| 1 |
[09 Feb 2005] DSA-672-1 xview - buffer overflows
|
| 2 |
{CAN-2005-0076}
|
| 3 |
- xview 3.2p1.4-19
|
| 4 |
[08 Feb 2005] DSA-671-1 xemacs21 - format string
|
| 5 |
{CAN-2005-0100}
|
| 6 |
NOTE: not fixed in testing at time of DSA
|
| 7 |
- xemacs21 21.4.16-2
|
| 8 |
[08 Feb 2005] DSA-670-1 emacs20 - format string
|
| 9 |
{CAN-2005-0100}
|
| 10 |
NOTE: also affects emacs21 in unstable, fixed
|
| 11 |
[04 Feb 2005] DSA-689-1 php3 - several
|
| 12 |
{CAN-2004-0594 CAN-2004-0595}
|
| 13 |
- php3 3.0.18-27
|
| 14 |
NOTE: fixed in testing at time of DSA
|
| 15 |
[04 Feb 2005] DSA-668-1 postgresql - privilege escalation
|
| 16 |
{CAN-2005-0227}
|
| 17 |
- postgresql 7.4.7-1
|
| 18 |
NOTE: not fixed in testing at time of DSA
|
| 19 |
[04 Feb 2005] DSA-667-1 squid - several
|
| 20 |
{CAN-2005-0173 CAN-2005-0175 CAN-2005-0194 CAN-2005-0211}
|
| 21 |
- squid 2.5.7-7
|
| 22 |
NOTE: not fixed in testing at time of DSA
|
| 23 |
[04 Feb 2005] DSA-666-1 python2.2 - design flaw
|
| 24 |
{CAN-2005-0089}
|
| 25 |
- python2.2 2.2.3-14
|
| 26 |
- python2.3 2.3.4-20
|
| 27 |
- python2.4 2.4-5
|
| 28 |
NOTE: not fixed in testing at time of DSA
|
| 29 |
[04 Feb 2005] DSA-665-1 ncpfs - missing privilege release
|
| 30 |
{CAN-2005-0013}
|
| 31 |
- ncpfs (unfixed; bug #293446)
|
| 32 |
NOTE: not fixed in testing at time of DSA
|
| 33 |
[02 Feb 2005] DSA-664-1 cpio - broken file permissions
|
| 34 |
{CAN-1999-1572}
|
| 35 |
- cpio 2.5-1.2
|
| 36 |
NOTE: not fixed in testing at time of DSA
|
| 37 |
[02 Feb 2005] DSA-663-1 prozilla - buffer overflows
|
| 38 |
{CAN-2004-1120}
|
| 39 |
- prozilla 1.3.7.3-1
|
| 40 |
NOTE: fixed in testing at time of DSA
|
| 41 |
[01 Feb 2005] DSA-662-1 squirrelmail - several
|
| 42 |
{CAN-2005-0104 CAN-2005-0152}
|
| 43 |
NOTE: CAN-2005-0152 only exists in 1.2.6 version
|
| 44 |
- squirrelmail 1.4.4
|
| 45 |
NOTE: fixed in testing at time of DSA
|
| 46 |
[27 Jan 2005] DSA-661-1 f2c - insecure temporary files
|
| 47 |
{CAN-2005-0017 CAN-2005-0018}
|
| 48 |
- f2c 20020621-3.1
|
| 49 |
NOTE: not fixed in testing at time of DSA
|
| 50 |
[26 Jan 2005] DSA-660-1 kdebase - missing return value check
|
| 51 |
{CAN-2005-0078}
|
| 52 |
- kdebase 4:3.0.5
|
| 53 |
NOTE: fixed in testing at time of DSA
|
| 54 |
[26 Jan 2005] DSA-659-1 libpam-radius-auth - information leak, integer underflow
|
| 55 |
{CAN-2004-1340 CAN-2005-0108}
|
| 56 |
- libpam-radius-auth 1.3.16-3
|
| 57 |
NOTE: 1/2 fixed in testing at time of DSA
|
| 58 |
[25 Jan 2005] DSA-658-1 libdbi-perl - insecure temporary file
|
| 59 |
{CAN-2005-0077}
|
| 60 |
- libdbi-perl 1.46-6
|
| 61 |
NOTE: not fixed in testing at time of DSA
|
| 62 |
[25 Jan 2005] DSA-657-1 xine-lib - buffer overflow
|
| 63 |
{CAN-2004-1379}
|
| 64 |
- xine-lib 1-rc6a-1
|
| 65 |
NOTE: fixed in testing at time of DSA
|
| 66 |
[25 Jan 2005] DSA-656-1 vdr - insecure file access
|
| 67 |
{CAN-2005-0071}
|
| 68 |
- vdr 1.2.6-6
|
| 69 |
NOTE: not fixed in testing at time of DSA
|
| 70 |
[25 Jan 2005] DSA-655-1 zhcon - missing privilege release
|
| 71 |
{CAN-2005-0072}
|
| 72 |
- zhcon 1:0.2.3-8.1
|
| 73 |
NOTE: not fixed in testing at time of DSA
|
| 74 |
[21 Jan 2005] DSA-654-1 enscript - several
|
| 75 |
{CAN-2004-1184 CAN-2004-1185 CAN-2004-1186}
|
| 76 |
- enscript 1.6.4-6
|
| 77 |
NOTE: not fixed in testing at time of DSA
|
| 78 |
[21 Jan 2005] DSA-653-1 ethereal - buffer overflow
|
| 79 |
{CAN-2005-0084}
|
| 80 |
- ethereal 0.10.9-1
|
| 81 |
NOTE: not fixed in testing at time of DSA
|
| 82 |
[21 Jan 2005] DSA-652-1 unarj
|
| 83 |
{CAN-2004-0947 CAN-2004-1027}
|
| 84 |
NOTE: not-for-us (unarj)
|
| 85 |
[20 Jan 2005] DSA-651-1 squid - buffer overflow, integer overflow
|
| 86 |
{CAN-2005-0094 CAN-2005-0095}
|
| 87 |
- squid 2.5.7-4
|
| 88 |
NOTE: not fixed in testing at time of DSA
|
| 89 |
[20 Jan 2005] DSA-650-1 sword - missing input sanitising
|
| 90 |
{CAN-2005-0015}
|
| 91 |
- sword 1.5.7-7
|
| 92 |
NOTE: not fixed in testing at time of DSA
|
| 93 |
[20 Jan 2005] DSA-649-1 xtrlock - buffer overflow
|
| 94 |
{CAN-2005-0079}
|
| 95 |
- xtrlock 2.0-9
|
| 96 |
NOTE: fixed in testing at time of DSA
|
| 97 |
[19 Jan 2005] DSA-648-1 xpdf - buffer overflow
|
| 98 |
{CAN-2005-0064}
|
| 99 |
- xpdf 3.00-12
|
| 100 |
NOTE: not fixed in testing at time of DSA
|
| 101 |
[19 Jan 2005] DSA-647-1 mysql - insecure temporary files
|
| 102 |
{CAN-2005-0004}
|
| 103 |
- mysql-dfsg 4.0.23-3
|
| 104 |
- mysql-dfsg-4.1 4.1.8a-6
|
| 105 |
NOTE: not fixed in testing at time of DSA
|
| 106 |
[19 Jan 2005] DSA-646-1 imagemagick - buffer overflow
|
| 107 |
{CAN-2005-0005}
|
| 108 |
- imagemagick 6.0.6.2-2
|
| 109 |
NOTE: not fixed in testing at time of DSA
|
| 110 |
[19 Jan 2005] DSA-645-1 cupsys - buffer overflow
|
| 111 |
{CAN-2005-0064}
|
| 112 |
NOTE: cupsys not affected in sarge, though other programs are vulnerable
|
| 113 |
NOTE: see CAN/list
|
| 114 |
NOTE: not fixed in testing at time of DSA
|
| 115 |
[18 Jan 2005] DSA-644-1 chbg - buffer overflow
|
| 116 |
{CAN-2004-1264}
|
| 117 |
- chbg 1.5-4
|
| 118 |
NOTE: fixed in testing at time of DSA
|
| 119 |
[18 Jan 2005] DSA-643-1 queue - buffer overflows
|
| 120 |
{CAN-2004-0555}
|
| 121 |
- queue 1.30.1-5
|
| 122 |
NOTE: not fixed in testing at time of DSA
|
| 123 |
[17 Jan 2005] DSA-642-1 gallery - several
|
| 124 |
{CAN-2004-1106}
|
| 125 |
- gallery 1.4.4-pl4-1
|
| 126 |
NOTE: fixed in testing at time of DSA
|
| 127 |
[17 Jan 2005] DSA-641-1 playmidi - buffer overflow
|
| 128 |
{CAN-2005-0020}
|
| 129 |
- playmidi 2.4debian-3
|
| 130 |
NOTE: not fixed in testing at time of DSA
|
| 131 |
[17 Jan 2005] DSA-640-1 gatos - buffer overflow
|
| 132 |
{CAN-2005-0016}
|
| 133 |
- gatos 0.0.5-15
|
| 134 |
NOTE: not fixed in testing at time of DSA
|
| 135 |
[14 Jan 2005] DSA-639-1 mc - several
|
| 136 |
{CAN-2004-1004 CAN-2004-1005 CAN-2004-1009 CAN-2004-1090 CAN-2004-1091 CAN-2004-1092 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2004-1176}
|
| 137 |
NOTE: unstable not vulnerable according to dsa
|
| 138 |
NOTE: fixed in testing at time of DSA
|
| 139 |
[13 Jan 2005] DSA-638-1 gopher - several
|
| 140 |
{CAN-2004-0560 CAN-2004-0561}
|
| 141 |
NOTE: not in sarge
|
| 142 |
[13 Jan 2005] DSA-637-1 exim-tls - buffer overflow
|
| 143 |
{CAN-2005-0021}
|
| 144 |
NOTE: not in sarge
|
| 145 |
[12 Jan 2005] DSA-636-1 glibc - insecure temporary files
|
| 146 |
{CAN-2004-0968}
|
| 147 |
- glibc 2.3.2.ds1-20
|
| 148 |
NOTE: fixed in testing at time of DSA
|
| 149 |
[12 Jan 2005] DSA-635-1 exim - buffer overflow
|
| 150 |
{CAN-2005-0021}
|
| 151 |
- exim4 4.34-10
|
| 152 |
NOTE: fixed in testing at time of DSA
|
| 153 |
- exim 3.36-13
|
| 154 |
NOTE: not fixed in testing at time of DSA
|
| 155 |
[11 Jan 2005] DSA-634-1 hylafax - weak hostname and username validation
|
| 156 |
{CAN-2004-1182}
|
| 157 |
- hylafax 4.2.1-1
|
| 158 |
NOTE: fixed in testing at time of DSA
|
| 159 |
[11 Jan 2005] DSA-633-1 bmv - insecure temporary file
|
| 160 |
{CAN-2003-0014}
|
| 161 |
- bmv 1.2-17
|
| 162 |
NOTE: fixed in testing at time of DSA
|
| 163 |
[10 Jan 2005] DSA-632-1 linpopup - buffer overflow
|
| 164 |
{CAN-2004-1282}
|
| 165 |
- linpopup 1.2.0-7
|
| 166 |
NOTE: fixed in testing at time of DSA
|
| 167 |
[10 Jan 2005] DSA-631-1 kdelibs - unsanitised input
|
| 168 |
{CAN-2004-1165}
|
| 169 |
- kdelibs 4:3.3.2-1
|
| 170 |
NOTE: not fixed in testing at time of DSA
|
| 171 |
[10 Jan 2005] DSA-630-1 lintian - insecure temporary directory
|
| 172 |
{CAN-2004-1000}
|
| 173 |
- lintian 1.23.6
|
| 174 |
NOTE: not fixed in testing at time of DSA
|
| 175 |
[07 Jan 2005] DSA-629-1 krb5 - buffer overflow
|
| 176 |
{CAN-2004-1189}
|
| 177 |
- krb5 1.3.6-1
|
| 178 |
NOTE: not fixed in testing at time of DSA
|
| 179 |
[06 Jan 2005] DSA-628-1 imlib2 - integer overflows
|
| 180 |
{CAN-2004-1026}
|
| 181 |
- imlib2 1.1.2-2.1
|
| 182 |
NOTE: not fixed in testing at time of DSA
|
| 183 |
[06 Jan 2005] DSA-627-1 namazu2 - unsanitised input
|
| 184 |
{CAN-2004-1318}
|
| 185 |
- namazu2 2.0.14-1
|
| 186 |
NOTE: not fixed in testing at time of DSA
|
| 187 |
[06 Jan 2005] DSA-626-1 tiff - unsanitised input
|
| 188 |
{CAN-2004-1183}
|
| 189 |
- libtiff4 3.6.1-5
|
| 190 |
NOTE: not fixed in testing at time of DSA
|
| 191 |
[05 Jan 2005] DSA-625-1 pcal - buffer overflows
|
| 192 |
{CAN-2004-1289}
|
| 193 |
- pcal 4.8.0-1
|
| 194 |
NOTE: not fixed in testing at time of DSA
|
| 195 |
[05 Jan 2005] DSA-624-1 zip - buffer overflow
|
| 196 |
{CAN-2004-1010}
|
| 197 |
- zip 2.30-8
|
| 198 |
NOTE: fixed in testing at time of DSA
|
| 199 |
[04 Jan 2005] DSA-623-1 nasm - buffer overflow
|
| 200 |
{CAN-2004-1287}
|
| 201 |
- nasm 0.98.38-1.1
|
| 202 |
[03 Jan 2005] DSA-622-1 htmlheadline - insecure temporary files
|
| 203 |
{CAN-2004-1181}
|
| 204 |
NOTE: not in unstable
|
| 205 |
[31 Dec 2004] DSA-621-1 cupsys - buffer overflow
|
| 206 |
{CAN-2004-1125}
|
| 207 |
- cupsys 1.1.22-2
|
| 208 |
[30 Dec 2004] DSA-620-1 perl - insecure temporary files / directories
|
| 209 |
{CAN-2004-0452 CAN-2004-0976}
|
| 210 |
- perl 5.8.4-5
|
| 211 |
[30 Dev 2004] DSA-619-1 xpdf - buffer overflow
|
| 212 |
{CAN-2004-1125}
|
| 213 |
- xpdf 3.00-11
|
| 214 |
[24 Dec 2004] DSA-618-1 imlib - buffer overflows, integer overflows
|
| 215 |
{CAN-2004-1025 CAN-2004-1026}
|
| 216 |
- imlib 1.9.14-17.1
|
| 217 |
- imlib-png2 1.9.14-16.1
|
| 218 |
[24 Dec 2004] DSA-617-1 libtiff - insufficient input validation
|
| 219 |
{CAN-2004-1308}
|
| 220 |
- libtiff4 3.6.1-4
|
| 221 |
[23 Dec 2004] DSA-616-1 telnetd-ssl - format string
|
| 222 |
{CAN-2004-0998}
|
| 223 |
- telnetd-ssl 0.17.24+0.1-6
|
| 224 |
[22 Dec 2004] DSA-615-1 debmake - insecure temporary file
|
| 225 |
{CAN-2004-1179}
|
| 226 |
- debmake 3.7.7
|
| 227 |
[21 Dec 2004] DSA-614-1 xzgv - integer overflows
|
| 228 |
{CAN-2004-0994}
|
| 229 |
- xzgv 0.8-3
|
| 230 |
[21 Dec 2004] DSA-613-1 ethereal - inifinite loop
|
| 231 |
{CAN-2004-114}
|
| 232 |
- ethereal 0.10.8-1
|
| 233 |
[21 Dec 2004] DSA-614-1 xzgv - integer overflows
|
| 234 |
{CAN-2004-0994}
|
| 235 |
- xzgv 0.8-3
|
| 236 |
[20 Dec 2004] DSA-612-1 a2ps - unsanitised input
|
| 237 |
{CAN-2004-1170}
|
| 238 |
- a2ps 4.13b-4.2
|
| 239 |
[20 Dec 2004] DSA-611-1 htget - buffer overflow
|
| 240 |
{CAN-2004-0852}
|
| 241 |
NOTE: htget not in sarge or unstable
|
| 242 |
[17 Dec 2004] DSA-610-1 cscope - insecure temporary file
|
| 243 |
{CAN-2004-0996}
|
| 244 |
- cscope 15.5-1
|
| 245 |
[14 Dec 2004] DSA-609-1 atari800 - buffer overflows
|
| 246 |
{CAN-2004-1076}
|
| 247 |
- atari800 1.3.2-1
|
| 248 |
[14 Dec 2004] DSA-608-1 zgv - integer overflows, unsanitised input
|
| 249 |
{CAN-2004-1095 CAN-2004-0999}
|
| 250 |
- zgv 5.7-1.3
|
| 251 |
NOTE: changelog says he only patched 1095, but diff comparison
|
| 252 |
NOTE: shows 0999 was also fixed.
|
| 253 |
[10 Dec 2004] DSA-607-1 xfree86 - several
|
| 254 |
{CAN-2004-0914}
|
| 255 |
- xfree86 4.3.0.dfsg.1-9
|
| 256 |
[08 Dec 2004] DSA-606-1 nfs-utils - wrong signal handler
|
| 257 |
{CAN-2004-1014}
|
| 258 |
- nfs-utils 1:1.0.6-3.1
|
| 259 |
[06 Dec 2004] DSA-605-1 viewcvs - settings not honored
|
| 260 |
{CAN-2004-0915}
|
| 261 |
- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2
|
| 262 |
[03 Dec 2004] DSA-604-1 hpsockd - missing input sanitising
|
| 263 |
{CAN-2004-0993}
|
| 264 |
- hpsockd 0.14
|
| 265 |
[01 Dec 2004] DSA-603-1 openssl - insecure temporary file
|
| 266 |
{CAN-2004-0975}
|
| 267 |
- openssl 0.9.7e-1
|
| 268 |
[29 Nov 2004] DSA-602-1 libgd2 - integer overlow
|
| 269 |
{CAN-2004-0941 CAN-2004-0990}
|
| 270 |
NOTE: different from fixes from earlier DSA for these CANs; 2004-0941 new
|
| 271 |
- libgd2 2.0.33-1.1
|
| 272 |
[29 Nov 2004] DSA-601-1 libgd1 - integer overflow
|
| 273 |
{CAN-2004-0941 CAN-2004-0990}
|
| 274 |
NOTE: different from fixes from earlier DSA for these CANs; 2004-0941 new
|
| 275 |
- libgd 1.8.4-36.1
|
| 276 |
[25 Nov 2004] DSA-599-1 tetex-bin - integer overflows
|
| 277 |
{CAN-2004-0888}
|
| 278 |
- tetex-bin 2.0.2-23
|
| 279 |
[25 Nov 2004] DSA-598-1 yardradius - buffer overflow
|
| 280 |
{CAN-2004-0987}
|
| 281 |
- yardradius 1.0.20-15
|
| 282 |
[25 Nov 2004] DSA-597-1 cyrus-imapd - buffer overflow
|
| 283 |
{CAN-2004-1012 CAN-2004-1013}
|
| 284 |
- cyrus21-imapd 2.1.17-1
|
| 285 |
[24 Nov 2004] DSA-596-2 sudo - missing input sanitising
|
| 286 |
{CAN-2004-1051}
|
| 287 |
- sudo 1.6.8p3-1
|
| 288 |
[24 Nov 2004] DSA-596-1 sudo - missing input sanitising
|
| 289 |
{CAN-2004-1051}
|
| 290 |
- sudo 1.6.8p3-1
|
| 291 |
[24 Nov 2004] DSA-595-1 bnc - buffer overflow
|
| 292 |
{CAN-2004-1052}
|
| 293 |
NOTE: package not in sarge or sid
|
| 294 |
[17 Nov 2004] DSA-594-1 apache - buffer overflows
|
| 295 |
{CAN-2004-0940}
|
| 296 |
- apache 1.3.33-2
|
| 297 |
[16 Nov 2004] DSA-593-1 imagemagick - buffer overflow
|
| 298 |
{CAN-2004-0981}
|
| 299 |
- imagemagick 6:6.0.6.2-1.5
|
| 300 |
[12 Nov 2004] DSA-592-1 ez-ipupdate - format string
|
| 301 |
{CAN-2004-0980}
|
| 302 |
- ez-ipupdate 3.0.11b8-8
|
| 303 |
[09 Nov 2004] DSA-591-1 libgd2 - integer overflows
|
| 304 |
{CAN-2004-0990}
|
| 305 |
- libgd2 2.0.30-1
|
| 306 |
[09 Nov 2004] DSA-590-1 gnats - format string vulnerability
|
| 307 |
{CAN-2004-0623}
|
| 308 |
NOTE: DSA got version of fix for unstable wrong
|
| 309 |
- gnats 4.0-6.1
|
| 310 |
[09 Nov 2004] DSA-589-1 libgd - integer overflows
|
| 311 |
{CAN-2004-0990}
|
| 312 |
- libgd1 1.8.4-36.1
|
| 313 |
[08 Nov 2004] DSA-588-1 gzip - insecure temporary files
|
| 314 |
{CAN-2004-0970}
|
| 315 |
NOTE: dsa says sid not affected
|
| 316 |
[08 Nov 2004] DSA-587-1 freeamp - buffer overflow
|
| 317 |
{CAN-2004-0964}
|
| 318 |
NOTE: DSA says zinf not vulnerable in sarge
|
| 319 |
[08 Nov 2004] DSA-586-1 ruby - infinite loop
|
| 320 |
{CAN-2004-0983}
|
| 321 |
- ruby1.6 1.6.8-12
|
| 322 |
- ruby1.8 1.8.1+1.8.2pre2-4
|
| 323 |
[05 Nov 2004] DSA-585-1 shadow - programming error
|
| 324 |
{CAN-2004-1001}
|
| 325 |
- shadow 1:4.0.3-30.3
|
| 326 |
[04 Nov 2004] DSA-584-1 dhcp - format string vulnerability
|
| 327 |
{CAN-2004-1006}
|
| 328 |
- dhcp 2.0pl5-19.1
|
| 329 |
[03 Nov 2004] DSA-583-1 lvm10 - insecure temporary directory
|
| 330 |
{CAN-2004-0972}
|
| 331 |
[02 Nov 2004] DSA-582-1 libxml - buffer overflow
|
| 332 |
{CAN-2004-0989}
|
| 333 |
- libxml 1.8.17-9
|
| 334 |
- libxml2 2.6.11-5
|
| 335 |
[01 Nov 2004] DSA-581-1 xpdf - integer overflows
|
| 336 |
{CAN-2004-0888}
|
| 337 |
- xpdf 3.00-9
|
| 338 |
[01 Nov 2004] DSA-580-1 iptables - missing initialisation
|
| 339 |
{CAN-2004-0986}
|
| 340 |
- iptables 1.2.11-4
|
| 341 |
[01 Nov 2004] DSA-579-1 abiword - buffer overflow
|
| 342 |
{CAN-2004-0645}
|
| 343 |
NOTE: according to DSA, sid's abiword is not affected. sarge is same
|
| 344 |
[01 Nov 2004] DSA-578-1 mpg123 - buffer overflow
|
| 345 |
{CAN-2004-0982}
|
| 346 |
- mpg123 0.59r-17
|
| 347 |
[29 Oct 2004] DSA-577-1 postgresql - symlink vulnerability
|
| 348 |
{CAN-2004-0977}
|
| 349 |
- postgresql 7.4.6-1
|
| 350 |
[29 Oct 2004] DSA-576-1 squid - multiple
|
| 351 |
{CVE-1999-0710 CAN-2004-0918}
|
| 352 |
- squid 2.5.7-1
|
| 353 |
[28 Oct 2004] DSA-575-1 catdoc - insecure temporary file
|
| 354 |
{CAN-2003-0193}
|
| 355 |
- catdoc 0.91.5-2
|
| 356 |
[28 Oct 2004] DSA-574-1 cabextract - missing directory sanitising
|
| 357 |
{CAN-2004-0916}
|
| 358 |
- cabextract 1.1-1
|
| 359 |
[21 Oct 2004] DSA-573-1 cupsys - integer overflows
|
| 360 |
{CAN-2004-0888}
|
| 361 |
- cupsys 1.1.20final+rc1-10
|
| 362 |
{CAN-2004-0889}
|
| 363 |
- xpdf 3.00-10
|
| 364 |
TODO: kpdf and kfax not fixed in sarge, bug #278173 has a backported patch for the kpdf hole
|
| 365 |
- kpdf 4:3.3.1-1
|
| 366 |
- gpdf 2.8.0-1
|
| 367 |
- kfax 4:3.3.1-1
|
| 368 |
[21 Oct 2004] DSA-572-1 ecartis - multiple
|
| 369 |
{CAN-2004-0913}
|
| 370 |
- ecartis 1.0.0+cvs.20030911-8
|
| 371 |
[20 Oct 2004] DSA-571-1 libpng3 - buffer overflows, integer overflow
|
| 372 |
{CAN-2004-0955}
|
| 373 |
- libpng3 1.2.5.0-9
|
| 374 |
[20 Oct 2004] DSA-570-1 libpng - integer overflow
|
| 375 |
{CAN-2004-0955}
|
| 376 |
- libpng 1.0.15-8
|
| 377 |
[18 Oct 2004] DSA-569-1 netkit-telnet-ssl - invalid free(3)
|
| 378 |
{CAN-2004-0911}
|
| 379 |
- netkit-telnet-ssl 0.17.24+0.1-4
|
| 380 |
[16 Oct 2004] DSA-568-1 cyrus-sasl-mit - unsanitised input
|
| 381 |
{CAN-2004-0884}
|
| 382 |
NOTE removed from testing
|
| 383 |
NOTE maintainer reports hole not in cyrus-sasl2-mit
|
| 384 |
[15 Oct 2004] DSA-567-1 tiff - heap overflows
|
| 385 |
{CAN-2004-0803 CAN-2004-0804 CAN-2004-0886}
|
| 386 |
- tiff 3.6.1-2
|
| 387 |
- tiff3g 3.6.1-2
|
| 388 |
[14 Oct 2004] DSA-566-1 cupsys - unsanitised input
|
| 389 |
{CAN-2004-0923}
|
| 390 |
- cupsys 1.1.20final+rc1-9
|
| 391 |
[13 Oct 2004] DSA-565-1 sox - buffer overflows
|
| 392 |
{CAN-2004-0557}
|
| 393 |
- sox 12.17.4-9
|
| 394 |
[13 Oct 2004] DSA-564-1 mpg123 - missing user input sanitising
|
| 395 |
{CAN-2004-0805}
|
| 396 |
- mpg123 0.59r-16
|
| 397 |
[12 Oct 2004] DSA-563-1 cyrus-sasl - unsanitised input
|
| 398 |
{CAN-2004-0884}
|
| 399 |
- cyrus-sasl 1.5.28-6.2
|
| 400 |
- cyrus-sasl2 2.1.19-1.3
|
| 401 |
[11 Oct 2004] DSA-562-2 mysql - several vulnerabilities
|
| 402 |
{CAN-2004-0835 CAN-2004-0836 CAN-2004-0837}
|
| 403 |
- mysql 4.0.21-1
|
| 404 |
[11 Oct 2004] DSA-561-1 xfree86 - integer and stack overflows
|
| 405 |
{CAN-2004-0687 CAN-2004-0688}
|
| 406 |
- xfree86 4.3.0.dfsg.1-8
|
| 407 |
[07 Oct 2004] DSA-600-1 samba - arbitrary file access
|
| 408 |
{CAN-2004-0815}
|
| 409 |
NOTE: not affected according to DSA
|
| 410 |
[07 Oct 2004] DSA-560-1 lesstif1-1 - integer and stack overflows
|
| 411 |
{CAN-2004-0687 CAN-2004-0688}
|
| 412 |
- lesstif1-1 0.93.94-10
|
| 413 |
[06 Oct 2004] DSA-559-1 net-acct - insecure temporary file
|
| 414 |
{CAN-2004-0851}
|
| 415 |
- net-acct 0.71-7
|
| 416 |
[06 Oct 2004] DSA-558-1 libapache-mod-dav - null pointer dereference
|
| 417 |
{CAN-2004-0809}
|
| 418 |
- libapache-mod-dav 1.0.3-10
|
| 419 |
- apache2 2.0.51-1
|
| 420 |
[04 Oct 2004] DSA-557-1 pppoe - missing privilegue dropping
|
| 421 |
{CAN-2004-0564}
|
| 422 |
- pppoe 3.5-4
|
| 423 |
[03 Oct 2004] DSA-556-1 netkit-telnet - invalid free(3)
|
| 424 |
{CAN-2004-0911}
|
| 425 |
- netkit-telnet 0.17-26
|
| 426 |
[30 Sep 2004] DSA-555-1 freenet6 - file permissions
|
| 427 |
{CAN-2004-0563}
|
| 428 |
- freenet6 1.0-2.2
|
| 429 |
[27 Sep 2004] DSA-554-1 sendmail - pre-set password
|
| 430 |
{CAN-2004-0833}
|
| 431 |
- sendmail 8.13.1-13
|
| 432 |
[27 Sep 2004] DSA-553-1 getmail - symlink vulnerability
|
| 433 |
{CAN-2004-0880 CAN-2004-0881}
|
| 434 |
- getmail 3.2.5-1
|
| 435 |
[22 Sep 2004] DSA-552-1 imlib2 - unsanitised input
|
| 436 |
{CAN-2004-0802}
|
| 437 |
- imlib2 1.1.0-12.4
|
| 438 |
[21 Sep 2004] DSA-551-1 lukemftpd - incorrect internal variable handling
|
| 439 |
{CAN-2004-0794}
|
| 440 |
- lukemftpd 1.1-2.2
|
| 441 |
[20 Sep 2004] DSA-550-1 wv - buffer overflow
|
| 442 |
{CAN-2004-0645}
|
| 443 |
- wv 1.0.2-0.1
|
| 444 |
[17 Sep 2004] DSA-549-1 gtk+2.0 - multiple holes
|
| 445 |
{CAN-2004-0782 CAN-2004-0783 CAN-2004-0788}
|
| 446 |
- gtk+2.0 2.4.9-2
|
| 447 |
[16 Sep 2004] DSA-548-1 imlib - unsanitised input
|
| 448 |
{CAN-2004-0817}
|
| 449 |
- imlib 1.9.14-17
|
| 450 |
- imlib+png2 1.9.14-16.2
|
| 451 |
[16 Sep 2004] DSA-547-1 imagemagic - buffer overflows
|
| 452 |
{CAN-2004-0827}
|
| 453 |
- imagemagic 6.0.6.2-1
|
| 454 |
[16 Sep 2004] DSA-546-1 gdk-pixbuf - multiple holes
|
| 455 |
{CAN-2004-0753 CAN-2004-0782 CAN-2004-0788}
|
| 456 |
- gdk-pixbuf 0.22.0-7
|
| 457 |
[15 Sep 2004] DSA-545-1 cupsys - denial of service
|
| 458 |
{CAN-2004-0558}
|
| 459 |
- cupsys 1.1.20final+rc1-6
|
| 460 |
[14 Sep 2004] DSA-544-1 webmin - insecure temporary directory
|
| 461 |
{CAN-2004-0559}
|
| 462 |
- webmin 1.160-1
|
| 463 |
- usermin 1.090-1
|
| 464 |
[31 Aug 2004] DSA-543-1 krb5 -- several vulnerabilities
|
| 465 |
{CAN-2004-0642 CAN-2004-0643 CAN-2004-0644 CAN-2004-0772}
|
| 466 |
- krb5 1.3.4-3
|
| 467 |
[31 Aug 2004] DSA-458-2 python2.2 - buffer overflow
|
| 468 |
{CAN-2004-0150}
|
| 469 |
NOTE: not affected according to DSA
|
| 470 |
[30 Aug 2004] DSA-542-1 qt - unsanitised input
|
| 471 |
{CAN-2004-0691 CAN-2004-0692 CAN-2004-0693}
|
| 472 |
- qt-x11-free 3.3.3-4
|
| 473 |
[25 Aug 2004] DSA-541 icecast-server - cross site scripting
|
| 474 |
{CAN-2004-0781}
|
| 475 |
- icecast-server 1.3.12-8
|
| 476 |
[18 Aug 2004] DSA-540 mysql-dfsg - insecure file creation
|
| 477 |
{CAN-2004-0457}
|
| 478 |
- mysql-dfsg 4.0.20-11
|
| 479 |
[18 Aug 2004] DSA-539 kdelibs - denial of service
|
| 480 |
{CAN-2004-0689}
|
| 481 |
- kdelibs 4:3.2.3-3.sarge.1
|
| 482 |
[17 Aug 2004] DSA-538 rsync - unauthorised directory traversal and file access
|
| 483 |
- rsync 2.6.2-3
|
| 484 |
[16 Aug 2004] DSA-537 ruby - insecure file permissions
|
| 485 |
{CAN-2004-0755}
|
| 486 |
- ruby1.8 1.8.1+1.8.2pre1-4
|
| 487 |
HELP: is ruby1.6 vulnerable?
|
| 488 |
[04 Aug 2004] DSA-536 libpng - several vulnerabilities
|
| 489 |
{CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-0768}
|
| 490 |
- libpng 1.0.15-6
|
| 491 |
- libpng3 1.2.5.0-7
|
| 492 |
[02 Aug 2004] DSA-535 squirrelmail - several vulnerabilities
|
| 493 |
{CAN-2004-0519 CAN-2004-0520 CAN-2004-0521 CAN-2004-0639}
|
| 494 |
- squirrelmail 2:1.4.3a-0.1
|
| 495 |
[22 Jul 2004] DSA-534 mailreader - directory traversal
|
| 496 |
{CAN-2002-1581}
|
| 497 |
- mailreader 2.3.29-9
|
| 498 |
[22 Jul 2004] DSA-533 courier - cross-site scripting
|
| 499 |
{CAN-2004-0591}
|
| 500 |
- courier 0.45.4-4
|
| 501 |
[22 Jul 2004] DSA-532 libapache-mod-ssl - several vulnerabilities
|
| 502 |
{CAN-2004-0488 CAN-2004-0700}
|
| 503 |
- libapache-mod-ssl 2.8.19-1
|
| 504 |
[20 Jul 2004] DSA-531 php4 - several vulnerabilities
|
| 505 |
{CAN-2004-0594 CAN-2004-0595}
|
| 506 |
! php4 4:4.3.8-1
|
| 507 |
[17 Jul 2004] DSA-530 l2tpd - buffer overflow
|
| 508 |
{CAN-2004-0649}
|
| 509 |
- l2tpd 0.70-pre20031121-2
|
| 510 |
[17 Jul 2004] DSA-529 netkit-telnet-ssl - format string
|
| 511 |
{CAN-2004-0640}
|
| 512 |
! netkit-telnet-ssl 0.17.24+0.1-2
|
| 513 |
[17 Jul 2004] DSA-528 ethereal - denial of service
|
| 514 |
{CAN-2004-0635}
|
| 515 |
- ethereal 0.10.5-1
|
| 516 |
[03 Jul 2004] DSA-527 pavuk - buffer overflow
|
| 517 |
{CAN-2004-0456}
|
| 518 |
NOTE: DSA is incorrect; pavuk is in sarge and unstable.
|
| 519 |
! pavuk 0.9pl28-3
|
| 520 |
[03 Jul 2004] DSA-526 webmin - several vulnerabilities
|
| 521 |
{CAN-2004-0582 CAN-2004-0583}
|
| 522 |
- webmin 1.150-1
|
| 523 |
[24 Jun 2004] DSA-525 apache - buffer overflow
|
| 524 |
{CAN-2004-0492}
|
| 525 |
- apache 1.3.31-2
|
| 526 |
[19 Jun 2004] DSA-524 rlpr - several vulnerabilities
|
| 527 |
{CAN-2004-0393 CAN-2004-0454}
|
| 528 |
- rlpr 2.02-7.1
|
| 529 |
[19 Jun 2004] DSA-523 www-sql - buffer overflow
|
| 530 |
{CAN-2004-0455}
|
| 531 |
- www-sql 0.5.7-18
|
| 532 |
[19 Jun 2004] DSA-522 super - format string vulnerability
|
| 533 |
{CAN-2004-0579}
|
| 534 |
- super 3.23.0-1
|
| 535 |
[18 Jun 2004] DSA-521 sup - format string vulnerability
|
| 536 |
{CAN-2004-0451}
|
| 537 |
- sup 1.8-11
|
| 538 |
[16 Jun 2004] DSA-520 krb5 - buffer overflows
|
| 539 |
{CAN-2004-0523}
|
| 540 |
- krb5 1.3.3-2
|
| 541 |
[15 Jun 2004] DSA-519 cvs - several vulnerabilities
|
| 542 |
{CAN-2004-0416 CAN-2004-0417 CAN-2004-0418}
|
| 543 |
- cvs 1:1.12.9-1
|
| 544 |
[14 Jun 2004] DSA-518 kdelibs - unsanitised input
|
| 545 |
{CAN-2004-0411}
|
| 546 |
- kdelibs 3.2.3
|
| 547 |
[10 Jun 2004] DSA-517 cvs - buffer overflow
|
| 548 |
{CAN-2004-0414]
|
| 549 |
- cvs 1.12.9-1
|
| 550 |
[07 Jun 2004] DSA-516 postgresql - buffer overflow
|
| 551 |
{CAN-2004-0547}
|
| 552 |
- postgresql 07.03.0200-3.
|
| 553 |
[05 Jun 2004] DSA-515 lha - several vulnerabilities
|
| 554 |
{CAN-2004-0234 CAN-2004-0235}
|
| 555 |
! lha 1.14i-8
|
| 556 |
NOTE: If 1.14i-8 cannot get into testing, the fix for 1.14i-2.0.1
|
| 557 |
from the DSA could to updated via t-p-u.
|
| 558 |
[04 Jun 2004] DSA-514 kernel-image-sparc-2.2 - failing function and TLB flush
|
| 559 |
{CAN-2004-0077}
|
| 560 |
- kernel-image-sparc-2.2 9.1
|
| 561 |
NOTE: did not check other versions of the kernel
|
| 562 |
[03 Jun 2004] DSA-513 log2mail - format string
|
| 563 |
{CAN-2004-0450}
|
| 564 |
! log2mail 0.2.8-3
|
| 565 |
[02 Jun 2004] DSA-512 gallery - unauthenticated access
|
| 566 |
{CAN-2004-0522}
|
| 567 |
- gallery 1.4.3-pl2-1
|
| 568 |
[30 May 2004] DSA-511 ethereal - buffer overflows
|
| 569 |
{CAN-2004-0176
|
| 570 |
- ethereal 0.10.3-1
|
| 571 |
[29 May 2004] DSA-510 jftpgw - format string
|
| 572 |
{CAN-2004-0448}
|
| 573 |
- jftpgw 0.13.4-1
|
| 574 |
[29 May 2004] DSA-509 gatos - privilege escalation
|
| 575 |
{CAN-2004-0395}
|
| 576 |
- gatos 0.0.5-12
|
| 577 |
[22 May 2004] DSA-508 xpcd - buffer overflow
|
| 578 |
{CAN-2004-0402}
|
| 579 |
- xpcd 2.08-10
|
| 580 |
[19 May 2004] DSA-507 cadaver - buffer overflow
|
| 581 |
{CAN-2004-0398}
|
| 582 |
- cadaver 0.22.1-3
|
| 583 |
[19 May 2004] DSA-506 neon - buffer overflow
|
| 584 |
{CAN-2004-0398}
|
| 585 |
- neon 0.24.6.dfsg-1
|
| 586 |
[19 May 2004] DSA-505 cvs - heap overflow
|
| 587 |
{CAN-2004-0396}
|
| 588 |
- cvs 1.12.5-6
|
| 589 |
[18 May 2004] DSA-504 heimdal - missing input sanitising
|
| 590 |
{CAN-2004-0434}
|
| 591 |
- heimdal 0.6.2-1
|
| 592 |
[13 May 2004] DSA-503 mah-jong - missing argument check
|
| 593 |
{CAN-2004-0458}
|
| 594 |
- mah-jong 1.6.2-1
|
| 595 |
[11 May 2004] DSA-502 exim-tls - buffer overflow
|
| 596 |
{CAN-2004-0399 CAN-2004-0400}
|
| 597 |
NOTE: exim-tls not in sarge
|
| 598 |
[07 May 2004] DSA-501 exim - buffer overflow
|
| 599 |
{CAN-2004-0399 CAN-2004-0400}
|
| 600 |
- exim 3.36-11
|
| 601 |
- exim4 4.33-1
|
| 602 |
[01 May 2004] DSA-500 flim - insecure temporary file
|
| 603 |
{CAN-2004-0422}
|
| 604 |
- flim 1:1.14.6+0.20040415-1
|
| 605 |
[01 May 2004] DSA-499 rsync - directory traversal
|
| 606 |
{CAN-2004-0426}
|
| 607 |
- rsync 2.6.1-1
|
| 608 |
[30 Apr 2004] DSA-498 libpng - out of bound access
|
| 609 |
{CAN-2004-0421}
|
| 610 |
- libpng 1.0.15-5
|
| 611 |
- libpng3 1.2.5.0-6
|
| 612 |
[29 Apr 2004] DSA-497 mc - several vulnerabilities
|
| 613 |
{CAN-2004-0226 CAN-2004-0231 CAN-2004-0232}
|
| 614 |
- mc 1:4.6.0-4.6.1-pre1-2
|
| 615 |
[29 Apr 2004] DSA-496 eterm - missing input sanitising
|
| 616 |
{CAN-2003-0068}
|
| 617 |
- eterm 0.9.2-6
|
| 618 |
[26 Apr 2004] DSA-495 linux-kernel-2.4.16-arm - several vulnerabilities
|
| 619 |
{CAN-2003-0127 CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
|
| 620 |
NOTE: 2.4.16 not present. Did not check newer kernels.
|
| 621 |
[21 Apr 2004] DSA-494 ident2 - buffer overflow
|
| 622 |
{CAN-2004-0408}
|
| 623 |
- ident2 1.04-2
|
| 624 |
[21 Apr 2004] DSA-493 xchat - buffer overflow
|
| 625 |
{CAN-2004-0409}
|
| 626 |
- xchat 2.0.8-1
|
| 627 |
[18 Apr 2004] DSA-492 iproute - denial of service
|
| 628 |
{CAN-2003-0856}
|
| 629 |
- iproute 20010824-13.1
|
| 630 |
[17 Apr 2004] DSA-491 linux-kernel-2.4.19-mips - several vulnerabilities
|
| 631 |
{CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
|
| 632 |
NOTE: 2.4.19 not present. Did not check newer kernels.
|
| 633 |
[17 Apr 2004] DSA-490 zope - arbitrary code execution
|
| 634 |
{CVE-2002-0688}
|
| 635 |
- zope 2.6.0-0.1
|
| 636 |
[17 Apr 2004] DSA-489 linux-kernel-2.4.17-mips+mipsel - several vulnerabilities
|
| 637 |
{CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
|
| 638 |
NOTE: 2.4.17 not present. Did not check newer kernels.
|
| 639 |
[16 Apr 2004] DSA-488 logcheck - insecure temporary directory
|
| 640 |
{CAN-2004-0404}
|
| 641 |
- logcheck 1.1.1-13.2
|
| 642 |
[16 Apr 2004] DSA-487 neon - format string
|
| 643 |
{CAN-2004-0179}
|
| 644 |
- newo 0.24.5-1
|
| 645 |
[16 Apr 2004] DSA-486 cvs - several vulnerabilities
|
| 646 |
{CAN-2004-0180 CAN-2004-0405}
|
| 647 |
- cvs 1:1.12.5-4
|
| 648 |
[14 Apr 2004] DSA-485 ssmtp - format string
|
| 649 |
{CAN-2004-0156}
|
| 650 |
- ssmtp 2.60.7
|
| 651 |
[14 Apr 2004] DSA-484 xonix - failure to drop privileges
|
| 652 |
{CAN-2004-0157}
|
| 653 |
- xonix 1.4-21
|
| 654 |
[14 Apr 2004] DSA-483 mysql - insecure temporary file creation
|
| 655 |
{CAN-2004-0381}
|
| 656 |
- mysql-dfsg 4.0.18-4
|
| 657 |
{CAN-2004-0388}
|
| 658 |
! mysql-dfsg 4.0.18-6
|
| 659 |
[14 Apr 2004] DSA-482 linux-kernel-2.4.17-apus+s390 - several vulnerabilities
|
| 660 |
{CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
|
| 661 |
NOTE: 2.4.17 not present. Did not check newer kernels.
|
| 662 |
[14 Apr 2004] DSA-481 linux-kernel-2.4.17-ia64 - several vulnerabilities
|
| 663 |
{CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
|
| 664 |
NOTE: 2.4.17 not present. Did not check newer kernels.
|
| 665 |
[14 Apr 2004] DSA-480 linux-kernel-2.4.17+2.4.18-hppa - several vulnerabilities
|
| 666 |
{CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
|
| 667 |
NOTE: 2.4.17/18 not present. Did not check newer kernels.
|
| 668 |
[14 Apr 2004] DSA-479 linux-kernel-2.4.18-alpha+i386+powerpc - several vulnerabilities
|
| 669 |
{CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
|
| 670 |
NOTE: 2.4.18 not present. Did not check newer kernels.
|
| 671 |
[06 Apr 2004] DSA-478 tcpdump - denial of service
|
| 672 |
{CAN-2004-0183 CAN-2004-0184}
|
| 673 |
- tcpdump 3.7.2-4
|
| 674 |
[06 Apr 2004] DSA-477 xine-ui - insecure temporary file creation
|
| 675 |
{CAN-2004-0372}
|
| 676 |
- xine-ui 0.99.1-1
|
| 677 |
[06 Apr 2004] DSA-476 heimdal - cross-realm
|
| 678 |
{CAN-2004-0371}
|
| 679 |
- heimdal 0.6.1-1
|
| 680 |
[05 Apr 2004] DSA-475 linux-kernel-2.4.18-hppa - several vulnerabilities
|
| 681 |
{CAN-2003-0961 CAN-2003-0985 CAN-2004-0077}
|
| 682 |
NOTE: 2.4.18 not present. Did not check newer kernels.
|
| 683 |
[03 Apr 2004] DSA-474 squid - ACL bypass
|
| 684 |
{CAN-2004-0189}
|
| 685 |
- squid 2.5.5-1
|
| 686 |
[03 Apr 2004] DSA-473 oftpd - denial of service
|
| 687 |
{CAN-2004-0376}
|
| 688 |
- oftpd 20040304-1
|
| 689 |
[03 Apr 2004] DSA-472 fte - several vulnerabilities
|
| 690 |
{CAN-2003-0648}
|
| 691 |
- fte 0.50.0-1.1
|
| 692 |
[02 Apr 2004] DSA-471 interchange - missing input sanitising
|
| 693 |
{CAN-2004-0374}
|
| 694 |
- interchange 5.0.1-1
|
| 695 |
[01 Apr 2004] DSA-470 linux-kernel-2.4.17-hppa - several vulnerabilities
|
| 696 |
{CAN-2003-0961 CAN-2003-0985 CAN-2004-0077}
|
| 697 |
NOTE: 2.4.17 not present. Did not check newer kernels.
|
| 698 |
[29 Mar 2004] DSA-469 pam-pgsql - missing input sanitising
|
| 699 |
{CAN-2004-0366}
|
| 700 |
- pam-pgsql 0.5.2-7.1
|
| 701 |
[24 Mar 2004] DSA-468 emil - several vulnerabilities
|
| 702 |
{CAN-2004-0152 CAN-2004-0153}
|
| 703 |
- emil 2.1.0-beta9-14
|
| 704 |
[23 Mar 2004] DSA-467 ecartis - several vulnerabilities
|
| 705 |
{CAN-2003-0781 CAN-2003-0782}
|
| 706 |
- ecartis 1.0.0+cvs.20030911
|
| 707 |
[18 Mar 2004] DSA-466 linux-kernel-2.2.10-powerpc-apus - failing function and TLB flush
|
| 708 |
{CAN-2004-0077}
|
| 709 |
NOTE: 2.2.10 not present. Did not check newer kernels.
|
| 710 |
[17 Mar 2004] DSA-465 openssl - several vulnerabilities
|
| 711 |
{CAN-2004-0079 CAN-2004-0081}
|
| 712 |
- openssl 0.9.7d-1
|
| 713 |
NOTE: CAN-2004-0081 only affects 0.9.6.
|
| 714 |
NOTE: 0.9.7d also fixes CAN-2004-0112
|
| 715 |
- openssl 0.9.6l
|
| 716 |
- openssl096 0.9.6m-1
|
| 717 |
[16 Mar 2004] DSA-464 gdk-pixbuf - broken image handling
|
| 718 |
{CAN-2004-0111}
|
| 719 |
- gdk-pixbuf 0.22.0-3
|
| 720 |
[12 Mar 2004] DSA-463 samba - privilege escalation
|
| 721 |
{CAN-2004-0186}
|
| 722 |
- samba 3.0.2-2
|
| 723 |
[12 Mar 2004] DSA-462 xitalk - missing privilege release
|
| 724 |
{CAN-2004-0151}
|
| 725 |
- xitalk 1.1.11-11
|
| 726 |
[11 Mar 2004] DSA-461 calife - buffer overflow
|
| 727 |
{CAN-2004-0188}
|
| 728 |
- calife 2.8.6-1
|
| 729 |
[10 Mar 2004] DSA-460 sysstat - insecure temporary file
|
| 730 |
{CAN-2004-0108}
|
| 731 |
- sysstat 5.0.2-1
|
| 732 |
[10 Mar 2004] DSA-459 kdelibs - cookie path traversal
|
| 733 |
{CAN-2003-0592}
|
| 734 |
- kdelibs 4:3.1.3-1
|
| 735 |
[09 Mar 2004] DSA-458 python2.2 - buffer overflow
|
| 736 |
{CAN-2004-0150}
|
| 737 |
NOTE: not affected according to DSA
|
| 738 |
[08 Mar 2004] DSA-457 wu-ftpd - several vulnerabilities
|
| 739 |
{CAN-2004-0148 CAN-2004-0185}
|
| 740 |
- wu-ftpd 2.6.2-17.1
|
| 741 |
[06 Mar 2004] DSA-456 linux-kernel-2.2.19-arm - failing function and TLB flush
|
| 742 |
{CAN-2004-0077}
|
| 743 |
NOTE: 2.2.19 not present. Did not check newer kernels.
|
| 744 |
[03 Mar 2004] DSA-455 libxml - buffer overflows
|
| 745 |
{CAN-2004-0110}
|
| 746 |
- libxml 1.8.17-5
|
| 747 |
- libxml2 2.6.6-1
|
| 748 |
[02 Mar 2004] DSA-454 linux-kernel-2.2.22-alpha - failing function and TLB flush
|
| 749 |
{CAN-2004-0077}
|
| 750 |
NOTE: 2.2.22 not present. Did not check newer kernels.
|
| 751 |
[02 Mar 2004] DSA-453 linux-kernel-2.2.20-i386+m68k+powerpc - failing function and TLB flush
|
| 752 |
{CAN-2004-0077}
|
| 753 |
NOTE: 2.2.20 not present. Did not check newer kernels.
|
| 754 |
[29 Feb 2004] DSA-452 libapache-mod-python - denial of service
|
| 755 |
{CAN-2003-0973}
|
| 756 |
- libapache-mod-python 2:2.7.10-1
|
| 757 |
[27 Feb 2004] DSA-451 xboing - buffer overflows
|
| 758 |
{CAN-2004-0149}
|
| 759 |
- xboing 2.4-26.1
|
| 760 |
[27 Feb 2004] DSA-450 linux-kernel-2.4.19-mips - several vulnerabilities
|
| 761 |
{CAN-2003-0961 CAN-2003-0985 CAN-2004-0077}
|
| 762 |
NOTE: 2.4.19 not present. Did not check newer kernels.
|
| 763 |
[24 Feb 2004] DSA-449 metamail - buffer overflow, format string bugs
|
| 764 |
{CAN-2004-0104 CAN-2004-0105}
|
| 765 |
- metamail 2.7-45.2
|
| 766 |
[22 Feb 2004] DSA-448 pwlib - several vulnerabilities
|
| 767 |
{CAN-2004-0097}
|
| 768 |
- pwlib 1.5.2-4
|
| 769 |
[22 Feb 2004] DSA-447 hsftp - format string
|
| 770 |
{CAN-2004-0159}
|
| 771 |
! hsftp 1.15-1
|
| 772 |
[21 Feb 2004] DSA-446 synaesthesia - insecure file creation
|
| 773 |
{CAN-2004-0160}
|
| 774 |
DSA notes not setuid anymore so ok
|
| 775 |
[21 Feb 2004] DSA-445 lbreakout2 - buffer overflow
|
| 776 |
{CAN-2004-0158}
|
| 777 |
- lbreakout2 2.4
|
| 778 |
[20 Feb 2004] DSA-444 linux-kernel-2.4.17-ia64 - missing function return value check
|
| 779 |
{CAN-2004-0077}
|
| 780 |
NOTE: 2.4.17 not present. Did not check newer kernels.
|
| 781 |
[19 Feb 2004] DSA-443 xfree86 - several vulnerabilities
|
| 782 |
{CAN-2003-0690}
|
| 783 |
- xfree86 4.3.0-0pre1v2
|
| 784 |
{CAN-2004-0083 CAN-2004-0084 CAN-2004-0106}
|
| 785 |
- xfree86 4.3.0-1
|
| 786 |
{CAN-2004-0093 CAN-2004-0094}
|
| 787 |
- xfree86 4.2.1-6
|
| 788 |
[19 Feb 2004] DSA-442 linux-kernel-2.4.17-s390 - several vulnerabilities
|
| 789 |
{CAN-2003-0001 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364 CAN-2003-0961 CAN-2003-0985 CAN-2004-0077 CVE-2002-0429}
|
| 790 |
NOTE: 2.4.17 not present. Did not check newer kernels.
|
| 791 |
[18 Feb 2004] DSA-441 linux-kernel-2.4.17-mips+mipsel - missing function return value check
|
| 792 |
{CAN-2004-0077}
|
| 793 |
NOTE: 2.4.17 not present. Did not check newer kernels.
|
| 794 |
[18 Feb 2004] DSA-440 linux-kernel-2.4.17-powerpc-apus - several vulnerabilities
|
| 795 |
{CAN-2003-0961 CAN-2003-0985 CAN-2004-0077}
|
| 796 |
NOTE: 2.4.17 not present. Did not check newer kernels.
|
| 797 |
[18 Feb 2004] DSA-439 linux-kernel-2.4.16-arm - several vulnerabilities
|
| 798 |
{CAN-2003-0961 CAN-2003-0985 CAN-2004-0077}
|
| 799 |
NOTE: 2.4.16 not present. Did not check newer kernels.
|
| 800 |
[18 Feb 2004] DSA-438 linux-kernel-2.4.18-alpha+i386+powerpc - missing function return value check
|
| 801 |
{CAN-2004-0077}
|
| 802 |
NOTE: 2.4.17 not present. Did not check newer kernels.
|
| 803 |
[11 Feb 2004] DSA-437 cgiemail - open mail relay
|
| 804 |
{CAN-2002-1575}
|
| 805 |
- cgiemail 1.6-20
|
| 806 |
[08 Feb 2004] DSA-436 mailman - several vulnerabilities
|
| 807 |
{CAN-2003-0991}
|
| 808 |
NOTE: apparently specific to mailman 2.0, not 2.1
|
| 809 |
{CAN-2003-0965}
|
| 810 |
- mailman 2.1.4-1
|
| 811 |
{CAN-2003-0038}
|
| 812 |
- mailman 2.1.1-1
|
| 813 |
[06 Feb 2004] DSA-435 mpg123 - heap overflow
|
| 814 |
{CAN-2003-0865}
|
| 815 |
- mpg123 0.59r-15
|
| 816 |
[05 Feb 2004] DSA-434 gaim - several vulnerabilities
|
| 817 |
{CAN-2004-0005 CAN-2004-0006 CAN-2004-0007 CAN-2004-0008}
|
| 818 |
- gaim 1:0.75-2
|
| 819 |
[04 Feb 2004] DSA-433 kernel-patch-2.4.17-mips - integer overflow
|
| 820 |
{CAN-2003-0961}
|
| 821 |
NOTE: 2.4.17 not present. Did not check newer kernels.
|
| 822 |
[03 Feb 2004] DSA-432 crawl - buffer overflow
|
| 823 |
{CAN-2004-0103}
|
| 824 |
- crawl 4.0.0beta26-4
|
| 825 |
[01 Feb 2004] DSA-431 perl - information leak
|
| 826 |
{CAN-2003-0618}
|
| 827 |
- perl 5.8.3-3
|
| 828 |
[28 Jan 2004] DSA-430 trr19 - missing privilege release
|
| 829 |
{CAN-2004-0047}
|
| 830 |
- trr19 1.0beta5-17.1
|
| 831 |
[26 Jan 2004] DSA-429 gnupg - cryptographic weakness
|
| 832 |
{CAN-2003-0971}
|
| 833 |
- gnupg 1.2.4-1
|
| 834 |
[20 Jan 2004] DSA-428 slocate - buffer overflow
|
| 835 |
{CAN-2003-0848}
|
| 836 |
- slocate 2.7-3
|
| 837 |
[19 Jan 2004] DSA-427 linux-kernel-2.4.17-mips+mipsel - missing boundary check
|
| 838 |
{CAN-2003-0985}
|
| 839 |
NOTE: 2.4.17 not present. Did not check newer kernels.
|
| 840 |
[18 Jan 2004] DSA-426 netpbm-free - insecure temporary files
|
| 841 |
{CAN-2003-0924}
|
| 842 |
- netpbm-free 2:9.25-9
|
| 843 |
[16 Jan 2004] DSA-425 tcpdump - multiple vulnerabilities
|
| 844 |
{CAN-2003-1029 CAN-2003-0989 CAN-2004-0055 CAN-2004-0057}
|
| 845 |
HELP: No idea if this is fixed, we have a new upstream version
|
| 846 |
HELP: that came out after these advisories, but neither the debian nor
|
| 847 |
HELP: the upstream changelog seem to mention them.
|
| 848 |
NOTE: Mailed maintainer.
|
| 849 |
[16 Jan 2004] DSA-424 mc - buffer overflow
|
| 850 |
{CAN-2003-1023}
|
| 851 |
- mc 1:4.6.0-4.6.1-pre1-1
|
| 852 |
[15 Jan 2004] DSA-423 linux-kernel-2.4.17-ia64 - several vulnerabilities
|
| 853 |
{CAN-2003-0001 CAN-2003-0018 CAN-2003-0127 CAN-2003-0461 CAN-2003-0462 CAN-2003-0476 CAN-2003-0501 CAN-2003-0550 CAN-2003-0551 CAN-2003-0552 CAN-2003-0961 CAN-2003-0985}
|
| 854 |
NOTE: 2.4.17 not present. Did not check newer kernels.
|
| 855 |
[13 Jan 2004] DSA-422 cvs - remote vulnerability
|
| 856 |
- cvs 1.11.11
|
| 857 |
[12 Jan 2004] DSA-421 mod-auth-shadow - password expiration
|
| 858 |
{CAN-2004-0041}
|
| 859 |
- mod-auth-shadow 1.4-1
|
| 860 |
[12 Jan 2004] DSA-420 jitterbug - improperly sanitised input
|
| 861 |
{CAN-2004-0028}
|
| 862 |
- jitterbug 1.6.2-4.5
|
| 863 |
[09 Jan 2004] DSA-419 phpgroupware - missing filename sanitising, SQL injection
|
| 864 |
{CAN-2004-0016 CAN-2004-0017}
|
| 865 |
- phpgroupware 0.9.14.007-4
|
| 866 |
[07 Jan 2004] DSA-418 vbox3 - privilege leak
|
| 867 |
{CAN-2004-0015}
|
| 868 |
- vbox3 0.1.8
|
| 869 |
[07 Jan 2004] DSA-417 linux-kernel-2.4.18-powerpc+alpha - missing boundary check
|
| 870 |
{CAN-2003-0961 CAN-2003-0985}
|
| 871 |
NOTE: 2.4.18 not present. Did not check newer kernels.
|
| 872 |
[06 Jan 2004] DSA-416 fsp - buffer overflow, directory traversal
|
| 873 |
{CAN-2003-1022 CAN-2004-0011}
|
| 874 |
- fsp 2.81.b18-1
|
| 875 |
[06 Jan 2004] DSA-415 zebra - denial of service
|
| 876 |
{CAN-2003-0795 CAN-2003-0858}
|
| 877 |
- quagga 0.96.4x-4
|
| 878 |
[06 Jan 2004] DSA-414 jabber - denial of service
|
| 879 |
{CAN-2004-0013}
|
| 880 |
- jabber 1.4.3-1
|
| 881 |
[06 Jan 2004] DSA-413 linux-kernel-2.4.18 - missing boundary check
|
| 882 |
{CAN-2003-0985}
|
| 883 |
NOTE: 2.4.18 not present. Did not check newer kernels.
|
| 884 |
[05 Jan 2004] DSA-412 nd - buffer overflows
|
| 885 |
{CAN-2004-0014}
|
| 886 |
- nd 0.8.2-1
|
| 887 |
[05 Jan 2004] DSA-411 mpg321 - format string vulnerability
|
| 888 |
{CAN-2003-0969}
|
| 889 |
- mpg321 0.2.10.3
|
| 890 |
[05 Jan 2004] DSA-410 libnids - buffer overflow
|
| 891 |
{CAN-2003-0850}
|
| 892 |
- libnids 1.18-1
|
| 893 |
[05 Jan 2004] DSA-409 bind - denial of service
|
| 894 |
{CAN-2003-0914}
|
| 895 |
- bind 1:8.4.3-1
|
| 896 |
[05 Jan 2004] DSA-408 screen - integer overflow
|
| 897 |
{CAN-2003-0972}
|
| 898 |
- screen 4.0.2-0.1
|
| 899 |
[05 Jan 2004] DSA-407 ethereal - buffer overflows
|
| 900 |
{CAN-2003-0925 CAN-2003-0926 CAN-2003-0927 CAN-2003-1012 CAN-2003-1013
|
| 901 |
- ethereal 0.10.0-1
|
| 902 |
[05 Jan 2004] DSA-406 lftp - buffer overflow
|
| 903 |
- lftp 2.6.10-1
|
| 904 |
[30 Dec 2003] DSA-405 xsok - missing privilege release
|
| 905 |
{CAN-2003-0949}
|
| 906 |
- xsok 1.02-11
|
| 907 |
[04 Dec 2003] DSA-404 rsync - heap overflow
|
| 908 |
{CAN-2003-0962}
|
| 909 |
- rsync 2.5.6-1.1
|
| 910 |
[01 Dec 2003] DSA-403 kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18 - local root exploit
|
| 911 |
{CAN-2003-0961}
|
| 912 |
NOTE: 2.4.18 not present in sarge, did not check newer kernels.
|
| 913 |
[17 Nov 2003] DSA-402 minimalist - unsanitised input
|
| 914 |
{CAN-2003-0902}
|
| 915 |
- minimalist 2.4-1
|
| 916 |
[17 Nov 2003] DSA-401 hylafax - format strings
|
| 917 |
{CAN-2003-0886}
|
| 918 |
- hylafax 1:4.1.8-1
|
| 919 |
[11 Nov 2003] DSA-400 omega-rpg - buffer overflow
|
| 920 |
{CAN-2003-0932}
|
| 921 |
- omega-rpg 0.90-pa9-11
|
| 922 |
[10 Nov 2003] DSA-399 epic4 - buffer overflow
|
| 923 |
{CAN-2003-0328}
|
| 924 |
- epic4 1:1.1.11.20030409-2
|
| 925 |
[10 Nov 2003] DSA-398 conquest - buffer overflow
|
| 926 |
{CAN-2003-0933}
|
| 927 |
- conquest 7.2-5
|
| 928 |
[07 Nov 2003] DSA-397 postgresql - buffer overflow
|
| 929 |
{CAN-2003-0901}
|
| 930 |
- postgresql 7.3.4
|
| 931 |
[29 Oct 2003] DSA-396 thttpd - missing input sanitizing, wrong calculation
|
| 932 |
{CAN-2002-1562 CAN-2003-0899}
|
| 933 |
- thttpd 2.23beta1-2.3
|
| 934 |
[15 Oct 2003] DSA-395 tomcat4 - incorrect input handling
|
| 935 |
{CAN-2003-0866}
|
| 936 |
! tomcat4 4.1.24-2
|
| 937 |
NOTE another RC (unreproducible?) bug and missing deps (#263201)
|
| 938 |
NOTE are keeping the fix out of testing
|
| 939 |
[11 Oct 2003] DSA-394 openssl095 - ASN.1 parsing vulnerability
|
| 940 |
{CAN-2003-0543 CAN-2003-0544 CAN-2003-0545}
|
| 941 |
- openssl 0.9.7c
|
| 942 |
- openssl096 0.9.6k
|
| 943 |
[01 Oct 2003] DSA-393 openssl - denial of service
|
| 944 |
{CAN-2003-0543 CAN-2003-0544 CAN-2003-0545}
|
| 945 |
- openssl 0.9.7c
|
| 946 |
- openssl096 0.9.6k
|
| 947 |
[29 Sep 2003] DSA-392 webfs - buffer overflows, file and directory exposure
|
| 948 |
{CAN-2003-0832 CAN-2003-0833}
|
| 949 |
- webfs 1.20
|
| 950 |
[28 Sep 2003] DSA-391 freesweep - buffer overflow
|
| 951 |
{CAN-2003-0828}
|
| 952 |
- freesweep 0.88-4.1
|
| 953 |
[26 Sep 2003] DSA-390 marbles - buffer overflow
|
| 954 |
{CAN-2003-0830}
|
| 955 |
NOTE not present in sid, sarge
|
| 956 |
[20 Sep 2003] DSA-389 ipmasq - insecure packet filtering rules
|
| 957 |
{CAN-2003-0785}
|
| 958 |
- ipmasq 3.5.12
|
| 959 |
[19 Sep 2003] DSA-388 kdebase - several vulnerabilities
|
| 960 |
{CAN-2003-0690 CAN-2003-0692}
|
| 961 |
- kdebase 4:3.2
|
| 962 |
[18 Sep 2003] DSA-387 gopher - buffer overflows
|
| 963 |
{CAN-2003-0805}
|
| 964 |
- gopher 3.0.6
|
| 965 |
[18 Sep 2003] DSA-386 libmailtools-perl - input validation bug
|
| 966 |
{CAN-2002-1271}
|
| 967 |
- libmailtools-perl 1.51
|
| 968 |
[18 Sep 2003] DSA-385 hztty - buffer overflows
|
| 969 |
{CAN-2003-0783}
|
| 970 |
- hztty 2.0-6
|
| 971 |
[17 Sep 2003] DSA-384 sendmail - buffer overflows
|
| 972 |
{CAN-2003-0681 CAN-2003-0694}
|
| 973 |
- sendmail 8.12.10-1
|
| 974 |
[17 Sep 2003] DSA-383 ssh-krb5 - possible remote vulnerability
|
| 975 |
{CAN-2003-0693}
|
| 976 |
{CAN-2003-0695}
|
| 977 |
{CAN-2003-0682}
|
| 978 |
HELP: Screwy changelog does not make sense. Filed bug.
|
| 979 |
[16 Sep 2003] DSA-382 ssh - possible remote vulnerability
|
| 980 |
{CAN-2003-0693}
|
| 981 |
- openssh 1:3.6.1p2-6.0
|
| 982 |
{CAN-2003-0695}
|
| 983 |
- openssh 1:3.7.1
|
| 984 |
{CAN-2003-0682}
|
| 985 |
- openssh 1:3.6.1p2-9
|
| 986 |
[13 Sep 2003] DSA-381 mysql - buffer overflow
|
| 987 |
{CAN-2003-0780}
|
| 988 |
- mysql-dfsg 4.0.15-1
|
| 989 |
[12 Sep 2003] DSA-380 xfree86 - buffer overflows, denial of service
|
| 990 |
{CAN-2003-0063}
|
| 991 |
- xfree86 4.2.1-11
|
| 992 |
{CAN-2003-0071}
|
| 993 |
- xfree86 4.2.1-11
|
| 994 |
{CAN-2002-0164}
|
| 995 |
- xfree86 4.2.1-11
|
| 996 |
{CAN-2003-0730}
|
| 997 |
- xfree86 4.2.1-12
|
| 998 |
[11 Sep 2003] DSA-379 sane-backends - several vulnerabilities
|
| 999 |
{CAN-2003-0773 CAN-2003-0774 CAN-2003-0775 CAN-2003-0776 CAN-2003-0777 CAN-2003-0778}
|
| 1000 |
- sane-backends 1.0.11-1
|
| 1001 |
[07 Sep 2003] DSA-378 mah-jong - buffer overflows, denial of service
|
| 1002 |
{CAN-2003-0705 CAN-2003-0706}
|
| 1003 |
- mah-jong 1.5.6-2
|
| 1004 |
[04 Sep 2003] DSA-377 wu-ftpd - insecure program execution
|
| 1005 |
{CVE-1999-0997}
|
| 1006 |
- wu-ftpd 2.6.2-15
|
| 1007 |
[04 Sep 2003] DSA-376 exim - buffer overflow
|
| 1008 |
{CAN-2003-0743}
|
| 1009 |
- exim 3.36-8
|
| 1010 |
[29 Aug 2003] DSA-375 node - buffer overflow, format string
|
| 1011 |
{CAN-2003-0707 CAN-2003-0708}
|
| 1012 |
- node 0.3.2-1
|
| 1013 |
[26 Aug 2003] DSA-374 libpam-smb - buffer overflow
|
| 1014 |
{CAN-2003-0686}
|
| 1015 |
NOTE: not in sid/sarge
|
| 1016 |
[16 Aug 2003] DSA-373 autorespond - buffer overflow
|
| 1017 |
{CAN-2003-0654}
|
| 1018 |
- autorespond 2.0.4-1
|
| 1019 |
[16 Aug 2003] DSA-372 netris - buffer overflow
|
| 1020 |
{CAN-2003-0685}
|
| 1021 |
- netris 0.52-1
|
| 1022 |
[11 Aug 2003] DSA-371 perl - cross-site scripting
|
| 1023 |
{CAN-2003-0615}
|
| 1024 |
- perl 5.8.0-19
|
| 1025 |
[08 Aug 2003] DSA-370 pam-pgsql - format string
|
| 1026 |
{CAN-2003-0672}
|
| 1027 |
- pam-pgsql 0.5.2-7
|
| 1028 |
[08 Aug 2003] DSA-369 zblast - buffer overflow
|
| 1029 |
{CAN-2003-0613}
|
| 1030 |
- zblast 1.2.1-7
|
| 1031 |
[08 Aug 2003] DSA-368 xpcd - buffer overflow
|
| 1032 |
{CAN-2003-0649}
|
| 1033 |
- xpcd 2.08-9
|
| 1034 |
[08 Aug 2003] DSA-367 xtokkaetama - buffer overflow
|
| 1035 |
{CAN-2003-0652}
|
| 1036 |
- xtokkaetama 1.0b-9
|
| 1037 |
[05 Aug 2003] DSA-366 eroaster - insecure temporary file
|
| 1038 |
{CAN-2003-0656}
|
| 1039 |
- eroaster 2.2.0-0.5-1
|
| 1040 |
[05 Aug 2003] DSA-365 phpgroupware - several vulnerabilities
|
| 1041 |
{CAN-2003-0504 CAN-2003-0599 CAN-2003-0657}
|
| 1042 |
- phpgroupware 0.9.14.007-1)
|
| 1043 |
[04 Aug 2003] DSA-364 man-db - buffer overflows, arbitrary command execution
|
| 1044 |
{CAN-2003-0620 CAN-2003-0645}
|
| 1045 |
- man-db 2.4.1-13
|
| 1046 |
[03 Aug 2003] DSA-363 postfix - denial of service, bounce-scanning
|
| 1047 |
{CAN-2003-0468 CAN-2003-0540}
|
| 1048 |
- postfix 1.1.12
|
| 1049 |
[02 Aug 2003] DSA-362 mindi - insecure temporary file
|
| 1050 |
{CAN-2003-0617}
|
| 1051 |
- mindi 0.86-1
|
| 1052 |
[01 Aug 2003] DSA-361 kdelibs, kdelibs-crypto - several vulnerabilities
|
| 1053 |
{CAN-2003-0459 CAN-2003-0370}
|
| 1054 |
- kdelibs 4:3.1.3-1
|
| 1055 |
[01 Aug 2003] DSA-360 xfstt - several vulnerabilities
|
| 1056 |
{CAN-2003-0581}
|
| 1057 |
- xfstt 1.5-1
|
| 1058 |
{CAN-2003-0625}
|
| 1059 |
- xfstt 1.5.1-1
|
| 1060 |
[31 Jul 2003] DSA-359 atari800 - buffer overflows
|
| 1061 |
{CAN-2003-0630}
|
| 1062 |
- atari800 1.3.1-2
|
| 1063 |
[31 Jul 2003] DSA-358 linux-kernel-2.4.18 - several vulnerabilities
|
| 1064 |
{CAN-2003-0461 CAN-2003-0462 CAN-2003-0476 CAN-2003-0501 CAN-2003-0550 CAN-2003-0551 CAN-2003-0552 CAN-2003-0018 CAN-2003-0619 CAN-2003-0643}
|
| 1065 |
NOTE: 2.4.18/2.4.20 not in unstable/testing. Did not check newer ones.
|
| 1066 |
[31 Jul 2003] DSA-357 wu-ftpd - remote root exploit
|
| 1067 |
{CAN-2003-0466}
|
| 1068 |
- wu-ftpd 2.6.2-12
|
| 1069 |
[30 Jul 2003] DSA-356 xtokkaetama - buffer overflows
|
| 1070 |
{CAN-2003-0611}
|
| 1071 |
- xtokkaetama 1.0b-8
|
| 1072 |
[30 Jul 2003] DSA-355 gallery - cross-site scripting
|
| 1073 |
{CAN-2003-0614}
|
| 1074 |
- gallery 1.3.4-3
|
| 1075 |
[29 Jul 2003] DSA-354 xconq - buffer overflows
|
| 1076 |
{CAN-2003-0607}
|
| 1077 |
- xconq 7.4.1-2.1
|
| 1078 |
[29 Jul 2003] DSA-353 sup - insecure temporary file
|
| 1079 |
{CAN-2003-0606}
|
| 1080 |
- sup 1.8-9
|
| 1081 |
[22 Jul 2003] DSA-352 fdclone - insecure temporary directory
|
| 1082 |
{CAN-2003-0596}
|
| 1083 |
- fdclone 2.04-1
|
| 1084 |
[16 Jul 2003] DSA-351 php4 - cross-site scripting
|
| 1085 |
{CAN-2003-0442}
|
| 1086 |
- php4 4:4.3.2+rc3-1
|
| 1087 |
[15 Jul 2003] DSA-350 falconseye - buffer overflow
|
| 1088 |
{CAN-2003-0358}
|
| 1089 |
NOTE: not in testing, fixed in unstable
|
| 1090 |
- falconseye 1.9.3-9
|
| 1091 |
[14 Jul 2003] DSA-349 nfs-utils - buffer overflow
|
| 1092 |
{CAN-2003-0252}
|
| 1093 |
- nfs-utils 1:1.0.3-2
|
| 1094 |
[11 Jul 2003] DSA-348 traceroute-nanog - integer overflow, buffer overflow
|
| 1095 |
{CAN-2003-0453}
|
| 1096 |
- traceroute-nanog 6.1.1-1.3
|
| 1097 |
[08 Jul 2003] DSA-347 teapop - SQL injection
|
| 1098 |
{CAN-2003-0515}
|
| 1099 |
- teapop 0.3.5-2
|
| 1100 |
[08 Jul 2003] DSA-346 phpsysinfo - directory traversal
|
| 1101 |
{CAN-2003-0536}
|
| 1102 |
- phpsysinfo 2.1-1
|
| 1103 |
[08 Jul 2003] DSA-345 xbl - buffer overflow
|
| 1104 |
{CAN-2003-0535}
|
| 1105 |
- xbl 1.0k-6
|
| 1106 |
[08 Jul 2003] DSA-344 unzip - directory traversal
|
| 1107 |
{CAN-2003-0282}
|
| 1108 |
- unzip 5.50-3
|
| 1109 |
[08 Jul 2003] DSA-343 skk, ddskk - insecure temporary file
|
| 1110 |
{CAN-2003-0539}
|
| 1111 |
- skk 10.62a-6
|
| 1112 |
- ddskk 12.1.cvs.20030622-1
|
| 1113 |
[07 Jul 2003] DSA-342 mozart - unsafe mailcap configuration
|
| 1114 |
{CAN-2003-0538}
|
| 1115 |
NOTE: mozart is not in sarge
|
| 1116 |
- mozart 1.2.5.20030212-2
|
| 1117 |
[07 Jul 2003] DSA-341 liece - insecure temporary file
|
| 1118 |
{CAN-2003-0537}
|
| 1119 |
- liece 2.0+0.20030527cvs-1
|
| 1120 |
[06 Jul 2003] DSA-340 x-face-el - insecure temporary file
|
| 1121 |
- x-face-el 1.3.6.23-1
|
| 1122 |
[06 Jul 2003] DSA-339 semi - insecure temporary file
|
| 1123 |
{CAN-2003-0440}
|
| 1124 |
- semi 1.14.5+20030609-1
|
| 1125 |
[29 Jun 2003] DSA-338 proftpd - SQL injection
|
| 1126 |
{CAN-2003-0500}
|
| 1127 |
- proftpd 1.2.8-8
|
| 1128 |
[29 Jun 2003] DSA-337 gtksee - buffer overflow
|
| 1129 |
{CAN-2003-0444}
|
| 1130 |
! gtksee 0.5.6-1
|
| 1131 |
[29 Jun 2003] DSA-336 linux-kernel-2.2.20 - several vulnerabilities
|
| 1132 |
{CAN-2002-1380 CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0364 CAN-2003-0246 CAN-2003-0244 CAN-2003-0247 CAN-2003-0248}
|
| 1133 |
- kernel-source-2.2.25 2.2.25-3
|
| 1134 |
NOTE: did not check newer kernels
|
| 1135 |
[28 Jun 2003] DSA-335 mantis - incorrect permissions
|
| 1136 |
{CAN-2003-0499}
|
| 1137 |
- mantis 0.17.5-6
|
| 1138 |
[28 Jun 2003] DSA-334 xgalaga - buffer overflows
|
| 1139 |
{CAN-2003-0454}
|
| 1140 |
- xgalaga 2.0.34-22
|
| 1141 |
[27 Jun 2003] DSA-333 acm - integer overflow
|
| 1142 |
{CVE-2002-0391}
|
| 1143 |
- acm 5.0-10
|
| 1144 |
[27 Jun 2003] DSA-332 linux-kernel-2.4.17 - several vulnerabilities
|
| 1145 |
{CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364}
|
| 1146 |
NOTE: note in the archive, and did not check newer kernels
|
| 1147 |
[27 Jun 2003] DSA-331 imagemagick - insecure temporary file
|
| 1148 |
{CAN-2003-0455}
|
| 1149 |
- imagemagick 4:5.5.7-1
|
| 1150 |
[23 Jun 2003] DSA-330 tcptraceroute - failure to drop root privileges
|
| 1151 |
{CAN-2003-0489}
|
| 1152 |
- tcptraceroute 1.4-4
|
| 1153 |
[20 Jun 2003] DSA-329 osh - buffer overflows
|
| 1154 |
{CAN-2003-0452}
|
| 1155 |
- osh 1.7-12
|
| 1156 |
[19 Jun 2003] DSA-328 webfs - buffer overflow
|
| 1157 |
{CAN-2003-0445}
|
| 1158 |
- webfs 1.20
|
| 1159 |
[19 Jun 2003] DSA-327 xbl - buffer overflows
|
| 1160 |
{CAN-2003-0451}
|
| 1161 |
- xbl 1.0k-5
|
| 1162 |
[19 Jun 2003] DSA-326 orville-write - buffer overflows
|
| 1163 |
{CAN-2003-0441}
|
| 1164 |
- orville-write 2.54-1
|
| 1165 |
[19 Jun 2003] DSA-325 eldav - insecure temporary file
|
| 1166 |
{CAN-2003-0438}
|
| 1167 |
- eldav 0.7.2-1
|
| 1168 |
[18 Jun 2003] DSA-324 ethereal - several vulnerabilities
|
| 1169 |
{CAN-2003-0428 CAN-2003-0429 CAN-2003-0431 CAN-2003-0432}
|
| 1170 |
- ethereal 0.9.13-1.
|
| 1171 |
[16 Jun 2003] DSA-323 noweb - insecure temporary files
|
| 1172 |
{CAN-2003-0381}
|
| 1173 |
- noweb 2.10c-2
|
| 1174 |
[16 Jun 2003] DSA-322 typespeed - buffer overflow
|
| 1175 |
{CAN-2003-0435}
|
| 1176 |
- typespeed 0.4.4
|
| 1177 |
[13 Jun 2003] DSA-321 radiusd-cistron - buffer overflow
|
| 1178 |
{CAN-2003-0450}
|
| 1179 |
- radiusd-cistron 1.6.6-2
|
| 1180 |
[13 Jun 2003] DSA-320 mikmod - buffer overflow
|
| 1181 |
{CAN-2003-0427}
|
| 1182 |
- mikmod 3.1.6-6
|
| 1183 |
[12 Jun 2003] DSA-319 webmin - session ID spoofing
|
| 1184 |
{CAN-2003-0101}
|
| 1185 |
- webmin 1.070-1
|
| 1186 |
[12 Jun 2003] DSA-318 lyskom-server - denial of service
|
| 1187 |
{CAN-2003-0366}
|
| 1188 |
- lyskom-server 2.0.7-2
|
| 1189 |
[11 Jun 2003] DSA-317 cupsys - denial of service
|
| 1190 |
{CAN-2003-0195}
|
| 1191 |
- cupsys 1.1.19final-1
|
| 1192 |
[11 Jun 2003] DSA-316 nethack - buffer overflow, incorrect permissions
|
| 1193 |
{CAN-2003-0358 CAN-2003-0359}
|
| 1194 |
- nethack 3.4.1-1
|
| 1195 |
- slashem 0.0.6E4F8-6
|
| 1196 |
- jnethack 1.1.5-15
|
| 1197 |
NOTE: DSA contains some strange non-nethack version numbers
|
| 1198 |
[11 Jun 2003] DSA-315 gnocatan - buffer overflows, denial of service
|
| 1199 |
{CAN-2003-0433}
|
| 1200 |
HELP: no mention of any security fixes in debian changelog,
|
| 1201 |
HELP: upstream changelog. Mailed maintainer.
|
| 1202 |
[11 Jun 2003] DSA-314 atftp - buffer overflow
|
| 1203 |
{CAN-2003-0380}
|
| 1204 |
- atftp 0.6.2
|
| 1205 |
[11 Jun 2003] DSA-313 ethereal - buffer overflows, integer overflows
|
| 1206 |
{CAN-2003-0356 CAN-2003-0357}
|
| 1207 |
- ethereal 0.9.12-1
|
| 1208 |
[09 Jun 2003] DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities
|
| 1209 |
{CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248}
|
| 1210 |
NOTE: not in unstable/testing. Did not check other versions.
|
| 1211 |
[08 Jun 2003] DSA-311 linux-kernel-2.4.18 - several vulnerabilities
|
| 1212 |
{CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364}
|
| 1213 |
NOTE: not in unstable/testing. Did not check other versions.
|
| 1214 |
[08 Jun 2003] DSA-310 xaos - improper setuid-root execution
|
| 1215 |
{CAN-2003-0385}
|
| 1216 |
- xaos 3.1r-4
|
| 1217 |
[06 Jun 2003] DSA-309 eterm - buffer overflow
|
| 1218 |
{CAN-2003-0382}
|
| 1219 |
- eterm 0.9.2-1
|
| 1220 |
[06 Jun 2003] DSA-308 gzip - insecure temporary files
|
| 1221 |
{CVE-1999-1332 CAN-2003-0367}
|
| 1222 |
- gzip 1.3.5-6
|
| 1223 |
[27 May 2003] DSA-307 gps - multiple vulnerabilities
|
| 1224 |
{CAN-2003-0361 CAN-2003-0360 CAN-2003-0362}
|
| 1225 |
- gps 1.1.0-1
|
| 1226 |
[19 May 2003] DSA-306 ircii-pana - buffer overflows, integer overflow
|
| 1227 |
{CAN-2003-0321 CAN-2003-0322 CAN-2003-0328}
|
| 1228 |
- ircii-pana 1:1.0-0c19-8
|
| 1229 |
[15 May 2003] DSA-305 sendmail - insecure temporary files
|
| 1230 |
{CAN-2003-0308}
|
| 1231 |
- sendmail 8.12.9-2
|
| 1232 |
[15 May 2003] DSA-304 lv - privilege escalation
|
| 1233 |
{CAN-2003-0188}
|
| 1234 |
- lv 4.49.5-2
|
| 1235 |
[15 May 2003] DSA-303 mysql - privilege escalation
|
| 1236 |
{CAN-2003-0073}
|
| 1237 |
- mysql-dfsg 4.0.12-2
|
| 1238 |
{CAN-2003-0150}
|
| 1239 |
HELP: not sure if this is fixed
|
| 1240 |
[07 May 2003] DSA-302 fuzz - privilege escalation
|
| 1241 |
{CAN-2003-0261}
|
| 1242 |
- fuzz 0.6-7.1
|
| 1243 |
[07 May 2003] DSA-301 libgtop - buffer overflow
|
| 1244 |
{CAN-2001-0928}
|
| 1245 |
- libgtop 1.0.13-4
|
| 1246 |
[06 May 2003] DSA-300 balsa - buffer overflow
|
| 1247 |
{CAN-2003-0167}
|
| 1248 |
- balse 2.0.10
|
| 1249 |
[06 May 2003] DSA-299 leksbot - improper setuid-root execution
|
| 1250 |
{CAN-2003-0262}
|
| 1251 |
- lexbot 1.2-5
|
| 1252 |
[02 May 2003] DSA-298 epic4 - buffer overflows
|
| 1253 |
{CAN-2003-0323}
|
| 1254 |
- epic4 1:1.1.11.20030409-1
|
| 1255 |
[01 May 2003] DSA-297 snort - integer overflow, buffer overflow
|
| 1256 |
{CAN-2003-0033 CAN-2003-0209}
|
| 1257 |
- snort 2.0.0-1
|
| 1258 |
[30 Apr 2003] DSA-296 kdebase - insecure execution
|
| 1259 |
{CAN-2003-0204}
|
| 1260 |
- kdebase 4:3.1.0-1
|
| 1261 |
[30 Apr 2003] DSA-295 pptpd - buffer overflow
|
| 1262 |
{CAN-2003-0213}
|
| 1263 |
- pptpd 1.1.4-0.b3.2
|
| 1264 |
[23 Apr 2003] DSA-294 gkrellm-newsticker - missing quoting, incomplete parser
|
| 1265 |
{CAN-2003-0205 CAN-2003-0206}
|
| 1266 |
NOTE: not in unstable/testing
|
| 1267 |
[23 Apr 2003] DSA-293 kdelibs - insecure execution
|
| 1268 |
{CAN-2003-0204}
|
| 1269 |
- kdebase 4:3.1.0-1
|
| 1270 |
[22 Apr 2003] DSA-292 mime-support - insecure temporary file creation
|
| 1271 |
{CAN-2003-0214}
|
| 1272 |
- mime-support 3.23-1
|
| 1273 |
[22 Apr 2003] DSA-291 ircii - buffer overflows
|
| 1274 |
{CAN-2003-0323}
|
| 1275 |
- ircii 20030315-1
|
| 1276 |
[17 Apr 2003] DSA-290 sendmail-wide - char-to-int conversion
|
| 1277 |
{CAN-2003-0161}
|
| 1278 |
- sendmail-wide 8.12.9+3.5Wbeta-1
|
| 1279 |
[17 Apr 2003] DSA-289 rinetd - incorrect memory resizing
|
| 1280 |
{CAN-2003-0212}
|
| 1281 |
- rinetd 0.61-2
|
| 1282 |
[17 Apr 2003] DSA-288 openssl - several vulnerabilities
|
| 1283 |
{CAN-2003-0147 CAN-2003-0131}
|
| 1284 |
- openssl 0.9.7b-1
|
| 1285 |
- openssl096 0.9.6j-1
|
| 1286 |
[15 Apr 2003] DSA-287 epic - buffer overflows
|
| 1287 |
{CAN-2003-0324}
|
| 1288 |
- epic4 1:1.1.11.20030409-1
|
| 1289 |
[14 Apr 2003] DSA-286 gs-common - insecure temporary file
|
| 1290 |
{CAN-2003-0207}
|
| 1291 |
- gs-common 0.3.3.1
|
| 1292 |
[14 Apr 2003] DSA-285 lprng - insecure temporary file
|
| 1293 |
{CAN-2003-0136}
|
| 1294 |
- lprng 3.8.20-4.
|
| 1295 |
[12 Apr 2003] DSA-284 kdegraphics - insecure execution
|
| 1296 |
{CAN-2003-0204}
|
| 1297 |
- kdegraphics 4:3.1.0-1
|
| 1298 |
[11 Apr 2003] DSA-283 xfsdump - insecure file creation
|
| 1299 |
{CAN-2003-0173}
|
| 1300 |
- xfsdump 2.2.8-1
|
| 1301 |
[09 Apr 2003] DSA-282 glibc - integer overflow
|
| 1302 |
{CAN-2003-0028}
|
| 1303 |
- glibc 2.3.1-16
|
| 1304 |
[08 Apr 2003] DSA-281 moxftp - buffer overflow
|
| 1305 |
{CAN-2003-0203}
|
| 1306 |
- moxftp 2.2-18.20
|
| 1307 |
[07 Apr 2003] DSA-280 samba - buffer overflow
|
| 1308 |
{CAN-2003-0201 CAN-2003-0196}
|
| 1309 |
- samba 3.0
|
| 1310 |
[07 Apr 2003] DSA-279 metrics - insecure temporary file creation
|
| 1311 |
{CAN-2003-0202}
|
| 1312 |
NOTE: note in unstable/testing
|
| 1313 |
[04 Apr 2003] DSA-278 sendmail - char-to-int conversion
|
| 1314 |
{CAN-2003-0161}
|
| 1315 |
- sendmail 8.12.9-1
|
| 1316 |
[03 Apr 2003] DSA-277 apcupsd - buffer overflows, format string
|
| 1317 |
{CAN-2003-0098 CAN-2003-0099}
|
| 1318 |
- apcupsd 3.8.5-1.2
|
| 1319 |
[03 Apr 2003] DSA-276 linux-kernel-s390 - local privilege escalation
|
| 1320 |
{CAN-2003-0127}
|
| 1321 |
NOTE: this version is not in sarge, did not check others
|
| 1322 |
[02 Apr 2003] DSA-275 lpr-ppd - buffer overflow
|
| 1323 |
{CAN-2003-0144}
|
| 1324 |
- lpr-ppd 1:0.72-3
|
| 1325 |
[28 Mar 2003] DSA-274 mutt - buffer overflow
|
| 1326 |
{CAN-2003-0167}
|
| 1327 |
- mutt 1.4.0
|
| 1328 |
[28 Mar 2003] DSA-273 krb4 - Cryptographic weakness
|
| 1329 |
{CAN-2003-0138 CAN-2003-0139}
|
| 1330 |
- krb4 1.2.2-1
|
| 1331 |
[28 Mar 2003] DSA-272 dietlibc - integer overflow
|
| 1332 |
{CAN-2003-0028}
|
| 1333 |
- dietlibc 0.22-2
|
| 1334 |
[27 Mar 2003] DSA-271 ecartis - unauthorized password change
|
| 1335 |
{CAN-2003-0162}
|
| 1336 |
- ecartis 1.0.0+cvs.20030321-1
|
| 1337 |
[27 Mar 2003] DSA-270 linux-kernel-mips - local privilege escalation
|
| 1338 |
{CAN-2003-0127}
|
| 1339 |
NOTE: not in unstable/testing, did not check other versions
|
| 1340 |
[26 Mar 2003] DSA-269 heimdal - Cryptographic weakness
|
| 1341 |
{CAN-2003-0138}
|
| 1342 |
- heimdal 0.5.2-1
|
| 1343 |
[25 Mar 2003] DSA-268 mutt - buffer overflow
|
| 1344 |
{CAN-2003-0140}
|
| 1345 |
- mutt 1.5.4-1
|
| 1346 |
[24 Mar 2003] DSA-267 lpr - buffer overflow
|
| 1347 |
{CAN-2003-0144}
|
| 1348 |
- lpr 1:2000.05.07-4.20
|
| 1349 |
[24 Mar 2003] DSA-266 krb5 - several vulnerabilities
|
| 1350 |
{CAN-2003-0028}
|
| 1351 |
- krb5 1.3.3-2
|
| 1352 |
NOTE: changelog does not mention this one, verified patch from
|
| 1353 |
NOTE: Tom Yu was applied to this version.
|
| 1354 |
{CAN-2003-0072}
|
| 1355 |
- krb5 1.2.7-3
|
| 1356 |
NOTE: changelog does not mention this one, verified patch from
|
| 1357 |
NOTE: upstream was applied to this version.
|
| 1358 |
{CAN-2003-0082}
|
| 1359 |
- krb5 1.3.3-2
|
| 1360 |
{CAN-2003-0138 VU#623217}
|
| 1361 |
- krb5 1.2.7-3
|
| 1362 |
{CAN-2003-0139 VU#442569}
|
| 1363 |
- krb5 1.2.7-3
|
| 1364 |
[21 Mar 2003] DSA-265 bonsai - several vulnerabilities
|
| 1365 |
{CAN-2003-0152 CAN-2003-0153 CAN-2003-0154 CAN-2003-0155}
|
| 1366 |
- bonsai 1.3+cvs20030317-1
|
| 1367 |
[19 Mar 2003] DSA-264 lxr - missing filename sanitizing
|
| 1368 |
{CAN-2003-0156}
|
| 1369 |
- lxr 0.3-4
|
| 1370 |
[17 Mar 2003] DSA-263 netpbm-free - math overflow errors
|
| 1371 |
{CAN-2003-0146}
|
| 1372 |
- netpbm-free 2:9.20-9
|
| 1373 |
[15 Mar 2003] DSA-262 samba - remote exploit
|
| 1374 |
{CAN-2003-0085 CAN-2003-0086}
|
| 1375 |
- samba 2.2.8
|
| 1376 |
[14 Mar 2003] DSA-261 tcpdump - infinite loop
|
| 1377 |
{CAN-2003-0093 CAN-2003-0145}
|
| 1378 |
NOTE: DSA reports sid was not affected, sarge has sid version
|
| 1379 |
[13 Mar 2003] DSA-260 file - buffer overflow
|
| 1380 |
{CAN-2003-0102}
|
| 1381 |
- file 3.40-1.1
|
| 1382 |
[12 Mar 2003] DSA-259 qpopper - mail user privilege escalation
|
| 1383 |
{CAN-2003-0143}
|
| 1384 |
- qpopper 4.0.4-9
|
| 1385 |
[10 Mar 2003] DSA-258 ethereal - format string vulnerability
|
| 1386 |
{CAN-2003-0081}
|
| 1387 |
- ethereal 0.9.9-2
|
| 1388 |
[04 Mar 2003] DSA-257 sendmail - remote exploit
|
| 1389 |
{CAN-2002-1337}
|
| 1390 |
- sendmail 8.12.8
|
| 1391 |
[28 Feb 2003] DSA-256 mhc - insecure temporary file
|
| 1392 |
{CAN-2003-0120}
|
| 1393 |
- mhc 0.25+20030224-1
|
| 1394 |
[27 Feb 2003] DSA-255 tcpdump - infinite loop
|
| 1395 |
{CAN-2003-0108 CAN-2002-0380}
|
| 1396 |
- tcpdump 3.7.1-1.2
|
| 1397 |
[27 Feb 2003] DSA-254 traceroute-nanog - buffer overflow
|
| 1398 |
{CAN-2002-1051 CAN-2002-1364 CAN-2002-1386 CAN-2002-1387}
|
| 1399 |
- traceroute-nanog 6.3.0-1
|
| 1400 |
[24 Feb 2003] DSA-253 openssl - information leak
|
| 1401 |
{CAN-2003-0078}
|
| 1402 |
- openssl 0.9.7a-1
|
| 1403 |
[21 Feb 2003] DSA-252 slocate - buffer overflow
|
| 1404 |
{CAN-2003-0056}
|
| 1405 |
- slocate 2.7-1
|
| 1406 |
[14 Feb 2003] DSA-251 w3m - missing HTML quoting
|
| 1407 |
{CAN-2002-1335 CAN-2002-1348}
|
| 1408 |
- w3m 0.3.2.2-1
|
| 1409 |
[12 Feb 2003] DSA-250 w3mmee-ssl - missing HTML quoting
|
| 1410 |
{CAN-2002-1335 CAN-2002-1348}
|
| 1411 |
NOTE: not in sid/sarge
|
| 1412 |
[11 Feb 2003] DSA-249 w3mmee - missing HTML quoting
|
| 1413 |
{CAN-2002-1335 CAN-2002-1348}
|
| 1414 |
- w3mmee 0.3.p24.17-3
|
| 1415 |
[31 Jan 2003] DSA-248 hypermail - buffer overflows
|
| 1416 |
{CAN-2003-0057}
|
| 1417 |
- hypermail 2.1.6-1
|
| 1418 |
[30 Jan 2003] DSA-247 courier-ssl - missing input sanitizing
|
| 1419 |
{CAN-2003-0040}
|
| 1420 |
- courier 0.40.2-3
|
| 1421 |
[29 Jan 2003] DSA-246 tomcat - information exposure, cross site scripting
|
| 1422 |
{CAN-2003-0042 CAN-2003-0043 CAN-2003-0044}
|
| 1423 |
NOTE: tomcat not in sid/sarge
|
| 1424 |
NOTE: tomcat4 not affected
|
| 1425 |
[28 Jan 2003] DSA-245 dhcp3 - ignored counter boundary
|
| 1426 |
{CAN-2003-0039}
|
| 1427 |
- dhcp3 1.1.2-1
|
| 1428 |
[27 Jan 2003] DSA-244 noffle - buffer overflows
|
| 1429 |
{CAN-2003-0037}
|
| 1430 |
- noffle 1.1.2-1
|
| 1431 |
[24 Jan 2003] DSA-243 kdemultimedia - several vulnerabilities
|
| 1432 |
{CAN-2002-1393}
|
| 1433 |
- kdemultimedia 4:3.1
|
| 1434 |
[24 Jan 2003] DSA-242 kdebase - several vulnerabilities
|
| 1435 |
{CAN-2002-1393}
|
| 1436 |
- kdebase 4:3.1
|
| 1437 |
[24 Jan 2003] DSA-241 kdeutils - several vulnerabilities
|
| 1438 |
{CAN-2002-1393}
|
| 1439 |
- kdeutils 4:3.1
|
| 1440 |
[23 Jan 2003] DSA-240 kdegames - several vulnerabilities
|
| 1441 |
{CAN-2002-1393}
|
| 1442 |
- kdegames 4:3.1
|
| 1443 |
[23 Jan 2003] DSA-239 kdesdk - several vulnerabilities
|
| 1444 |
{CAN-2002-1393}
|
| 1445 |
- kdesdk 4:3.1
|
| 1446 |
[23 Jan 2003] DSA-238 kdepim - several vulnerabilities
|
| 1447 |
{CAN-2002-1393}
|
| 1448 |
- kdepim 4:3.1
|
| 1449 |
[22 Jan 2003] DSA-237 kdenetwork - several vulnerabilities
|
| 1450 |
{CAN-2002-1393}
|
| 1451 |
- kdenetwork 4:3.1
|
| 1452 |
[22 Jan 2003] DSA-236 kdelibs - several vulnerabilities
|
| 1453 |
{CAN-2002-1393}
|
| 1454 |
- kdelibs 4:3.1
|
| 1455 |
[22 Jan 2003] DSA-235 kdegraphics - several vulnerabilities
|
| 1456 |
{CAN-2002-1393}
|
| 1457 |
- kdegraphics 4:3.1
|
| 1458 |
[22 Jan 2003] DSA-234 kdeadmin - several vulnerabilities
|
| 1459 |
{CAN-2002-1393}
|
| 1460 |
- kdeadmin 4:3.1
|
| 1461 |
[21 Jan 2003] DSA-233 cvs - doubly freed memory
|
| 1462 |
{CAN-2003-0015}
|
| 1463 |
- cvs 1.11.2-5.1
|
| 1464 |
[20 Jan 2003] DSA-232 cupsys - several vulnerabilities
|
| 1465 |
{CAN-2002-1366 CAN-2002-1367 CAN-2002-1368 CAN-2002-1369 CAN-2002-1371 CAN-2002-1372 CAN-2002-1383 CAN-2002-1384}
|
| 1466 |
- cupsys 1.1.18-1
|
| 1467 |
[17 Jan 2003] DSA-231 dhcp3 - stack overflows
|
| 1468 |
{CAN-2003-0026}
|
| 1469 |
- dhcp3 3.0+3.0.1rc11-1
|
| 1470 |
[16 Jan 2003] DSA-230 bugzilla - insecure permissions, spurious backup files
|
| 1471 |
NOTE: not in testing due to 3 newer security holes
|
| 1472 |
{CAN-2003-0012}
|
| 1473 |
- bugzilla 2.16.2
|
| 1474 |
{CAN-2003-0013}
|
| 1475 |
- bugzilla 2.16.2
|
| 1476 |
[15 Jan 2003] DSA-229 imp - SQL injection
|
| 1477 |
{CAN-2003-0025}
|
| 1478 |
NOTE: I think imp3 is ok.
|
| 1479 |
[14 Jan 2003] DSA-228 libmcrypt - buffer overflows and memory leak
|
| 1480 |
{CAN-2003-0031 CAN-2003-0032}
|
| 1481 |
- libmcrypt 2.5.5-1
|
| 1482 |
[13 Jan 2003] DSA-227 openldap2 - buffer overflows and other bugs
|
| 1483 |
{CAN-2002-1378 CAN-2002-1379 CAN-2002-1508}
|
| 1484 |
- openldap2 2.0.27-3
|
| 1485 |
[10 Jan 2003] DSA-226 xpdf-i - integer overflow
|
| 1486 |
{CAN-2002-1384}
|
| 1487 |
- xpdf 2.01-2
|
| 1488 |
[09 Jan 2003] DSA-225 tomcat4 - source disclosure
|
| 1489 |
{CAN-2002-1394}
|
| 1490 |
! tomcat4 4.1.16-1
|
| 1491 |
NOTE another RC (unreproducible?) bug and missing deps (#263201)
|
| 1492 |
NOTE are keeping the fix out of testing
|
| 1493 |
NOTE this is the second unfixed security hole in tomcat4 in testing..
|
| 1494 |
[08 Jan 2003] DSA-224 canna - buffer overflow and more
|
| 1495 |
{CAN-2002-1158 CAN-2002-1159}
|
| 1496 |
- canna 3.6p1-1
|
| 1497 |
[07 Jan 2003] DSA-223 geneweb - information exposure
|
| 1498 |
{CAN-2002-1390}
|
| 1499 |
- geneweb 4.09-1
|
| 1500 |
[06 Jan 2003] DSA-222 xpdf - integer overflow
|
| 1501 |
{CAN-2002-1384}
|
| 1502 |
- xpdf 2.01-2
|
| 1503 |
[03 Jan 2003] DSA-221 mhonarc - cross site scripting
|
| 1504 |
{CAN-2002-1388}
|
| 1505 |
- mhonarc 2.5.14-1
|
| 1506 |
[02 Jan 2003] DSA-220 squirrelmail - cross site scripting
|
| 1507 |
{CAN-2002-1341}
|
| 1508 |
- squirrelmail 1:1.3.2-2
|
| 1509 |
|
| 1510 |
------- These processed by Djoumé SALVETTI <salvetti@crans.org> -----
|
| 1511 |
|
| 1512 |
[31 Dec 2002] DSA-219 dhcpcd - remote command execution
|
| 1513 |
{CAN-2002-1403}
|
| 1514 |
- dhcpcd 1.3.22pl2-2
|
| 1515 |
[30 Dec 2002] DSA-218 bugzilla - cross site scripting
|
| 1516 |
NOTE: not in testing, fixed in unstable (bugzilla 2.16.2-1).
|
| 1517 |
[27 Dec 2002] DSA-217 typespeed - buffer overflow
|
| 1518 |
{CAN-2002-1389}
|
| 1519 |
- typespeed 0.4.2-2
|
| 1520 |
[24 Dec 2002] DSA-216 fetchmail - buffer overflow
|
| 1521 |
{CAN-2002-1365}
|
| 1522 |
- fetchmail 6.2.0-1
|
| 1523 |
[23 Dec 2002] DSA-215 cyrus-imapd - buffer overflow
|
| 1524 |
{CAN-2002-1580}
|
| 1525 |
- cyrus-imapd 1.5.19-9.10
|
| 1526 |
[20 Dec 2002] DSA-214 kdnetwork - buffer overflows
|
| 1527 |
{CAN-2002-1306}
|
| 1528 |
- kdenetwork 2.2.2-14.20
|
| 1529 |
NOTE: there is a typo in the DSA, the name of the package is kdenetwork.
|
| 1530 |
[19 Dec 2002] DSA-213 libpng - buffer overflow
|
| 1531 |
{CAN-2002-1363}
|
| 1532 |
- libpng 1.0.12-7
|
| 1533 |
- libpng3 1.2.5-8
|
| 1534 |
[17 Dec 2002] DSA-212 mysql - multiple problems
|
| 1535 |
{CAN-2002-1373 CAN-2002-1374 CAN-2002-1375 CAN-2002-1376}
|
| 1536 |
- mysql-dfsg 4.0.7.gamma-1
|
| 1537 |
[13 Dec 2002] DSA-211 micq - denial of service
|
| 1538 |
{CAN-2002-1362}
|
| 1539 |
NOTE: not in testing nor unstable (was fixed in 0.4.9.4-1)
|
| 1540 |
[13 Dec 2002] DSA-210 lynx - CRLF injection
|
| 1541 |
{CAN-2002-1405}
|
| 1542 |
- lynx 2.8.4.1b-4
|
| 1543 |
NOTE: lynx-ssl not in testing nor unstable.
|
| 1544 |
[12 Dec 2002] DSA-209 wget - directory traversal
|
| 1545 |
{CAN-2002-1344}
|
| 1546 |
- wget 1.8.2-8
|
| 1547 |
[12 Dec 2002] DSA-208 perl - broken safe compartment
|
| 1548 |
{CAN-2002-1323}
|
| 1549 |
- perl 5.8.0-14
|
| 1550 |
[11 Dec 2002] DSA-207 tetex-bin - arbitrary command execution
|
| 1551 |
{CAN-2002-0836}
|
| 1552 |
- tetex-bin 1.0.7+20021025-4
|
| 1553 |
[10 Dec 2002] DSA-206 tcpdump - denial of service
|
| 1554 |
{CAN-2002-1350}
|
| 1555 |
- tcpdump 3.7.2-1
|
| 1556 |
[10 Dec 2002] DSA-205 gtetrinet - buffer overflow
|
| 1557 |
- gtetrinet 0.4.4-1
|
| 1558 |
NOTE: no CAN not CVE for this one
|
| 1559 |
[05 Dec 2002] DSA-204 kdelibs - arbitrary program execution
|
| 1560 |
{CAN-2002-1281 CAN-2002-1282}
|
| 1561 |
- kdelibs 4:3.1.0-1
|
| 1562 |
[04 Dec 2002] DSA-203 smb2www - arbitrary command execution
|
| 1563 |
{CAN-2002-1342}
|
| 1564 |
- smb2www 980804-17
|
| 1565 |
[03 Dec 2002] DSA-202 im - insecure temporary files
|
| 1566 |
{CAN-2002-1395}
|
| 1567 |
- im 141-20
|
| 1568 |
[02 Dec 2002] DSA-201 freeswan - denial of service
|
| 1569 |
{CAN-2002-0666 VU#459371}
|
| 1570 |
- freeswan 1.99-1
|
| 1571 |
[22 Nov 2002] DSA-200 samba - remote exploit
|
| 1572 |
{CAN-2002-1318}
|
| 1573 |
- samba 2.99.cvs.20020713-1
|
| 1574 |
[19 Nov 2002] DSA-199 mhonarc - cross site scripting
|
| 1575 |
{CAN-2002-1307}
|
| 1576 |
- mhonarc 2.5.13-1
|
| 1577 |
[18 Nov 2002] DSA-198 nullmailer - denial of service
|
| 1578 |
{CAN-2002-1313}
|
| 1579 |
- nullmailer 1.00RC5-17
|
| 1580 |
[15 Nov 2002] DSA-197 courier - buffer overflow
|
| 1581 |
{CAN-2002-1311}
|
| 1582 |
- courier 0.40.0-1
|
| 1583 |
[14 Nov 2002] DSA-196 bind - several vulnerabilities
|
| 1584 |
{CAN-2002-0029 CAN-2002-1219 CAN-2002-1220 CAN-2002-1221}
|
| 1585 |
- bind 8.3.3-3
|
| 1586 |
[13 Nov 2002] DSA-195 apache-perl - several vulnerabilities
|
| 1587 |
{CAN-2002-0839 CAN-2002-0840 CAN-2002-0843 CAN-2001-0131 CAN-2002-1233}
|
| 1588 |
- apache-perl 1.3.26-1.1-1.27-3-1
|
| 1589 |
[12 Nov 2002] DSA-194 masqmail - buffer overflows
|
| 1590 |
{CAN-2002-1279}
|
| 1591 |
- masqmail 0.2.15-1
|
| 1592 |
[11 Nov 2002] DSA-193 kdenetwork - buffer overflow
|
| 1593 |
{CAN-2002-1247}
|
| 1594 |
- kdenetwok 2.2.2-14.3
|
| 1595 |
[08 Nov 2002] DSA-192 html2ps - arbitrary code execution
|
| 1596 |
{CAN-2002-1275}
|
| 1597 |
- html2ps 1.0b3-2
|
| 1598 |
[07 Nov 2002] DSA-191 squirrelmail - cross site scripting
|
| 1599 |
{CAN-2002-1131 CAN-2002-1132 CAN-2002-1276}
|
| 1600 |
- squirrelmail 1.2.8-1.1
|
| 1601 |
[07 Nov 2002] DSA-190 wmaker - buffer overflow
|
| 1602 |
{CAN-2002-1277}
|
| 1603 |
- wmaker 0.80.1-4
|
| 1604 |
[06 Nov 2002] DSA-189 luxman - local root exploit
|
| 1605 |
{CAN-2002-1245}
|
| 1606 |
- luxman 0.41-19
|
| 1607 |
[05 Nov 2002] DSA-188 apache-ssl - several vulnerabilities
|
| 1608 |
{CAN-2002-0839 CAN-2002-0840 CAN-2002-0843}
|
| 1609 |
- apache 1.3.27-0.1
|
| 1610 |
{CAN-2001-0131 CAN-2002-1233}
|
| 1611 |
- apache 1.3.27-1
|
| 1612 |
HELP: note sure about this
|
| 1613 |
NOTE: I have mailed maintainers
|
| 1614 |
{NO-CAN Several buffer overflows in ApacheBench}
|
| 1615 |
HELP: I don't know about this
|
| 1616 |
NOTE: I have mailed maintainers
|
| 1617 |
[04 Nov 2002] DSA-187 apache - several vulnerabilities
|
| 1618 |
{CAN-2002-0839 CAN-2002-0840 CAN-2002-0843}
|
| 1619 |
- apache 1.3.27-0.1
|
| 1620 |
{CAN-2001-0131 CAN-2002-1233}
|
| 1621 |
- apache 1.3.27-1
|
| 1622 |
HELP: note sure about this
|
| 1623 |
NOTE: I have mailed maintainers
|
| 1624 |
{NO-CAN Several buffer overflows in ApacheBench}
|
| 1625 |
HELP: I don't know about this
|
| 1626 |
NOTE: I have mailed maintainers
|
| 1627 |
[01 Nov 2002] DSA-186 log2mail - buffer overflow
|
| 1628 |
{CAN-2002-1251}
|
| 1629 |
- log2mail 0.2.6-1
|
| 1630 |
[31 Oct 2002] DSA-185 heimdal - buffer overflow
|
| 1631 |
{CAN-2002-1235}
|
| 1632 |
- heimdal 0.4e-22
|
| 1633 |
[30 Oct 2002] DSA-184 krb4 - buffer overflow
|
| 1634 |
{CAN-2002-1235}
|
| 1635 |
- krb4 1.1-11-8
|
| 1636 |
[29 Oct 2002] DSA-183 krb5 - buffer overflow
|
| 1637 |
{CAN-2002-1235}
|
| 1638 |
- krb5 1.2.6-2
|
| 1639 |
[28 Oct 2002] DSA-182 kdegraphics - buffer overflow
|
| 1640 |
{CAN-2002-0838}
|
| 1641 |
- kdegraphics 2.2.2-6.9
|
| 1642 |
[22 Oct 2002] DSA-181 libapache-mod-ssl - cross site scripting
|
| 1643 |
{CAN-2002-1157}
|
| 1644 |
- libapache-mod-ssl 2.8.9-2.3
|
| 1645 |
[21 Oct 2002] DSA-180 nis - information leak
|
| 1646 |
{CAN-2002-1232}
|
| 1647 |
- nis 3.9-6.2
|
| 1648 |
[18 Oct 2002] DSA-179 gnome-gv - buffer overflow
|
| 1649 |
{CAN-2002-0838}
|
| 1650 |
- gnome-gv 1.99.7-9
|
| 1651 |
[17 Oct 2002] DSA-178 heimdal - remote command execution
|
| 1652 |
{CAN-2002-1225 CAN-2002-1226}
|
| 1653 |
- heimdal 0.4e-21
|
| 1654 |
[17 Oct 2002] DSA-177 pam - serious security violation
|
| 1655 |
{CAN-2002-1227}
|
| 1656 |
- pam 0.76-6
|
| 1657 |
[16 Oct 2002] DSA-176 gv - buffer overflow
|
| 1658 |
{CAN-2002-0838}
|
| 1659 |
- gv 3.5.8-27
|
| 1660 |
[15 Oct 2002] DSA-175 syslog-ng - buffer overflow
|
| 1661 |
{CAN-2002-1200}
|
| 1662 |
- syslog-ng 1.5.21-1
|
| 1663 |
[14 Oct 2002] DSA-174 heartbeat - buffer overflow
|
| 1664 |
{CAN-2002-1215}
|
| 1665 |
- heartbeat 0.4.9.2-1
|
| 1666 |
[09 Oct 2002] DSA-173 bugzilla - privilege escalation
|
| 1667 |
{CAN-2002-1196}
|
| 1668 |
NOTE: not in testing, fixed in unstable (bugzilla 2.16.0-2.1)
|
| 1669 |
[08 Oct 2002] DSA-172 tkmail - insecure temporary files
|
| 1670 |
{CAN-2002-1193}
|
| 1671 |
NOTE: not in testing nor unstable (was fixed in 4.0beta9-9)
|
| 1672 |
[07 Oct 2002] DSA-171 fetchmail - buffer overflows
|
| 1673 |
{CAN-2002-1175 CAN-2002-1174}
|
| 1674 |
- fetchmail 6.1.0-1
|
| 1675 |
NOTE: fetchmail-ssl not in testing, fixed in unstable (fetchmail-ssl 6.1.0-1)
|
| 1676 |
[04 Oct 2002] DSA-170 tomcat4 - source code disclosure
|
| 1677 |
{CAN-2002-1148}
|
| 1678 |
! tomcat4 4.1.12-1
|
| 1679 |
NOTE: only 4.0.4-4 in testing (which seems to be vulnerable)
|
| 1680 |
[25 Sep 2002] DSA-169 htcheck - cross site scripting
|
| 1681 |
{CAN-2002-1195}
|
| 1682 |
- htcheck 1.1-1.2
|
| 1683 |
[18 Sep 2002] DSA-168 php - bypassing safe_mode, CRLF injection
|
| 1684 |
{CAN-2002-0985 CAN-2002-0986}
|
| 1685 |
- php3 3.0.18-23.2
|
| 1686 |
- php4 4.2.3-3
|
| 1687 |
NOTE: php3 is not in testing, it seems to be wait for tiff and gcc transition
|
| 1688 |
NOTE: and is out of date on alpha and arm
|
| 1689 |
[16 Sep 2002] DSA-167 kdelibs - cross site scripting
|
| 1690 |
{CAN-2002-1151}
|
| 1691 |
- kdelibs 2.2.2-14
|
| 1692 |
NOTE: there is a typo in the DSA that mentionned Konquerer instead of kdelibs
|
| 1693 |
[13 Sep 2002] DSA-166 purity - buffer overflows
|
| 1694 |
{CAN-2002-1124}
|
| 1695 |
- purity 1-16
|
| 1696 |
[12 Sep 2002] DSA-165 postgresql - buffer overflows
|
| 1697 |
{CAN-2002-0972 CAN-2002-1398 CAN-2002-1400 CAN-2002-1401 CVE-2002-1402}
|
| 1698 |
- postgresql 7.2.2-2
|
| 1699 |
[10 Sep 2002] DSA-164 cacti - arbitrary code execution
|
| 1700 |
{CAN-2002-1477 CAN-2002-1478}
|
| 1701 |
- cacti 0.6.8a-2
|
| 1702 |
[09 Sep 2002] DSA-163 mhonarc - cross site scripting
|
| 1703 |
{CVE-2002-0738}
|
| 1704 |
- mhonarc 2.5.11-1
|
| 1705 |
[06 Sep 2002] DSA-162 ethereal - buffer overflow
|
| 1706 |
{CAN-2002-0834}
|
| 1707 |
- ethereal 0.9.6-1
|
| 1708 |
[04 Sep 2002] DSA-161 mantis - privilege escalation
|
| 1709 |
{CAN-2002-1115 CAN-2002-1116}
|
| 1710 |
- mantis 0.17.5-2
|
| 1711 |
[03 Sep 2002] DSA-160 scrollkeeper - insecure temporary file creation
|
| 1712 |
{CAN-2002-0662}
|
| 1713 |
- scrollkeeper 0.3.11-2
|
| 1714 |
[28 Aug 2002] DSA-159 python - insecure temporary files
|
| 1715 |
{CAN-2002-1119}
|
| 1716 |
- python2.1 2.1.3-6a
|
| 1717 |
- python2.2 2.2.1-8
|
| 1718 |
NOTE: python1.5 not in testing nor unstable (was fixed in 1.5.2-24)
|
| 1719 |
NOTE: python2.3 is not vulnerable
|
| 1720 |
[27 Aug 2002] DSA-158 gaim - arbitrary program execution
|
| 1721 |
{CVE-2002-0989}
|
| 1722 |
- gaim 0.59.1-2
|
| 1723 |
[23 Aug 2002] DSA-157 irssi-text - denial of service
|
| 1724 |
{CAN-2002-0983}
|
| 1725 |
- irssi-text 0.8.5-2
|
| 1726 |
[22 Aug 2002] DSA-156 epic4-script-light - arbitrary script execution
|
| 1727 |
{CVE-2002-0984}
|
| 1728 |
- epic4-script-light 2.7.30p5-2
|
| 1729 |
[17 Aug 2002] DSA-155 kdelibs - privacy escalation with Konqueror
|
| 1730 |
{CAN-2002-0970}
|
| 1731 |
- kdelibs 4:2.2.2-14
|
| 1732 |
[15 Aug 2002] DSA-154 fam - privilege escalation
|
| 1733 |
{CVE-2002-0875}
|
| 1734 |
- fam 2.6.8-1
|
| 1735 |
[14 Aug 2002] DSA-153 mantis - cross site code execution and privilege escalation
|
| 1736 |
{CAN-2002-1114 CAN-2002-1113 CAN-2002-1112 CAN-2002-1111 CAN-2002-1110}
|
| 1737 |
- mantis 0.17.4a-2
|
| 1738 |
[13 Aug 2002] DSA-152 l2tpd - missing random seed
|
| 1739 |
{CVE-2002-0872 CVE-2002-0873}
|
| 1740 |
NOTE: not in testing (was fixed in unstable 0.68-1)
|
| 1741 |
[13 Aug 2002] DSA-151 xinetd - pipe exposure
|
| 1742 |
{CVE-2002-0871}
|
| 1743 |
- xinetd 2.3.7-1
|
| 1744 |
[13 Aug 2002] DSA-150 interchange - illegal file exposition
|
| 1745 |
{CAN-2002-0874}
|
| 1746 |
- interchange 4.8.6-1
|
| 1747 |
[13 Aug 2002] DSA-149 glibc - integer overflow
|
| 1748 |
{CVE-2002-0391}
|
| 1749 |
- glibc 2.2.5-13
|
| 1750 |
[12 Aug 2002] DSA-148 hylafax - buffer overflows and format string vulnerabilities
|
| 1751 |
{CVE-2002-1049 CVE-2002-1050 CAN-2001-1034}
|
| 1752 |
- hylafax 4.1.2-2.1
|
| 1753 |
[08 Aug 2002] DSA-147 mailman - cross-site scripting
|
| 1754 |
{CAN-2002-0388 CAN-2002-0855}
|
| 1755 |
- mailman 2.0.12-1
|
| 1756 |
[08 Aug 2002] DSA-146 dietlibc - integer overflow
|
| 1757 |
{CVE-2002-0391}
|
| 1758 |
- dietlibc 0.20-0cvs20020808
|
| 1759 |
[07 Aug 2002] DSA-145 tinyproxy - doubly freed memory
|
| 1760 |
{CVE-2002-0847}
|
| 1761 |
- tinyproxy 1.4.3-3
|
| 1762 |
[06 Aug 2002] DSA-144 wwwoffle - improper input handling
|
| 1763 |
{CVE-2002-0818}
|
| 1764 |
- wwwoffle 2.7d-1
|
| 1765 |
[05 Aug 2002] DSA-143 krb5 - integer overflow
|
| 1766 |
{CVE-2002-0391}
|
| 1767 |
- krb5 1.2.5-2
|
| 1768 |
[05 Aug 2002] DSA-142 openafs - integer overflow
|
| 1769 |
{CVE-2002-0391}
|
| 1770 |
- openafs 1.2.6-1
|
| 1771 |
[01 Aug 2002] DSA-141 mpack - buffer overflow
|
| 1772 |
{CAN-2002-1425}
|
| 1773 |
- mpack 1.5-9
|
| 1774 |
[05 Aug 2002] DSA-140 libpng - buffer overflow
|
| 1775 |
{CAN-2002-0660 CAN-2002-0728}
|
| 1776 |
- libpng 1.0.12-4
|
| 1777 |
- libpng3 1.2.1-2
|
| 1778 |
[01 Aug 2002] DSA-139 super - format string vulnerability
|
| 1779 |
{CVE-2002-0817}
|
| 1780 |
- super 3.18.0-3
|
| 1781 |
[01 Aug 2002] DSA-138 gallery - remote exploit
|
| 1782 |
{CAN-2002-1412}
|
| 1783 |
- gallery 1.3-3
|
| 1784 |
[30 Jul 2002] DSA-137 mm - insecure temporary files
|
| 1785 |
{CVE-2002-0658}
|
| 1786 |
- mm 1.1.3-7
|
| 1787 |
[30 Jul 2002] DSA-136 openssl - multiple remote exploits
|
| 1788 |
{CAN-2002-0655 CAN-2002-0656 CAN-2002-0657 CAN-2002-0659}
|
| 1789 |
- openssl 0.9.6e-1
|
Parent Directory
| 
Revision Log