 [06 Jan 2008] DSA-1452-1 wzdftpd denial of service
3505 {CVE-2007-5300}
3506 [etch] - wzdftpd 0.8.1-2etch1
3507 [sarge] - wzdftpd 0.5.2-1.1sarge3
3508 [06 Jan 2008] DSA-1451-1 mysql-dfsg-5.0 several vulnerabilities
3509 {CVE-2007-3781 CVE-2007-5969 CVE-2007-6304}
3510 [etch] - mysql-dfsg-5.0 5.0.32-7etch4
3511 [05 Jan 2008] DSA-1450-1 util-linux privilege escalation
3512 {CVE-2007-5191}
3513 [etch] - util-linux 2.12r-19etch1
3514 [sarge] - util-linux 2.12p-4sarge2
3515 [05 Jan 2008] DSA-1449-1 loop-aes-utils privilege escalation
3516 {CVE-2007-5191}
3517 [etch] - loop-aes-utils 2.12r-15+etch1
3518 [sarge] - loop-aes-utils 2.12p-4sarge2
3519 [05 Jan 2008] DSA-1448-1 eggdrop arbitrary code execution
3520 {CVE-2007-2807}
3521 [etch] - eggdrop 1.6.18-1etch1
3522 [sarge] - eggdrop 1.6.17-3sarge1
3523 [03 Jan 2008] DSA-1447-1 tomcat5.5 several vulnerabilities
3524 {CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 CVE-2007-5342 CVE-2007-5461}
3525 [etch] - tomcat5.5 5.5.20-2etch1
3526 [03 Jan 2008] DSA-1446-1 wireshark denial of service
3527 {CVE-2007-6450 CVE-2007-6451}
3528 [etch] - wireshark 0.99.4-5.etch.2
3529 [sarge] - ethereal 0.10.10-2sarge11
3530 [03 Jan 2008] DSA-1445-1 maradns denial of service
3531 {CVE-2008-0061}
3532 [etch] - maradns 1.2.12.04-1etch2
3533 [sarge] - maradns 1.0.27-2
3534 [03 Jan 2008] DSA-1444-1 php5 several issues
3535 {CVE-2007-3799 CVE-2007-3998 CVE-2007-4657 CVE-2007-4658 CVE-2007-4660 CVE-2007-4662 CVE-2007-5898 CVE-2007-5899}
3536 [etch] - php5 5.2.0-8+etch9
3537 [03 Jan 2008] DSA-1443-1 tcpreen buffer overflows
3538 {CVE-2007-6562}
3539 [etch] - tcpreen 1.4.3-0.1etch1
3540 [29 Dec 2007] DSA-1442-1 libsndfile
3541 {CVE-2007-4974}
3542 [etch] - libsndfile 1.0.16-2
3543 [28 Dec 2007] DSA-1441-1 peercast
3544 {CVE-2007-6454}
3545 [etch] - peercast 0.1217.toots.20060314-1etch0
3546 [28 Dec 2007] DSA-1440-1 inotify-tools
3547 {CVE-2007-5037}
3548 [etch] - inotify-tools 3.3-2
3549 [28 Dec 2007] DSA-1439-1 typo3-src
3550 {CVE-2007-6381}
3551 [etch] - typo3-src 4.0.2+debian-4
3552 [28 Dec 2007] DSA-1438-1 tar
3553 {CVE-2007-4131 CVE-2007-4476}
3554 [etch] - tar 1.16-2etch1
3555 [sarge] - tar 1.14-2.4
3556 [26 Dec 2007] DSA-1437-1 cupsys
3557 {CVE-2007-5849 CVE-2007-6358}
3558 [etch] - cupsys 1.2.7-4etch2
3559 [20 Dec 2007] DSA-1436-1 linux-2.6 fai-kernels user-mode-linux - several vulnerabilities
3560 {CVE-2006-6058 CVE-2007-5966 CVE-2007-6063 CVE-2007-6206 CVE-2007-6417}
3561 [etch] - linux-2.6 2.6.18.dfsg.1-13etch6
3562 [etch] - fai-kernels 1.17+etch.13etch6
3563 [etch] - user-mode-linux 2.6.18-1um-2etch.13etch6
3564 [19 Dec 2007] DSA-1435-1 clamav
3565 {CVE-2007-6335 CVE-2007-6336}
3566 [etch] - clamav 0.90.1-3etch8
3567 [16 Dec 2007] DSA-1434-1 mydns - denial of service
3568 {CVE-2007-2362}
3569 [etch] - mydns 1:1.1.0-7etch1
3570 [16 Dec 2007] DSA-1433-1 centericq - buffer overflow
3571 {CVE-2007-3713}
3572 [etch] - centericq 4.21.0-18etch1
3573 [sarge] - centericq 4.20.0-1sarge5
3574 [16 Dec 2007] DSA-1432-1 link-grammar - buffer overflow
3575 {CVE-2007-5395}
3576 [etch] - link-grammar 4.2.2-4etch1
3577 [11 Dec 2007] DSA-1431-1 ruby-gnome2 - format string
3578 {CVE-2007-6183}
3579 [etch] - ruby-gnome2 0.15.0-1.1etch1
3580 [sarge] - ruby-gnome2 0.12.0-2sarge1
3581 [11 Dec 2007] DSA-1430-1 libnss-ldap - information disclosure
3582 {CVE-2007-5794}
3583 [etch] - libnss-ldap 251-7.5etch1
3584 [sarge] - libnss-ldap 238-1sarge1
3585 [11 Dec 2007] DSA-1429-1 htdig - cross site scripting
3586 {CVE-2007-6110}
3587 [etch] - htdig 1:3.2.0b6-3.1etch1
3588 [10 Dec 2007] DSA-1428-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
3589 {CVE-2007-3104 CVE-2007-4997 CVE-2007-5500 CVE-2007-5904}
3590 [etch] - linux-2.6 2.6.18.dfsg.1-13etch5
3591 [etch] - fai-kernels 1.17+etch.13etch5
3592 [etch] - user-mode-linux 2.6.18-1um-2etch.13etch5
3593 [10 Dec 2007] DSA-1427-1 samba - buffer overflow
3594 {CVE-2007-6015}
3595 [etch] - samba 3.0.24-6etch9
3596 [sarge] - samba 3.0.14a-3sarge11
3597 [08 Dec 2007] DSA-1426-1 qt-x11-free - several vulnerabilities
3598 {CVE-2007-3388 CVE-2007-4137}
3599 [sarge] - qt-x11-free 3:3.3.4-3sarge3
3600 [etch] - qt-x11-free 3:3.3.7-4etch1
3601 [08 Dec 2007] DSA-1425-1 xulrunner - several vulnerabilities
3602 {CVE-2007-5947 CVE-2007-5959 CVE-2007-5960}
3603 [etch] - xulrunner 1.8.0.14~pre071019c-0etch1
3604 [08 Dec 2007] DSA-1424-1 iceweasel - several vulnerabilities
3605 {CVE-2007-5947 CVE-2007-5959 CVE-2007-5960}
3606 [etch] - iceweasel 2.0.0.10-0etch1
3607 [07 Dec 2007] DSA-1423-1 sitebar - several vulnerabilities
3608 {CVE-2007-5491 CVE-2007-5492 CVE-2007-5693 CVE-2007-5694 CVE-2007-5695 CVE-2007-5692}
3609 [etch] - sitebar 3.3.8-7etch1
3610 [sarge] - sitebar 3.2.6-7.1sarge1
3611 [07 Dec 2007] DSA-1422-1 e2fsprogs - arbitrary code execution
3612 {CVE-2007-5497}
3613 [etch] - e2fsprogs 1.39+1.40-WIP-2006.11.14+dfsg-2etch1
3614 [06 Dec 2007] DSA-1421-1 wesnoth - directory traversal
3615 {CVE-2007-5742}
3616 [sarge] - wesnoth 0.9.0-7
3617 [etch] - wesnoth 1.2-3
3618 [05 Dec 2007] DSA-1420-1 zabbix - programming error
3619 {CVE-2007-6210}
3620 [etch] - zabbix 1:1.1.4-10etch1
3621 [05 Dec 2007] DSA-1419-1 openoffice.org
3622 {CVE-2007-4575}
3623 [etch] - openoffice.org 2.0.4.dfsg.2-7etch4
3624 [etch] - hsqldb 1.8.0.7-1etch1
3625 [sarge] - openoffice.org <not-affected> (Vulnerable code not present)
3626 [sarge] - hsqldb <not-affected> (Vulnerable code not present)
3627 [02 Dec 2007] DSA-1418-1 cacti - SQL injection
3628 {CVE-2007-6035}
3629 [sarge] - cacti 0.8.6c-7sarge5
3630 [etch] - cacti 0.8.6i-3.2
3631 [02 Dec 2007] DSA-1417-1 asterisk - SQL injection
3632 {CVE-2007-6170}
3633 [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge6
3634 [etch] - asterisk 1:1.2.13~dfsg-2etch2
3635 [22 Nov 2007] DSA-1409-3 samba - several vulnerabilities (update)
3636 {CVE-2007-4572 CVE-2007-5398}
3637 [etch] - samba 3.0.24-6etch8
3638 [sarge] - samba 3.0.14a-3sarge10
3639 NOTE: this fixes all regressions introduced by the previous DSAs
3640 [27 Nov 2007] DSA-1416-1 tk8.3 - buffer overflow
3641 {CVE-2007-5378}
3642 [etch] - tk8.3 8.3.5-6etch1
3643 [27 Nov 2007] DSA-1415-1 tk8.4 - buffer overflow
3644 {CVE-2007-5378}
3645 [etch] - tk8.4 8.4.12-1etch1
3646 [sarge] - tk8.4 8.4.9-1sarge1
3647 [27 Nov 2007] DSA-1414-1 wireshark - several vulnerabilities
3648 {CVE-2007-6114 CVE-2007-6117 CVE-2007-6118 CVE-2007-6120 CVE-2007-6121}
3649 [etch] - wireshark 0.99.4-5.etch.1
3650 [sarge] - ethereal 0.10.10-2sarge10
3651 [26 Nov 2007] DSA-1413-1 mysql - multiple
3652 {CVE-2007-2583 CVE-2007-2691 CVE-2007-2692 CVE-2007-3780 CVE-2007-3782 CVE-2007-5925}
3653 [etch] - mysql-dfsg-5.0 5.0.32-7etch3
3654 [sarge] - mysql-dfsg 4.0.24-10sarge3
3655 [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge8
3656 [24 Nov 2007] DSA-1412-1 ruby1.9 - possible man-in-the-middle attacks
3657 {CVE-2007-5162 CVE-2007-5770}
3658 [etch] - ruby1.9 1.9.0+20060609-1etch1
3659 [24 Nov 2007] DSA-1411-1 libopenssl-ruby - possible man-in-the-middle attacks
3660 {CVE-2007-5162 CVE-2007-5770}
3661 [sarge] - libopenssl-ruby 0.1.4a-1sarge1
3662 NOTE: libopenssl-ruby is not in etch
3663 [24 Nov 2007] DSA-1410-1 ruby1.8 - possible man-in-the-middle attacks
3664 {CVE-2007-5162 CVE-2007-5770}
3665 [etch] - ruby1.8 1.8.5-4etch1
3666 [sarge] - ruby1.8 1.8.2-7sarge6
3667 [22 Nov 2007] DSA-1409-2 samba - several vulnerabilities
3668 {CVE-2007-4572 CVE-2007-5398}
3669 [etch] - samba 3.0.24-6etch7
3670 [sarge] - samba 3.0.14a-3sarge9
3671 NOTE: the previous DSA introduced regressions
3672 [22 Nov 2007] DSA-1409-1 samba - several vulnerabilities
3673 {CVE-2007-4572 CVE-2007-5398}
3674 [etch] - samba 3.0.24-6etch5
3675 [sarge] - samba 3.0.14a-3sarge7
3676 [21 Nov 2007] DSA-1408-1 kdegraphics - buffer overflow with arbitrary code execution
3677 {CVE-2007-5393}
3678 [etch] - kdegraphics 4:3.5.5-3etch2
3679 [18 Nov 2007] DSA-1407-1 cupsys - buffer overflow with arbitrary code execution
3680 {CVE-2007-4351}
3681 [etch] - cupsys 1.2.7-4etch1
3682 [11 Nov 2007] DSA-1405-2 zope-cmfplone - arbitrary code
3683 {CVE-2007-5741}
3684 [etch] - zope-cmfplone 2.5.1-4etch2
3685 NOTE: the previous DSA introduced a regression
3686 [09 Nov 2007] DSA-1406-1 horde3 - several vulnerabilities
3687 {CVE-2006-3548 CVE-2006-3549 CVE-2006-4256 CVE-2007-1473 CVE-2007-1474}
3688 [sarge] - horde3 3.0.4-4sarge6
3689 [etch] - horde3 3.1.3-4etch1
3690 [09 Nov 2007] DSA-1405-1 zope-cmfplone - arbitrary code
3691 {CVE-2007-5741}
3692 [etch] - zope-cmfplone 2.5.1-4etch1
3693 [08 Nov 2007] DSA-1404-1 gallery2 - privilege escalation
3694 {CVE-2007-4650}
3695 [etch] - gallery2 2.1.2-2.0.etch.1
3696 [08 Nov 2007] DSA-1403-1 phpmyadmin - cross-site scripting
3697 {CVE-2007-5386 CVE-2007-5589}
3698 [sarge] - phpmyadmin 4:2.6.2-3sarge6
3699 [etch] - phpmyadmin 4:2.9.1.1-6
3700 [08 Nov 2007] DSA-1402-1 gforge - insecure temporary files
3701 {CVE-2007-3921}
3702 [sarge] - gforge 3.1-31sarge4
3703 [etch] - gforge 4.5.14-22etch3
3704 [06 Nov 2007] DSA-1400-1 perl - arbitrary code execution
3705 {CVE-2007-5116}
3706 [sarge] - perl 5.8.4-8sarge6
3707 [etch] - perl 5.8.8-7etch1
3708 [05 Nov 2007] DSA-1401-1 iceape - several vulnerabilities
3709 {CVE-2006-2894 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340}
3710 [etch] - iceape 1.0.11~pre071022-0etch1
3711 [05 Nov 2007] DSA-1399-1 pcre3 - arbitrary code execution
3712 {CVE-2007-1659 CVE-2007-1660 CVE-2007-1661 CVE-2007-1662 CVE-2007-4766 CVE-2007-4767 CVE-2007-4768}
3713 [sarge] - pcre3 4.5+7.4-1
3714 [etch] - pcre3 6.7+7.4-2
3715 [05 Nov 2007] DSA-1398-1 perdition - format string vulnerability
3716 {CVE-2007-5740}
3717 [etch] - perdition 1.17-7etch1
3718 [sarge] - perdition 1.15-5sarge1
3719 [03 Nov 2007] DSA-1397-1 mono - buffer overflow
3720 {CVE-2007-5197}
3721 [etch] - mono 1.2.2.1-1etch1
3722 [29 Oct 2007] DSA-1388-3 dhcp - buffer overflow
3723 {CVE-2007-5365}
3724 [etch] - dhcp 2.0pl5-19.5etch2
3725 NOTE: DSA-1388-1 was incomplete
3726 [27 Oct 2007] DSA-1396-1 iceweasel
3727 {CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5335 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340}
3728 [etch] - iceweasel 2.0.0.6+2.0.0.8-0etch1
3729 [25 Oct 2007] DSA-1395-1 xen-3.0 - insecure temporary files
3730 {CVE-2007-3919}
3731 [etch] - xen-3.0 3.0.3-0-4
3732 [24 Oct 2007] DSA-1389-2 zoph - SQL injection
3733 {CVE-2007-3905}
3734 [sarge] - zoph 0.3.3-12sarge3
3735 [23 Oct 2007] DSA-1394-1 reprepro - authentication bypass
3736 {CVE-2007-4739}
3737 [etch] - reprepro 1.3.1+1-1
3738 [23 Oct 2007] DSA-1393-1 xfce4-terminal - insecure execution
3739 {CVE-2007-3770}
3740 [etch] - xfce4-terminal 0.2.5.6rc1-2etch1
3741 [23 Oct 2007] DSA-1373-2 ktorrent - directory traversal
3742 {CVE-2007-1799}
3743 [etch] - ktorrent 2.0.3+dfsg1-2.2etch1
3744 [20 Oct 2007] DSA-1392-1 xulrunner - several vulnerabilities
3745 {CVE-2006-2894 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340}
3746 [etch] - xulrunner 1.8.0.14~pre071019b-0etch1
3747 [19 Oct 2007] DSA-1391-1 icedove - several vulnerabilities
3748 {CVE-2007-3734 CVE-2007-3735 CVE-2007-3844 CVE-2007-3845 CVE-2007-5339 CVE-2007-5340}
3749 [etch] - icedove 1.5.0.13+1.5.0.14b.dfsg1-0etch1
3750 [18 Oct 2007] DSA-1390-1 t1lib - arbitrary code execution
3751 {CVE-2007-4033}
3752 [sarge] - t1lib 5.0.2-3sarge1
3753 [etch] - t1lib 5.1.0-2etch1
3754 [18 Oct 2007] DSA-1389-1 zoph - SQL injection
3755 {CVE-2007-3905}
3756 [etch] - zoph 0.6-2.1etch1
3757 [18 Oct 2007] DSA-1388-1 dhcp
3758 {CVE-2007-5365}
3759 [etch] - dhcp 2.0pl5-19.5etch1
3760 [sarge] - dhcp 2.0pl5-19.1sarge3
3761 [15 Oct 2007] DSA-1387-1 librpcsecgss
3762 {CVE-2007-4743}
3763 [etch] - librpcsecgss 0.14-2etch3
3764 [15 Oct 2007] DSA-1386-1 wesnoth
3765 {CVE-2007-3917}
3766 [etch] - wesnoth 1.2-2
3767 [sarge] - wesnoth 0.9.0-6
3768 [08 Oct 2007] DSA-1385-1 xfs
3769 {CVE-2007-4568 CVE-2007-4990}
3770 [etch] - xfs 1.0.1-7
3771 [sarge] - xfree86 4.3.0.dfsg.1-14sarge5
3772 [05 Oct 2007] DSA-1384-1 xen-3.0
3773 {CVE-2007-4993 CVE-2007-1320}
3774 [etch] - xen-3.0 3.0.3-0-3
3775 [04 Oct 2007] DSA-1383-1 gforge - cross-site scripting
3776 {CVE-2007-3918}
3777 [sarge] - gforge 3.1-31sarge3
3778 [etch] - gforge 4.5.14-22etch2
3779 [03 Oct 2007] DSA-1382-1 quagga
3780 {CVE-2007-4826}
3781 [etch] - quagga 0.99.5-5etch3
3782 [sarge] - quagga 0.98.3-7.5
3783 [02 Oct 2007] DSA-1381-2 linux-2.6
3784 {CVE-2006-5755 CVE-2007-4133 CVE-2007-4573 CVE-2007-5093}
3785 [etch] - linux-2.6 2.6.18.dfsg.1-13etch4
3786 [02 Oct 2007] DSA-1380-1 elinks - information disclosure
3787 {CVE-2007-5034}
3788 [etch] - elinks 0.11.1-1.2etch1
3789 [02 Oct 2007] DSA-1379-1 openssl - arbitrary code execution
3790 {CVE-2007-5135}
3791 [sarge] - openssl 0.9.7e-3sarge5
3792 [sarge] - openssl096 0.9.6m-1sarge5
3793 [etch] - openssl 0.9.8c-4etch1
3794 [etch] - openssl097 0.9.7k-3.1etch1
3795 [02 Oct 2007] DSA-1365-3 id3lib3.8.3 - denial of service
3796 {CVE-2007-4460}
3797 [sarge] - id3lib3.8.3 3.8.3-4.1sarge1
3798 [etch] - id3lib3.8.3 3.8.3-6etch1
3799 [28 Sep 2007] DSA-1378-2 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
3800 {CVE-2007-3731 CVE-2007-3739 CVE-2007-3740 CVE-2007-4573 CVE-2007-4849}
3801 [etch] - linux-2.6 2.6.18.dfsg.1-13etch3
3802 [etch] - fai-kernels 1.17+etch.13etch3
3803 [etch] - user-mode-linux 2.6.18-1um-2etch.13etch3
3804 [27 Sep 2007] DSA-1378-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
3805 {CVE-2007-3731 CVE-2007-3739 CVE-2007-3740 CVE-2007-4573 CVE-2007-4849}
3806 [etch] - linux-2.6 2.6.18.dfsg.1-13etch3
3807 [etch] - fai-kernels 1.17+etch.13etch3
3808 [etch] - user-mode-linux 2.6.18-1um-2etch.13etch3
3809 [02 Aug 2007] DSA-1343-2 file
3810 {CVE-2007-2799}
3811 [etch] - file 4.17-5etch3
3812 [21 Sep 2007] DSA-1377-2 fetchmail - null pointer dereference
3813 {CVE-2007-4565}
3814 [etch] - fetchmail 6.3.6-1etch1
3815 [21 Sep 2007] DSA-1376-1 kdebase - programming error
3816 {CVE-2007-4569}
3817 [etch] - kdebase 4:3.5.5a.dfsg.1-6etch1
3818 [19 Sep 2007] DSA-1364-2 vim - several vulnerabilities
3819 {CVE-2007-2438 CVE-2007-2953}
3820 [etch] - vim 1:7.0-122+1etch3
3821 [17 Sep 2007] DSA-1375-1 openoffice.org - buffer overflow
3822 {CVE-2007-2834}
3823 [etch] - openoffice.org 2.0.4.dfsg.2-7etch2
3824 [sarge] - openoffice.org 1.1.3-9sarge8
3825 [11 Sep 2007] DSA-1373-1 ktorrent - directory traversal vulnerabilities
3826 {CVE-2007-1799}
3827 [etch] - ktorrent 2.0.3+dfsg1-2etch1
3828 [11 Sep 2007] DSA-1374-1 jffnms - several vulnerabilities
3829 {CVE-2007-3189 CVE-2007-3190 CVE-2007-3191 CVE-2007-3192}
3830 [etch] - jffnms 0.8.3dfsg.1-2.1etch1
3831 [11 Sep 2007] DSA-1371-1 phpwiki - several vulnerabilities
3832 {CVE-2007-2024 CVE-2007-2025 CVE-2007-3193}
3833 [etch] - phpwiki 1.3.12p3-5etch1
3834 [10 Sep 2007] DSA-1370-2 phpmyadmin - several vulnerabilities
3835 {CVE-2006-6942 CVE-2006-6944 CVE-2007-1325 CVE-2007-1395 CVE-2007-2245}
3836 [sarge] - phpmyadmin 4:2.6.2-3sarge5
3837 [etch] - phpmyadmin 4:2.9.1.1-4
3838 [09 Sep 2007] DSA-1365-2 id3lib3.8.3 - denial of service
3839 {CVE-2007-4460}
3840 [etch] - id3lib3.8.3 3.8.3-6etch1
3841 [09 Sep 2007] DSA-1372-1 xorg-server - privilege escalation
3842 {CVE-2007-4730}
3843 [etch] - xorg-server 2:1.1.1-21etch1
3844 [10 Sep 2007] DSA-1370-1 phpmyadmin - several vulnerabilities
3845 {CVE-2006-6942 CVE-2006-6944 CVE-2007-1325 CVE-2007-1395 CVE-2007-2245}
3846 [sarge] - phpmyadmin 4:2.6.2-3sarge5
3847 [etch] - phpmyadmin 4:2.9.1.1-4
3848 [06 Sep 2007] DSA-1369-1 gforge - SQL injection
3849 {CVE-2007-3913}
3850 [sarge] - gforge 3.1-31sarge2
3851 [etch] - gforge 4.5.14-22etch1
3852 [04 Sep 2007] DSA-1368-1 librpcsecgss - arbitrary code execution
3853 {CVE-2007-3999}
3854 [etch] - librpcsecgss 0.14-2etch1
3855 [06 Sep 2007] DSA-1367-1 krb5 - arbitrary code execution
3856 {CVE-2007-3999 CVE-2007-4743}
3857 [etch] - krb5 1.4.4-7etch4
3858 [02 Sep 2007] DSA-1288-2 pptpd - regression
3859 {CVE-2007-0244}
3860 [etch] - pptpd 1.3.0-2etch2
3861 [01 Sep 2007] DSA-1366-1 clamav
3862 {CVE-2007-4510 CVE-2007-4560}
3863 [etch] - clamav 0.90.1-3etch7
3864 [01 Sep 2007] DSA-1365-1 id3lib3.8.3
3865 {CVE-2007-4460}
3866 [sarge] - id3lib3.8.3 3.8.3-4.1sarge1
3867 [etch] - id3lib3.8.3 3.8.3-6etch1
3868 [01 Sep 2007] DSA-1364-1 vim
3869 {CVE-2007-2438 CVE-2007-2953}
3870 [sarge] - vim 1:6.3-071+1sarge2
3871 [etch] - vim 1:7.0-122+1etch3
3872 [31 Aug 2007] DSA-1363-1 linux-2.6
3873 {CVE-2007-2172 CVE-2007-2875 CVE-2007-3105 CVE-2007-3843 CVE-2007-4308}
3874 [etch] - linux-2.6 2.6.18.dfsg.1-13etch2
3875 [29 Aug 2007] DSA-1362-1 lighttpd - several vulnerabilities
3876 {CVE-2007-3946 CVE-2007-3947 CVE-2007-3949 CVE-2007-3950 CVE-2007-4727}
3877 [etch] - lighttpd 1.4.13-4etch4
3878 [29 Aug 2007] DSA-1361-1 postfix-policyd - arbitrary code execution
3879 {CVE-2007-3791}
3880 [etch] - postfix-policyd 1.80-2.1etch1
3881 [28 Aug 2007] DSA-1360-1 rsync - arbitrary code execution
3882 {CVE-2007-4091}
3883 [etch] - rsync 2.6.9-2etch1
3884 [28 Aug 2007] DSA-1359-1 dovecot - directory traversal
3885 {CVE-2007-2231}
3886 [etch] - dovecot 1.0.rc15-2etch1
3887 [26 Aug 2007] DSA-1358-1 asterisk
3888 {CVE-2007-1306 CVE-2007-1561 CVE-2007-2294 CVE-2007-2297 CVE-2007-2488 CVE-2007-3762 CVE-2007-3763 CVE-2007-3764}
3889 [etch] - asterisk 1:1.2.13~dfsg-2etch1
3890 [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge5
3891 [19 Aug 2007] DSA-1357-1 koffice - integer overflow
3892 {CVE-2007-3387}
3893 [etch] - koffice 1:1.6.1-2etch1
3894 [15 Aug 2007] DSA-1356-1 linux-2.6 - several vulnerabilities
3895 {CVE-2007-1353 CVE-2007-2172 CVE-2007-2453 CVE-2007-2525 CVE-2007-2876 CVE-2007-3513 CVE-2007-3642 CVE-2007-3848 CVE-2007-3851 CVE-2007-2242 CVE-2006-5753}
3896 [etch] - linux-2.6 2.6.18.dfsg.1-13etch1
3897 NOTE: The above entry includes fixes pulled in through -13 in 4.0r1
3898 [13 Aug 2007] DSA-1355-1 kdegraphics - integer overflow
3899 {CVE-2007-3387}
3900 [sarge] - kdegraphics 4:3.3.2-2sarge5
3901 [etch] - kdegraphics 4:3.5.5-3etch1
3902 [13 Aug 2007] DSA-1354-1 gpdf - integer overflow
3903 {CVE-2007-3387}
3904 [sarge] - gpdf 2.8.2-1.2sarge6
3905 [08 Aug 2007] DSA-1353-1 tcpdump - integer overflow
3906 {CVE-2007-3798}
3907 [sarge] - tcpdump 3.8.3-5sarge3
3908 [etch] - tcpdump 3.9.5-2etch1
3909 [07 Aug 2007] DSA-1352-1 pdfkit.framework - integer overflow
3910 {CVE-2007-3387}
3911 [sarge] - pdfkit.framework 0.8-2sarge4
3912 [07 Aug 2007] DSA-1351-1 bochs - buffer overflow
3913 {CVE-2007-2893}
3914 [sarge] - bochs 2.1.1+20041109-3sarge1
3915 [etch] - bochs 2.3-2etch1
3916 [06 Aug 2007] DSA-1350-1 tetex-bin
3917 {CVE-2007-3387}
3918 [sarge] - tetex-bin 2.0.2-30sarge5
3919 [05 Aug 2007] DSA-1349-1 libextractor - integer overflow
3920 {CVE-2007-3387}
3921 [sarge] - libextractor 0.4.2-2sarge6
3922 [04 Aug 2007] DSA-1348-1 poppler
3923 {CVE-2007-3387}
3924 [etch] - poppler 0.4.5-5.1etch1
3925 [04 Aug 2007] DSA-1347-1 xpdf
3926 {CVE-2007-3387}
3927 [etch] - xpdf 3.01-9etch1
3928 [sarge] - xpdf 3.00-13.7
3929 [04 Aug 2007] DSA-1346-1 iceape
3930 {CVE-2007-3844 CVE-2007-3845 CVE-2007-4041}
3931 [etch] - iceape 1.0.10~pre070720-0etch3
3932 [04 Aug 2007] DSA-1345-1 xulrunner
3933 {CVE-2007-3844 CVE-2007-3845 CVE-2007-4041}
3934 [etch] - xulrunner 1.8.0.13~pre070720-0etch3
3935 [03 Aug 2007] DSA-1344-1 iceweasel
3936 {CVE-2007-3844 CVE-2007-3845 CVE-2007-4041}
3937 [etch] - iceweasel 2.0.0.6-0etch1
3938 [02 Aug 2007] DSA-1343-1 file
3939 {CVE-2007-2799}
3940 [sarge] - file 4.12-1sarge2
3941 [etch] - file 4.17-5etch2
3942 [30 Jul 2007] DSA-1342-1 xfs
3943 {CVE-2007-3103}
3944 [etch] - xfs 1:1.0.1-6
3945 [25 Jul 2007] DSA-1341-2 bind9 - DNS cache poisoning vulnerability
3946 {CVE-2007-2926}
3947 [etch] - bind9 1:9.3.4-2etch1
3948 [sarge] - bind9 1:9.2.4-1sarge3
3949 [24 Jul 2007] DSA-1340-1 clamav - null pointer dereference
3950 {CVE-2007-3725}
3951 [etch] - clamav 0.90.1-3etch4
3952 [24 Jul 2007] DSA-1339-1 iceape - several
3953 {CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738}
3954 [etch] - iceape 1.0.10~pre070720-0etch1
3955 [23 Jul 2007] DSA-1338-1 iceweasel
3956 {CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738 CVE-2007-4038}
3957 [etch] - iceweasel 2.0.0.5-0etch1
3958 [22 Jul 2007] DSA-1337-1 xulrunner
3959 {CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738}
3960 [etch] - xulrunner 1.8.0.13~pre070720-0etch1
3961 [22 Jul 2007] DSA-1336-1 mozilla-firefox
3962 {CVE-2007-1282 CVE-2007-0994 CVE-2007-0995 CVE-2007-0996 CVE-2007-0981 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0778 CVE-2007-0045 CVE-2006-6077}
3963 [sarge] - mozilla-firefox 1.0.4-2sarge17
3964 [18 Jul 2007] DSA-1335-1 gimp
3965 {CVE-2006-4519 CVE-2007-2949}
3966 [sarge] - gimp 2.2.6-1sarge4
3967 [etch] - gimp 2.2.13-1etch4
3968 [18 Jul 2007] DSA-1334-1 freetype
3969 {CVE-2007-2754}
3970 [sarge] - freetype 2.1.7-8
3971 [18 Jul 2007] DSA-1333-1 curl
3972 {CVE-2007-3564}
3973 [etch] - curl 7.15.5-1etch1
3974 [09 Jul 2007] DSA-1332-1 vlc
3975 {CVE-2007-3316 CVE-2007-3467 CVE-2007-3468}
3976 [sarge] - vlc 0.8.1.svn20050314-1sarge3
3977 [etch] - vlc 0.8.6-svn20061012.debian-5etch1
3978 [07 Jul 2007] DSA-1331-1 php4 - several vulnerabilities
3979 {CVE-2006-0207 CVE-2006-4486 CVE-2007-1864}
3980 [sarge] - php4 4:4.3.10-22
3981 [etch] - php4 6:4.4.4-8+etch4
3982 [07 Jul 2007] DSA-1330-1 php5 - several vulnerabilities
3983 {CVE-2007-1399 CVE-2007-1864}
3984 [etch] - php5 5.2.0-8+etch7
3985 [05 Jul 2007] DSA-1329-1 gfax - insecure temporary files
3986 {CVE-2007-2839}
3987 [sarge] - gfax 0.4.2-11sarge1
3988 [01 Jul 2007] DSA-1328-1 unicon - buffer overflow
3989 {CVE-2007-2835}
3990 [etch] - unicon 3.0.4-11etch1
3991 [01 Jul 2007] DSA-1327-1 gsambad - insecure temporary files
3992 {CVE-2007-2838}
3993 [etch] - gsambad 0.1.4-2etch1
3994 [01 Jul 2007] DSA-1326-1 fireflier
3995 {CVE-2007-2837}
3996 [sarge] - fireflier 1.1.5-1sarge1
3997 [etch] - fireflier 1.1.6-3etch1
3998 [29 Jun 2007] DSA-1325-1 evolution
3999 {CVE-2007-1002 CVE-2007-3257}
4000 [sarge] - evolution 2.0.4-2sarge2
4001 [etch] - evolution 2.6.3-6etch1
4002 [28 Jun 2007] DSA-1324-1 hiki
4003 {CVE-2007-2836}
4004 [etch] - hiki 0.8.6-1etch1
4005 [28 Jun 2007] DSA-1323-1 krb5
4006 {CVE-2007-2442 CVE-2007-2443 CVE-2007-2798}
4007 [sarge] - krb5 1.3.6-2sarge5
4008 [etch] - krb5 1.4.4-7etch2
4009 [27 Jun 2007] DSA-1322-1 wireshark
4010 {CVE-2007-3390 CVE-2007-3392 CVE-2007-3393}
4011 [etch] - wireshark 0.99.4-5.etch.0
4012 [23 Jun 2007] DSA-1321-1 evolution-data-server
4013 {CVE-2007-3257}
4014 [etch] - evolution-data-server 1.6.3-5etch1
4015 [23 Jun 2007] DSA-1320-1 clamav
4016 {CVE-2007-2650 CVE-2007-3023 CVE-2007-3024 CVE-2007-3122 CVE-2007-3123}
4017 [sarge] - clamav 0.84-2.sarge.17
4018 [etch] - clamav 0.90.1-3etch3
4019 [23 Jun 2007] DSA-1319-1 maradns
4020 {CVE-2007-3114 CVE-2007-3115 CVE-2007-3116}
4021 [etch] - maradns 1.2.12.04-1etch1
4022 [23 Jun 2007] DSA-1318-1 ekg
4023 {CVE-2005-2370 CVE-2005-2448 CVE-2007-1663 CVE-2007-1664 CVE-2007-1665}
4024 [sarge] - ekg 1:1.5+20050411-7
4025 [etch] - ekg 1:1.7~rc2-1etch1
4026 [23 Jun 2007] DSA-1317-1 tinymux
4027 {CVE-2007-1655}
4028 [etch] - tinymux 2.4.3.31-1etch1
4029 [21 Jun 2007] DSA-1316-1 emacs21
4030 {CVE-2007-2833}
4031 [etch] - emacs21 21.4a+1-3etch1
4032 [19 Jun 2007] DSA-1315-1 libphp-phpmailer
4033 {CVE-2007-3215}
4034 [etch] - libphp-phpmailer 1.73-2etch1
4035 [19 Jun 2007] DSA-1314-1 open-iscsi
4036 {CVE-2007-3099 CVE-2007-3100}
4037 [etch] - open-iscsi 2.0.730-1etch1
4038 [19 Jun 2007] DSA-1313-1 mplayer
4039 {CVE-2007-2948}
4040 [etch] - mplayer 1.0~rc1-12etch1
4041 [18 Jun 2007] DSA-1312-1 libapache-mod-jk
4042 {CVE-2007-1860}
4043 [etch] - libapache-mod-jk 1:1.2.18-3etch1
4044 [sarge] - libapache-mod-jk 1:1.2.5-2sarge1
4045 [17 Jun 2007] DSA-1311-1 postgresql-7.4
4046 {CVE-2007-2138}
4047 [etch] - postgresql-7.4 1:7.4.17-0etch1
4048 [sarge] - postgresql 7.4.7-6sarge5
4049 [16 Jun 2007] DSA-1310-1 libexif
4050 {CVE-2006-4168}
4051 [etch] - libexif 0.6.13-5etch1
4052 [sarge] - libexif 0.6.9-6sarge1
4053 [16 Jun 2007] DSA-1309-1 postgresql-8.1
4054 {CVE-2007-2138}
4055 [etch] - postgresql-8.1 8.1.9-0etch1
4056 [14 Jun 2007] DSA-1308-1 iceweasel - several vulnerabilities
4057 {CVE-2007-1116 CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871}
4058 [etch] - iceweasel 2.0.0.4-0etch1
4059 [12 Jun 2007] DSA-1307-1 openoffice.org - heap overflow
4060 {CVE-2007-0245}
4061 [sarge] - openoffice.org 1.1.3-9sarge7
4062 [etch] - openoffice.org 2.0.4.dfsg.2-7etch1
4063 [12 Jun 2007] DSA-1306-1 xulrunner
4064 {CVE-2007-1116 CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871}
4065 [etch] - xulrunner 1.8.0.12-0etch1
4066 [13 Jun 2007] DSA-1305-1 icedove - several vulnerabilities
4067 {CVE-2007-1558 CVE-2007-2867 CVE-2007-2868}
4068 [etch] - icedove 1.5.0.12.dfsg1-0etch1
4069 [16 Jun 2007] DSA-1304 kernel-source-2.6.8 - several
4070 {CVE-2005-4811 CVE-2006-4814 CVE-2006-4623 CVE-2006-5753 CVE-2006-5754 CVE-2006-5757 CVE-2006-6053 CVE-2006-6056 CVE-2006-6060 CVE-2006-6106 CVE-2006-6535 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592}
4071 [sarge] - kernel-source-2.6.8 2.6.8-16sarge7
4072 [10 Jun 2007] DSA-1303-1 lighttpd - denial of service
4073 {CVE-2007-1869 CVE-2007-1870}
4074 [etch] - lighttpd 1.4.13-4etch1
4075 [10 Jun 2007] DSA-1302-1 freetype - integer overflow
4076 {CVE-2007-2754}
4077 [etch] - freetype 2.2.1-5+etch1
4078 [09 Jun 2007] DSA-1301-1 gimp
4079 {CVE-2007-2356}
4080 [sarge] - gimp 2.2.6-1sarge2
4081 [etch] - gimp 2.2.13-1etch1
4082 [07 Jun 2007] DSA-1300-1 iceape
4083 {CVE-2007-1116 CVE-2007-1362 CVE-2007-1558 CVE-2007-2867 CVE-2007-2868 CVE-2007-2870 CVE-2007-2871}
4084 [etch] - iceape 1.0.9-0etch1
4085 [07 Jun 2007] DSA-1299-1 ipsec-tools
4086 {CVE-2007-1841}
4087 [etch] - ipsec-tools 1:0.6.6-3.1etch1
4088 [28 May 2007] DSA-1298-1 otrs2
4089 {CVE-2007-2524}
4090 [etch] - otrs2 2.0.4p01-17
4091 [24 May 2007] DSA-1297-1 gforge-plugin-scmcvs
4092 {CVE-2007-0246}
4093 [etch] - gforge-plugin-scmcvs 4.5.14-5etch1
4094 [21 May 2007] DSA-1296-1 php4
4095 {CVE-2007-2509}
4096 [etch] - php4 6:4.4.4-8+etch3
4097 [sarge] - php4 4:4.3.10-21
4098 [19 May 2007] DSA-1295-1 php5
4099 {CVE-2007-2509 CVE-2007-2510}
4100 [etch] - php5 5.2.0-8+etch4
4101 [17 May 2007] DSA-1294-1 xfree86
4102 {CVE-2007-1003 CVE-2007-1351 CVE-2007-1352 CVE-2007-1667}
4103 [sarge] - xfree86 4.3.0.dfsg.1-14sarge4
4104 [17 May 2007] DSA-1293-1 quagga
4105 {CVE-2007-1995}
4106 [sarge] - quagga 0.98.3-7.4
4107 [etch] - quagga 0.99.5-5etch2
4108 [15 May 2007] DSA-1292-1 qt4-x11
4109 {CVE-2007-0242}
4110 [etch] - qt4-x11 4.2.1-2etch1
4111 [17 May 2007] DSA-1291-2 samba
4112 {CVE-2007-2444 CVE-2007-2446 CVE-2007-2447}
4113 [etch] - samba 3.0.24-6etch2
4114 [sarge] - samba 3.0.14a-3sarge6
4115 [13 May 2007] DSA-1290-1 squirrelmail
4116 {CVE-2007-1262 CVE-2007-2589}
4117 [sarge] - squirrelmail 2:1.4.4-11
4118 [etch] - squirrelmail 2:1.4.9a-2
4119 [13 May 2007] DSA-1289-1 linux-2.6
4120 {CVE-2007-1496 CVE-2007-1497 CVE-2007-1861}
4121 [etch] - linux-2.6 2.6.18.dfsg.1-12etch2
4122 [08 May 2007] DSA-1288-1 pptpd
4123 {CVE-2007-0244}
4124 [etch] - pptpd 1.3.0-2etch1
4125 [07 May 2007] DSA-1287-1 ldap-account-manager
4126 {CVE-2006-7191 CVE-2007-1840}
4127 [sarge] - ldap-account-manager 0.4.9-2sarge1
4128 [02 May 2007] DSA-1286-1 linux-2.6
4129 {CVE-2007-0005 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592}
4130 [etch] - linux-2.6 2.6.18.dfsg.1-12etch1
4131 [01 May 2007] DSA-1285-1 wordpress
4132 {CVE-2007-1622 CVE-2007-1893 CVE-2007-1894 CVE-2007-1897 CVE-2007-4483}
4133 [etch] - wordpress 2.0.10-1
4134 [01 May 2007] DSA-1284-1 qemu
4135 {CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1366 CVE-2007-5729 CVE-2007-5730}
4136 [sarge] - qemu 0.6.1+20050407-1sarge1
4137 [etch] - qemu 0.8.2-4etch1
4138 [29 Apr 2007] DSA-1283-1 php5
4139 {CVE-2007-1286 CVE-2007-1375 CVE-2007-1376 CVE-2007-1380 CVE-2007-1453 CVE-2007-1454 CVE-2007-1521 CVE-2007-1583 CVE-2007-1700 CVE-2007-1711 CVE-2007-1718 CVE-2007-1777 CVE-2007-1824 CVE-2007-1887 CVE-2007-1889 CVE-2007-1900 CVE-2007-1522}
4140 [etch] - php5 5.2.0-8+etch3
4141 [26 Apr 2007] DSA-1282-1 php4
4142 {CVE-2007-1286 CVE-2007-1380 CVE-2007-1521 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718 CVE-2007-1777}
4143 [sarge] - php4 4:4.3.10-20
4144 [etch] - php4 6:4.4.4-8+etch2
4145 [25 Apr 2007] DSA-1281-1 clamav - several vulnerabilities
4146 {CVE-2007-1745 CVE-2007-1997 CVE-2007-2029}
4147 [sarge] - clamav 0.84-2.sarge.16
4148 [etch] - clamav 0.90.1-3etch1
4149 [24 Apr 2007] DSA-1280-1 aircrack-ng - buffer overflow
4150 {CVE-2007-2057}
4151 [etch] - aircrack-ng 1:0.6.2-7etch1
4152 [22 Apr 2007] DSA-1279-1 webcalendar - missing input sanitising
4153 {CVE-2006-6669}
4154 [sarge] - webcalendar 0.9.45-4sarge7
4155 [06 Apr 2007] DSA-1278-1 man-db - buffer overflow
4156 {CVE-2006-4250}
4157 [sarge] - man-db 2.4.2-21sarge1
4158 [04 Apr 2007] DSA-1277-1 xmms - several
4159 {CVE-2007-0654 CVE-2007-0653}
4160 [sarge] - xmms 1.2.10+cvs20050209-2sarge1
4161 [etch] - xmms 1:1.2.10+20061101-1etch1
4162 [03 Apr 2007] DSA-1276-1 krb5 - several vulnerabilities
4163 {CVE-2007-0956 CVE-2007-0957 CVE-2007-1216}
4164 [sarge] - krb5 1.3.6-2sarge4
4165 [etch] - krb5 1.4.4-7etch1
4166 [02 Apr 2007] DSA-1275-1 zope2.7 - cross-site scripting
4167 {CVE-2007-0240}
4168 [sarge] - zope2.7 2.7.5-2sarge4
4169 [02 Apr 2007] DSA-1274-1 file - buffer overflow
4170 {CVE-2007-1536}
4171 [sarge] - file 4.12-1sarge1
4172 [etch] - file 4.17-5etch1
4173 [27 Mar 2007] DSA-1273-1 nas - several vulnerabilities
4174 {CVE-2007-1543 CVE-2007-1544 CVE-2007-1545 CVE-2007-1546 CVE-2007-1547}
4175 [sarge] - nas 1.7-2sarge1
4176 [22 Mar 2007] DSA-1272-1 tcpdump - buffer overflow
4177 {CVE-2007-1218}
4178 [sarge] - tcpdump 3.8.3-5sarge2
4179 [20 Mar 2007] DSA-1271-1 openafs - design error
4180 {CVE-2007-1507}
4181 [sarge] - openafs 1.3.81-3sarge2
4182 [20 Mar 2007] DSA-1270-1 openoffice.org - several vulnerabilities
4183 {CVE-2007-0002 CVE-2007-0238 CVE-2007-0239}
4184 [sarge] - openoffice.org 1.1.3-9sarge6
4185 [18 Mar 2007] DSA-1269-1 lookup-el - insecure temporary file
4186 {CVE-2007-0237}
4187 [sarge] - lookup-el 1.4-3sarge1
4188 [17 Mar 2007] DSA-1268-1 libwpd - integer overflow
4189 {CVE-2007-0002}
4190 [sarge] - libwpd 0.8.1-1sarge1
4191 [etch] - libwpd 0.8.7-6
4192 [15 Mar 2006] DSA-1267-1 webcalendar - missing input sanitising
4193 {CVE-2007-1343}
4194 [sarge] - webcalendar 0.9.45-4sarge6
4195 [13 Mar 2007] DSA-1266-1 gnupg - several vulnerabilities
4196 {CVE-2007-1263}
4197 [sarge] - gnupg 1.4.1-1.sarge7
4198 [10 Dec 2006] DSA-1265-1 mozilla
4199 {CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501 CVE-2006-6502 CVE-2006-6503 CVE-2006-6505}
4200 [sarge] - mozilla 2:1.7.8-1sarge10
4201 [07 Mar 2007] DSA-1264-1 php4
4202 {CVE-2007-0906 CVE-2007-0907 CVE-2007-0908 CVE-2007-0909 CVE-2007-0910 CVE-2007-0988}
4203 [sarge] - php4 4:4.3.10-19
4204 [06 Mar 2007] DSA-1263-1 clamav
4205 {CVE-2007-0897 CVE-2007-0898 CVE-2007-0899}
4206 [sarge] - clamav 0.84-2.sarge.15
4207 NOTE: We fixed the issue, but it's not 100% confirmed, that this is -0899
4208 [04 Mar 2007] DSA-1262-1 gnomemeeting
4209 {CVE-2007-1007}
4210 [sarge] - gnomemeeting 1.2.1-1sarge1
4211 [16 Feb 2007] DSA-1261-1 postgresql
4212 {CVE-2007-0555}
4213 [sarge] - postgresql 7.4.7-6sarge4
4214 [14 Feb 2007] DSA-1260 imagemagick
4215 {CVE-2007-0770}
4216 [sarge] - imagemagick 6:6.0.6.2-2.9
4217 [14 Feb 2007] DSA-1259-1 fetchmail
4218 {CVE-2006-5867}
4219 [sarge] - fetchmail 6.2.5-12sarge5
4220 [07 Feb 2007] DSA-1258-1 mozilla-thunderbird
4221 {CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501 CVE-2006-6502 CVE-2006-6503}
4222 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8e.2
4223 [05 Feb 2007] DSA-1257 samba
4224 {CVE-2007-0452 CVE-2007-0454}
4225 [sarge] - samba 3.0.14a-3sarge4
4226 [31 Jan 2007] DSA-1256-1 gtk+2.0
4227 {CVE-2007-0010}
4228 [sarge] - gtk+2.0 2.6.4-3.2
4229 [31 Jan 2007] DSA-1255-1 libgtop2
4230 {CVE-2007-0235}
4231 [sarge] - libgtop2 2.6.0-4sarge1
4232 [27 Jan 2007] DSA-1254-1 bind9
4233 {CVE-2007-0494}
4234 [sarge] - bind9 1:9.2.4-1sarge2
4235 [27 Jan 2007] DSA-1253-1 mozilla-firefox
4236 {CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501 CVE-2006-6502 CVE-2006-6503}
4237 [sarge] - mozilla-firefox 1.0.4-2sarge15
4238 [27 Jan 2007] DSA-1252-1 vlc
4239 {CVE-2007-0017}
4240 [sarge] - vlc 0.8.1.svn20050314-1sarge2
4241 [etch] - vlc 0.8.6-svn20061012.debian-3
4242 [21 Jan 2007] DSA-1251-1 netrik
4243 {CVE-2006-6678}
4244 [sarge] - netrik 1.15.3-1sarge1
4245 [17 Jan 2007] DSA-1250-1 cacti
4246 {CVE-2006-6799}
4247 [sarge] - cacti 0.8.6c-7sarge4
4248 [15 Jan 2007] DSA-1249-1 xfree86
4249 {CVE-2006-6101 CVE-2006-6102 CVE-2006-6103}
4250 [sarge] - xfree86 4.3.0.dfsg.1-14sarge3
4251 [12 Jan 2007] DSA-1248-1 libsoup
4252 {CVE-2006-5876}
4253 [sarge] - libsoup 2.2.3-2sarge1
4254 [08 Jan 2007] DSA-1247-1 libapache-mod-auth-kerb
4255 {CVE-2006-5989}
4256 [sarge] - libapache-mod-auth-kerb 4.996-5.0-rc6-1sarge1
4257 [08 Jan 2007] DSA-1246-1 openoffice.org
4258 {CVE-2006-5870}
4259 [sarge] - openoffice.org 1.1.3-9sarge4
4260 [07 Jan 2007] DSA-1245-1 proftpd
4261 {CVE-2005-4816}
4262 [sarge] - proftpd 1.2.10-15sarge4
4263 [28 Dec 2006] DSA-1244-1 xine-lib
4264 {CVE-2006-6172}
4265 [sarge] - xine-lib 1.0.1-1sarge5
4266 [28 Dec 2006] DSA-1243-1 evince
4267 {CVE-2006-5864}
4268 [sarge] - evince 0.1.5-2sarge1
4269 [27 Dec 2006] DSA-1242-1 elog
4270 {CVE-2006-5063 CVE-2006-5790 CVE-2006-5791 CVE-2006-6318}
4271 [sarge] - elog 2.5.7+r1558-4+sarge3
4272 [25 Dec 2006] DSA-1241-1 squirrelmail
4273 {CVE-2006-6142}
4274 [sarge] - squirrelmail 2:1.4.4-10
4275 [21 Dec 2006] DSA-1240-1 links2
4276 {CVE-2006-5925}
4277 [sarge] - links2 2.1pre16-1sarge1
4278 [17 Dec 2006] DSA-1239-1 sql-ledger
4279 {CVE-2006-4244 CVE-2006-4731 CVE-2006-5872}
4280 [sarge] - sql-ledger 2.4.7-2sarge1
4281 [17 Dec 2006] DSA-1238-1 clamav
4282 {CVE-2006-6406 CVE-2006-6481}
4283 [sarge] - clamav 0.84-2.sarge.13
4284 [17 Dec 2006] DSA-1237 kernel-source-2.4.27 - several
4285 {CVE-2006-4093 CVE-2006-4538 CVE-2006-4997 CVE-2006-5174 CVE-2006-5649 CVE-2006-5871}
4286 [sarge] - kernel-source-2.6.8 2.6.8-16sarge6
4287 [13 Dec 2006] DSA-1236-1 enemies-of-carlotta
4288 {CVE-2006-5875}
4289 [sarge] - enemies-of-carlotta 1.0.3-1sarge1
4290 [13 Dec 2006] DSA-1235-1 ruby1.8
4291 {CVE-2006-5467}
4292 [sarge] - ruby1.8 1.8.2-7sarge5
4293 [13 Dec 2006] DSA-1234-1 ruby1.6
4294 {CVE-2006-5467}
4295 [sarge] - ruby1.6 1.6.8-12sarge3
4296 [10 Dec 2006] DSA-1233 kernel-source-2.6.8 - several
4297 {CVE-2006-3741 CVE-2006-4538 CVE-2006-4813 CVE-2006-4997 CVE-2006-5174 CVE-2006-5619 CVE-2006-5649 CVE-2006-5751 CVE-2006-5871}
4298 [sarge] - kernel-source-2.6.8 2.6.8-16sarge6
4299 [09 Dec 2006] DSA-1232-1 clamav
4300 {CVE-2006-5874}
4301 [sarge] - clamav 0.84-2.sarge.12
4302 [09 Dec 2006] DSA-1231-1 gnupg
4303 {CVE-2006-6169 CVE-2006-6235}
4304 [sarge] - gnupg 1.4.1-1.sarge6
4305 [08 Dec 2006] DSA-1230-1 l2tpns
4306 {CVE-2006-5873}
4307 [sarge] - l2tpns 2.0.14-1sarge1
4308 [06 Dec 2006] DSA-1229-1 asterisk
4309 {CVE-2006-5444}
4310 [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge4
4311 [05 Dec 2006] DSA-1228-1 elinks
4312 {CVE-2006-5925}
4313 [sarge] - elinks 0.10.4-7.1
4314 [04 Dec 2006] DSA-1227-1 mozilla-thunderbird
4315 {CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464 CVE-2006-5748}
4316 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8d.1
4317 [03 Dec 2006] DSA-1226-1 links
4318 {CVE-2006-5925}
4319 [sarge] - links 0.99+1.00pre12-1sarge1
4320 [03 Dec 2006] DSA-1225-1 mozilla-firefox
4321 {CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464 CVE-2006-5748}
4322 [sarge] - mozilla-firefox 1.0.4-2sarge13
4323 [03 Dec 2006] DSA-1224-1 mozilla
4324 {CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464 CVE-2006-5748}
4325 [sarge] - mozilla 2:1.7.8-1sarge8
4326 [01 Dec 2006] DSA-1223-1 tar
4327 {CVE-2006-6097}
4328 [sarge] - tar 1.14-2.3
4329 [30 Nov 2006] DSA-1222-1 proftpd
4330 {CVE-2006-5815 CVE-2006-6170}
4331 [sarge] - proftpd 1.2.10-15sarge3
4332 [30 Nov 2006] DSA-1221-1 libgsf
4333 {CVE-2006-4514}
4334 [sarge] - libgsf 1.11.1-1sarge1
4335 [27 Nov 2006] DSA-1220 pstotext
4336 {CVE-2006-5869}
4337 [sarge] - pstotext 1.9-1sarge2
4338 [27 Nov 2006] DSA-1219 texinfo
4339 {CVE-2005-3011 CVE-2006-4810}
4340 [sarge] - texinfo 4.7-2.2sarge2
4341 [21 Nov 2006] DSA-1218 proftpd
4342 {CVE-2006-6171}
4343 [sarge] - proftpd 1.2.10-15sarge2
4344 [20 Nov 2006] DSA-1217 linux-ftpd
4345 {CVE-2006-5778 CVE-2006-6008}
4346 [sarge] - linux-ftpd 0.17-20sarge2
4347 [20 Nov 2006] DSA-1216 flexbackup
4348 {CVE-2005-4802}
4349 [sarge] - flexbackup 1.2.1-2sarge1
4350 [20 Nov 2006] DSA-1215 xine-lib
4351 {CVE-2006-4799 CVE-2006-4800}
4352 [sarge] - xine-lib 1.0.1-1sarge4
4353 [20 Nov 2006] DSA-1214 gv
4354 {CVE-2006-5864}
4355 [sarge] - gv 1:3.6.1-10sarge2
4356 [19 Nov 2006] DSA-1213 imagemagick
4357 {CVE-2006-0082 CVE-2006-4144 CVE-2006-5456 CVE-2006-5868}
4358 [sarge] - imagemagick 6:6.0.6.2-2.8
4359 [15 Nov 2006] DSA-1212 openssh
4360 {CVE-2006-4924 CVE-2006-5051}
4361 [sarge] - openssh 1:3.8.1p1-8.sarge.6
4362 [14 Nov 2006] DSA-1211 pdns
4363 {CVE-2006-4251}
4364 [sarge] - pdns 2.9.17-13sarge3
4365 [14 Nov 2006] DSA-1210 mozilla-firefox
4366 {CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4571}
4367 [sarge] - mozilla-firefox 1.0.4-2sarge12
4368 [12 Nov 2006] DSA-1209 trac
4369 {CVE-2006-5878}
4370 [sarge] - trac 0.8.1-3sarge6
4371 [11 Nov 2006] DSA-1208-1 bugzilla
4372 {CVE-2005-4534 CVE-2006-5453}
4373 [sarge] - bugzilla 2.16.7-7sarge2
4374 [09 Nov 2006] DSA-1207-1 phpmyadmin
4375 {CVE-2006-1678 CVE-2006-2418 CVE-2005-3621 CVE-2005-3665 CVE-2006-5116}
4376 [sarge] - phpmyadmin 4:2.6.2-3sarge2
4377 [06 Nov 2006] DSA-1206-1 php4
4378 {CVE-2005-3353 CVE-2006-3017 CVE-2006-4482 CVE-2006-5465}
4379 [sarge] - php4 4:4.3.10-18
4380 [02 Nov 2006] DSA-1205-1 thttpd - insecure temporary files
4381 {CVE-2006-4248}
4382 [sarge] - thttpd 2.23beta1-3sarge2
4383 [02 Nov 2006] DSA-1204-1 ingo1
4384 {CVE-2006-5449}
4385 [sarge] - ingo1 1.0.1-1sarge1
4386 [02 Nov 2006] DSA-1203-1 libpam-ldap
4387 {CVE-2006-5170}
4388 [sarge] - libpam-ldap 178-1sarge3
4389 [31 Oct 2006] DSA-1202-1 screen - programming error
4390 {CVE-2006-4573}
4391 [sarge] - screen 4.0.2-4.1sarge1
4392 [31 Oct 2006] DSA-1201-1 ethereal - several vulnerabilities
4393 {CVE-2005-4574 CVE-2006-4805}
4394 [sarge] - ethereal 0.10.10-2sarge9
4395 [30 Oct 2006] DSA-1200-1 qt-x11-free - integer overflow
4396 {CVE-2006-4811}
4397 [sarge] - qt-x11-free 3:3.3.4-3sarge1
4398 [23 Oct 2006] DSA-1199-1 webmin
4399 {CVE-2005-3912 CVE-2006-3392 CVE-2006-4542}
4400 [sarge] - webmin 1.180-3sarge1
4401 [23 Oct 2006] DSA-1198-1 python2.3
4402 {CVE-2006-4980}
4403 [sarge] - python2.3 2.3.5-3sarge2
4404 [22 Oct 2006] DSA-1197-1 python2.4
4405 {CVE-2006-4980}
4406 [sarge] - python2.4 2.4.1-2sarge1
4407 [19 Oct 2006] DSA-1196-1 clamav
4408 {CVE-2006-4182 CVE-2006-5295}
4409 [sarge] - clamav 0.84-2.sarge.11
4410 [10 Oct 2006] DSA-1195-1 openssl096
4411 {CVE-2006-2940 CVE-2006-3738 CVE-2006-4343}
4412 [sarge] - openssl096 0.9.6m-1sarge4
4413 [09 Oct 2006] DSA-1194-1 libwmf
4414 {CVE-2006-3376}
4415 [sarge] - libwmf 0.2.8.3-2sarge1
4416 [09 Oct 2006] DSA-1193-1 xfree86
4417 {CVE-2006-3467 CVE-2006-3739 CVE-2006-3740 CVE-2006-4447}
4418 [sarge] - xfree86 4.3.0.dfsg.1-14sarge2
4419 [06 Oct 2006] DSA-1192-1 mozilla
4420 {CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4570 CVE-2006-4571}
4421 [sarge] - mozilla 2:1.7.8-1sarge7.3.1
4422 [05 Oct 2006] DSA-1191-1 mozilla-thunderbird
4423 {CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4570 CVE-2006-4571}
4424 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8c.1
4425 [04 Oct 2006] DSA-1190-1 maxdb-7.5.00
4426 {CVE-2006-4305}
4427 [sarge] - maxdb-7.5.00 7.5.00.24-4
4428 [04 Oct 2006] DSA-1189-1 openssh-krb5
4429 {CVE-2006-4924 CVE-2006-5051}
4430 [sarge] - openssh-krb5 3.8.1p1-7sarge1
4431 [04 Oct 2006] DSA-1188-1 mailman
4432 {CVE-2006-3636 CVE-2006-4624}
4433 [sarge] - mailman 2.1.5-8sarge5
4434 [30 Sep 2006] DSA-1187-1 migrationtools
4435 {CVE-2006-0512}
4436 [sarge] - migrationtools 46-1sarge1
4437 [30 Sep 2006] DSA-1186-1 cscope
4438 {CVE-2006-4262}
4439 [sarge] - cscope 15.5-1.1sarge2
4440 [28 Sep 2006] DSA-1185-2 openssl
4441 {CVE-2006-2940 CVE-2006-3738 CVE-2006-4343 CVE-2006-2937}
4442 [sarge] - openssl 0.9.7e-3sarge4
4443 NOTE: First DSA had a minor regression
4444 [22 Sep 2006] DSA-1182-1 gnutls11
4445 {CVE-2006-4790}
4446 [sarge] - gnutls11 1.0.16-13.2sarge2
4447 [19 Sep 2006] DSA-1181-1 gzip
4448 {CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338}
4449 [sarge] - gzip 1.3.5-10sarge2
4450 [19 Sep 2006] DSA-1180-1 bomberclone
4451 {CVE-2006-4005 CVE-2006-4006}
4452 [sarge] - bomberclone 0.11.5-1sarge2
4453 [16 Sep 2006] DSA-1179-1 alsaplayer
4454 {CVE-2006-4089}
4455 [sarge] - alsaplayer 0.99.76-0.3sarge1
4456 [16 Sep 2006] DSA-1178-1 freetype
4457 {CVE-2006-3467}
4458 [sarge] - freetype 2.1.7-6
4459 [15 Sep 2006] DSA-1177-1 usermin
4460 {CVE-2006-4246}
4461 [sarge] - usermin 1.110-3.1
4462 [13 Sep 2006] DSA-1176-1 zope2.7
4463 {CVE-2006-4684}
4464 [sarge] - zope2.7 2.7.5-2sarge2
4465 [13 Sep 2006] DSA-1175-1 isakmpd
4466 {CVE-2006-4436}
4467 [sarge] - isakmpd 20041012-1sarge1
4468 [11 Sep 2006] DSA-1174-1 openssl096 - cryptographic weakness
4469 {CVE-2006-4339}
4470 [sarge] - openssl096 0.9.6m-1sarge2
4471 [10 Sep 2006] DSA-1173-1 openssl - cryptographic weakness
4472 {CVE-2006-4339}
4473 [sarge] - openssl 0.9.7e-3sarge2
4474 [09 Sep 2006] DSA-1172-1 bind9 - programming error
4475 {CVE-2006-4095 CVE-2006-4096}
4476 [sarge] - bind9 1:9.2.4-1sarge1
4477 [07 Sep 2006] DSA-1171 ethereal - several
4478 {CVE-2006-4333 CVE-2005-3241 CVE-2005-3242 CVE-2005-3243 CVE-2005-3244 CVE-2005-3246 CVE-2005-3248 CVE-2005-3249}
4479 [sarge] - ethereal 0.10.10-2sarge8
4480 [06 Sep 2006] DSA-1170 gcc-3.4 - missing sanity check
4481 {CVE-2006-3619}
4482 [sarge] - gcc-3.4 3.4.3-13sarge1
4483 [05 Sep 2006] DSA-1169 mysql-dfsg-4.1 - several
4484 {CVE-2006-4226 CVE-2006-4380}
4485 [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge7
4486 [04 Sep 2006] DSA-1168-1 imagemagick
4487 {CVE-2006-2440 CVE-2006-3743 CVE-2006-3744}
4488 [sarge] - imagemagick 6:6.0.6.2-2.7
4489 [04 Sep 2005] DSA-1167-1 apache - missing input sanitising
4490 {CVE-2005-3352 CVE-2006-3918}
4491 [sarge] - apache 1.3.33-6sarge3
4492 [03 Sep 2006] DSA-1166 cheesetracker - buffer overflow
4493 {CVE-2006-3814}
4494 [sarge] - cheesetracker 0.9.9-1sarge1
4495 [01 Sep 2006] DSA-1165 capi4hylafax - missing input sanitising
4496 {CVE-2006-3126}
4497 [sarge] - capi4hylafax 1:01.02.03-10sarge2
4498 [31 Aug 2006] DSA-1164 sendmail - programming error
4499 {CVE-2006-4434}
4500 [sarge] - sendmail 8.13.4-3sarge3
4501 [30 Aug 2006] DSA-1163 gtetrinet - programming error
4502 {CVE-2006-3125}
4503 [sarge] - gtetrinet 0.7.8-1sarge2
4504 [30 Aug 2006] DSA-1162 libmusicbrainz-2.0 - buffer overflows
4505 {CVE-2006-4197}
4506 [sarge] - libmusicbrainz-2.1 2.1.1-3sarge1
4507 [sarge] - libmusicbrainz-2.0 2.0.2-10sarge1
4508 [29 Aug 2006] DSA-1161 mozilla-firefox - several vulnerabilities
4509 {CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3811}
4510 [sarge] - mozilla-firefox 1.0.4-2sarge11
4511 [29 Aug 2006] DSA-1160 mozilla - several
4512 {CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3811}
4513 [sarge] - mozilla 2:1.7.8-1sarge7.2.2
4514 [28 Aug 2006] DSA-1159 mozilla-thunderbird - several
4515 {CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810 CVE-2006-3811}
4516 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8b.1
4517 [27 Aug 2006] DSA-1158 streamripper
4518 {CVE-2006-3124}
4519 [sarge] - streamripper 1.61.7-1sarge1
4520 [27 Aug 2006] DSA-1157 ruby1.8
4521 {CVE-2006-3694 CVE-2006-1931}
4522 [sarge] - ruby1.8 1.8.2-7sarge4
4523 [27 Aug 2006] DSA-1156 kdebase
4524 {CVE-2006-2449}
4525 [sarge] - kdebase 4:3.3.2-1sarge3
4526 [24 Aug 2006] DSA-1155 sendmail - programming error
4527 {CVE-2006-1173}
4528 [sarge] - sendmail 8.13.4-3sarge2
4529 [20 Aug 2006] DSA-1154 squirrelmail - variable overwriting
4530 {CVE-2006-4019}
4531 [sarge] - squirrelmail 2:1.4.4-9
4532 [18 Aug 2006] DSA-1153 clamav - buffer overflow
4533 {CVE-2006-4018}
4534 [sarge] - clamav 0.84-2.sarge.10
4535 [18 Aug 2006] DSA-1152 trac - missing input sanitising
4536 {CVE-2006-3695}
4537 [sarge] - trac 0.8.1-3sarge5
4538 [15 Aug 2006] DSA-1151-1 heartbeat - out-of-bounds read
4539 {CVE-2006-3121}
4540 [sarge] - heartbeat 1.2.3-9sarge6
4541 [12 Aug 2006] DSA-1150-1 shadow - programming error
4542 {CVE-2006-3378}
4543 [sarge] - shadow 1:4.0.3-31sarge8
4544 [10 Aug 2006] DSA-1149-1 ncompress - buffer underflow
4545 {CVE-2006-1168}
4546 [sarge] - ncompress 4.2.4-15sarge2
4547 [09 Aug 2006] DSA-1148-1 gallery - several vulnerabilities
4548 {CVE-2005-2734 CVE-2006-0330 CVE-2006-4030}
4549 [sarge] - gallery 1.5-1sarge2
4550 [09 Aug 2006] DSA-1147-1 drupal - missing input sanitising
4551 {CVE-2006-4002}
4552 [sarge] - drupal 4.5.3-6.1sarge3
4553 [09 Aug 2006] DSA-1146-1 krb5 - programming error
4554 {CVE-2006-3083 CVE-2006-3084}
4555 [sarge] - krb5 1.3.6-2sarge3
4556 [08 Aug 2006] DSA-1145-1 freeradius - several
4557 {CVE-2005-4745 CVE-2005-4746}
4558 [sarge] - freeradius 1.0.2-4sarge3
4559 [07 Aug 2006] DSA-1144-1 chmlib - missing input sanitising
4560 {CVE-2006-3178}
4561 [sarge] - chmlib 0.35-6sarge3
4562 [04 Aug 2006] DSA-1143-1 dhcp - programming error
4563 {CVE-2006-3122}
4564 [sarge] - dhcp 2.0pl5-19.1sarge2
4565 [04 Aug 2006] DSA-1142-1 freeciv - missing bouncary checks
4566 {CVE-2006-3913}
4567 [sarge] - freeciv 2.0.1-1sarge2
4568 [04 Aug 2006] DSA-1141-1 gnupg2 - integer overflow
4569 {CVE-2006-3746}
4570 [sarge] - gnupg2 1.9.15-6sarge2
4571 [03 Aug 2006] DSA-1140-1 gnupg - integer overflow
4572 {CVE-2006-3746}
4573 [sarge] - gnupg 1.4.1-1.sarge5
4574 [03 Aug 2006] DSA-1139-1 ruby1.6 - missing privilege checks
4575 {CVE-2006-3694}
4576 [sarge] - ruby1.6 1.6.8-12sarge2
4577 [02 Aug 2006] DSA-1138-1 cfs - integer overflow
4578 {CVE-2006-3123}
4579 [sarge] - cfs 1.4.1-15sarge1
4580 [02 Aug 2006] DSA-1137-1 tiff - several vulnerabilities
4581 {CVE-2006-3459 CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465}
4582 [sarge] - tiff 3.7.2-7
4583 [02 Aug 2006] DSA-1136-1 gpdf - wrong input sanitising
4584 {CVE-2005-2097}
4585 [sarge] - gpdf 2.8.2-1.2sarge5
4586 [02 Aug 2006] DSA-1135-1 libtunepimp - buffer overflow
4587 {CVE-2006-3600}
4588 [sarge] - libtunepimp 0.3.0-3sarge2
4589 [02 Aug 2006] DSA-1134-1 mozilla-thunderbird - several vulnerabilities
4590 {CVE-2006-1729 CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787}
4591 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8a
4592 [01 Aug 2006] DSA-1133-1 mantis - cross site scripting
4593 {CVE-2006-0664 CVE-2006-0665 CVE-2006-0841 CVE-2006-1577}
4594 [sarge] - mantis 0.19.2-5sarge4.1
4595 [01 Aug 2006] DSA-1132-1 apache2 - buffer overflow
4596 {CVE-2006-3747}
4597 [sarge] - apache2 2.0.54-5sarge1
4598 [01 Aug 2006] DSA-1131-1 apache - buffer overflow
4599 {CVE-2006-3747}
4600 [sarge] - apache 1.3.33-6sarge2
4601 [30 Jul 2006] DSA-1130-1 sitebar - missing input validation
4602 {CVE-2006-3320}
4603 [sarge] - sitebar 3.2.6-7.1
4604 [28 Jul 2006] DSA-1129 osiris - format string
4605 {CVE-2006-3120}
4606 [sarge] - osiris 4.0.6-1sarge1
4607 [28 Jul 2006] DSA-1128 heartbeat - permission error
4608 {CVE-2006-3815}
4609 [sarge] - heartbeat 1.2.3-9sarge5
4610 [28 Jul 2006] DSA-1127 ethereal - several
4611 {CVE-2006-3628 CVE-2006-3629 CVE-2006-3630 CVE-2006-3631 CVE-2006-3632}
4612 [sarge] - ethereal 0.10.10-2sarge6
4613 [27 Jul 2006] DSA-1126 asterisk - several
4614 {CVE-2006-2898}
4615 [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge3
4616 [26 Jul 2006] DSA-1125 drupal - several
4617 {CVE-2006-2742 CVE-2006-2743 CVE-2006-2831 CVE-2006-2832 CVE-2006-2833}
4618 [sarge] - drupal 4.5.3-6.1sarge1
4619 [24 Jul 2006] DSA-1124 fbi - typo
4620 {CVE-2006-3119}
4621 [sarge] - fbi 2.01-1.2sarge2
4622 [24 Jul 2006] DSA-1123 libdumb - buffer overflow
4623 {CVE-2006-3668}
4624 [sarge] - libdumb 1:0.9.2-6
4625 [24 Jul 2006] DSA-1122 libnet-server-perl - format string
4626 {CVE-2005-1127}
4627 [sarge] - libnet-server-perl 0.87-3sarge1
4628 [24 Jul 2006] DSA-1121 postgrey - format string
4629 {CVE-2005-1127}
4630 [sarge] - postgrey 1.21-1sarge1
4631 NOTE: also fixed in 1.21-1volatile4
4632 [23 Jul 2006] DSA-1120 mozilla-firefox - several vulnerabilities
4633 {CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787}
4634 [sarge] - mozilla-firefox 1.0.4-2sarge9
4635 [23 Jul 2006] DSA-1119 hiki - design flaw
4636 {CVE-2006-3379}
4637 [sarge] - hiki 0.6.5-2
4638 [22 Jul 2006] DSA-1118 mozilla - several
4639 {CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787}
4640 [sarge] - mozilla 2:1.7.8-1sarge7.1
4641 [21 Jul 2006] DSA-1117 libgd2 - insufficient input sanitising
4642 {CVE-2006-2906}
4643 [sarge] - libgd2 2.0.33-1.1sarge1
4644 [21 Jul 2006] DSA-1116 gimp - buffer overflow
4645 {CVE-2006-3404}
4646 [sarge] - gimp 2.2.6-1sarge1
4647 [21 Jul 2006] DSA-1115 gnupg2 - integer overflow
4648 {CVE-2006-3082}
4649 [sarge] - gnupg 1.4.1-1.sarge4
4650 [sarge] - gnupg2 1.9.15-6sarge1
4651 [21 Jul 2006] DSA-1114 hashcash - buffer overflow
4652 {CVE-2006-3251}
4653 [sarge] - hashcash 1.17-1sarge1
4654 [18 Jul 2006] DSA-1113 zope2.7 - programming error
4655 {CVE-2006-3458}
4656 [sarge] - zope2.7 2.7.5-2sarge2
4657 [18 Jul 2006] DSA-1112 mysql-dfsg-4.1 - several vulnerabilities
4658 {CVE-2006-3081 CVE-2006-3469}
4659 [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge5
4660 [16 Jul 2006] DSA-1111 kernel-source-2.6.8 - race condition
4661 {CVE-2006-3626}
4662 [sarge] - kernel-source-2.6.8 2.6.8-16sarge4
4663 [16 Jul 2006] DSA-1110 samba - missing input sanitising
4664 {CVE-2006-3403}
4665 [sarge] - samba 3.0.14a-3sarge2
4666 [16 Jul 2006] DSA-1109 rssh - programming error
4667 {CVE-2006-1320}
4668 [sarge] - rssh 2.2.3-1.sarge.2
4669 [11 Jul 2006] DSA-1108 mutt - buffer overflow
4670 {CVE-2006-3242}
4671 [sarge] - mutt 1.5.9-2sarge2
4672 [10 Jul 2006] DSA-1107 gnupg - integer overflow
4673 {CVE-2006-3082}
4674 [sarge] - gnupg 1.4.1-1.sarge4
4675 [10 Jul 2006] DSA-1106 ppp - programming error
4676 {CVE-2006-2194}
4677 [sarge] - ppp 2.4.3-20050321+2sarge1
4678 [07 Jul 2006] DSA-1105 xine-lib - buffer overflow
4679 {CVE-2006-2802}
4680 [woody] - xine-lib 0.9.8-2woody5
4681 [sarge] - xine-lib 1.0.1-1sarge3
4682 [30 Jun 2006] DSA-1104 openoffice.org - several vulnerabilities
4683 {CVE-2006-2198 CVE-2006-2199 CVE-2006-3117}
4684 [sarge] - openoffice.org 1.1.3-9sarge3
4685 [27 Jun 2006] DSA-1103 kernel-source-2.6.8 - several vulnerabilities
4686 {CVE-2005-3359 CVE-2006-0038 CVE-2006-0039 CVE-2006-0456 CVE-2006-0554 CVE-2006-0555 CVE-2006-0557 CVE-2006-0558 CVE-2006-0741 CVE-2006-0742 CVE-2006-0744 CVE-2006-1056 CVE-2006-1242 CVE-2006-1368 CVE-2006-1523 CVE-2006-1524 CVE-2006-1525 CVE-2006-1857 CVE-2006-1858 CVE-2006-1863 CVE-2006-1864 CVE-2006-2271 CVE-2006-2272 CVE-2006-2274}
4687 [sarge] - kernel-source-2.6.8 2.6.8-16sarge3
4688 [26 Jun 2006] DSA-1102 pinball - design error
4689 {CVE-2006-2196}
4690 [sarge] - pinball 0.3.1-3sarge1
4691 [23 Jun 2006] DSA-1101 courier - programming error
4692 {CVE-2006-2659}
4693 [woody] - courier 0.37.3-2.9
4694 [sarge] - courier 0.47-4sarge5
4695 [15 Jun 2006] DSA-1100 wv2 - integer overflow
4696 {CVE-2006-2197}
4697 [sarge] - wv2 0.2.2-1sarge1
4698 [14 Jun 2006] DSA-1099-1 - horde2 - missing input sanitising
4699 {CVE-2006-2195}
4700 [sarge] - horde2 2.2.8-1sarge3
4701 [14 Jun 2006] DSA-1098-1 - horde3 - missing input sanitising
4702 {CVE-2006-2195}
4703 [sarge] - horde3 3.0.4-4sarge4
4704 [14 Jun 2006] DSA-1097-1 kernel-source-2.4.27 - several vulnerabilities
4705 {CVE-2006-0038 CVE-2006-0039 CVE-2006-0741 CVE-2006-0742 CVE-2006-1056 CVE-2006-1242 CVE-2006-1343 CVE-2006-1368 CVE-2006-1524 CVE-2006-1525 CVE-2006-1857 CVE-2006-1858 CVE-2006-1864 CVE-2006-2271 CVE-2006-2272 CVE-2006-2274}
4706 [sarge] - kernel-source-2.4.27 2.4.27-10sarge3
4707 [13 Jun 2006] DSA-1096-1 webcalendar - uninitialised variable
4708 {CVE-2006-2762}
4709 [sarge] - webcalendar 0.9.45-4sarge5
4710 [10 Jun 2006] DSA-1095-1 freetype - integer overflows
4711 {CVE-2006-0747 CVE-2006-1861 CVE-2006-2661}
4712 [woody] - freetype 2.0.9-1woody1
4713 [sarge] - freetype 2.1.7-2.5
4714 [08 Jun 2006] DSA-1094-1 gforge - missing input sanitising
4715 {CVE-2005-2430}
4716 [sarge] - gforge 3.1-31sarge1
4717 [08 Jun 2006] DSA-1093-1 xine - format string
4718 {CVE-2006-2230}
4719 [sarge] - xine-ui 0.99.3-1sarge1
4720 [08 Jun 2006] DSA-1092-1 mysql-dfsg-4.1 - programming error
4721 {CVE-2006-2753}
4722 [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge4
4723 [08 Jun 2006] DSA-1091-1 tiff - buffer overflows
4724 {CVE-2006-2193 CVE-2006-2656}
4725 [woody] - tiff 3.5.5-7woody2
4726 [sarge] - tiff 3.7.2-5
4727 [06 Jun 2006] DSA-1090-1 spamassassin - programming error
4728 {CVE-2006-2447}
4729 [sarge] - spamassassin 3.0.3-2sarge1
4730 [03 Jun 2006] DSA-1089-1 freeradius - several vulnerabilities
4731 {CVE-2005-4744 CVE-2006-1354}
4732 [sarge] - freeradius 1.0.2-4sarge1
4733 [03 Jun 2006] DSA-1088-1 centericq - buffer overflow
4734 {CVE-2005-3863}
4735 [woody] - centericq 4.5.1-1.1woody2
4736 [sarge] - centericq 4.20.0-1sarge4
4737 [03 Jun 2006] DSA-1087-1 postgresql - programming error
4738 {CVE-2006-2313 CVE-2006-2314}
4739 [sarge] - postgresql 7.4.7-6sarge2
4740 [02 Jun 2006] DSA-1086-1 xmcd - design flaw
4741 {CVE-2006-2542}
4742 [woody] - xmcd 2.6-14woody1
4743 [sarge] - xmcd 2.6-17sarge1
4744 [01 Jun 2006] DSA-1085-1 lynx-cur - several vulnerabilities
4745 {CVE-2005-3120}
4746 [woody] - lynx-cur 2.8.5-2.5woody1
4747 [sarge] - lynx-cur 2.8.6-9sarge1
4748 [31 May 2006] DSA-1084-1 typespeed - buffer overflow
4749 {CVE-2006-1515}
4750 [woody] - typespeed 0.4.1-2.4
4751 [sarge] - typespeed 0.4.4-8sarge1
4752 [31 May 2006] DSA-1083-1 motor - buffer overflow
4753 {CVE-2005-3863}
4754 [woody] - motor 2:3.2.2-2woody1
4755 [sarge] - motor 2:3.4.0-2sarge1
4756 [29 May 2006] DSA-1082-1 kernel-source-2.4.17 - several vulnerabilities
4757 {CVE-2003-0984 CVE-2004-0138 CVE-2004-0394 CVE-2004-0427 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2004-0883 CVE-2004-0949 CVE-2004-0997 CVE-2004-1016 CVE-2004-1017 CVE-2004-1068 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-1234 CVE-2004-1235 CVE-2004-1333 CVE-2004-1335 CVE-2005-0001 CVE-2005-0003 CVE-2005-0124 CVE-2005-0135 CVE-2005-0384 CVE-2005-0489 CVE-2005-0504}
4758 [woody] - kernel-source-2.4.17 2.4.17-1woody4
4759 [29 May 2006] DSA-1081-1 libextractor - buffer overflow
4760 {CVE-2006-2458}
4761 [sarge] - libextractor 0.4.2-2sarge5
4762 [29 May 2006] DSA-1080-1 dovecot - programming error
4763 {CVE-2006-2414}
4764 [sarge] - dovecot 0.99.14-1sarge0
4765 [29 May 2006] DSA-1079-1 mysql-dfsg - several
4766 {CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518}
4767 [sarge] - mysql-dfsg 4.0.24-10sarge2
4768 [27 May 2006] DSA-1078-1 tiff - out-of-bounds read
4769 {CVE-2006-2120}
4770 [sarge] - tiff 3.7.2-4
4771 [26 May 2006] DSA-1077-1 lynx-ssl - programming error
4772 {CVE-2004-1617}
4773 [woody] - lynx-ssl 1:2.8.4.1b-3.3
4774 [26 May 2006] DSA-1076-1 lynx - programming error
4775 {CVE-2004-1617}
4776 [woody] - lynx 2.8.4.1b-3.4
4777 [sarge] - lynx 2.8.5-2sarge2
4778 [26 May 2006] DSA-1075-1 awstats - programming error
4779 {CVE-2006-2644 CVE-2006-1945}
4780 [sarge] - awstats 6.4-1sarge3 (bug #365910)
4781 [24 May 2006] DSA-1074-1 mpg123 - buffer overflow
4782 {CVE-2006-1655}
4783 [sarge] - mpg123 0.59r-20sarge1
4784 [22 May 2006] DSA-1073-1 mysql-dfsg-4.1 - several vulnerabilities
4785 {CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518}
4786 [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge3
4787 [22 May 2006] DSA-1072-1 nagios - buffer overflow
4788 {CVE-2006-2162 CVE-2006-2489}
4789 [sarge] - nagios 2:1.3-cvs.20050402-2.sarge.2
4790 [22 May 2006] DSA-1071-1 mysql - several vulnerabilities
4791 {CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518}
4792 [woody] - mysql 3.23.49-8.15
4793 [21 May 2006] DSA-1070-1 kernel-source-2.4.19 - several vulnerabilities
4794 {CVE-2003-0984 CVE-2004-0138 CVE-2004-0394 CVE-2004-0427 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2004-0883 CVE-2004-0949 CVE-2004-0997 CVE-2004-1016 CVE-2004-1017 CVE-2004-1068 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-1234 CVE-2004-1235 CVE-2004-1333 CVE-2004-1335 CVE-2005-0001 CVE-2005-0003 CVE-2005-0124 CVE-2005-0135 CVE-2005-0384 CVE-2005-0489 CVE-2005-0504}
4795 [woody] - kernel-image-sparc-2.4 26woody1
4796 [woody] - kernel-patch-2.4.19-mips 2.4.19-0.020911.1.woody5
4797 [woody] - kernel-source-2.4.19 2.4.19-4.woody3
4798 [20 May 2006] DSA-1069-1 kernel-source-2.4.18 - several
4799 {CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384}
4800 [woody] - kernel-source-2.4.18 2.4.18-14.4
4801 [20 May 2006] DSA-1068-1 fbi - insecure temporary file
4802 {CVE-2006-1695}
4803 [woody] - fbi 1.23woody1
4804 [sarge] - fbi 2.01-1.2sarge1
4805 [20 May 2006] DSA-1067-1 kernel-source-2.4.16 - several
4806 {CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135}
4807 [woody] - kernel-source-2.4.16 2.4.16-1woody2
4808 [19 May 2006] DSA-1066-1 phpbb2 - missing input sanitising
4809 {CVE-2006-1896}
4810 [sarge] - phpbb2 2.0.13+1-6sarge3
4811 [19 May 2006] DSA-1065-1 hostapd - missing input sanitising
4812 {CVE-2006-2213}
4813 [sarge] - hostapd 1:0.3.7-2sarge1
4814 [19 May 2006] DSA-1064-1 cscope - buffer overflows
4815 {CVE-2004-2541}
4816 [woody] - cscope 15.3-1woody3
4817 [sarge] - cscope 15.5-1.1sarge1
4818 [19 May 2006] DSA-1063-1 phpgroupware - missing input sanitising
4819 {CVE-2005-2781}
4820 [woody] - phpgroupware 0.9.14-0.RC3.2.woody6
4821 [sarge] - phpgroupware 0.9.16.005-3.sarge5
4822 [19 May 2006] DSA-1062-1 kphone - insecure file creation
4823 {CVE-2006-2442}
4824 [sarge] - kphone 1:4.1.0-2sarge1
4825 [19 May 2006] DSA-1061-1 popfile - missing input sanitising
4826 {CVE-2006-0876}
4827 [sarge] - popfile 0.22.2-2sarge1
4828 [19 May 2006] DSA-1060-1 kernel-patch-server - programming error
4829 {CVE-2006-2110}
4830 [sarge] - kernel-patch-vserver 1.9.5.6
4831 [19 May 2006] DSA-1059-1 quagga - several
4832 {CVE-2006-2223 CVE-2006-2224 CVE-2006-2276}
4833 [sarge] - quagga 0.98.3-7.2
4834 [18 May 2006] DSA-1058-1 awstats - missing input sanitising
4835 {CVE-2006-2237}
4836 [woody] - awstats <not-affected>
4837 [sarge] - awstats 6.4-1sarge2
4838 [15 May 2006] DSA-1057-1 phpldapadmin - missing input sanitising
4839 {CVE-2006-2016}
4840 [sarge] - phpldapadmin 0.9.5-3sarge3
4841 [15 May 2006] DSA-1056-1 webcalendar - verbose error message
4842 {CVE-2006-2247}
4843 [sarge] - webcalendar 0.9.45-4sarge4
4844 [11 May 2006] DSA-1055-1 mozilla-firefox - programming error
4845 {CVE-2006-1993}
4846 [sarge] - mozilla-firefox 1.0.4-2sarge7
4847 [09 May 2006] DSA-1054-1 tiff - several vulnerabilities
4848 {CVE-2006-2024 CVE-2006-2025 CVE-2006-2026}
4849 [woody] - tiff 3.5.5-7woody1
4850 [sarge] - tiff 3.7.2-3sarge1
4851 [09 May 2006] DSA-1053-1 mozilla - programming error
4852 {CVE-2006-1993}
4853 [sarge] - mozilla 2:1.7.8-1sarge6
4854 [08 May 2006] DSA-1052-1 cgiirc - buffer overflows
4855 {CVE-2006-2148}
4856 [sarge] - cgiirc 0.5.4-6sarge1
4857 [04 May 2006] DSA-1051-1 mozilla-thunderbird - several vulnerabilities
4858 {CVE-2005-2353 CVE-2005-4134 CVE-2006-0292 CVE-2006-0293 CVE-2006-0296 CVE-2006-0748 CVE-2006-0749 CVE-2006-0884 CVE-2006-1045 CVE-2006-1723 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1732 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790}
4859 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
4860 [02 May 2006] DSA-1050-1 clamav - buffer overflow
4861 {CVE-2006-1989}
4862 [sarge] - clamav 0.84-2.sarge.9
4863 [02 May 2006] DSA-1049-1 ethereal - several vulnerabilities
4864 {CVE-2006-1932 CVE-2006-1933 CVE-2006-1934 CVE-2006-1935 CVE-2006-1936 CVE-2006-1937 CVE-2006-1938 CVE-2006-1939 CVE-2006-1940}
4865 [woody] - ethereal 0.9.4-1woody15
4866 [sarge] - ethereal 0.10.10-2sarge5
4867 [01 May 2006] DSA-1048-1 asterisk - several vulnerabilities
4868 {CVE-2005-3559 CVE-2006-1827}
4869 [woody] - asterisk 0.1.11-3woody1
4870 [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge2
4871 [30 Apr 2006] DSA-1047-1 resmgr - programming error
4872 {CVE-2006-2147}
4873 [sarge] - resmgr 1.0-2sarge2
4874 [27 Apr 2006] DSA-1046-1 mozilla - several
4875 {CVE-2006-1732 CVE-2005-2353 CVE-2005-4134 CVE-2006-0292 CVE-2006-0293 CVE-2006-0748 CVE-2006-0749 CVE-2006-0884 CVE-2006-1045 CVE-2006-1529 CVE-2006-1530 CVE-2006-1531 CVE-2006-1723 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790 CVE-2006-0296}
4876 [sarge] - mozilla 2:1.7.8-1sarge5
4877 [27 Apr 2006] DSA-1045-1 openvpn - design error
4878 {CVE-2006-1629}
4879 [sarge] - openvpn 2.0-1sarge3
4880 [26 Apr 2006] DSA-1044-1 mozilla-firefox - several
4881 {CVE-2006-1724 CVE-2006-0292 CVE-2005-4134 CVE-2006-1741 CVE-2006-1742 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1736 CVE-2006-1735 CVE-2006-1734 CVE-2006-1733 CVE-2006-1732 CVE-2006-0749 CVE-2006-1731 CVE-2006-1730 CVE-2006-1729 CVE-2006-1728 CVE-2006-1727 CVE-2006-0748 CVE-2005-4720 CVE-2006-0296}
4882 [sarge] - mozilla-firefox 1.0.4-2sarge6
4883 [26 Apr 2006] DSA-1043-1 abcmidi - buffer overflows
4884 {CVE-2006-1514}
4885 [woody] - abcmidi 17-1woody1
4886 [sarge] - abcmidi 20050101-1sarge1
4887 [25 Apr 2006] DSA-1042-1 cyrus-sasl2 - programming error
4888 {CVE-2006-1721}
4889 [woody] - cyrus-sasl2 <not-affected>
4890 [sarge] - cyrus-sasl2 2.1.19-1.5sarge1
4891 [25 Apr 2006] DSA-1041-1 abc2ps - buffer overflows
4892 {CVE-2006-1513}
4893 [woody] - abc2ps 1.3.3-2woody1
4894 [sarge] - abc2ps 1.3.3-3sarge1
4895 [24 Apr 2006] DSA-1040-1 gdm - programming error
4896 {CVE-2006-1057}
4897 [sarge] - gdm 2.6.0.8-1sarge2
4898 [24 Apr 2006] DSA-1039-1 blender - several
4899 {CVE-2005-3302 CVE-2005-4470}
4900 [sarge] - blender 2.36-1sarge1
4901 [21 Apr 2006] DSA-1038-1 xzgv - programming error
4902 {CVE-2006-1060}
4903 [woody] - xzgv 0.7-6woody3
4904 [sarge] - xzgv 0.8-3sarge1
4905 [21 Apr 2006] DSA-1037-1 zgv - programming error
4906 {CVE-2006-1060}
4907 [woody] - zgv 5.5-3woody3
4908 [sarge] - zgv 5.7-1.4
4909 [17 Apr 2006] DSA-1036-1 bsdgames - buffer overflow
4910 {CVE-2006-1744}
4911 [woody] - bsdgames 2.13-7woody0
4912 [sarge] - bsdgames 2.7.59-7sarge1
4913 [15 Apr 2006] DSA-1035-1 fcheck - insecure temporary file
4914 {CVE-2006-1753}
4915 [woody] - fcheck <not-affected>
4916 [sarge] - fcheck 2.7.59-7sarge1
4917 [14 Apr 2006] DSA-1034-1 horde2 - several vulnerabilities
4918 {CVE-2006-1260 CVE-2006-1491}
4919 [sarge] - horde2 2.2.8-1sarge2
4920 [12 Apr 2006] DSA-1033-1 horde3 - several vulnerabilities
4921 {CVE-2005-4190 CVE-2006-1260 CVE-2006-1491}
4922 [sarge] - horde3 3.0.4-4sarge3
4923 [12 Apr 2006] DSA-1032-1 zope-cmfplone - programming error
4924 {CVE-2006-1711}
4925 [sarge] - zope-cmfplone 2.0.4-3sarge1
4926 [08 Apr 2006] DSA-1031-1 cacti - several
4927 {CVE-2006-0146 CVE-2006-0147 CVE-2006-0410 CVE-2006-0806}
4928 [sarge] - cacti 0.8.6c-7sarge3
4929 [08 Apr 2006] DSA-1030-1 moodle - several
4930 {CVE-2006-0146 CVE-2006-0147 CVE-2006-0410 CVE-2006-0806}
4931 [sarge] - moodle 1.4.4.dfsg.1-3sarge1
4932 [08 Apr 2006] DSA-1029-1 libphp-adodb - several
4933 {CVE-2006-0146 CVE-2006-0147 CVE-2006-0410 CVE-2006-0806}
4934 [woody] - libphp-adodb 1.51-1.2
4935 [sarge] - libphp-adodb 4.52-1sarge1
4936 [07 Apr 2006] DSA-1028-1 libimager-perl - denial of service
4937 {CVE-2006-0053}
4938 [sarge] - libimager-perl 0.44-1sarge1
4939 [06 Apr 2006] DSA-1027-1 mailman - programming error
4940 {CVE-2006-0052}
4941 [woody] - mailman <not-affected> (Vulnerable code not present)
4942 [sarge] - mailman 2.1.5-8sarge2
4943 [06 Apr 2006] DSA-1026-1 sash - buffer overflows
4944 {CVE-2005-1849 CVE-2005-2096}
4945 [woody] - sash <not-affected> (Older zlib not vulnerable)
4946 [sarge] - sash 3.7-5sarge1
4947 [06 Apr 2006] DSA-1025-1 dia - programming error
4948 {CVE-2006-1550}
4949 [woody] - dia 0.88.1-3woody1
4950 [sarge] - dia 0.94.0-7sarge3
4951 [05 Apr 2006] DSA-1024-1 clamav - heap overflow
4952 {CVE-2006-1614 CVE-2006-1615 CVE-2006-1630}
4953 [sarge] - clamav 0.84-2.sarge.8
4954 [05 Apr 2006] DSA-1023-1 kaffeine - buffer overflow
4955 {CVE-2006-0051}
4956 [sarge] - kaffeine 0.6-1sarge1
4957 [04 Apr 2006] DSA-1022-1 storebackup - several
4958 {CVE-2005-3146 CVE-2005-3147 CVE-2005-3148}
4959 [sarge] - storebackup 1.18.4-2sarge1
4960 [28 Mar 2006] DSA-1021-1 netpbm-free - insecure program execution
4961 {CVE-2005-2471}
4962 [woody] - netpbm-free 2:9.20-8.6
4963 [sarge] - netpbm-free 2:10.0-8sarge3
4964 [28 Mar 2006] DSA-1020-1 flex - buffer overflow
4965 {CVE-2006-0459}
4966 [sarge] - flex 2.5.31-31sarge1
4967 [24 Mar 2006] DSA-1019-1 koffice - several
4968 {CVE-2006-1244 CVE-2005-3192 CVE-2006-0301}
4969 [sarge] - koffice 1.3.5-4.sarge.3
4970 [24 Mar 2006] DSA-1018-1 kernel-source-2.4.27 - several
4971 {CVE-2004-0887 CVE-2004-1058 CVE-2004-2607 CVE-2005-0449 CVE-2005-1761 CVE-2005-2457 CVE-2005-2555 CVE-2005-2709 CVE-2005-2973 CVE-2005-3257 CVE-2005-3783 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4618}
4972 [sarge] - kernel-source-2.4.27 2.4.27-10sarge2
4973 NOTE: An update 1018-2 was issued later, but it doesn't contain noteworthy data
4974 [23 Mar 2006] DSA-1017-1 kernel-source-2.6.8 - several
4975 {CVE-2004-1017 CVE-2005-0124 CVE-2005-0449 CVE-2005-2457 CVE-2005-2490 CVE-2005-2555 CVE-2005-2709 CVE-2005-2800 CVE-2005-2973 CVE-2005-3044 CVE-2005-3053 CVE-2005-3055 CVE-2005-3180 CVE-2005-3181 CVE-2005-3257 CVE-2005-3356 CVE-2005-3358 CVE-2005-3783 CVE-2005-3784 CVE-2005-3806 CVE-2005-3847 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4605 CVE-2005-4618 CVE-2006-0095 CVE-2006-0096 CVE-2006-0482 CVE-2006-1066}
4976 [sarge] - kernel-source-2.6.8 2.6.8-16sarge2
4977 [23 Mar 2006] DSA-1016-1 evolution - format string vulnerabilities
4978 {CVE-2005-2549 CVE-2005-2550}
4979 [woody] - evolution 1.0.5-1woody3
4980 [sarge] - evolution 2.0.4-2sarge1
4981 [23 Mar 2006] DSA-1015-1 sendmail - programming error
4982 {CVE-2006-0058}
4983 [woody] - sendmail 8.12.3-7.2
4984 [sarge] - sendmail 8.13.4-3sarge1
4985 [23 Mar 2006] DSA-1014-1 firebird2 - buffer overflow
4986 {CVE-2004-2043}
4987 [sarge] - firebird2 1.5.1-4sarge1
4988 [22 Mar 2006] DSA-1013-1 snmptrapfmt - insecure temporary file
4989 {CVE-2006-0050}
4990 [woody] - snmptrapfmt 1.03woody1
4991 [sarge] - snmptrapfmt 1.08sarge1
4992 NOTE: fixed in testing at time of DSA
4993 [21 Mar 2006] DSA-1012-1 unzip - buffer overflow
4994 {CVE-2005-4667}
4995 [woody] - unzip 5.50-1woody6
4996 [sarge] - unzip 5.52-1sarge4
4997 NOTE: not fixed in testing at time of DSA (too young)
4998 [21 Mar 2006] DSA-1011-1 kernel-patch-server, util-vserver - missing attribute support
4999 {CVE-2005-4347 CVE-2005-4418}
5000 [sarge] - kernel-patch-vserver 1.9.5.4
5001 [sarge] - util-vserver 0.30.204-5sarge3
5002 NOTE: not fixed in testing at the time of DSA
5003 [21 Mar 2006] DSA-1010-1 ilohamail - missing input sanitising
5004 {CVE-2005-1120}
5005 [sarge] - ilohamail 0.8.14-0rc3sarge1
5006 NOTE: not fixed in testing at the time of DSA (too young)
5007 [21 Mar 2006] DSA-1009-1 crossfire - buffer overflow
5008 {CVE-2006-1236}
5009 [woody] - crossfire 1.1.0-1woody2
5010 [sarge] - crossfire 1.6.0.dfsg.1-4sarge2
5011 NOTE: fixed in testing at the time of DSA
5012 [17 Mar 2006] DSA-1008-1 kpdf - buffer overflow
5013 {CVE-2006-0746}
5014 [sarge] - kdegraphics 4:3.3.2-2sarge4
5015 NOTE: Sid is not affected according to DSA
5016 [17 Mar 2006] DSA-1007-1 drupal - several
5017 {CVE-2006-1225 CVE-2006-1226 CVE-2006-1227 CVE-2006-1228}
5018 [sarge] - drupal 4.5.3-6
5019 NOTE: not fixed in testing at the time of DSA (too young)
5020 [16 Mar 2006] DSA-1006-1 wzdftpd - missing input sanitising
5021 {CVE-2005-3081}
5022 [sarge] - wzdftpd 0.5.2-1.1sarge1
5023 NOTE: fixed in testing at the time of DSA
5024 [16 Mar 2006] DSA-1005-1 xine-lib - buffer overflow
5025 {CVE-2005-4048}
5026 [woody] - xine-lib <not-affected>
5027 [sarge] - xine-lib 1.0.1-1sarge2
5028 NOTE: fixed in testing at the time of DSA
5029 [16 Mar 2006] DSA-1004-1 vlc - buffer overflow
5030 {CVE-2005-4048}
5031 [woody] - vlc <not-affected>
5032 [sarge] - vlc 0.8.1.svn20050314-1sarge1
5033 NOTE: not fixed in testing at the time of DSA (waiting on deps)
5034 [16 Mar 2006] DSA-1003-1 xpvm - insecure temporary file
5035 {CVE-2005-2240}
5036 [woody] - xpvm 1.2.5-7.2woody1
5037 [sarge] - xpvm 1.2.5-7.3sarge1
5038 NOTE: fixed in testing at the time of DSA (not in testing)
5039 [15 Mar 2006] DSA-1002-1 webcalendar - several
5040 {CVE-2005-3949 CVE-2005-3961 CVE-2005-3982 CVE-2005-3984}
5041 [sarge] - webcalendar 0.9.45-4sarge3
5042 NOTE: not fixed in testing at the time of DSA (too young)
5043 [14 Mar 2006] DSA-1001-1 crossfire - buffer overflow
5044 {CVE-2006-1010}
5045 [woody] - crossfire 1.1.0-1woody1
5046 [sarge] - crossfire 1.6.0.dfsg.1-4sarge1
5047 NOTE: not fixed in testing at the time of DSA (too young)
5048 [14 Mar 2006] DSA-1000-2 libapreq2-perl - design error
5049 {CVE-2006-0042}
5050 [sarge] - libapreq2-perl 2.04-dev-1sarge2
5051 [14 Mar 2006] DSA-999-1 lurker - several
5052 {CVE-2006-1062 CVE-2006-1063 CVE-2006-1064}
5053 [sarge] - lurker 1.2-5sarge1
5054 NOTE: not fixed in testing at the time of DSA (too young)
5055 [14 Mar 2006] DSA-998-1 libextractor - several
5056 {CVE-2006-0301}
5057 [sarge] - libextractor 0.4.2-2sarge3
5058 NOTE: not fixed in testing at the time of DSA (missing mips builds)
5059 [13 Mar 2006] DSA-997-1 bomberclone - buffer overflows
5060 {CVE-2006-0460}
5061 [sarge] - bomberclone 0.11.5-1sarge1
5062 NOTE: not fixed in testing at the time of DSA (missing builds)
5063 [13 Mar 2006] DSA-996-1 libcrypt-cbc-perl - programming error
5064 {CVE-2006-0898}
5065 [sarge] - libcrypt-cbc-perl 2.12-1sarge1
5066 NOTE: fixed in testing at the time of DSA
5067 [13 Mar 2006] DSA-995-1 metamail - buffer overflow
5068 {CVE-2006-0709}
5069 [woody] - metamail 2.7-45woody.4
5070 [sarge] - metamail 2.7-47sarge1
5071 NOTE: fixed in testing at the time of DSA
5072 [13 Mar 2006] DSA-994-1 freeciv - denial of service
5073 {CVE-2006-0047}
5074 [sarge] - freeciv 2.0.1-1sarge1
5075 NOTE: fixed in testing at the time of DSA
5076 [10 Mar 2006] DSA-993-2 gnupg - remote
5077 {CVE-2006-0049}
5078 [woody] - gnupg 1.0.6-4woody5
5079 [sarge] - gnupg 1.4.1-1.sarge3
5080 NOTE: not fixed in testing at the time of DSA (too young)
5081 NOTE: Initial -1 DSA lacked a Woody version
5082 [10 Mar 2006] DSA-992-1 ffmpeg - buffer overflow
5083 {CVE-2005-4048}
5084 [sarge] - ffmpeg 0.cvs20050313-2sarge1
5085 NOTE: fixed in testing at the time of DSA
5086 [10 Mar 2006] DSA-991-1 zoo - buffer overflow
5087 {CVE-2006-0855}
5088 [woody] - zoo 2.10-9woody0
5089 [sarge] - zoo 2.10-11sarge0
5090 NOTE: not fixed in testing at the time of DSA (too young)
5091 [10 Mar 2006] DSA-990-1 bluez-hcidump - programming error
5092 {CVE-2006-0670}
5093 [sarge] - bluez-hcidump 1.17-1sarge1
5094 NOTE: fixed in testing at the time of DSA
5095 [08 Mar 2006] DSA-989-1 zoph - SQL injection
5096 {CVE-2006-0402}
5097 [sarge] - zoph 0.3.3-12sarge1
5098 NOTE: not fixed in testing at the time of DSA (too young)
5099 [08 Mar 2006] DSA-988-1 squirrelmail - several
5100 {CVE-2006-0377 CVE-2006-0195 CVE-2006-0188}
5101 [woody] - squirrelmail 1.2.6-5
5102 [sarge] - squirrelmail 2:1.4.4-8
5103 NOTE: not fixed in testing at the time of DSA (unfixed in sid)
5104 [07 Mar 2006] DSA-987-1 tar - buffer overflow
5105 {CVE-2006-0300}
5106 [sarge] - tar 1.14-2.1
5107 NOTE: fixed in testing at the time of DSA
5108 [06 Mar 2006] DSA-986-1 gnutls11 - buffer overflows
5109 {CVE-2006-0645}
5110 [sarge] - gnutls11 1.0.16-13.2
5111 NOTE: not fixed in testing at the time of DSA (unfixed in sid)
5112 [06 Mar 2006] DSA-985-1 libtasn1-2 - buffer overflows
5113 {CVE-2006-0645}
5114 [sarge] - libtasn1-2 0.2.10-3sarge1
5115 NOTE: not fixed in testing at the time of DSA (unfixed in sid)
5116 [02 Mar 2006] DSA-984-1 xpdf - several
5117 {CVE-2005-2097 CVE-2005-3191 CVE-2005-3193 CVE-2006-0301}
5118 [sarge] - xpdf 3.00-13.6
5119 NOTE: sid is not affected, just a revamp of previous patches
5120 [27 Feb 2006] DSA-983-1 pdftohtml - several
5121 {CVE-2005-3191 CVE-2005-3192 CVE-2006-0301}
5122 [sarge] - pdftohtml 0.36-11sarge2
5123 NOTE: sid is not affected, just a revamp of previous patches
5124 [27 Feb 2006] DSA-982-1 gpdf - several
5125 {CVE-2005-2097 CVE-2005-3191 CVE-2005-3193 CVE-2006-0301 CVE-2006-1244}
5126 [sarge] - gpdf 2.8.2-1.2sarge4
5127 NOTE: sid is not affected, just a revamp of previous patches
5128 [26 Feb 2006] DSA-981-1 bmv - integer overflow
5129 {CVE-2005-3278}
5130 [woody] - bmv 1.2-14.3
5131 [sarge] - bmv 1.2-17sarge1
5132 NOTE: fixed in testing at the time of DSA
5133 [22 Feb 2006] DSA-980-1 tutos - several
5134 {CVE-2004-2161 CVE-2004-2162}
5135 [sarge] - tutos 1.1.20031017-2+1sarge1
5136 NOTE: fixed in testing at the time of DSA (removed from sid)
5137 [17 Feb 2006] DSA-979-1 pdfkit.framework - several
5138 {CVE-2005-3191 CVE-2005-3193 CVE-2006-0301}
5139 [sarge] - pdfkit.framework 0.8-2sarge3
5140 NOTE: sid is not affected
5141 [17 Feb 2006] DSA-978-1 gnupg - invalid success return
5142 {CVE-2006-0455}
5143 [woody] - gnupg 1.0.6-4woody4
5144 [sarge] - gnupg 1.4.1-1sarge1
5145 NOTE: not fixed in sid at the time of DSA
5146 [16 Feb 2006] DSA-977-1 heimdal - several
5147 {CVE-2006-0582 CVE-2006-0677}
5148 [woody] - heimdal <not-affected>
5149 [sarge] - heimdal 0.6.3-10sarge2
5150 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5151 [15 Feb 2006] DSA-976-1 libast - buffer overflow
5152 {CVE-2006-0224}
5153 [woody] - libast1 0.4-3woody2
5154 [sarge] - libast 0.6-0pre2003010606sarge1
5155 NOTE: Fixed in sid at time of DSA - need 10 days for migration
5156 [15 Feb 2006] DSA-975-1 nfs-user-server - buffer overflow
5157 {CVE-2006-0043}
5158 [woody] - nfs-user-server 2.2beta47-12woody1
5159 [sarge] - nfs-user-server 2.2beta47-20sarge2
5160 NOTE: fixed in testing at time of DSA
5161 [15 Feb 2006] DSA-974-1 gpdf - buffer overflow
5162 {CVE-2006-0301}
5163 [sarge] - gpdf 2.8.2-1.2sarge3
5164 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5165 [15 Feb 2006] DSA-973-1 otrs - several
5166 {CVE-2005-3893 CVE-2005-3894 CVE-2005-3895}
5167 [sarge] - otrs 1.3.2p01-6
5168 NOTE: fixed in testing at time of DSA
5169 [15 Feb 2006] DSA-972-1 pdfkit.framework - buffer overflows
5170 {CVE-2006-0301}
5171 [sarge] - pdfkit.framework 0.8-2sarge2
5172 NOTE: not fixed in testing at time of DSA (too young)
5173 [14 Feb 2006] DSA-971-1 xpdf - buffer overflow
5174 {CVE-2006-0301}
5175 [sarge] - xpdf 3.00-13.5
5176 NOTE: fixed in testing at time of DSA
5177 [14 Feb 2006] DSA-970-1 kronolith - missing input sanitising
5178 {CVE-2005-4189}
5179 [sarge] - kronolith 1.1.4-2sarge1
5180 NOTE: fixed in testing at time of DSA (removed from sid)
5181 [13 Feb 2006] DSA-969-1 scponly - design error
5182 {CVE-2005-4532 CVE-2005-4533}
5183 [sarge] - scponly 4.0-1sarge1
5184 NOTE: not fixed in testing at time of DSA (mips/mipsel missing)
5185 [13 Feb 2006] DSA-968-1 noweb - insecure temporary file
5186 {CVE-2005-3342}
5187 [woody] - noweb 2.9a-7.4
5188 [sarge] - noweb 2.10c-3.2
5189 NOTE: not fixed in testing at time of DSA (too young)
5190 [10 Feb 2006] DSA-967-1 elog - several
5191 {CVE-2005-4439 CVE-2006-0347 CVE-2006-0348 CVE-2006-0597 CVE-2006-0598 CVE-2006-0599 CVE-2006-0600}
5192 [sarge] - elog 2.5.7+r1558-4+sarge2
5193 NOTE: fixed in testing at time of DSA
5194 [09 Feb 2006] DSA-966-1 adzapper - denial of service
5195 {CVE-2006-0046}
5196 [sarge] - adzapper 20050316-1sarge1
5197 NOTE: fixed in testing at time of DSA
5198 [06 Feb 2006] DSA-965-1 ipsec-tools - null dereference
5199 {CVE-2005-3732}
5200 [sarge] - ipsec-tools 1:0.5.2-1sarge1
5201 NOTE: fixed in testing at time of DSA
5202 [03 Feb 2006] DSA-964-1 gnocatan - buffer overflow
5203 { CVE-2006-0467 }
5204 [woody] - gnocatan 0.6.1-5woody3
5205 [sarge] - gnocatan 0.8.1.59-1sarge1
5206 NOTE: not fixed in testing at time of DSA
5207 NOTE: Fixed in sid at time of DSA (package name change to pioneers)
5208 [02 Feb 2006] DSA-963-1 mydns - missing input sanitising
5209 { CVE-2006-0351 }
5210 [sarge] - mydns 1.0.0-4sarge1
5211 NOTE: not fixed in testing at time of DSA
5212 NOTE: fixed in sid at time of DSA
5213 [01 Feb 2006] DSA-962-1 pdftohtml - buffer overflows
5214 {CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
5215 [sarge] - pdftohtml 0.36-11sarge1
5216 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5217 [01 Feb 2006] DSA-961-1 pdfkit.framework - buffer overflows
5218 {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
5219 [sarge] - pdfkit.framework 0.8-2sarge1
5220 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5221 [31 Jan 2006] DSA-960-3 libmail-audit-perl - insecure temporary file creation
5222 {CVE-2005-4536}
5223 [woody] - libmail-audit-perl 2.0-4woody3
5224 [sarge] - libmail-audit-perl 2.1-5sarge4
5225 NOTE: 960-1 and 960-2 had regressions
5226 [30 Jan 2006] DSA-959-1 unalz - buffer overflow
5227 {CVE-2005-3862}
5228 [sarge] - unalz 0.30.1
5229 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5230 [27 Jan 2006] DSA-958-1 drupal - several
5231 {CVE-2005-3973 CVE-2005-3974 CVE-2005-3975}
5232 [sarge] - drupal 4.5.3-5
5233 NOTE: fixed in testing at time of DSA
5234 [26 Jan 2006] DSA-957-2 imagemagick - missing shell meta sanitising
5235 {CVE-2005-4601}
5236 [woody] - imagemagick 4:5.4.4.5-1woody8
5237 [sarge] - imagemagick 6:6.0.6.2-2.6
5238 NOTE: fixed in testing at time of DSA
5239 [26 Jan 2006] DSA-956-1 lsh-server - filedescriptor leak
5240 {CVE-2006-0353}
5241 [sarge] - lsh-utils 2.0.1-3sarge1
5242 NOTE: not fixed in testing at time of DSA (not yet built)
5243 [25 Jan 2006] DSA-955-1 mailman - DoS
5244 {CVE-2005-3573 CVE-2005-4153}
5245 [woody] - mailman <not-affected> (Vulnerable code not present)
5246 [sarge] - mailman 2.1.5-8sarge1
5247 NOTE: fixed in testing at time of DSA
5248 [25 Jan 2006] DSA-954-1 wine - design flaw
5249 {CVE-2006-0106}
5250 [sarge] - wine 0.0.20050310-1.2
5251 NOTE: not fixed in testing at time of DSA (too young, 1/10)
5252 [24 Jan 2006] DSA-953-1 flyspray - missing input sanitising
5253 {CVE-2005-3334}
5254 [sarge] - flyspray 0.9.7-2.1
5255 NOTE: fixed in testing at time of DSA
5256 [23 Jan 2006] DSA-952-1 libapache-auth-ldap - format string vulnerability
5257 {CVE-2006-0150}
5258 [woody] - libapache-auth-ldap 1.6.0-3.1
5259 [sarge] - libapache-auth-ldap 1.6.0-8.1
5260 NOTE: fixed in testing at time of DSA (no longer present in testing/sid)
5261 [23 Jan 2006] DSA-951-2 trac - missing input sanitising
5262 {CVE-2005-4065 CVE-2005-4644}
5263 [sarge] - trac 0.8.1-3sarge4
5264 NOTE: fixed in testing at time of DSA
5265 NOTE: Original fix in 951-1 had regressions
5266 [23 Jan 2006] DSA-950-1 cupsys - buffer overflow
5267 {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
5268 [woody] - cupsys 1.1.14-5woody14
5269 [sarge] - cupsys <not-affected> (Cups uses xpdf-utils in Sarge)
5270 NOTE: fixed in testing at time of DSA
5271 [20 Jan 2006] DSA-949-1 crawl - insecure program execution
5272 {CVE-2006-0045}
5273 [woody] - crawl 1:4.0.0beta23-2woody2
5274 [sarge] - crawl 1:4.0.0beta26-4sarge0
5275 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5276 [20 Jan 2006] DSA-948-1 kdelibs - heap overflow
5277 {CVE-2006-0019}
5278 [sarge] - kdelibs 4:3.3.2-6.4
5279 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5280 [20 Jan 2006] DSA-947-1 clamav - heap overflow
5281 {CVE-2006-0162 CVE-2005-3587}
5282 [sarge] - clamav 0.84-2.sarge.7
5283 NOTE: fixed in testing at time of DSA
5284 [08 Apr 2006] DSA-946-2 sudo - missing input sanitising
5285 {CVE-2005-4158 CVE-2006-0151}
5286 [woody] - sudo 1.6.6-1.6
5287 [sarge] - sudo 1.6.8p7-1.4
5288 NOTE: fixed in testing at time of DSA
5289 NOTE: The fix for stable and oldstable switched from a black list
5290 NOTE: of dangerous env vars to a white list of known-to-be-safe env vars
5291 NOTE: sid's 1.6.8p12 still has the black list (although with the strong
5292 NOTE: recommendation to use env_reset, which basically does the same),
5293 NOTE: but 1.7 will have a white list as well
5294 [17 Jan 2006] DSA-945-1 antiword - insecure temporary file
5295 {CVE-2005-3126}
5296 [woody] - antiword 0.32-2woody0
5297 NOTE: fixed in testing at time of DSA
5298 NOTE: sarge is also affected, but the uploaded version is greater
5299 NOTE: than the fixed sid version.
5300 [17 Jan 2006] DSA-944-1 mantis - several
5301 {CVE-2005-4238 CVE-2005-4518 CVE-2005-4519 CVE-2005-4520 CVE-2005-4521 CVE-2005-4522 CVE-2005-4523 CVE-2005-4524 CVE-2006-0840}
5302 [woody] - mantis <not-affected> (Vulnerable code not present)
5303 [sarge] - mantis 0.19.2-5sarge1
5304 NOTE: fixed in testing at time of DSA
5305 [16 Jan 2006] DSA-943-1 perl - integer overflow
5306 {CVE-2005-3962}
5307 [woody] - perl <not-affected>
5308 [sarge] - perl 5.8.4-8sarge3
5309 NOTE: Fixed in testing at time of DSA
5310 [16 Jan 2006] DSA-942-1 albatross - design error
5311 {CVE-2006-0044}
5312 [sarge] - albatross 1.20-2
5313 NOTE: Fixed in testing at time of DSA
5314 [16 Jan 2006] DSA-941-1 tuxpaint - insecure temporary file
5315 {CVE-2005-3340}
5316 [sarge] - tuxpaint 1:0.9.14-2sarge0
5317 NOTE: Not fixed in testing at time of DSA (only 2/2 days old)
5318 [13 Jan 2006] DSA-940-1 gpdf - buffer overflows
5319 {CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
5320 [sarge] - gpdf 2.8.2-1.2sarge2
5321 NOTE: Not fixed in testing at time of DSA (waiting on dep)
5322 [13 Jan 2006] DSA-939-1 fetchmail - programming error
5323 {CVE-2005-4348}
5324 [woody] - fetchmail <not-affected> (Vulnerable code not present)
5325 [sarge] - fetchmail 6.2.5-12sarge4
5326 NOTE: Not fixed in testing at time of DSA (unfixed in sid)
5327 [12 Jan 2006] DSA-938-1 koffice - buffer overflows
5328 {CVE-2005-3191 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
5329 [sarge] - koffice 1:1.3.5-4.sarge.2
5330 NOTE: Not fixed in testing at time of DSA (too new)
5331 [12 Jan 2006] DSA-937-1 tetex-bin - buffer overflows
5332 {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
5333 [sarge] - tetex-bin 2.0.2-30sarge4
5334 [woody] - tetex-bin 1.0.7+20011202-7.7
5335 NOTE: Not fixed in testing at time of DSA (waiting on dep)
5336 [11 Jan 2006] DSA-936-1 libextractor - buffer overflows
5337 {CVE-2005-2097 CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
5338 [sarge] - libextractor 0.4.2-2sarge2
5339 NOTE: Fixed in testing at time of DSA
5340 [10 Jan 2006] DSA-935-1 libapache2-mod-auth-pgsql - format string vulnerability
5341 {CVE-2005-3656}
5342 [sarge] - libapache2-mod-auth-pgsql 2.0.2b1-5sarge0
5343 NOTE: Not fixed in sid at the time of DSA
5344 [09 Jan 2006] DSA-934-1 pound - remote
5345 {CVE-2005-1391 CVE-2005-3751}
5346 [sarge] - pound 1.8.2-1sarge1
5347 NOTE: Fixed in testing at time of DSA
5348 [09 Jan 2006] DSA-933-1 hylafax - arbitrary command execution
5349 {CVE-2005-3539}
5350 [woody] - hylafax 4.1.1-4woody1
5351 [sarge] - hylafax 1:4.2.1-5sarge3
5352 NOTE: Not fixed in testing at time of DSA (Valid candidate should sync today)
5353 [09 Jan 2006] DSA-932-1 kdegraphics - buffer overflows
5354 {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
5355 [sarge] - kdegraphics 4:3.3.2-2sarge3
5356 [09 Jan 2006] DSA-931-1 xpdf - buffer overflows
5357 {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
5358 [woody] - xpdf 1.00-3.8
5359 [sarge] - xpdf 3.00-13.4
5360 [10 Jan 2006] DSA-930-2 smstools - format string attack
5361 {CVE-2006-0083}
5362 [woody] - smstools 1.5.0-2woody0
5363 [sarge] - smstools 1.14.8-1sarge0
5364 NOTE: not fixed in sid at time of DSA
5365 [09 Jan 2006] DSA-930-1 smstools - format string error
5366 {CVE-2006-0083}
5367 [sarge] - smstools 1.14.8-1sarge0
5368 [09 Jan 2006] DSA-929-1 petris - buffer overflow
5369 {CVE-2005-3540}
5370 [sarge] - petris 1.0.1-4sarge0
5371 [27 Dec 2005] DSA-928-1 dhis-tools-dns - insecure temporary file
5372 {CVE-2005-3341}
5373 [sarge] - dhis-tools-dns 5.0-3sarge1
5374 [27 Dec 2005] DSA-927-1 tkdiff - insecure temporary file
5375 {CVE-2005-3343}
5376 [woody] - tkdiff 1:3.08-3woody0
5377 [sarge] - tkdiff 1:4.0.2-1sarge0
5378 NOTE: fixed in testing at time of DSA
5379 [23 Dec 2005] DSA-926-1 ketm - buffer overflow
5380 {CVE-2005-3535}
5381 [woody] - ketm 0.0.6-7woody0
5382 [sarge] - ketm 0.0.6-17sarge1
5383 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5384 [22 Dec 2005] DSA-925-1 phpbb2 - several
5385 {CVE-2005-3310 CVE-2005-3415 CVE-2005-3416 CVE-2005-3417 CVE-2005-3418 CVE-2005-3419 CVE-2005-3420 CVE-2005-3536 CVE-2005-3537}
5386 [sarge] - phpbb2 2.0.13+1-6sarge2
5387 NOTE: fixed in testing at time of DSA
5388 [21 Dec 2005] DSA-924-1 nbd - buffer overflow
5389 {CVE-2005-3534}
5390 [woody] - nbd 1.2cvs20020320-3.woody.3
5391 [sarge] - nbd 1:2.7.3-3sarge1
5392 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5393 [19 Dec 2005] DSA-923-1 dropbear - buffer overflow
5394 {CVE-2005-4178}
5395 [sarge] - dropbear 0.45-2sarge0
5396 NOTE: fixed in testing at time of DSA
5397 [14 Dec 2005] DSA-922-1 kernel-source-2.6.8 - several
5398 {CVE-2004-2302 CVE-2005-0756 CVE-2005-0757 CVE-2005-1265 CVE-2005-1761 CVE-2005-1762 CVE-2005-1763 CVE-2005-1765 CVE-2005-1767 CVE-2005-2456 CVE-2005-2458 CVE-2005-2459 CVE-2005-2548 CVE-2005-2801 CVE-2005-2872 CVE-2005-3105 CVE-2005-3106 CVE-2005-3107 CVE-2005-3108 CVE-2005-3109 CVE-2005-3110 CVE-2005-3271 CVE-2005-3272 CVE-2005-3273 CVE-2005-3274 CVE-2005-3275 CVE-2005-3276}
5399 [sarge] - kernel-source-2.6.8 2.6.8-16sarge1
5400 [sarge] - kernel-image-2.6.8-alpha 2.6.8-16sarge1
5401 [sarge] - kernel-image-2.6.8-amd64 2.6.8-16sarge1
5402 [sarge] - kernel-image-2.6.8-hppa 2.6.8-6sarge1
5403 [sarge] - kernel-image-2.6.8-i386 2.6.8-16sarge1
5404 [sarge] - kernel-image-2.6.8-ia64 2.6.8-14sarge1
5405 [sarge] - kernel-image-2.6.8-m68k 2.6.8-4sarge1
5406 [sarge] - kernel-patch-powerpc-2.6.8 2.6.8-12sarge1
5407 [sarge] - kernel-image-2.6.8-s390 2.6.8-5sarge1
5408 [sarge] - kernel-image-2.6.8-sparc 2.6.8-15sarge1
5409 NOTE: fixed in testing at time of DSA
5410 [14 Dec 2005] DSA-921-1 kernel-source-2.4.27 - several
5411 {CVE-2005-0756 CVE-2005-0757 CVE-2005-1762 CVE-2005-1767 CVE-2005-1768 CVE-2005-2456 CVE-2005-2458 CVE-2005-2459 CVE-2005-2553 CVE-2005-2801 CVE-2005-2872 CVE-2005-3275}
5412 [sarge] - kernel-source-2.4.27 2.4.27-10sarge1
5413 [sarge] - kernel-image-2.4.27-alpha 2.4.27-10sarge1
5414 [sarge] - kernel-patch-2.4.27-arm 2.4.27-1sarge1
5415 [sarge] - kernel-image-2.4.27-arm 2.4.27-2sarge1
5416 [sarge] - kernel-image-2.4.27-i386 2.4.27-10sarge1
5417 [sarge] - kernel-image-2.4.27-ia64 2.4.27-10sarge1
5418 [sarge] - kernel-image-2.4.27-m68k 2.4.27-3sarge1
5419 [sarge] - kernel-patch-2.4.27-mips 2.4.27-10.sarge1.040815-1
5420 [sarge] - kernel-patch-powerpc-2.4.27 2.4.27-10sarge1
5421 [sarge] - kernel-image-2.4.27-s390 2.4.27-2sarge1
5422 [sarge] - kernel-image-2.4.27-sparc 2.4.27-9sarge1
5423 NOTE: fixed in testing at time of DSA
5424 [13 Dec 2005] DSA-920-1 ethereal - buffer overflow
5425 {CVE-2005-3651}
5426 [woody] - ethereal 0.9.4-1woody14
5427 [sarge] - ethereal 0.10.10-2sarge3
5428 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5429 [12 Dec 2005] DSA-919-2 curl - buffer overflow
5430 {CVE-2005-4077 CVE-2005-3185}
5431 [woody] - curl 7.9.5-1woody2
5432 [sarge] - curl 7.13.2-2sarge5
5433 NOTE: partially fixed in testing at time of DSA
5434 NOTE: Initial -1 DSA was incomplete
5435 [09 Dec 2005] DSA-918-1 osh - programming error
5436 {CVE-2005-3346 CVE-2005-3533}
5437 [woody] - osh 1.7-11woody2
5438 [sarge] - osh 1.7-13sarge1
5439 NOTE: fixed in testing at time of DSA (has been removed)
5440 [08 Dec 2005] DSA-917-1 courier - programming error
5441 {CVE-2005-3532}
5442 [woody] - courier 0.37.3-2.8
5443 [sarge] - courier 0.47-4sarge4
5444 NOTE: not fixed in testing at time of DSA (waiting on GCC)
5445 [07 Dec 2005] DSA-916-1 inkscape - buffer overflow
5446 {CVE-2005-3737 CVE-2005-3885}
5447 [sarge] - inkscape 0.41-4.99.sarge2
5448 NOTE: not fixed in testing at time of DSA (RC bug, waiting on GCC)
5449 [02 Dec 2005] DSA-915-1 helix-player - buffer overflow
5450 {CVE-2005-2629}
5451 [sarge] - helix-player 1.0.4-1sarge2
5452 NOTE: fixed in testing at time of DSA (not in testing due to RC bugs)
5453 [01 Dec 2005] DSA-914-1 horde2 - missing input sanitising
5454 {CVE-2005-3570}
5455 [sarge] - horde2 2.2.8-1sarge1
5456 NOTE: fixed in testing at time of DSA
5457 [01 Dec 2005] DSA-913-1 gdk-pixbuf - several
5458 {CVE-2005-2975 CVE-2005-2976 CVE-2005-3186}
5459 [woody] - gdk-pixbuf 0.17.0-2woody3
5460 [sarge] - gdk-pixbuf 0.22.0-8.1
5461 NOTE: fixed in testing at time of DSA
5462 [30 Nov 2005] DSA-912-1 centericq - denial of service
5463 {CVE-2005-3694}
5464 [woody] - centericq 4.5.1-1.1woody1
5465 [sarge] - centericq 4.20.0-1sarge3
5466 NOTE: not fixed in testing at time of DSA (waiting on deps)
5467 [30 Nov 2005] DSA-911-1 gtk+2.0 - several
5468 {CVE-2005-2975 CVE-2005-2976 CVE-2005-3186}
5469 [woody] - gtk+2.0 2.0.2-5woody3
5470 [sarge] - gtk+2.0 2.6.4-3.1
5471 NOTE: not fixed in testing at time of DSA (RC bug)
5472 [24 Nov 2005] DSA-910-1 zope2.7 - design error
5473 {CVE-2005-3323}
5474 [sarge] - zope2.7 2.7.5-2sarge1
5475 NOTE: fixed in testing at time of DSA
5476 [23 Nov 2005] DSA-909-1 horde3 - missing input sanitising
5477 {CVE-2005-3759}
5478 [sarge] - horde3 3.0.4-4sarge2
5479 NOTE: not fixed in testing at time of DSA (too young 0/2)
5480 [23 Nov 2005] DSA-908-1 sylpheed-claws - buffer overflows
5481 {CVE-2005-3354}
5482 [woody] - sylpheed-claws 0.7.4claws-3woody1
5483 [sarge] - sylpheed-claws 1.0.4-1sarge1
5484 NOTE: not fixed in testing at time of DSA (too young 0/2)
5485 [23 Nov 2005] DSA-907-1 ipmenu - insecure temporary file
5486 {CVE-2004-2569}
5487 [woody] - ipmenu 0.0.3-4woody1
5488 NOTE: fixed in testing at time of DSA (not part of testing/sarge due to long-standing blocking deps)
5489 [22 Nov 2005] DSA-906-1 sylpheed - several
5490 {CVE-2005-3354}
5491 [woody] - sylpheed 0.7.4-4woody1
5492 [sarge] - sylpheed 1.0.4-1sarge1
5493 NOTE: not fixed in testing at time of DSA (too young 7/10, RC bugs)
5494 [22 Nov 2005] DSA-905-1 mantis - several
5495 {CVE-2005-3091 CVE-2005-3335 CVE-2005-3336 CVE-2005-3338 CVE-2005-3339}
5496 [woody] - mantis <not-affected> (Vulnerable code not present)
5497 [sarge] - mantis 0.19.2-4.1
5498 NOTE: fixed in testing at time of DSA
5499 [21 Nov 2005] DSA-904-1 netpbm-free - buffer overflows
5500 {CVE-2005-3632 CVE-2005-3662}
5501 [woody] - netpbm-free 2:9.20-8.5
5502 [sarge] - netpbm-free 2:10.0-8sarge2
5503 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5504 [21 Nov 2005] DSA-903-1 unzip - race condition
5505 {CVE-2005-2475}
5506 [woody] - unzip 5.50-1woody5
5507 [sarge] - unzip 5.52-1sarge3
5508 NOTE: fixed in testing at time of DSA
5509 NOTE: Original 903-1 DSA had a regression
5510 [21 Nov 2005] DSA-902-1 xmail - buffer overflow
5511 {CVE-2005-2943}
5512 [sarge] - xmail 1.21-3sarge1
5513 NOTE: fixed in testing at time of DSA
5514 [19 Nov 2005] DSA-901-1 gnump3d - programming error
5515 {CVE-2005-3349 CVE-2005-3355}
5516 [sarge] - gnump3d 2.9.3-1sarge3
5517 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5518 [22 Nov 2005] DSA-900-3 fetchmail - programming error
5519 {CVE-2005-3088}
5520 [woody] - fetchmail 5.9.11-6.4
5521 [woody] - fetchmail-ssl 5.9.11-6.3
5522 [sarge] - fetchmail 6.2.5-12sarge3
5523 NOTE: Original two Woody fixes had regressions
5524 NOTE: not fixed in testing at time of DSA (too young 2/2)
5525 [17 Nov 2005] DSA-899-1 egroupware - programming errors
5526 {CVE-2005-0870 CVE-2005-2600 CVE-2005-3347 CVE-2005-3348}
5527 [sarge] - egroupware 1.0.0.007-2.dfsg-2sarge4
5528 NOTE: not fixed in testing at time of DSA (too young 1/2)
5529 [17 Nov 2005] DSA-898-1 phpgroupware - programming errors
5530 {CVE-2005-0870 CVE-2005-3347 CVE-2005-3348}
5531 [woody] - phpgroupware 0.9.14-0.RC3.2.woody5
5532 [sarge] - phpgroupware 0.9.16.005-3.sarge4
5533 NOTE: not fixed in testing at time of DSA (too young 1/2)
5534 [15 Nov 2005] DSA-897-1 phpsysinfo - programming errors
5535 {CVE-2005-0870 CVE-2005-3347 CVE-2005-3348}
5536 [woody] - phpsysinfo 2.0-3woody3
5537 [sarge] - phpsysinfo 2.3-4sarge1
5538 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5539 [15 Nov 2005] DSA-896-1 linux-ftpd-ssl - buffer overflow
5540 {CVE-2005-3524}
5541 [sarge] - linux-ftpd-ssl 0.17.18+0.3-3sarge1
5542 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5543 [14 Nov 2005] DSA-895-1 uim - programming error
5544 {CVE-2005-3149}
5545 [sarge] - uim 1:0.4.6final1-3sarge1
5546 NOTE: not fixed in testing at time of DSA (missing deps)
5547 [14 Nov 2005] DSA-894-1 abiword - buffer overflows
5548 {CVE-2005-2964 CVE-2005-2972}
5549 [woody] - abiword 1.0.2+cvs.2002.06.05-1woody3
5550 [sarge] - abiword 2.2.7-3sarge2
5551 NOTE: sid fix from DSA text in wrong, pinged security@
5552 NOTE: fixed in testing at time of DSA
5553 [14 Nov 2005] DSA-893-1 acidlab - missing input sanitising
5554 {CVE-2005-3325}
5555 [woody] - acidlab 0.9.6b20-2.1
5556 [sarge] - acidlab 0.9.6b20-10.1
5557 NOTE: fixed in testing at time of DSA
5558 [10 Nov 2005] DSA-892-1 awstats - missing input sanitising
5559 {CVE-2005-1527}
5560 [sarge] - awstats 6.4-1sarge1 (bug #322591; bug #334833; bug #336137; medium)
5561 [woody] - awstats <not-affected> (vulnerable code not present)
5562 NOTE: fixed in testing at time of DSA
5563 [09 Nov 2005] DSA-891-1 gpsdrive - format string
5564 {CVE-2005-3523}
5565 [sarge] - gpsdrive 2.09-2sarge1
5566 NOTE: not fixed in testing at time of DSA (DSA fix propagated to sid)
5567 [09 Nov 2005] DSA-890-1 libungif4 - several
5568 {CVE-2005-2974 CVE-2005-3350}
5569 [woody] - libungif4 4.1.0b1-2woody1
5570 [sarge] - libungif4 4.1.3-2sarge1
5571 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5572 [08 Nov 2005] DSA-889-1 enigmail - programming error
5573 {CVE-2005-3256}
5574 [sarge] - enigmail 2:0.91-4sarge2
5575 NOTE: fixed in testing at time of DSA
5576 [07 Nov 2005] DSA-888-1 openssl - cryptographic weakness
5577 {CVE-2005-2969}
5578 [woody] - openssl 0.9.6c-2.woody.8
5579 [sarge] - openssl 0.9.7e-3sarge1
5580 NOTE: fixed in testing at time of DSA
5581 [07 Nov 2005] DSA-887-1 clamav - several
5582 {CVE-2005-3239 CVE-2005-3303 CVE-2005-3500 CVE-2005-3501}
5583 [sarge] - clamav 0.84-2.sarge.6
5584 NOTE: fixed in testing at time of DSA (unfixed in sid; DTSA issued)
5585 [07 Nov 2005] DSA-886-1 chmlib - several
5586 {CVE-2005-2659 CVE-2005-2930 CVE-2005-3318}
5587 [sarge] - chmlib 0.35-6sarge1
5588 NOTE: not fixed in testing at time of DSA (not built on all archs)
5589 [07 Nov 2005] DSA-885-1 openvpn - several
5590 {CVE-2005-3393 CVE-2005-3409}
5591 [sarge] - openvpn 2.0-1sarge2
5592 NOTE: not fixed in testing at time of DSA (too young 0/2 days)
5593 [07 Nov 2005] DSA-884-1 horde3 - design error
5594 {CVE-2005-3344}
5595 [sarge] - horde3 3.0.4-4sarge1
5596 NOTE: fixed in testing at time of DSA
5597 [04 Nov 2005] DSA-883-1 thttpd - insecure temporary file
5598 {CVE-2005-3124}
5599 [woody] - thttpd 2.21b-11.3
5600 [sarge] - thttpd 2.23beta1-3sarge1
5601 NOTE: fixed in testing at time of DSA (not present in testing/sid anymore)
5602 [04 Nov 2005] DSA-882-1 openssl095 - cryptographic weakness
5603 {CVE-2005-2969}
5604 [woody] - openssl095 0.9.5a-6.woody.6
5605 NOTE: fixed in testing at time of DSA (not present in testing/sid anymore)
5606 [04 Nov 2005] DSA-881-1 openssl096 - cryptographic weakness
5607 {CVE-2005-2969}
5608 [sarge] - openssl096 0.9.6m-1sarge1
5609 NOTE: fixed in testing at time of DSA (not present in testing/sid anymore)
5610 [02 Nov 2005] DSA-880-1 phpmyadmin - several
5611 {CVE-2005-2869 CVE-2005-3300 CVE-2005-3301 CVE-2005-3787}
5612 [woody] - phpmyadmin <unfixed>
5613 [sarge] - phpmyadmin 4:2.6.2-3sarge1
5614 NOTE: fixed in testing at time of DSA
5615 [02 Nov 2005] DSA-879-1 gallery - programming error
5616 {CVE-2005-2596}
5617 [woody] - gallery <not-affected> (Not affected, according to DSA-879)
5618 [sarge] - gallery 1.5-1sarge1
5619 NOTE: fixed in testing at time of DSA
5620 [28 Oct 2005] DSA-878-1 netpbm-free - buffer overflow
5621 {CVE-2005-2978}
5622 [woody] - netpbm-free <not-affected> (Does not contain the vulnerable code)
5623 [sarge] - netpbm-free 2:10.0-8sarge1
5624 NOTE: not fixed in testing at time of DSA (png transition)
5625 [28 Oct 2005] DSA-877-1 gnump3d - cross-site-scripting, directory traversal
5626 {CVE-2005-3123 CVE-2005-3424 CVE-2005-3425}
5627 [sarge] - gnump3d 2.9.3-1sarge2
5628 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5629 [27 Oct 2005] DSA-876-1 lynx-ssl - buffer overflow
5630 {CVE-2005-3120}
5631 [woody] - lynx 2.8.4.1b-3.2
5632 [sarge] - lynx 2.8.5-2sarge1
5633 NOTE: not fixed in testing at time of DSA (lynx provides now TLS support; unfixed in sid)
5634 [27 Oct 2005] DSA-875-1 openssl094 - cryptographic weakness
5635 {CVE-2005-2969}
5636 [woody] - openssl094 0.9.4-6.woody.4
5637 NOTE: fixed in testing at time of DSA (not present in testing/sid anymore)
5638 [27 Oct 2005] DSA-874-1 lynx - buffer overflow
5639 {CVE-2005-3120}
5640 [woody] - lynx 2.8.4.1b-3.3
5641 [sarge] - lynx 2.8.5-2sarge1
5642 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5643 [26 Oct 2005] DSA-873-1 net-snmp - programming error
5644 {CVE-2005-2177}
5645 [sarge] - net-snmp 5.1.2-6.2
5646 NOTE: not fixed in testing at time of DSA (libsnmp transition)
5647 [26 Oct 2005] DSA-872-1 koffice - buffer overflow
5648 {CVE-2005-2971}
5649 [sarge] - koffice 1:1.3.5-4.sarge.1
5650 NOTE: not fixed in testing at time of DSA (KDE transition)
5651 [25 Oct 2005] DSA-871-1 libgda2 - format string
5652 {CVE-2005-2958}
5653 [woody] - libgda <not-affected> (Does not contain the vulnerable code)
5654 [sarge] - libgda2 1.2.1-2sarge1
5655 NOTE: not fixed in testing at time of DSA (waiting on deps)
5656 [25 Oct 2005] DSA-870-1 sudo - missing input sanitising
5657 {CVE-2005-2959}
5658 [woody] - sudo 1.6.6-1.4
5659 [sarge] - sudo 1.6.8p7-1.2
5660 NOTE: fixed in testing at time of DSA
5661 [20 Oct 2005] DSA-869-1 eric - missing input sanitising
5662 {CVE-2005-3068}
5663 [sarge] - eric 3.6.2-2
5664 NOTE: not fixed in testing at time of DSA (KDE/qt transition)
5665 [20 Oct 2005] DSA-868-1 mozilla-thunderbird - several
5666 {CVE-2005-2871 CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706 CVE-2005-2707 CVE-2005-2968}
5667 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.7
5668 NOTE: not fixed in testing at time of DSA (missing builds)
5669 [20 Oct 2005] DSA-867-1 module-assistant - insecure temporary file
5670 {CVE-2005-3121}
5671 [sarge] - module-assistant 0.9sarge1
5672 NOTE: fixed in testing at time of DSA
5673 [20 Oct 2005] DSA-866-1 mozilla - several
5674 {CVE-2005-2871 CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706 CVE-2005-2707}
5675 [woody] - mozilla <unfixed>
5676 [sarge] - mozilla 1:1.7.8-1sarge3
5677 NOTE: not fixed in testing at time of DSA (missing hppa, RC bugs)
5678 NOTE: DSA claims to fix CVE-2005-2968 and contains a patch. But
5679 NOTE: mozilla-browser 1.7.8-1sarge2 does not contain the
5680 NOTE: wrapper script in a vulnerable version.
5681 [13 Oct 2005] DSA-865-1 hylafax - insecure temporary files
5682 {CVE-2005-3069}
5683 [woody] - hylafax 1:4.1.1-3.2
5684 [sarge] - hylafax 1:4.2.1-5sarge1
5685 NOTE: not fixed in testing at time of DSA (missing arm)
5686 [13 Oct 2005] DSA-864-1 ruby1.8 - programming error
5687 {CVE-2005-2337}
5688 [sarge] - ruby1.8 1.8.2-7sarge2
5689 NOTE: not fixed in testing at time of DSA (RC bugs)
5690 [12 Oct 2005] DSA-863-1 xine-lib - format string vulnerability
5691 {CVE-2005-2967}
5692 [woody] - xine-lib 0.9.8-2woody4
5693 [sarge] - xine-lib 1.0.1-1sarge1
5694 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5695 [11 Oct 2005] DSA-862-1 ruby1.6 - programming error
5696 {CVE-2005-2337}
5697 [sarge] - ruby1.6 1.6.8-12sarge1
5698 NOTE: not fixed in testing at time of DSA (RC bugs)
5699 [11 Oct 2005] DSA-861-1 up-imap - buffer overflow
5700 {CVE-2005-2933}
5701 [sarge] - uw-imap 7:2002edebian1-11sarge1
5702 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5703 [11 Oct 2005] DSA-860-1 ruby - programming error
5704 {CVE-2005-2337}
5705 [woody] - ruby 1.6.7-3woody5
5706 NOTE: fixed in testing at time of DSA (woody-only DSA)
5707 [10 Oct 2005] DSA-859-1 xli - buffer overflows
5708 {CVE-2005-3178}
5709 [woody] - xli 1.17.0-11woody2
5710 [sarge] - xli 1.17.0-18sarge1
5711 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5712 [10 Oct 2005] DSA-858-1 xloadimage - buffer overflows
5713 {CVE-2005-3178}
5714 [woody] - xloadimage 4.1-10woody2 (bug #332524; medium)
5715 [sarge] - xloadimage 4.1-14.3
5716 NOTE: not fixed in testing at time of DSA (too young)
5717 [10 Oct 2005] DSA-857-1 graphviz - insecure temporary file
5718 {CVE-2005-4803}
5719 [sarge] - graphviz 2.2.1-1sarge1 (low)
5720 NOTE: fixed in testing at time of DSA
5721 [10 Oct 2005] DSA-856-1 py2play - design error
5722 {CVE-2005-2875}
5723 [sarge] - py2play 0.1.7-1sarge1 (bug #326976; medium)
5724 NOTE: fixed in testing at time of DSA
5725 [10 Oct 2005] DSA-855-1 weex - format string vulnerability
5726 {CVE-2005-3150}
5727 [sarge] - weex 2.6.1-6sarge1 (bug #332424; medium)
5728 [woody] - weex 2.6.1-4woody2 (bug #332424; medium)
5729 NOTE: not fixed in testing at time of DSA (DSA fix propagated to sid)
5730 [09 Oct 2005] DSA-854-1 tcpdump - infinite loop
5731 {CVE-2005-1267}
5732 [sarge] - tcpdump 3.8.3-5sarge1
5733 [woody] - tcpdump <not-affected> (not affected according to DSA)
5734 NOTE: fixed in testing at time of DSA
5735 [09 Oct 2005] DSA-853-1 ethereal - several
5736 {CVE-2005-2360 CVE-2005-2361 CVE-2005-2363 CVE-2005-2364 CVE-2005-2365 CVE-2005-2366 CVE-2005-2367}
5737 [woody] - ethereal 0.9.4-1woody13
5738 [sarge] - ethereal 0.10.10-2sarge3
5739 NOTE: not fixed in testing at time of DSA (not fixed in unstable)
5740 [08 Oct 2005] DSA-852-1 up-imapproxy - arbitrary code execution
5741 {CVE-2005-2661}
5742 [sarge] - up-imapproxy 1.2.3-1sarge1
5743 NOTE: not fixed in testing at time of DSA (not fixed in unstable)
5744 [08 Oct 2005] DSA-851-1 openvpn - denial of service
5745 {CVE-2005-2531 CVE-2005-2532 CVE-2005-2533 CVE-2005-2534}
5746 [sarge] - openvpn 2.0-1sarge1
5747 NOTE: fixed in testing at time of DSA
5748 [08 Oct 2005] DSA-850-1 tcpdump - denial of service
5749 {CVE-2005-1279}
5750 [woody] - tcpdump 3.6.2-2.9
5751 NOTE: fixed in testing at time of DSA (woody-only DSA)
5752 [08 Oct 2005] DSA-849-1 shorewall - programming error
5753 {CVE-2005-2317}
5754 [woody] - shorewall <not-affected> (vulnerable code not yet present)
5755 [sarge] - shorewall 2.2.3-2
5756 NOTE: fixed in testing at time of DSA
5757 [08 Oct 2005] DSA-848-1 masqmail - several
5758 {CVE-2005-2662 CVE-2005-2663}
5759 [woody] - masqmail 0.1.16-2.2
5760 [sarge] - masqmail 0.2.20-1sarge1
5761 NOTE: not fixed in testing at time of DSA (not fixed in unstable)
5762 [08 Oct 2005] DSA-847-1 dia - missing input sanitising
5763 {CVE-2005-2966}
5764 [sarge] - dia 0.94.0-7sarge1 (bug #330890; medium)
5765 [woody] - dia <not-affected> (not affected according to DSA)
5766 NOTE: not fixed in testing at time of DSA, missing sparc build, gcc-4.0
5767 [07 Oct 2005] DSA-846-1 cpio - several
5768 {CVE-2005-1111 CVE-2005-1229}
5769 [woody] - cpio 2.4.2-39woody2
5770 [sarge] - cpio 2.5-1.3
5771 NOTE: fixed in testing at time of DSA
5772 [06 Oct 2005] DSA-845-1 mason - programming error
5773 {CVE-2005-3118}
5774 [woody] - mason 0.13.0.92-2woody1
5775 [sarge] - mason 1.0.0-2.2
5776 NOTE: fixed in testing at time of DSA
5777 [05 Oct 2005] DSA-844-1 mod-auth-shadow - programming error
5778 {CVE-2005-2963}
5779 [woody] - mod-auth-shadow 1.3-3.1woody.2
5780 [sarge] - mod-auth-shadow 1.4-1sarge1
5781 NOTE: not fixed in testing at time of DSA (missing m68k)
5782 [05 Oct 2005] DSA-843-1 arc - insecure temporary file
5783 {CVE-2005-2945 CVE-2005-2992}
5784 [sarge] - arc 5.21l-1sarge1
5785 NOTE: fixed in testing at time of DSA
5786 [04 Oct 2005] DSA-842-1 egroupware - missing input sanitising
5787 {CVE-2005-2498}
5788 [sarge] - egroupware 1.0.0.007-2.dfsg-2sarge2
5789 NOTE: fixed in testing at time of DSA
5790 [04 Oct 2005] DSA-841-1 mailutils - format string vulnerability
5791 {CVE-2005-2878}
5792 [woody] - mailutils <not-affected> (not affected according to DSA)
5793 [sarge] - mailutils 1:0.6.1-4sarge1
5794 NOTE: not fixed in testing at time of DSA (missing arm)
5795 [04 Jul 2005] DSA-840-1 drupal - missing input sanitising
5796 {CVE-2005-2498}
5797 [sarge] - drupal 4.5.3-4
5798 NOTE: fixed in testing at time of DSA
5799 [04 Oct 2005] DSA-839-1 apachetop - insecure temporary file
5800 {CVE-2005-2660}
5801 [sarge] - apachetop 0.12.5-1sarge1
5802 NOTE: not fixed in testing at time of DSA (not built on m68k, waiting on gcc-4)
5803 [03 Oct 2005] DSA-838-1 mozilla-firefox - multiple vulnerabilities
5804 {CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706 CVE-2005-2707}
5805 [sarge] - mozilla-firefox 1.0.4-2sarge5
5806 NOTE: not fixed in testing at time of DSA (not built on arm, silly RC bugs)
5807 [02 Oct 2005] DSA-837-1 mozilla-firefox - buffer overflow
5808 {CVE-2005-2871}
5809 [sarge] - mozilla-firefox 1.0.4-2sarge4 (medium; bug #327452)
5810 NOTE: not fixed in testing at time of DSA (not built on arm, silly RC bugs)
5811 [01 Oct 2005] DSA-836-1 cfengine2 - insecure temporary files
5812 {CVE-2005-2960 CVE-2005-3137}
5813 [sarge] - cfengine2 2.1.14-1sarge1
5814 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5815 NOTE: No bug exists for this issue
5816 [01 Oct 2005] DSA-835-1 cfengine - insecure temporary files
5817 {CVE-2005-2960 CVE-2005-3137}
5818 [woody] - cfengine 1.6.3-9woody1
5819 [sarge] - cfengine 1.6.5-1sarge1
5820 NOTE: not fixed in testing at time of DSA (unfixed in sid)
5821 NOTE: No bug exists for this issue
5822 [01 Oct 2005] DSA-834-1 prozilla - buffer overflow
5823 {CVE-2005-2961}
5824 [woody] - prozilla 1:1.3.6-3woody3
5825 NOTE: Prozilla has been removed before Sarge release
5826 [30 Sep 2005] DSA-832-1 gopher - buffer overflows
5827 {CVE-2005-2772}
5828 [woody] - gopher 3.0.3woody4
5829 [sarge] - gopher 3.0.7sarge2
5830 NOTE: fixed in testing at time of DSA
5831 [30 Sep 2005] DSA-831-1 mysql-dfsg-4.1 - several
5832 {CVE-2005-2558}
5833 [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge2
5834 NOTE: not fixed in testing at time of DSA (waiting on gmp, missing builds)
5835 [30 Sep 2005] DSA-830-1 ntlmaps - wrong permissions
5836 {CVE-2005-2962}
5837 [sarge] - ntlmaps 0.9.9-2sarge1
5838 NOTE: fixed in testing at time of DSA
5839 [30 Sep 2005] DSA-829-1 mysql - several
5840 {CVE-2005-2558}
5841 [woody] - mysql 3.23.49-8.14
5842 NOTE: fixed in testing at time of DSA
5843 [30 Sep 2005] DSA-828-1 squid - several
5844 {CVE-2005-2917}
5845 [woody] - squid <not-affected> (not affected according to DSA)
5846 [sarge] - squid 2.5.9-10sarge2
5847 NOTE: fixed in testing at time of DSA
5848 [07 Nov 2005] DSA-809-3 squid - assertion error
5849 {CVE-2005-2794}
5850 [woody] - squid 2.4.6-2woody11
5851 [sarge] - squid 2.5.9-10sarge1
5852 NOTE: fixed in testing at time of DSA
5853 NOTE: -1 and -2 had regressions
5854 [29 Sep 2005] DSA-827-1 backupninja - insecure temporary file creation
5855 {CVE-2005-3111}
5856 [sarge] - backupninja 0.5-3sarge1 (medium)
5857 NOTE: not fixed in testing at time of DSA (too young 1/2 days)
5858 [29 Sep 2005] DSA-826-1 helix-player - multiple
5859 {CVE-2005-1766 CVE-2005-2710}
5860 [sarge] - helix-player 1.0.4-1sarge1 (high)
5861 NOTE: not fixed in testing at time of DSA
5862 [29 Sep 2005] DSA-825-1 loop-aes-utils - privilege escalation
5863 {CVE-2005-2876}
5864 [sarge] - loop-aes-utils 2.12p-4sarge1 (medium)
5865 NOTE: fixed in testing at the time of the DSA
5866 [29 Sep 2005] DSA-823-1 util-linux - privilege escalation
5867 {CVE-2005-2876}
5868 [woody] - util-linux 2.11n-7woody1 (high)
5869 [sarge] - util-linux 2.12p-4sarge1 (high)
5870 NOTE: not fixed in testing at time of DSA
5871 [29 Sep 2005] DSA-822-1 gtkdiskfree - insecure temporary file creation
5872 {CVE-2005-2918}
5873 [sarge] - gtkdiskfree 1.9.3-4sarge1 (bug #328566; medium)
5874 NOTE: not fixed even in unstable at time of DSA
5875 [29 Sep 2005] DSA-824-1 clamav - infinite loop, buffer overflow
5876 {CVE-2005-2919 CVE-2005-2920}
5877 [sarge] - clamav 0.84-2.sarge.4 (high)
5878 NOTE: not fixed in testing at time of DSA
5879 [28 Sep 2005] DSA-797-2 zsync - buffer overflow
5880 {CVE-2005-1849 CVE-2005-2096}
5881 NOTE: An upload to fix a build failure on i386
5882 [28 Sep 2005] DSA-821-1 python2.3 - integer overflow
5883 {CVE-2005-2491}
5884 [sarge] - python2.3 2.3.5-3sarge1 (medium)
5885 NOTE: not fixed in testing at time of DSA (waiting on gmp)
5886 NOTE: python2.3 is not in woody
5887 [24 Sep 2005] DSA-820-1 courier - missing input sanitising
5888 {CVE-2005-2820 CVE-2005-2769}
5889 [woody] - courier 0.37.3-2.7 (medium)
5890 [sarge] - courier 0.47-4sarge3 (medium)
5891 NOTE: fixed in testing at time of DSA
5892 NOTE: CVE-2005-2769 listed as fixed in the changelog, missing from
5893 NOTE: DSA.
5894 [23 Sep 2005] DSA-819-1 python2.1 - integer overflow
5895 {CVE-2005-2491}
5896 [woody] - python2.1 2.1.3-3.4 (medium)
5897 [sarge] - python2.1 2.1.3dfsg-1sarge1 (medium)
5898 NOTE: not fixed in testing at time of DSA (waiting on gmp)
5899 [22 Sep 2005] DSA-818-1 kdeedu - insecure temporary files
5900 {CVE-2005-2101}
5901 [sarge] - kdeedu 4:3.3.2-3.sarge.1 (low)
5902 NOTE: not fixed in testing at time of DSA
5903 NOTE: woody is not affected according to the DSA
5904 [22 Sep 2005] DSA-817-1 python2.2 - integer overflow
5905 {CVE-2005-2491}
5906 [woody] - python2.2 2.2.1-4.8 (bug #324531; medium)
5907 [sarge] - python2.2 2.2.3dfsg-2sarge1 (bug #324531; medium)
5908 NOTE: not fixed in testing at time of DSA (waiting on gmp)
5909 [19 Sep 2005] DSA-816-1 xfree86 - integer overflow
5910 {CVE-2005-2495}
5911 [woody] - xfree86 4.1.0-16woody7
5912 [sarge] - xfree86 4.3.0.dfsg.1-14sarge1
5913 NOTE: not fixed in testing at time of DSA (waiting on gcc, which is waiting on gmp)
5914 [16 Sep 2005] DSA-815-1 kdebase - programming error
5915 {CVE-2005-2494}
5916 [sarge] - kdebase 4:3.3.2-1sarge1 (bug #327039; medium)
5917 [woody] - kdebase <not-affected> (according to the DSA)
5918 NOTE: not fixed in testing at time of DSA (not even fixed in unstable)
5919 [15 Sep 2005] DSA-814-1 lm-sensors - insecure temporary file
5920 {CVE-2005-2672}
5921 [sarge] - lm-sensors 1:2.9.1-1sarge2 (bug #324193)
5922 [woody] - lm-sensors <not-affected> (according to DSA)
5923 NOTE: not fixed in testing at time of DSA (waiting on rrdtool, which is waiting on perl)
5924 [15 Sep 2005] DSA-813-1 centericq - several
5925 {CVE-2005-2369 CVE-2005-2370 CVE-2005-2448}
5926 [woody] - centericq <not-affected> (according to DSA)
5927 [sarge] - centericq 4.20.0-1sarge2
5928 NOTE: fixed in testing in time of DSA
5929 [15 Sep 2005] DSA-812-1 turqstat - buffer overflow
5930 {CVE-2005-2658}
5931 [woody] - turqstat 2.2.1woody1 (medium)
5932 [sarge] - turqstat 2.2.2sarge1 (medium)
5933 NOTE: not fixed in testing at time of DSA (waiting on qt, borked on m68k)
5934 [21 Nov 2005] DSA-811-2 common-lisp-controller - design error
5935 {CVE-2005-2657}
5936 [woody] - common-lisp-controller <not-affected> (according to the DSA)
5937 [sarge] - common-lisp-controller 4.15sarge3 (bug #328633; medium)
5938 NOTE: Original sarge2 fix had regressions
5939 NOTE: fixed in testing at time of DSA
5940 [13 Sep 2005] DSA-810-1 mozilla - several
5941 {CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2263 CVE-2005-2265 CVE-2005-2266 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270}
5942 [sarge] - mozilla 2:1.7.8-1sarge2 (medium)
5943 NOTE: not fixed in testing at time of DSA (buggy and TBS)
5944 [13 Sep 2005] DSA-809-1 squid - several
5945 {CVE-2005-2794 CVE-2005-2796}
5946 [sarge] - squid 2.5.9-10sarge1 (medium)
5947 NOTE: not fixed in testing at time of DSA (too young)
5948 [12 Sep 2005] DSA-808-1 tdiary - design error
5949 {CVE-2005-2411}
5950 [sarge] - tdiary 2.0.1-1sarge1 (medium)
5951 NOTE: fixed in testing at time of DSA
5952 [12 Sep 2005] DSA-807-1 libapache-mod-ssl - acl restriction bypass
5953 {CVE-2005-2700}
5954 [woody] - libapache-mod-ssl 2.8.9-2.5 (medium)
5955 [sarge] - libapache-mod-ssl 2.8.22-1sarge1 (medium)
5956 NOTE: not fixed in testing at time of DSA (too young)
5957 [09 Sep 2005] DSA-806-1 gcvs - insecure temporary files
5958 {CVE-2005-2693}
5959 [woody] - gcvs 1.0a7-2woody1 (low)
5960 [sarge] - gcvs 1.0final-5sarge1 (low)
5961 NOTE: fixed in testing at time of DSA
5962 [08 Sep 2005] DSA-805-1 apache2 - several
5963 {CVE-2005-1268 CVE-2005-2088 CVE-2005-2700 CVE-2005-2728}
5964 [sarge] - apache2 2.0.54-5 (medium)
5965 NOTE: not fixed in testing at time of DSA (too young)
5966 [08 Sep 2005] DSA-804-2 kdelibs - insecure permissions
5967 {CVE-2005-1920}
5968 [sarge] - kdelibs 4:3.3.2-6.3 (medium)
5969 NOTE: fixed in testing at time of DSA
5970 NOTE: original fix from -1 was only included, not applied
5971 [07 Sep 2005] DSA-803-1 apache - programming error
5972 {CVE-2005-2088}
5973 [woody] - apache 1.3.26-0woody7 (medium)
5974 [sarge] - apache 1.3.33-6sarge1 (medium)
5975 NOTE: not fixed in testing at time of DSA (too young)
5976 [07 Sep 2005] DSA-802-1 cvs - insecure temporary files
5977 {CVE-2005-2693}
5978 [woody] - cvs 1.11.1p1debian-13 (low)
5979 NOTE: not exposed in sarge according to the DSA
5980 NOTE: fixed in testing at time of DSA
5981 [05 Sep 2005] DSA-801-1 ntp - programming error
5982 {CVE-2005-2496}
5983 [sarge] - ntp 1:4.2.0a+stable-2sarge1 (medium)
5984 [woody] - ntp <not-affected> (not affected according to DSA)
5985 NOTE: not fixed in testing at time of DSA (RC bugs)
5986 [02 Sep 2005] DSA-800-1 pcre3 - integer overflow
5987 {CVE-2005-2491}
5988 [woody] - pcre3 3.4-1.1woody1
5989 [sarge] - pcre3 4.5-1.2sarge1
5990 NOTE: not fixed in testing at time of DSA (glibc transition)
5991 NOTE: however, fixed in secure-testing archive
5992 [02 Sep 2005] DSA-799-1 webcalendar - input validation
5993 {CVE-2005-2717}
5994 [sarge] - webcalendar 0.9.45-4sarge2 (bug #326223; high)
5995 NOTE: not fixed in testing at time of DSA (coordinated disclosure)
5996 [02 Sep 2005] DSA-798-1 phpgroupware - several
5997 {CVE-2005-2498 CVE-2005-2600 CVE-2005-2761}
5998 [woody] - phpgroupware <not-affected> (according to the DSA)
5999 [sarge] - phpgroupware 0.9.16.005-3.sarge2 (high)
6000 NOTE: not fixed in testing at time of DSA (too young)
6001 [01 Sep 2005] DSA-797-1 zsync - buffer overflow
6002 {CVE-2005-1849 CVE-2005-2096}
6003 [sarge] - zsync 0.3.3-1.sarge.1 (medium)
6004 NOTE: fixed in testing at time of DSA
6005 [01 Sep 2005] DSA-796-1 affix - unsafe use of popen
6006 {CVE-2005-2716}
6007 [sarge] - affix 2.1.1-3 (medium)
6008 NOTE: not fixed in testing at time of DSA (glibc transition, builds)
6009 [01 Sep 2005] DSA-795-2 proftpd - format string error
6010 {CVE-2005-2390}
6011 [woody] - proftpd <not-affected> (not affected according to the DSA)
6012 [sarge] - proftpd 1.2.10-15sarge1 (medium)
6013 NOTE: fixed in testing at time of DSA
6014 NOTE: Initial -1 release had a build problem
6015 [01 Sep 2005] DSA-794-1 polygen - programming error
6016 {CVE-2005-2656}
6017 [sarge] - polygen 1.0.6-7sarge1 (low)
6018 NOTE: not fixed in testing at time of DSA (too young)
6019 [21 Aug 2005] DSA-779-2 mozilla-firefox - several
6020 NOTE: Essentially 1.0.6 with rolled-back version number, backported version had regressions
6021 {CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270}
6022 [sarge] - mozilla-firefox 1.0.4-2sarge3 (medium)
6023 NOTE: not fixed in testing at time of DSA (waiting on dependencies)
6024 NOTE: Fixed in DTSA, which will have the same regressions, should be checked/reverted
6025 [01 Sep 2005] DSA-793-1 courier - missing input sanitising
6026 {CVE-2005-2724}
6027 [woody] - courier 0.37.3-2.6 (medium)
6028 [sarge] - courier 0.47-4sarge2 (medium)
6029 NOTE: not fixed in testing at time of DSA (glibc transition, too young)
6030 [31 Aug 2005] DSA-792-1 pstotext - missing input sanitising
6031 {CVE-2005-2536}
6032 [woody] - pstotext 1.8g-5woody1 (medium)
6033 [sarge] - pstotext 1.9-1sarge1 (medium)
6034 NOTE: not fixed in testing at time of DSA (glibc transition, builds)
6035 [30 Aug 2005] DSA-791-1 maildrop - missing privilege release
6036 {CVE-2005-2655}
6037 [sarge] - maildrop 1.5.3-1.1sarge1
6038 [woody] - maildrop <not-affected> (not affected according to the DSA)
6039 NOTE: not fixed in testing at time of DSA (glibc transition)
6040 NOTE: but fixed in secure-testing repo
6041 [30 Aug 2005] DSA-790-1 phpldapadmin - programming error
6042