/[secure-testing]/data/DSA/list

Diff of /data/DSA/list

Parent Directory | Revision Log | View Patch Patch

-sarge-checks/DSA/list
revision 172 by joeyh,
Sat Dec  4 02:48:59 2004 UTC
+data/DSA/list
revision 1822 by jmm-guest,
Mon Sep  5 17:13:42 2005 UTC
 Line 1
+ [05 Sep 2005] DSA-801-1 ntp - programming error
+         {CAN-2005-2496}
+         - ntp 1:4.2.0a+stable-4 (medium)
+         NOTE: not fixed in testing at time of DSA (RC bugs)
+ [02 Sep 2005] DSA-800-1 pcre3 - integer overflow
+         {CAN-2005-2491}
+         - pcre3 6.3-0.1etch1 (high)
+         NOTE: not fixed in testing at time of DSA (glibc transition)
+         NOTE: however, fixed in secure-testing archive
+ [02 Sep 2005] DSA-799-1 webcalendar - input validation
+         {CAN-2005-2717}
+         - webcalendar (unfixed; bug #326223; high)
+         NOTE: not fixed in testing at time of DSA (coordinated disclosure)
+ [02 Sep 2005] DSA-798-1 phpgroupware - several
+         {CAN-2005-2498 CAN-2005-2600 CAN-2005-2761}
+         - phpgroupware 0.9.16.008-1 (high)
+         NOTE: not fixed in testing at time of DSA (too young)
+ [01 Sep 2005] DSA-797-1 zsync - buffer overflow
+         {CAN-2005-1849 CAN-2005-2096}
+         - zsync 0.4.0-2 (medium)
+         NOTE: fixed in testing at time of DSA
+ [01 Sep 2005] DSA-796-1 affix - unsafe use of popen
+         {CAN-2005-2716}
+         - affix 2.1.2-3 (medium)
+         NOTE: not fixed in testing at time of DSA (glibc transition, builds)
+ [01 Sep 2005] DSA-795-2 proftpd - format string error
+         {CAN-2005-2390}
+         - proftpd 1.2.10-20 (medium)
+         NOTE: fixed in testing at time of DSA
+         NOTE: Initial -1 release had a build problem
+ [01 Sep 2005] DSA-794-1 polygen - programming error
+         {CAN-2005-2656}
+         - polygen 1.0.6-9 (low)
+         NOTE: not fixed in testing at time of DSA (too young)
+ [21 Aug 2005] DSA-779-2 mozilla-firefox - several
+         NOTE: Essentially 1.0.6 with rolled-back version number, backported version had regressions
+         {CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270}
+         - mozilla-firefox 1.0.6-1 (medium)
+         NOTE: not fixed in testing at time of DSA (waiting on dependencies)
+         NOTE: Fixed in DTSA, which will have the same regressions, should be checked/reverted
+ [01 Sep 2005] DSA-793-1 courier - missing input sanitising
+         {CAN-2005-2724}
+         - courier 0.47-8 (medium)
+         NOTE: not fixed in testing at time of DSA (glibc transition, too young)
+ [31 Aug 2005] DSA-792-1 pstotext - missing input sanitising
+         {CAN-2005-2536}
+         - pstotext 1.9-2 (medium)
+         NOTE: not fixed in testing at time of DSA (glibc transition, builds)
+ [30 Aug 2005] DSA-791-1 maildrop - missing privilege release
+         {CAN-2005-2655}
+         - maildrop 1.5.3-1.1etch1 (medium)
+         NOTE: not fixed in testing at time of DSA (glibc transition)
+         NOTE: but fixed in secure-testing repo
+ [30 Aug 2005] DSA-790-1 phpldapadmin - programming error
+         {CAN-2005-2654}
+         - phpldapadmin 0.9.6c-5 (medium)
+         NOTE: fixed in testing at time of DSA
+ [29 Aug 2005] DSA-789-1 php4 - several
+         {CAN-2005-1751 CAN-2005-1921 CAN-2005-2498}
+         - php4 4:4.4.0-2 (high)
+         NOTE: not fixed in testing at time of DSA (not uploaded yet)
+ [29 Aug 2005] DSA-788-1 kismet - several
+         {CAN-2005-2626 CAN-2005-2627}
+         - kismet 2005.08.R1-1 (medium)
+         NOTE: not fixed in testing at time of DSA (glibc transition)
+         NOTE: but fixed in secure-testing repo
+ [26 Aug 2005] DSA-787-1 backup-manager - insecure permissions and tempfile
+         {CAN-2005-1855 CAN-2005-1856}
+         - backup-manager 0.5.8-2 (medium)
+         NOTE: fixed in testing at time of DSA
+ [26 Aug 2005] DSA-786-1 simpleproxy - format string vulnerability
+         {CAN-2005-1857}
+         - simpleproxy 3.2-4 (medium)
+         NOTE: not fixed in testing at time of DSA (embargoed disclosure)
+ [25 Aug 2005] DSA-785-1 libpam-ldap - authentication bypass
+         {CAN-2005-2641}
+         - libpam-ldap 178-1sarge1 (medium)
+         NOTE: not fixed in testing at time of DSA (embargoed disclosure)
+ [25 Aug 2005] DSA-784-1 courier - programming error
+         {CAN-2005-2151}
+         - courier 0.47-6 (low)
+         NOTE: not fixed in testing at time of DSA (glibc transition)
+ [24 Aug 2005] DSA-783-1 mysql-dfsg-4.1 - insecure temporary file
+         {CAN-2005-1636}
+         - mysql-dfsg-4.1 4.1.12 (medium)
+         NOTE: not fixed in testing at time of DSA (glibc transition)
+         - mysql-dfsg-5.0 5.0.11beta-3 (medium)
+         NOTE: not fixed in testing at time of DSA (glibc transition)
+ [23 Aug 2005] DSA-782-1 bluez-utils - missing input sanitising
+         {CAN-2005-2547}
+         - bluez-utils 2.19-1 (high)
+         NOTE: not fixed in testing at time of DSA (missing builds)
+ [23 Aug 2005] DSA-781-1 mozilla-thunderbird - several
+         {CAN-2005-0989 CAN-2005-1159 CAN-2005-1160 CAN-2005-1532 CAN-2005-2261 CAN-2005-2265 CAN-2005-2266 CAN-2005-2269 CAN-2005-2270}
+         - mozilla-thunderbird 1.0.6-1 (medium)
+         NOTE: not fixed in testing at time of DSA (missing builds)
+ [22 Aug 2005] DSA-780-1 kdegraphics - wrong input sanitising
+         {CAN-2005-2097}
+         - kdegraphics (unfixed; bug #322458; low)
+         NOTE: not fixed in testing at time of DSA (nor in unstable; C++ ABI transition)
+ [21 Aug 2005] DSA-779-1 mozilla-firefox - several
+         {CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270}
+         - mozilla-firefox 1.0.6-1 (medium)
+         NOTE: not fixed in testing at time of DSA (build and deps)
+ [19 Aug 2005] DSA-778-1 mantis - missing input sanitising
+         {CAN-2005-2556 CAN-2005-2557}
+         - mantis 0.19.2-4 (medium)
+         NOTE: not fixed in testing at time of DSA (nor unstable)
+ [17 Aug 2005] DSA-777-1 mozilla - frame injection spoofing
+         {CAN-2004-0718 CAN-2005-1937}
+         - mozilla-browser 1.7.10-1 (medium)
+         NOTE: not fixed in testing at time of DSA (waiting on builds)
+ [16 Aug 2005] DSA-776-1 clamav - integer overflows, infinite loop
+         {CAN-2005-2450}
+         - clamav 0.86.2-1 (medium)
+         NOTE: not fixed in testing at time of DSA (waiting on dependencies)
+ [12 Aug 2005] DSA-775-1 mozilla-firefox - frame injection spoofing
+         {CAN-2004-0718 CAN-2005-1937}
+         - mozilla-firefox 1.0.4-3 (medium)
+         NOTE: IMO the information about the sid fix in the DSA is wrong, pinged security@
+         NOTE: fixed in testing at time of DSA
+ [12 Aug 2005] DSA-774-1 fetchmail - buffer overflow
+         {CAN-2005-2335}
+         - fetchmail 6.2.5-16 (medium)
+         NOTE: fixed in testing at time of DSA
+ [11 Aug 2005] DSA-773-1 New amd64 packages fix several bugs
+         NOTE: amd64 catch-up DSA, no new holes
+ [03 Aug 2005] DSA-772-1 apt-cacher - missing input sanitising
+         {CAN-2005-1854}
+         - apt-cacher 0.9.10 (high)
+         NOTE: not fixed in testing at time of DSA (not uploaded to unstable yet)
+ [01 Aug 2005] DSA-771-1 pdns - several
+         {CAN-2005-2301 CAN-2005-2302}
+         - pdns 2.9.18-1 (medium)
+         NOTE: not fixed in testing at time of DSA (too young)
+ [29 Jul 2005] DSA-770-1 gopher - insecure tmpfile handling
+         {CAN-2005-1853}
+         - gopher 3.0.10
+         NOTE: not fixed in testing at time of DSA (Debian server outage)
+ [29 Jul 2005] DSA-769-1 gaim - memory alignment bug
+         {CAN-2005-2370}
+         - gaim 1:1.4.0-5 (high)
+         NOTE: not fixed in testing at time of DSA (?)
+ [27 Jul 2005] DSA-768-1 phpbb2 - missing input validation
+         {CAN-2005-2161}
+         - phpbb2 2.0.13-6sarge1
+         NOTE: not fixed in testing at time of DSA (Debian server outage)
+ [27 Jul 2005] DSA-767-1 ekg - integer overflows
+         {CAN-2005-1852}
+         - ekg 1.5+20050718+1.6rc3-1 (medium)
+         NOTE: not fixed in testing at time of DSA (Debian server outage)
+ [26 Jul 2005] DSA-766-1 webcalendar - authorisation failure
+         {CAN-2005-2320}
+         - webcalendar (unfixed; bug #315671; medium)
+         NOTE: not fixed in testing at time of DSA (Debian server outage)
+ [22 Jul 2005] DSA-765-1 heimdal - buffer overflow
+         {CAN-2005-0469}
+         - heimdal 0.6.3-10 (medium)
+         NOTE: fixed in testing at time of DSA
+ [21 Jul 2005] DSA-764-1 cacti - several
+         {CAN-2005-1524 CAN-2005-1525 CAN-2005-1526 CAN-2005-2148 CAN-2005-2149}
+         - cacti 0.8.6f-1 (high)
+         NOTE: fixed in testing at time of DSA
+         NOTE: DSA information is incorrect, sid fix is 6f, not 6e
+ [20 Jul 2005] DSA-763-1 zlib - buffer overflow
+         {CAN-2005-1849}
+         - zlib 1.2.3-1 (medium)
+         NOTE: not fixed in testing at time of DSA (only 1/2 days old, not built on s390)
+ [19 Jul 2005] DSA-762-1 affix - several
+         {CAN-2005-2250 CAN-2005-2277}
+         - affix 2.1.2-2 (medium)
+         NOTE: not fixed in testing at time of DSA (only 2/2 days old)
+ [19 Jul 2005] DSA-761-2 heartbeat - insecure temporary files
+         {CAN-2005-2231}
+         - heartbeat 1.2.3-12 (medium)
+         NOTE: not fixed in testing at time of DSA (only 0/2 days old)
+ [18 Jul 2005] DSA-760-1 ekg - several
+         {CAN-2005-1850 CAN-2005-1851 CAN-2005-1916}
+         - ekg 1.5+20050712+1.6rc2-1 (low)
+         NOTE: not fixed in testing at time of DSA (waiting on dependencies, not built on five archs)
+ [18 Jul 2005] DSA-759-1 phppgadmin - missing input sanitising
+         {CAN-2005-2256}
+         - phppgadmin 3.5.4-1 (medium)
+         NOTE: not fixed in testing at time of DSA (only 0/10 days old)
+ [18 Jul 2005] DSA-758-1 heimdal - buffer overflow
+         {CAN-2005-2040}
+         - heimdal 0.6.3-11 (medium)
+         NOTE: not fixed in testing at time of DSA (waiting on dependencies)
+ [17 Jul 2005] DSA-757-1 krb5 - buffer overflow, double-free memory
+         {CAN-2005-1689 CAN-2005-1174 CAN-2005-1175}
+         - krb5 1.3.6-4 (medium)
+         NOTE: not fixed in testing at time of DSA (waiting on dependencies, not built on m68k)
+ [14 Jul 2005] DSA-746-1 phpgroupware - remote command execution
+         {CAN-2005-1921}
+         - phpgroupware 0.9.16.006-1 (high)
+         NOTE: fixed in testing at time of DSA
+ [13 Jul 2005] DSA-756-1 squirrelmail - several
+         {CAN-2005-1769 CAN-2005-2095}
+         - squirrelmail 2:1.4.4-6 (medium)
+         NOTE: not fixed in testing at time of DSA (only 0/2 days old)
+ [13 Jul 2005] DSA-755-1 tiff - buffer overflow
+         {CAN-2005-1544}
+         - tiff 3.7.2-3 (medium)
+         NOTE: fixed in testing at time of DSA
+ [13 Jul 2005] DSA-754-1 centericq - insecure temporary file
+         {CAN-2005-1914}
+         - centericq 4.20.0-7 (low)
+         NOTE: not fixed in testing at time of DSA (waiting on dependencies)
+ [12 Jul 2005] DSA-753-1 gedit - format string
+         {CAN-2005-1686}
+         - gedit 2.10.3-1 (low)
+         NOTE: not fixed in testing at time of DSA (waiting on dependencies)
+ [11 Jul 2005] DSA-752-1 gzip - several
+         {CAN-2005-0988 CAN-2005-1228}
+         - gzip 1.3.5-10
+         NOTE: fixed in testing at time of DSA
+ [11 Jul 2005] DSA-751-1 squid - IP spoofind
+         {CAN-2005-1519}
+         - squid 2.5.9-9
+         NOTE: fixed in testing at time of DSA
+ [10 Jul 2005] DSA-748-1 ruby1.8 - bad default value
+         {CAN-2005-1992}
+         - ruby1.8 1.8.2-8 (medium)
+         NOTE: not fixed in testing at time of DSA (waiting on dependencies)
+ [11 Jul 2005] DSA-750-1 dhcpcd - out-of-bound memory access
+         {CAN-2005-1848}
+         - dhcpcd 1.3.22pl4-22
+         NOTE: fixed in testing at time of DSA
+ [10 Jul 2005] DSA-749-1 ettercap - format string error
+         {CAN-2005-1796}
+         - ettercap 0.7.3-1 (medium)
+         NOTE: fixed in testing at time of DSA
+ [10 Jul 2005] DSA-747-1 egroupware - input validation error
+         {CAN-2005-1921}
+         - egroupware 1.0.0.007-3.dfsg-1 (high)
+         NOTE: not fixed in testing at time of DSA (only 1/2 days old)
+ [10 Jul 2005] DSA-745-1 drupal - arbitrary command execution
+         {CAN-2005-1921 CAN-2005-2106 CAN-2005-2116}
+         - drupal 4.5.4-1 (high)
+         NOTE: fixed in testing at time of DSA
+ [08 Jul 2005] DSA-744-1 fuse - programming error
+         {CAN-2005-1858}
+         - fuse 2.3.0-1
+         NOTE: fixed in testing at time of DSA
+ [08 Jul 2005] DSA-743-1 ht - buffer overflows, integer overflows
+         {CAN-2005-1545 CAN-2005-1546}
+         - ht 0.8.0-3
+         NOTE: fixed in testing at time of DSA
+ [09 Jul 2005] DSA-742-1 cvs - buffer overflow
+         {CAN-2005-0753}
+         - cvs 1:1.12.9-13 (high)
+         NOTE: fixed in testing at time of DSA
+ [07 Jul 2005] DSA-741-1 bzip2 - infinite loop
+         {CAN-2005-1260}
+         - bzip2 1.0.2-7 (low)
+         NOTE: fixed in testing at time of DSA
+ [06 Jul 2005] DSA-740-1 zlib - buffer overflow
+         {CAN-2005-2096}
+         - zlib 1.2.2-7 (medium)
+         NOTE: anything statically linking zlib needs rebuild
+         TODO: check rest/coord with Kurt Roeckx
+         - aide (unfixed; bug #317523; medium)
+         NOTE: not fixed in testing at time of DSA (embargoed disclosure)
+ [06 Jul 2005] DSA-739-1 trac - missing input sanitising
+         {CAN-2005-2007}
+         - trac 0.8.4-1 (medium)
+         NOTE: fixed in testing at time of DSA
+ [19 May 2005] DSA-725-2 ppxp - missing privilege release
+         {CAN-2005-0392}
+         - ppxp 0.2001080415-11
+         NOTE: fixed in testing at time of DSA
+ [05 Jul 2005] DSA-738-1 razor - email header parsing error
+         {CAN-2005-2024}
+         - razor 2.720-1 (low)
+         NOTE: not fixed in testing at time of DSA (not built on arm)
+ [05 Jul 2005] DSA-737-1 clamav - various DOS vulnerabilities
+         {CAN-2005-1922 CAN-2005-1923 CAN-2005-2056 CAN-2005-2070}
+         - clamav 0.86.1-1 (medium)
+         NOTE: not fixed in testing at time of DSA (uploaded with low urgency only, one fix missing for sid)
+ [05 Jul 2005] DSA-734-1 gaim - denial of service
+         {CAN-2005-1269 CAN-2005-1934}
+         - gaim 1.3.1-1
+         NOTE: not fixed in testing at time of DSA (not built on sparc)
+ [01 Jul 2005] DSA-736-2 spamassassin - mail header parsing error
+         {CAN-2005-1266}
+         - spamassassin 3.0.4-1 (medium)
+         NOTE: fixed in testing at time of DSA
+ [01 Jul 2005] DSA-736-1 spamassassin - mail header parsing error
+         {CAN-2005-1266}
+         - spamassassin 3.0.4-1 (medium)
+         NOTE: fixed in testing at time of DSA
+ [08 Jul 2005] DSA-735-2 sudo - pathname validation race
+         {CAN-2005-1993}
+         - sudo 1.6.8p9-1 (medium)
+         NOTE: fixed in testing at time of DSA
+ [01 Jul 2005] DSA-735-2 sudo - pathname validation race
+         {CAN-2005-1993}
+         - sudo 1.6.8p9-1 (medium)
+         NOTE: fixed in testing at time of DSA
+ [01 Jul 2005] DSA-735-1 sudo - pathname validation race
+         {CAN-2005-1993}
+         - sudo 1.6.8p9-1 (medium)
+         NOTE: not fixed in testing at time of DSA
+ [30 Jun 2005] DSA-733-1 crip - insecure temporary files
+         {CAN-2005-0393}
+         - crip 3.5-1sarge2 (low)
+         NOTE: not fixed in testing at time of DSA (reserved)
+ [03 Jun 2005] DSA-732-1 mailutils - several
+         {CAN-2005-1520 CAN-2005-1521 CAN-2005-1522 CAN-2005-1523}
+         - mailutils 0.6.1-4
+         NOTE: fixed in testing at time of DSA
+ [02 Jun 2005] DSA-731-1 krb4 - buffer overflows
+         {CAN-2005-0468 CAN-2005-0468}
+         - krb4 1.2.2-11.2
+         NOTE: fixed in testing at time of DSA
+ [27 May 2005] DSA-730-1 bzip2 - race condition
+         {CAN-2005-0953}
+         - bzip2 1.0.2-6
+         NOTE: fixed in testing at time of DSA
+ [26 May 2005] DSA-729-1 php4 - missing input sanitising
+         {CAN-2005-0525}
+         - php4 4.3.10-10
+         NOTE: fixed in testing at time of DSA
+ [25 May 2005] DSA-728-1 qpopper - missing privilege release
+         {CAN-2005-1151 CAN-2005-1152}
+         - qpopper 4.0.5-4sarge1
+         NOTE: fixed in testing at time of DSA by security team
+ [20 May 2005] DSA-727-1 libconvert-uulib-perl - buffer overflow
+         {CAN-2005-1349}
+         - libconvert-uulib-perl 1.0.5.1-1
+         NOTE: fixed in testing at time of DSA
+ [20 May 2005] DSA-726-1 oops - format string vulnerability
+         {CAN-2005-1121}
+         - oops (unfixed; bug #307360)
+         NOTE: not in testing at time of DSA
+ [19 May 2005] DSA-725-1 ppxp - missing privilege release
+         {CAN-2005-0392}
+         - ppxp 0.2001080415-11
+         NOTE: not fixed in testing at time of DSA
+ [18 May 2005] DSA-724-1 phpsysinfo - design flaw
+         {CAN-2005-0870}
+         - phpsysinfo 2.3-3
+         NOTE: fixed in testing at time of DSA
+ [09 May 2005] DSA-723-1 xfree86 - buffer overflow
+         {CAN-2005-0605}
+         - xfree86 4.3.0.dfsg.1-13
+         NOTE: not fixed in testing at time of DSA
+ [09 May 2005] DSA-722-1 smail - buffer overflow
+         {CAN-2005-0892}
+         NOTE: Package not in testing at time of DSA
+ [06 May 2005] DSA-721-1 squid - design flaw
+         {CAN-2005-1345}
+         - squid 2.5.9-7
+         NOTE: not fixed in testing at time of DSA
+ [03 May 2005] DSA-720-1 smartlist - wrong input processing
+         {CAN-2005-0157}
+         - smartlist 3.15-18
+         NOTE: fixed in testing at time of DSA
+ [28 Apr 2005] DSA-719-1 prozilla - format string problems
+         {CAN-2005-0523}
+         - prozilla 1:1.3.7.4-1
+         NOTE: fixed in testing at time of DSA
+ [28 Apr 2005] DSA-718-1 ethereal - buffer overflow
+         {CAN-2005-0739}
+         - ethereal 0.10.10-1
+         NOTE: fixed in testing at time of DSA
+ [27 Apr 2005] DSA-717-1 lsh-utils - buffer overflow, typo
+         {CAN-2003-0826 CAN-2005-0814}
+         - lsh-utils 2.0.1-2
+         NOTE: fixed in testing at time of DSA
+ [27 Apr 2005] DSA-716-1 gaim - denial of service
+         {CAN-2005-0472}
+         - gaim 1.1.3-1
+         NOTE: fixed in testing at time of DSA
+ [27 Apr 2005] DSA-715-1 cvs - several
+         {CAN-2004-1342 CAN-2004-1343}
+         - cvs 1.12.9-12
+         NOTE: not fixed in testing at time of DSA
+ [26 Apr 2005] DSA-714-1 kdelibs - several
+         {CAN-2005-1046}
+         - kdelibs 4:3.3.2-5
+         NOTE: not fixed in testing at time of DSA
+ [21 Apr 2005] DSA-701-2 samba - integer overflows
+         NOTE: only a bug in the backported fix to stable, testing is ok
+ [21 Apr 2005] DSA-713-1 junkbuster - several
+         {CAN-2005-1108 CAN-2005-1109}
+         NOTE: package not in testing/unstable
+ [19 Apr 2005] DSA-712-1 geneweb - insecure file operations
+         {CAN-2005-0391}
+         - geneweb 4.10-7
+         NOTE: fixed in testing at time of DSA
+ [19 Apr 2005] DSA-711-1 info2www - missing input sanitising
+         {CAN-2004-1341}
+         - info2www 1.2.2.9-23
+         NOTE: fixed in testing at time of DSA
+ [18 Apr 2005] DSA-710-1 gtkhtml - null pointer dereference
+         {CAN-2003-0541}
+         - gtkhtml 1.0.4-6.2
+         NOTE: fixed in testing at time of DSA
+ [15 Apr 2005] DSA-709-1 libexif - buffer overflow
+         {CAN-2005-0664}
+         - libexif 0.6.9-5
+ [15 Apr 2005] DSA-708-1 php3 - missing input sanitising
+         {CAN-2005-0525}
+         - php3 3.0.18-31
+ [13 Apr 2005] DSA-707-1 mysql - several
+         {CAN-2004-0957 CAN-2005-0709 CAN-2005-0710 CAN-2005-0711}
+         - mysql-dfsg 4.0.24-5
+         - mysql-dfsg-4.1 4.1.10a-6
+         NOTE: not fixed in testing at time of DSA
+ [13 Apr 2005] DSA-706-1 axel - buffer overflow
+         {CAN-2005-0390}
+         - axel 1.0b-1
+         NOTE: fixed in testing at time of DSA
+ [04 Apr 2005] DSA-705-1 wu-ftpd - missing input sanitising
+         {CAN-2005-0256 CAN-2003-0854}
+         - wu-ftpd 2.6.2-19
+ [04 Apr 2005] DSA-704-1 remstats - tempfile, missing input sanitising
+         {CAN-2005-0387 CAN-2005-0388}
+         - remstats 1.0.13a-5
+         NOTE: not fixed in testing at time of DSA
+ [01 Apr 2005] DSA-703-1 krb5 - buffer overflows
+         {CAN-2005-0468 CAN-2005-0469}
+         - krb5 1.3.6-1
+ [01 Apr 2005] DSA-702-1 imagemagick - several
+         {CAN-2005-0397 CAN-2005-0759 CAN-2005-0760 CAN-2005-0762}
+         - imagemagick 6.0.6.2-2.2
+ [31 Mar 2005] DSA-701-1 samba - integer overflows
+         {CAN-2004-1154}
+         - samba 3.0.10-1
+ [30 Mar 2005] DSA-700-1 mailreader - missing input sanitising
+         {CAN-2005-0386}
+         - mailreader 2.3.29-11
+         NOTE: not fixed in testing at time of DSA
+ [29 Mar 2005] DSA-699-1 netkit-telnet-ssl - buffer overflow
+         {CAN-2005-0469}
+         - netkit-telnet-ssl 0.17.24+0.1-7.1
+         NOTE: not fixed in testing at time of DSA
+ [29 Mar 2005] DSA-698-1 mc - buffer overflow
+         {CAN-2005-0763}
+         NOTE: Not clear which unstable/testing version fixed this,
+         NOTE: but advisory says it's fixed.
+ [29 Mar 2005] DSA-697-1 netkit-telnet - buffer overflow
+         {CAN-2005-0469}
+         - netkit-telnet 0.17-28
+         NOTE: not fixed in testing at time of DSA
+ [22 Mar 2005] DSA-696-1 perl - design flaw
+         {CAN-2005-0448}
+         - perl 5.8.4-8
+         NOTE: fixed in testing at time of DSA
+ [21 Mar 2005] DSA-695-1 xli - buffer overflow, input sanitising, integer overflow
+         {CAN-2001-0775 CAN-2005-0638 CAN-2005-0639}
+         - xli 1.17.0-18
+         NOTE: not fixed in testing at time of DSA
+ [21 Mar 2005] DSA-694-1 xloadimage - missing input sanitising, integer overflow
+         {CAN-2005-0638 CAN-2005-0639}
+         - xloadimage 4.1-14.2
+         NOTE: not fixed in testing at time of DSA
+ [14 Mar 2005] DSA-693-1 luxman - buffer overflow
+         {CAN-2005-0385}
+         NOTE: not fixed in testing at time of DSA
+         NOTE: not in unstable at time of DSA though DSA claimed it was
+         - luxman 0.41-20
+ [14 Mar 2005] DSA-662-2 squirrelmail - several
+         NOTE: only an update to a prior DSA, did not affct sid/sarge.
+ [08 Mar 2005] DSA-692-1 kppp - design flaw
+         {CAN-2005-0205}
+         - kppp 4:3.1.6
+         NOTE: fixed in testing at time of DSA
+ [07 Mar 2005] DSA-691-1 abuse - several
+         {CAN-2005-0098 CAN-2005-0099}
+         NOTE: not in unstable/testing
+ [25 Feb 2005] DSA-690-1 bsmtpd - missing input sanitising
+         {CAN-2005-0107}
+         - bsmtpd 2.3pl8b-16
+         NOTE: not fixed in testing at time of DSA
+ [23 Feb 2005] DSA-689-1 libapache-mod-python - missing input sanitising
+         {CAN-2005-0088}
+         - libapache-mod-python 2.7.10-4
+         NOTE: fixed in testing at time of DSA
+         - libapache2-mod-python 3.1.3-3
+         NOTE: fixed in testing at time of DSA
+ [23 Feb 2005] DSA-688-1 squid - mising input sanitising
+         {CAN-2005-0446}
+         - squid 2.5.8-3
+         NOTE: fixed in testing at time of DSA
+ [21 Feb 2005] DSA-674-3 mailman - cross-site scripting, directory traversal
+         NOTE: only fixed bug in DSA
+ [18 Feb 2005] DSA-687-1 bidwatcher - format string
+         {CAN-2005-0158}
+         - bidwatcher 1.3.17-1
+         NOTE: not fixed in testing at time of DSA
+ [17 Feb 2005] DSA-686-1 gftp - missing input sanitising
+         {CAN-2005-0372}
+         - gftp 2.0.18-1
+         NOTE: not fixed in testing at time of DSA
+ [17 Feb 2005] DSA-685-1 emacs21 - format string
+         {CAN-2005-0100}
+         - emacs21 21.3+1-9
+         NOTE: not fixed in testing at time of DSA
+ [16 Feb 2005] DSA-684-1 typespeed - format string
+         {CAN-2005-0105}
+         - typespeed 0.4.4-8
+         NOTE: not fixed in testing at time of DSA
+ [15 Feb 2005] DSA-683-1 postgresql - buffer overflows
+         {CAN-2005-0245 CAN-2005-0247}
+         - postgresql 7.4.7-2
+         NOTE: fixed in testing at time of DSA
+ [15 Feb 2005] DSA-682-1 awstats - missing input sanitising
+         {CAN-2005-0363}
+         - awstats 6.2-1.2
+         NOTE: not fixed in testing at time of DSA
+ [14 Feb 2005] DSA-681-1 synaesthesia - privilege escalation
+         {CAN-2005-0070}
+         NOTE: does not apply for sarge, program is not setuid anymore
+ [14 Feb 2005] DSA-680-1 htdig - unsanitised input
+         {CAN-2005-0085}
+         - htdig 3.1.6-11
+         NOTE: fixed in testing at time of DSA
+ [14 Feb 2005] DSA-679-1 toolchain-source - insecure temporary files
+         {CAN-2005-0159}
+         - toolchain-source 3.4-5
+         NOTE: not fixed in testing at time of DSA
+ [11 Feb 2005] DSA-678-1 netkit-rwho - missing input validation
+         {CAN-2004-1180}
+         - netkit-rwho 0.17-8
+         NOTE: not fixed in testing at time of DSA
+ [11 Feb 2005] DSA-677-1 sympa - buffer overflow
+         {CAN-2005-0073}
+         - sympa 4.1.2-2.1
+         NOTE: not fixed in testing at time of DSA
+ [11 Feb 2005] DSA-676-1 xpcd - buffer overflow
+         {CAN-2005-0074}
+         - xpcd 2.08-11.1
+         NOTE: not fixed in testing at time of DSA
+ [11 Feb 2005] DSA-674-2 mailman - cross-site scripting, directory traversal
+         NOTE: only fixed bug in DSA
+ [10 Feb 2005] DSA-675-1 hztty - privilege escalation
+         {CAN-2005-0019}
+         - hztty 2.0-6.1
+         NOTE: not fixed in testing at time of DSA
+ [10 Feb 2005] DSA-674-1 mailman - cross-site scripting, directory traversal
+         {CAN-2004-1177}
+         - mailman 2.1.5-5
+         NOTE: fixed in testing at time of DSA
+         {CAN-2005-0202}
+         - mailman 2.1.5-6
+         NOTE: not fixed in testing at time of DSA
+ [10 Feb 2005] DSA-673-1 evolution - integer overflow
+         {CAN-2005-0102}
+         - evolution 2.0.3-1.2
+         NOTE: fixed in testing at time of DSA
+ [09 Feb 2005] DSA-672-1 xview - buffer overflows
+         {CAN-2005-0076}
+         - xview 3.2p1.4-19
+         NOTE: not fixed in testing at time of DSA
+ [08 Feb 2005] DSA-671-1 xemacs21 - format string
+         {CAN-2005-0100}
+         NOTE: not fixed in testing at time of DSA
+         - xemacs21 21.4.16-2
+ [08 Feb 2005] DSA-670-1 emacs20 - format string
+         {CAN-2005-0100}
+         NOTE: also affects emacs21 in unstable, fixed
+ [04 Feb 2005] DSA-689-1 php3 - several
+         {CAN-2004-0594 CAN-2004-0595}
+         - php3 3.0.18-27
+         NOTE: fixed in testing at time of DSA
+ [04 Feb 2005] DSA-668-1 postgresql - privilege escalation
+         {CAN-2005-0227}
+         - postgresql 7.4.7-1
+         NOTE: not fixed in testing at time of DSA
+ [04 Feb 2005] DSA-667-1 squid - several
+         {CAN-2005-0173 CAN-2005-0175 CAN-2005-0194 CAN-2005-0211}
+         - squid 2.5.7-7
+         NOTE: not fixed in testing at time of DSA
+ [04 Feb 2005] DSA-666-1 python2.2 - design flaw
+         {CAN-2005-0089}
+         - python2.2 2.2.3-14
+         - python2.3 2.3.4-20
+         - python2.4 2.4-5
+         NOTE: not fixed in testing at time of DSA
+ [04 Feb 2005] DSA-665-1 ncpfs - missing privilege release
+         {CAN-2005-0013}
+         - ncpfs 2.2.6-1
+         NOTE: not fixed in testing at time of DSA
+ [02 Feb 2005] DSA-664-1 cpio - broken file permissions
+         {CAN-1999-1572}
+         - cpio 2.5-1.2
+         NOTE: not fixed in testing at time of DSA
+ [02 Feb 2005] DSA-663-1 prozilla - buffer overflows
+         {CAN-2004-1120}
+         - prozilla 1.3.7.3-1
+         NOTE: fixed in testing at time of DSA
+ [01 Feb 2005] DSA-662-1 squirrelmail - several
+         {CAN-2005-0104 CAN-2005-0152}
+         NOTE: CAN-2005-0152 only exists in 1.2.6 version
+         - squirrelmail 1.4.4
+         NOTE: fixed in testing at time of DSA
+ [20 Apr 2005] DSA-661-2 f2c - insecure temporary files
+         {CAN-2005-0017 CAN-2005-0018}
+         - f2c 20020621-3.3
+         NOTE: not fixed in testing at time of DSA
+ [26 Jan 2005] DSA-660-1 kdebase - missing return value check
+         {CAN-2005-0078}
+         - kdebase 4:3.0.5
+         NOTE: fixed in testing at time of DSA
+ [26 Jan 2005] DSA-659-1 libpam-radius-auth - information leak, integer underflow
+         {CAN-2004-1340 CAN-2005-0108}
+         - libpam-radius-auth 1.3.16-3
+         NOTE: 1/2 fixed in testing at time of DSA
+ [25 Jan 2005] DSA-658-1 libdbi-perl - insecure temporary file
+         {CAN-2005-0077}
+         - libdbi-perl 1.46-6
+         NOTE: not fixed in testing at time of DSA
+ [25 Jan 2005] DSA-657-1 xine-lib - buffer overflow
+         {CAN-2004-1379}
+         - xine-lib 1-rc6a-1
+         NOTE: fixed in testing at time of DSA
+ [25 Jan 2005] DSA-656-1 vdr - insecure file access
+         {CAN-2005-0071}
+         - vdr 1.2.6-6
+         NOTE: not fixed in testing at time of DSA
+ [25 Jan 2005] DSA-655-1 zhcon - missing privilege release
+         {CAN-2005-0072}
+         - zhcon 1:0.2.3-8.1
+         NOTE: not fixed in testing at time of DSA
+ [21 Jan 2005] DSA-654-1 enscript - several
+         {CAN-2004-1184 CAN-2004-1185 CAN-2004-1186}
+         - enscript 1.6.4-6
+         NOTE: not fixed in testing at time of DSA
+ [21 Jan 2005] DSA-653-1 ethereal - buffer overflow
+         {CAN-2005-0084}
+         - ethereal 0.10.9-1
+         NOTE: not fixed in testing at time of DSA
+ [21 Jan 2005] DSA-652-1 unarj
+         {CAN-2004-0947 CAN-2004-1027}
+         NOTE: not-for-us (unarj)
+ [20 Jan 2005] DSA-651-1 squid - buffer overflow, integer overflow
+         {CAN-2005-0094 CAN-2005-0095}
+         - squid 2.5.7-4
+         NOTE: not fixed in testing at time of DSA
+ [20 Jan 2005] DSA-650-1 sword - missing input sanitising
+         {CAN-2005-0015}
+         - sword 1.5.7-7
+         NOTE: not fixed in testing at time of DSA
+ [20 Jan 2005] DSA-649-1 xtrlock - buffer overflow
+         {CAN-2005-0079}
+         - xtrlock 2.0-9
+         NOTE: fixed in testing at time of DSA
+ [19 Jan 2005] DSA-648-1 xpdf - buffer overflow
+         {CAN-2005-0064}
+         - xpdf 3.00-12
+         NOTE: not fixed in testing at time of DSA
+ [19 Jan 2005] DSA-647-1 mysql - insecure temporary files
+         {CAN-2005-0004}
+         - mysql-dfsg 4.0.23-3
+         - mysql-dfsg-4.1 4.1.8a-6
+         NOTE: not fixed in testing at time of DSA
+ [19 Jan 2005] DSA-646-1 imagemagick - buffer overflow
+         {CAN-2005-0005}
+         - imagemagick 6.0.6.2-2
+         NOTE: not fixed in testing at time of DSA
+ [19 Jan 2005] DSA-645-1 cupsys - buffer overflow
+         {CAN-2005-0064}
+         NOTE: cupsys not affected in sarge, though other programs are vulnerable
+         NOTE: see CAN/list
+         NOTE: not fixed in testing at time of DSA
+ [18 Jan 2005] DSA-644-1 chbg - buffer overflow
+         {CAN-2004-1264}
+         - chbg 1.5-4
+         NOTE: fixed in testing at time of DSA
+ [18 Jan 2005] DSA-643-1 queue - buffer overflows
+         {CAN-2004-0555}
+         - queue 1.30.1-5
+         NOTE: not fixed in testing at time of DSA
+ [17 Jan 2005] DSA-642-1 gallery - several
+         {CAN-2004-1106}
+         - gallery 1.4.4-pl4-1
+         NOTE: fixed in testing at time of DSA
+ [17 Jan 2005] DSA-641-1 playmidi - buffer overflow
+         {CAN-2005-0020}
+         - playmidi 2.4debian-3
+         NOTE: not fixed in testing at time of DSA
+ [17 Jan 2005] DSA-640-1 gatos - buffer overflow
+         {CAN-2005-0016}
+         - gatos 0.0.5-15
+         NOTE: not fixed in testing at time of DSA
+ [14 Jan 2005] DSA-639-1 mc - several
+         {CAN-2004-1004 CAN-2004-1005 CAN-2004-1009 CAN-2004-1090 CAN-2004-1091 CAN-2004-1092 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2004-1176}
+         NOTE: unstable not vulnerable according to DSA
+         NOTE: DSA was wrong..
+         - mc 1:4.6.0-4.6.1-pre3-1
+         NOTE: not fixed in testing at time of DSA
+ [13 Jan 2005] DSA-638-1 gopher - several
+         {CAN-2004-0560 CAN-2004-0561}
+         NOTE: not in sarge
+ [13 Jan 2005] DSA-637-1 exim-tls - buffer overflow
+         {CAN-2005-0021}
+         NOTE: not in sarge
+ [12 Jan 2005] DSA-636-1 glibc - insecure temporary files
+         {CAN-2004-0968}
+         - glibc 2.3.2.ds1-20
+         NOTE: fixed in testing at time of DSA
+ [12 Jan 2005] DSA-635-1 exim - buffer overflow
+         {CAN-2005-0021}
+         - exim4 4.34-10
+         NOTE: fixed in testing at time of DSA
+         - exim 3.36-13
+         NOTE: not fixed in testing at time of DSA
+ [11 Jan 2005] DSA-634-1 hylafax - weak hostname and username validation
+         {CAN-2004-1182}
+         - hylafax 4.2.1-1
+         NOTE: fixed in testing at time of DSA
+ [11 Jan 2005] DSA-633-1 bmv - insecure temporary file
+         {CAN-2003-0014}
+         - bmv 1.2-17
+         NOTE: fixed in testing at time of DSA
+ [10 Jan 2005] DSA-632-1 linpopup - buffer overflow
+         {CAN-2004-1282}
+         - linpopup 1.2.0-7
+         NOTE: fixed in testing at time of DSA
+ [10 Jan 2005] DSA-631-1 kdelibs - unsanitised input
+         {CAN-2004-1165}
+         - kdelibs 4:3.3.2-1
+         NOTE: not fixed in testing at time of DSA
+ [10 Jan 2005] DSA-630-1 lintian - insecure temporary directory
+         {CAN-2004-1000}
+         - lintian 1.23.6
+         NOTE: not fixed in testing at time of DSA
+ [07 Jan 2005] DSA-629-1 krb5 - buffer overflow
+         {CAN-2004-1189}
+         - krb5 1.3.6-1
+         NOTE: not fixed in testing at time of DSA
+ [06 Jan 2005] DSA-628-1 imlib2 - integer overflows
+         {CAN-2004-1026}
+         - imlib2 1.1.2-2.1
+         NOTE: not fixed in testing at time of DSA
+ [06 Jan 2005] DSA-627-1 namazu2 - unsanitised input
+         {CAN-2004-1318}
+         - namazu2 2.0.14-1
+         NOTE: not fixed in testing at time of DSA
+ [06 Jan 2005] DSA-626-1 tiff - unsanitised input
+         {CAN-2004-1183}
+         - libtiff4 3.6.1-5
+         NOTE: not fixed in testing at time of DSA
+ [05 Jan 2005] DSA-625-1 pcal - buffer overflows
+         {CAN-2004-1289}
+         - pcal 4.8.0-1
+         NOTE: not fixed in testing at time of DSA
+ [05 Jan 2005] DSA-624-1 zip - buffer overflow
+         {CAN-2004-1010}
+         - zip 2.30-8
+         NOTE: fixed in testing at time of DSA
+ [04 Jan 2005] DSA-623-1 nasm - buffer overflow
+         {CAN-2004-1287}
+         - nasm 0.98.38-1.1
+ [03 Jan 2005] DSA-622-1 htmlheadline - insecure temporary files
+         {CAN-2004-1181}
+         NOTE: not in unstable
+ [31 Dec 2004] DSA-621-1 cupsys - buffer overflow
+         {CAN-2004-1125}
+         - cupsys 1.1.22-2
+ [30 Dec 2004] DSA-620-1 perl - insecure temporary files / directories
+         {CAN-2004-0452 CAN-2004-0976}
+         - perl 5.8.4-5
+ [30 Dev 2004] DSA-619-1 xpdf - buffer overflow
+         {CAN-2004-1125}
+         - xpdf 3.00-11
+ [24 Dec 2004] DSA-618-1 imlib - buffer overflows, integer overflows
+         {CAN-2004-1025 CAN-2004-1026}
+         - imlib 1.9.14-17.1
+         - imlib-png2 1.9.14-16.1
+ [24 Dec 2004] DSA-617-1 libtiff - insufficient input validation
+         {CAN-2004-1308}
+         - libtiff4 3.6.1-4
+ [23 Dec 2004] DSA-616-1 telnetd-ssl - format string
+         {CAN-2004-0998}
+         - telnetd-ssl 0.17.24+0.1-6
+ [22 Dec 2004] DSA-615-1 debmake - insecure temporary file
+         {CAN-2004-1179}
+         - debmake 3.7.7
+ [21 Dec 2004] DSA-614-1 xzgv - integer overflows
+         {CAN-2004-0994}
+         - xzgv 0.8-3
+ [21 Dec 2004] DSA-613-1 ethereal - inifinite loop
+         {CAN-2004-114}
+         - ethereal 0.10.8-1
+ [21 Dec 2004] DSA-614-1 xzgv - integer overflows
+         {CAN-2004-0994}
+         - xzgv 0.8-3
+ [20 Dec 2004] DSA-612-1 a2ps - unsanitised input
+         {CAN-2004-1170}
+         - a2ps 4.13b-4.2
+ [20 Dec 2004] DSA-611-1 htget - buffer overflow
+         {CAN-2004-0852}
+         NOTE: htget not in sarge or unstable
+ [17 Dec 2004] DSA-610-1 cscope - insecure temporary file
+         {CAN-2004-0996}
+         - cscope 15.5-1
+ [14 Dec 2004] DSA-609-1 atari800 - buffer overflows
+         {CAN-2004-1076}
+         - atari800 1.3.2-1
+ [14 Dec 2004] DSA-608-1 zgv - integer overflows, unsanitised input
+         {CAN-2004-1095 CAN-2004-0999}
+         - zgv 5.7-1.3
+         NOTE: changelog says he only patched 1095, but diff comparison
+         NOTE: shows 0999 was also fixed.
+ [10 Dec 2004] DSA-607-1 xfree86 - several
+         {CAN-2004-0914}
+         - xfree86 4.3.0.dfsg.1-9
+ [08 Dec 2004] DSA-606-1 nfs-utils - wrong signal handler
+         {CAN-2004-1014}
+         - nfs-utils 1:1.0.6-3.1
+ [06 Dec 2004] DSA-605-1 viewcvs - settings not honored
+         {CAN-2004-0915}
+         - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2
  [03 Dec 2004] DSA-604-1 hpsockd - missing input sanitising
          {CAN-2004-0993}
          - hpsockd 0.14
  [01 Dec 2004] DSA-603-1 openssl - insecure temporary file
          {CAN-2004-0975}
-         - openssl 0.9.7e-1
+         - openssl 0.9.7e-3
  [29 Nov 2004] DSA-602-1 libgd2 - integer overlow
          {CAN-2004-0941 CAN-2004-0990}
          NOTE: different from fixes from earlier DSA for these CANs; 2004-0941 new
-Line 20
+Line 836
          - yardradius 1.0.20-15
  [25 Nov 2004] DSA-597-1 cyrus-imapd - buffer overflow
          {CAN-2004-1012 CAN-2004-1013}
-         - cyrus-imapd 2.1.17-1
+         - cyrus21-imapd 2.1.17-1
  [24 Nov 2004] DSA-596-2 sudo - missing input sanitising
          {CAN-2004-1051}
          - sudo 1.6.8p3-1
-Line 48
+Line 864
          - gnats 4.0-6.1
  [09 Nov 2004] DSA-589-1 libgd - integer overflows
          {CAN-2004-0990}
-         - libgd1 (unfixed; bug #280134)
+         - libgd1 1.8.4-36.1
  [08 Nov 2004] DSA-588-1 gzip - insecure temporary files
          {CAN-2004-0970}
          NOTE: dsa says sid not affected
-Line 100
+Line 916
          - cupsys 1.1.20final+rc1-10
          {CAN-2004-0889}
          - xpdf 3.00-10
-         TODO: kpdf and kfax not fixed in sarge, bug #278173 has a backported patch for the kpdf hole
+         NOTE: kpdf and kfax are fixed in sarge, bug #278173 and #280373 for reference
          - kpdf 4:3.3.1-1
          - gpdf 2.8.0-1
          - kfax 4:3.3.1-1
-Line 186
+Line 1002
  [16 Sep 2004] DSA-548-1 imlib - unsanitised input
          {CAN-2004-0817}
          - imlib 1.9.14-17
-         - imlib+png2 1.9.14-16
+         - imlib+png2 1.9.14-16.2
  [16 Sep 2004] DSA-547-1 imagemagic - buffer overflows
          {CAN-2004-0827}
          - imagemagic 6.0.6.2-1
-Line 305
+Line 1121
          {CAN-2004-0522}
          - gallery 1.4.3-pl2-1
  [30 May 2004] DSA-511 ethereal - buffer overflows
-         {CAN-2004-0176
+         {CAN-2004-0176}
          - ethereal 0.10.3-1
  [29 May 2004] DSA-510 jftpgw - format string
          {CAN-2004-0448}
-Line 803
+Line 1619
          {CAN-2003-0461 CAN-2003-0462 CAN-2003-0476 CAN-2003-0501 CAN-2003-0550 CAN-2003-0551 CAN-2003-0552 CAN-2003-0018 CAN-2003-0619 CAN-2003-0643}
          NOTE: 2.4.18/2.4.20 not in unstable/testing. Did not check newer ones.
  [31 Jul 2003] DSA-357 wu-ftpd - remote root exploit
+         {CAN-2003-0466}
          - wu-ftpd 2.6.2-12
  [30 Jul 2003] DSA-356 xtokkaetama - buffer overflows
          {CAN-2003-0611}

 Legend:



Removed from v.172
 


changed lines


 
Added in v.1822
 Legend:



Removed from v.172
 


changed lines


 
Added in v.1822
-Removed from v.172
+Added in v.1822

	ViewVC Help
Powered by ViewVC 1.1.5