/[secure-testing]/data/DSA/list

Diff of /data/DSA/list

Parent Directory | Revision Log | View Patch Patch

-sarge-checks/DSA/list
revision 84 by joeyh,
Fri Nov  5 21:17:54 2004 UTC
+data/DSA/list
revision 1922 by jmm-guest,
Mon Sep 12 09:07:20 2005 UTC
 Line 1
+ [09 Sep 2005] DSA-806-1 gcvs - insecure temporary files
+         {CAN-2005-2693}
+         - gcvs 1.0final-7 (low)
+         NOTE: fixed in testing at time of DSA
+ [08 Sep 2005] DSA-805-1 apache2 - several
+         {CAN-2005-1268 CAN-2005-2088 CAN-2005-2700 CAN-2005-2728}
+         - apache2 2.0.54-5 (medium)
+         NOTE: not fixed in testing at time of DSA (too young)
+ [08 Sep 2005] DSA-804-1 kdelibs - insecure permissions
+         {CAN-2005-1920}
+         - kdebase 4:3.4.2-1 (medium)
+         NOTE: not fixed in testing at time of DSA (kde transition)
+ [07 Sep 2005] DSA-803-1 apache - programming error
+         {CAN-2005-2088}
+         - apache 1.3.33-8 (medium)
+         NOTE: not fixed in testing at time of DSA (too young)
+ [07 Sep 2005] DSA-802-1 cvs - insecure temporary files
+         {CAN-2005-2693}
+         - cvs 1:1.11.5-4 (low)
+         NOTE: fixed in testing at time of DSA
+ [05 Sep 2005] DSA-801-1 ntp - programming error
+         {CAN-2005-2496}
+         - ntp 1:4.2.0a+stable-4 (medium)
+         NOTE: not fixed in testing at time of DSA (RC bugs)
+ [02 Sep 2005] DSA-800-1 pcre3 - integer overflow
+         {CAN-2005-2491}
+         - pcre3 6.3-0.1etch1 (high)
+         NOTE: not fixed in testing at time of DSA (glibc transition)
+         NOTE: however, fixed in secure-testing archive
+ [02 Sep 2005] DSA-799-1 webcalendar - input validation
+         {CAN-2005-2717}
+         - webcalendar (unfixed; bug #326223; high)
+         NOTE: not fixed in testing at time of DSA (coordinated disclosure)
+ [02 Sep 2005] DSA-798-1 phpgroupware - several
+         {CAN-2005-2498 CAN-2005-2600 CAN-2005-2761}
+         - phpgroupware 0.9.16.008-1 (high)
+         NOTE: not fixed in testing at time of DSA (too young)
+ [01 Sep 2005] DSA-797-1 zsync - buffer overflow
+         {CAN-2005-1849 CAN-2005-2096}
+         - zsync 0.4.0-2 (medium)
+         NOTE: fixed in testing at time of DSA
+ [01 Sep 2005] DSA-796-1 affix - unsafe use of popen
+         {CAN-2005-2716}
+         - affix 2.1.2-3 (medium)
+         NOTE: not fixed in testing at time of DSA (glibc transition, builds)
+ [01 Sep 2005] DSA-795-2 proftpd - format string error
+         {CAN-2005-2390}
+         - proftpd 1.2.10-20 (medium)
+         NOTE: fixed in testing at time of DSA
+         NOTE: Initial -1 release had a build problem
+ [01 Sep 2005] DSA-794-1 polygen - programming error
+         {CAN-2005-2656}
+         - polygen 1.0.6-9 (low)
+         NOTE: not fixed in testing at time of DSA (too young)
+ [21 Aug 2005] DSA-779-2 mozilla-firefox - several
+         NOTE: Essentially 1.0.6 with rolled-back version number, backported version had regressions
+         {CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270}
+         - mozilla-firefox 1.0.6-1 (medium)
+         NOTE: not fixed in testing at time of DSA (waiting on dependencies)
+         NOTE: Fixed in DTSA, which will have the same regressions, should be checked/reverted
+ [01 Sep 2005] DSA-793-1 courier - missing input sanitising
+         {CAN-2005-2724}
+         - courier 0.47-8 (medium)
+         NOTE: not fixed in testing at time of DSA (glibc transition, too young)
+ [31 Aug 2005] DSA-792-1 pstotext - missing input sanitising
+         {CAN-2005-2536}
+         - pstotext 1.9-2 (medium)
+         NOTE: not fixed in testing at time of DSA (glibc transition, builds)
+ [30 Aug 2005] DSA-791-1 maildrop - missing privilege release
+         {CAN-2005-2655}
+         - maildrop 1.5.3-1.1etch1 (medium)
+         NOTE: not fixed in testing at time of DSA (glibc transition)
+         NOTE: but fixed in secure-testing repo
+ [30 Aug 2005] DSA-790-1 phpldapadmin - programming error
+         {CAN-2005-2654}
+         - phpldapadmin 0.9.6c-5 (medium)
+         NOTE: fixed in testing at time of DSA
+ [29 Aug 2005] DSA-789-1 php4 - several
+         {CAN-2005-1751 CAN-2005-1921 CAN-2005-2498}
+         - php4 4:4.4.0-2 (high)
+         NOTE: not fixed in testing at time of DSA (not uploaded yet)
+ [29 Aug 2005] DSA-788-1 kismet - several
+         {CAN-2005-2626 CAN-2005-2627}
+         - kismet 2005.08.R1-1 (medium)
+         NOTE: not fixed in testing at time of DSA (glibc transition)
+         NOTE: but fixed in secure-testing repo
+ [26 Aug 2005] DSA-787-1 backup-manager - insecure permissions and tempfile
+         {CAN-2005-1855 CAN-2005-1856}
+         - backup-manager 0.5.8-2 (medium)
+         NOTE: fixed in testing at time of DSA
+ [26 Aug 2005] DSA-786-1 simpleproxy - format string vulnerability
+         {CAN-2005-1857}
+         - simpleproxy 3.2-4 (medium)
+         NOTE: not fixed in testing at time of DSA (embargoed disclosure)
+ [25 Aug 2005] DSA-785-1 libpam-ldap - authentication bypass
+         {CAN-2005-2641}
+         - libpam-ldap 178-1sarge1 (medium)
+         NOTE: not fixed in testing at time of DSA (embargoed disclosure)
+ [25 Aug 2005] DSA-784-1 courier - programming error
+         {CAN-2005-2151}
+         - courier 0.47-6 (low)
+         NOTE: not fixed in testing at time of DSA (glibc transition)
+ [24 Aug 2005] DSA-783-1 mysql-dfsg-4.1 - insecure temporary file
+         {CAN-2005-1636}
+         - mysql-dfsg-4.1 4.1.12 (medium)
+         NOTE: not fixed in testing at time of DSA (glibc transition)
+         - mysql-dfsg-5.0 5.0.11beta-3 (medium)
+         NOTE: not fixed in testing at time of DSA (glibc transition)
+ [23 Aug 2005] DSA-782-1 bluez-utils - missing input sanitising
+         {CAN-2005-2547}
+         - bluez-utils 2.19-1 (high)
+         NOTE: not fixed in testing at time of DSA (missing builds)
+ [23 Aug 2005] DSA-781-1 mozilla-thunderbird - several
+         {CAN-2005-0989 CAN-2005-1159 CAN-2005-1160 CAN-2005-1532 CAN-2005-2261 CAN-2005-2265 CAN-2005-2266 CAN-2005-2269 CAN-2005-2270}
+         - mozilla-thunderbird 1.0.6-1 (medium)
+         NOTE: not fixed in testing at time of DSA (missing builds)
+ [22 Aug 2005] DSA-780-1 kdegraphics - wrong input sanitising
+         {CAN-2005-2097}
+         - kdegraphics 4:3.4.2-1 (bug #322458; low)
+         NOTE: not fixed in testing at time of DSA (nor in unstable; C++ ABI transition)
+ [21 Aug 2005] DSA-779-1 mozilla-firefox - several
+         {CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270}
+         - mozilla-firefox 1.0.6-1 (medium)
+         NOTE: not fixed in testing at time of DSA (build and deps)
+ [19 Aug 2005] DSA-778-1 mantis - missing input sanitising
+         {CAN-2005-2556 CAN-2005-2557}
+         - mantis 0.19.2-4 (medium)
+         NOTE: not fixed in testing at time of DSA (nor unstable)
+ [17 Aug 2005] DSA-777-1 mozilla - frame injection spoofing
+         {CAN-2004-0718 CAN-2005-1937}
+         - mozilla-browser 1.7.10-1 (medium)
+         NOTE: not fixed in testing at time of DSA (waiting on builds)
+ [16 Aug 2005] DSA-776-1 clamav - integer overflows, infinite loop
+         {CAN-2005-2450}
+         - clamav 0.86.2-1 (medium)
+         NOTE: not fixed in testing at time of DSA (waiting on dependencies)
+ [12 Aug 2005] DSA-775-1 mozilla-firefox - frame injection spoofing
+         {CAN-2004-0718 CAN-2005-1937}
+         - mozilla-firefox 1.0.4-3 (medium)
+         NOTE: IMO the information about the sid fix in the DSA is wrong, pinged security@
+         NOTE: fixed in testing at time of DSA
+ [12 Aug 2005] DSA-774-1 fetchmail - buffer overflow
+         {CAN-2005-2335}
+         - fetchmail 6.2.5-16 (medium)
+         NOTE: fixed in testing at time of DSA
+ [11 Aug 2005] DSA-773-1 New amd64 packages fix several bugs
+         NOTE: amd64 catch-up DSA, no new holes
+ [03 Aug 2005] DSA-772-1 apt-cacher - missing input sanitising
+         {CAN-2005-1854}
+         - apt-cacher 0.9.10 (high)
+         NOTE: not fixed in testing at time of DSA (not uploaded to unstable yet)
+ [01 Aug 2005] DSA-771-1 pdns - several
+         {CAN-2005-2301 CAN-2005-2302}
+         - pdns 2.9.18-1 (medium)
+         NOTE: not fixed in testing at time of DSA (too young)
+ [29 Jul 2005] DSA-770-1 gopher - insecure tmpfile handling
+         {CAN-2005-1853}
+         - gopher 3.0.10
+         NOTE: not fixed in testing at time of DSA (Debian server outage)
+ [29 Jul 2005] DSA-769-1 gaim - memory alignment bug
+         {CAN-2005-2370}
+         - gaim 1:1.4.0-5 (high)
+         NOTE: not fixed in testing at time of DSA (?)
+ [27 Jul 2005] DSA-768-1 phpbb2 - missing input validation
+         {CAN-2005-2161}
+         - phpbb2 2.0.13-6sarge1
+         NOTE: not fixed in testing at time of DSA (Debian server outage)
+ [27 Jul 2005] DSA-767-1 ekg - integer overflows
+         {CAN-2005-1852}
+         - ekg 1.5+20050718+1.6rc3-1 (medium)
+         NOTE: not fixed in testing at time of DSA (Debian server outage)
+ [26 Jul 2005] DSA-766-1 webcalendar - authorisation failure
+         {CAN-2005-2320}
+         - webcalendar (unfixed; bug #315671; medium)
+         NOTE: not fixed in testing at time of DSA (Debian server outage)
+ [22 Jul 2005] DSA-765-1 heimdal - buffer overflow
+         {CAN-2005-0469}
+         - heimdal 0.6.3-10 (medium)
+         NOTE: fixed in testing at time of DSA
+ [21 Jul 2005] DSA-764-1 cacti - several
+         {CAN-2005-1524 CAN-2005-1525 CAN-2005-1526 CAN-2005-2148 CAN-2005-2149}
+         - cacti 0.8.6f-1 (high)
+         NOTE: fixed in testing at time of DSA
+         NOTE: DSA information is incorrect, sid fix is 6f, not 6e
+ [20 Jul 2005] DSA-763-1 zlib - buffer overflow
+         {CAN-2005-1849}
+         - zlib 1.2.3-1 (medium)
+         NOTE: not fixed in testing at time of DSA (only 1/2 days old, not built on s390)
+ [19 Jul 2005] DSA-762-1 affix - several
+         {CAN-2005-2250 CAN-2005-2277}
+         - affix 2.1.2-2 (medium)
+         NOTE: not fixed in testing at time of DSA (only 2/2 days old)
+ [19 Jul 2005] DSA-761-2 heartbeat - insecure temporary files
+         {CAN-2005-2231}
+         - heartbeat 1.2.3-12 (medium)
+         NOTE: not fixed in testing at time of DSA (only 0/2 days old)
+ [18 Jul 2005] DSA-760-1 ekg - several
+         {CAN-2005-1850 CAN-2005-1851 CAN-2005-1916}
+         - ekg 1.5+20050712+1.6rc2-1 (low)
+         NOTE: not fixed in testing at time of DSA (waiting on dependencies, not built on five archs)
+ [18 Jul 2005] DSA-759-1 phppgadmin - missing input sanitising
+         {CAN-2005-2256}
+         - phppgadmin 3.5.4-1 (medium)
+         NOTE: not fixed in testing at time of DSA (only 0/10 days old)
+ [18 Jul 2005] DSA-758-1 heimdal - buffer overflow
+         {CAN-2005-2040}
+         - heimdal 0.6.3-11 (medium)
+         NOTE: not fixed in testing at time of DSA (waiting on dependencies)
+ [17 Jul 2005] DSA-757-1 krb5 - buffer overflow, double-free memory
+         {CAN-2005-1689 CAN-2005-1174 CAN-2005-1175}
+         - krb5 1.3.6-4 (medium)
+         NOTE: not fixed in testing at time of DSA (waiting on dependencies, not built on m68k)
+ [14 Jul 2005] DSA-746-1 phpgroupware - remote command execution
+         {CAN-2005-1921}
+         - phpgroupware 0.9.16.006-1 (high)
+         NOTE: fixed in testing at time of DSA
+ [13 Jul 2005] DSA-756-1 squirrelmail - several
+         {CAN-2005-1769 CAN-2005-2095}
+         - squirrelmail 2:1.4.4-6 (medium)
+         NOTE: not fixed in testing at time of DSA (only 0/2 days old)
+ [13 Jul 2005] DSA-755-1 tiff - buffer overflow
+         {CAN-2005-1544}
+         - tiff 3.7.2-3 (medium)
+         NOTE: fixed in testing at time of DSA
+ [13 Jul 2005] DSA-754-1 centericq - insecure temporary file
+         {CAN-2005-1914}
+         - centericq 4.20.0-7 (low)
+         NOTE: not fixed in testing at time of DSA (waiting on dependencies)
+ [12 Jul 2005] DSA-753-1 gedit - format string
+         {CAN-2005-1686}
+         - gedit 2.10.3-1 (low)
+         NOTE: not fixed in testing at time of DSA (waiting on dependencies)
+ [11 Jul 2005] DSA-752-1 gzip - several
+         {CAN-2005-0988 CAN-2005-1228}
+         - gzip 1.3.5-10
+         NOTE: fixed in testing at time of DSA
+ [11 Jul 2005] DSA-751-1 squid - IP spoofind
+         {CAN-2005-1519}
+         - squid 2.5.9-9
+         NOTE: fixed in testing at time of DSA
+ [10 Jul 2005] DSA-748-1 ruby1.8 - bad default value
+         {CAN-2005-1992}
+         - ruby1.8 1.8.2-8 (medium)
+         NOTE: not fixed in testing at time of DSA (waiting on dependencies)
+ [11 Jul 2005] DSA-750-1 dhcpcd - out-of-bound memory access
+         {CAN-2005-1848}
+         - dhcpcd 1.3.22pl4-22
+         NOTE: fixed in testing at time of DSA
+ [10 Jul 2005] DSA-749-1 ettercap - format string error
+         {CAN-2005-1796}
+         - ettercap 0.7.3-1 (medium)
+         NOTE: fixed in testing at time of DSA
+ [10 Jul 2005] DSA-747-1 egroupware - input validation error
+         {CAN-2005-1921}
+         - egroupware 1.0.0.007-3.dfsg-1 (high)
+         NOTE: not fixed in testing at time of DSA (only 1/2 days old)
+ [10 Jul 2005] DSA-745-1 drupal - arbitrary command execution
+         {CAN-2005-1921 CAN-2005-2106 CAN-2005-2116}
+         - drupal 4.5.4-1 (high)
+         NOTE: fixed in testing at time of DSA
+ [08 Jul 2005] DSA-744-1 fuse - programming error
+         {CAN-2005-1858}
+         - fuse 2.3.0-1
+         NOTE: fixed in testing at time of DSA
+ [08 Jul 2005] DSA-743-1 ht - buffer overflows, integer overflows
+         {CAN-2005-1545 CAN-2005-1546}
+         - ht 0.8.0-3
+         NOTE: fixed in testing at time of DSA
+ [09 Jul 2005] DSA-742-1 cvs - buffer overflow
+         {CAN-2005-0753}
+         - cvs 1:1.12.9-13 (high)
+         NOTE: fixed in testing at time of DSA
+ [07 Jul 2005] DSA-741-1 bzip2 - infinite loop
+         {CAN-2005-1260}
+         - bzip2 1.0.2-7 (low)
+         NOTE: fixed in testing at time of DSA
+ [06 Jul 2005] DSA-740-1 zlib - buffer overflow
+         {CAN-2005-2096}
+         - zlib 1.2.2-7 (medium)
+         NOTE: anything statically linking zlib needs rebuild
+         NOTE: not fixed in testing at time of DSA (embargoed disclosure)
+ [06 Jul 2005] DSA-739-1 trac - missing input sanitising
+         {CAN-2005-2007}
+         - trac 0.8.4-1 (medium)
+         NOTE: fixed in testing at time of DSA
+ [19 May 2005] DSA-725-2 ppxp - missing privilege release
+         {CAN-2005-0392}
+         - ppxp 0.2001080415-11
+         NOTE: fixed in testing at time of DSA
+ [05 Jul 2005] DSA-738-1 razor - email header parsing error
+         {CAN-2005-2024}
+         - razor 2.720-1 (low)
+         NOTE: not fixed in testing at time of DSA (not built on arm)
+ [05 Jul 2005] DSA-737-1 clamav - various DOS vulnerabilities
+         {CAN-2005-1922 CAN-2005-1923 CAN-2005-2056 CAN-2005-2070}
+         - clamav 0.86.1-1 (medium)
+         NOTE: not fixed in testing at time of DSA (uploaded with low urgency only, one fix missing for sid)
+ [05 Jul 2005] DSA-734-1 gaim - denial of service
+         {CAN-2005-1269 CAN-2005-1934}
+         - gaim 1.3.1-1
+         NOTE: not fixed in testing at time of DSA (not built on sparc)
+ [01 Jul 2005] DSA-736-2 spamassassin - mail header parsing error
+         {CAN-2005-1266}
+         - spamassassin 3.0.4-1 (medium)
+         NOTE: fixed in testing at time of DSA
+ [01 Jul 2005] DSA-736-1 spamassassin - mail header parsing error
+         {CAN-2005-1266}
+         - spamassassin 3.0.4-1 (medium)
+         NOTE: fixed in testing at time of DSA
+ [08 Jul 2005] DSA-735-2 sudo - pathname validation race
+         {CAN-2005-1993}
+         - sudo 1.6.8p9-1 (medium)
+         NOTE: fixed in testing at time of DSA
+ [01 Jul 2005] DSA-735-2 sudo - pathname validation race
+         {CAN-2005-1993}
+         - sudo 1.6.8p9-1 (medium)
+         NOTE: fixed in testing at time of DSA
+ [01 Jul 2005] DSA-735-1 sudo - pathname validation race
+         {CAN-2005-1993}
+         - sudo 1.6.8p9-1 (medium)
+         NOTE: not fixed in testing at time of DSA
+ [30 Jun 2005] DSA-733-1 crip - insecure temporary files
+         {CAN-2005-0393}
+         - crip 3.5-1sarge2 (low)
+         NOTE: not fixed in testing at time of DSA (reserved)
+ [03 Jun 2005] DSA-732-1 mailutils - several
+         {CAN-2005-1520 CAN-2005-1521 CAN-2005-1522 CAN-2005-1523}
+         - mailutils 0.6.1-4
+         NOTE: fixed in testing at time of DSA
+ [02 Jun 2005] DSA-731-1 krb4 - buffer overflows
+         {CAN-2005-0468 CAN-2005-0468}
+         - krb4 1.2.2-11.2
+         NOTE: fixed in testing at time of DSA
+ [27 May 2005] DSA-730-1 bzip2 - race condition
+         {CAN-2005-0953}
+         - bzip2 1.0.2-6
+         NOTE: fixed in testing at time of DSA
+ [26 May 2005] DSA-729-1 php4 - missing input sanitising
+         {CAN-2005-0525}
+         - php4 4.3.10-10
+         NOTE: fixed in testing at time of DSA
+ [25 May 2005] DSA-728-1 qpopper - missing privilege release
+         {CAN-2005-1151 CAN-2005-1152}
+         - qpopper 4.0.5-4sarge1
+         NOTE: fixed in testing at time of DSA by security team
+ [20 May 2005] DSA-727-1 libconvert-uulib-perl - buffer overflow
+         {CAN-2005-1349}
+         - libconvert-uulib-perl 1.0.5.1-1
+         NOTE: fixed in testing at time of DSA
+ [20 May 2005] DSA-726-1 oops - format string vulnerability
+         {CAN-2005-1121}
+         - oops (unfixed; bug #307360)
+         NOTE: not in testing at time of DSA
+ [19 May 2005] DSA-725-1 ppxp - missing privilege release
+         {CAN-2005-0392}
+         - ppxp 0.2001080415-11
+         NOTE: not fixed in testing at time of DSA
+ [18 May 2005] DSA-724-1 phpsysinfo - design flaw
+         {CAN-2005-0870}
+         - phpsysinfo 2.3-3
+         NOTE: fixed in testing at time of DSA
+ [09 May 2005] DSA-723-1 xfree86 - buffer overflow
+         {CAN-2005-0605}
+         - xfree86 4.3.0.dfsg.1-13
+         NOTE: not fixed in testing at time of DSA
+ [09 May 2005] DSA-722-1 smail - buffer overflow
+         {CAN-2005-0892}
+         NOTE: Package not in testing at time of DSA
+ [06 May 2005] DSA-721-1 squid - design flaw
+         {CAN-2005-1345}
+         - squid 2.5.9-7
+         NOTE: not fixed in testing at time of DSA
+ [03 May 2005] DSA-720-1 smartlist - wrong input processing
+         {CAN-2005-0157}
+         - smartlist 3.15-18
+         NOTE: fixed in testing at time of DSA
+ [28 Apr 2005] DSA-719-1 prozilla - format string problems
+         {CAN-2005-0523}
+         - prozilla 1:1.3.7.4-1
+         NOTE: fixed in testing at time of DSA
+ [28 Apr 2005] DSA-718-1 ethereal - buffer overflow
+         {CAN-2005-0739}
+         - ethereal 0.10.10-1
+         NOTE: fixed in testing at time of DSA
+ [27 Apr 2005] DSA-717-1 lsh-utils - buffer overflow, typo
+         {CAN-2003-0826 CAN-2005-0814}
+         - lsh-utils 2.0.1-2
+         NOTE: fixed in testing at time of DSA
+ [27 Apr 2005] DSA-716-1 gaim - denial of service
+         {CAN-2005-0472}
+         - gaim 1.1.3-1
+         NOTE: fixed in testing at time of DSA
+ [27 Apr 2005] DSA-715-1 cvs - several
+         {CAN-2004-1342 CAN-2004-1343}
+         - cvs 1.12.9-12
+         NOTE: not fixed in testing at time of DSA
+ [26 Apr 2005] DSA-714-1 kdelibs - several
+         {CAN-2005-1046}
+         - kdelibs 4:3.3.2-5
+         NOTE: not fixed in testing at time of DSA
+ [21 Apr 2005] DSA-701-2 samba - integer overflows
+         NOTE: only a bug in the backported fix to stable, testing is ok
+ [21 Apr 2005] DSA-713-1 junkbuster - several
+         {CAN-2005-1108 CAN-2005-1109}
+         NOTE: package not in testing/unstable
+ [19 Apr 2005] DSA-712-1 geneweb - insecure file operations
+         {CAN-2005-0391}
+         - geneweb 4.10-7
+         NOTE: fixed in testing at time of DSA
+ [19 Apr 2005] DSA-711-1 info2www - missing input sanitising
+         {CAN-2004-1341}
+         - info2www 1.2.2.9-23
+         NOTE: fixed in testing at time of DSA
+ [18 Apr 2005] DSA-710-1 gtkhtml - null pointer dereference
+         {CAN-2003-0541}
+         - gtkhtml 1.0.4-6.2
+         NOTE: fixed in testing at time of DSA
+ [15 Apr 2005] DSA-709-1 libexif - buffer overflow
+         {CAN-2005-0664}
+         - libexif 0.6.9-5
+ [15 Apr 2005] DSA-708-1 php3 - missing input sanitising
+         {CAN-2005-0525}
+         - php3 3.0.18-31
+ [13 Apr 2005] DSA-707-1 mysql - several
+         {CAN-2004-0957 CAN-2005-0709 CAN-2005-0710 CAN-2005-0711}
+         - mysql-dfsg 4.0.24-5
+         - mysql-dfsg-4.1 4.1.10a-6
+         NOTE: not fixed in testing at time of DSA
+ [13 Apr 2005] DSA-706-1 axel - buffer overflow
+         {CAN-2005-0390}
+         - axel 1.0b-1
+         NOTE: fixed in testing at time of DSA
+ [04 Apr 2005] DSA-705-1 wu-ftpd - missing input sanitising
+         {CAN-2005-0256 CAN-2003-0854}
+         - wu-ftpd 2.6.2-19
+ [04 Apr 2005] DSA-704-1 remstats - tempfile, missing input sanitising
+         {CAN-2005-0387 CAN-2005-0388}
+         - remstats 1.0.13a-5
+         NOTE: not fixed in testing at time of DSA
+ [01 Apr 2005] DSA-703-1 krb5 - buffer overflows
+         {CAN-2005-0468 CAN-2005-0469}
+         - krb5 1.3.6-1
+ [01 Apr 2005] DSA-702-1 imagemagick - several
+         {CAN-2005-0397 CAN-2005-0759 CAN-2005-0760 CAN-2005-0762}
+         - imagemagick 6.0.6.2-2.2
+ [31 Mar 2005] DSA-701-1 samba - integer overflows
+         {CAN-2004-1154}
+         - samba 3.0.10-1
+ [30 Mar 2005] DSA-700-1 mailreader - missing input sanitising
+         {CAN-2005-0386}
+         - mailreader 2.3.29-11
+         NOTE: not fixed in testing at time of DSA
+ [29 Mar 2005] DSA-699-1 netkit-telnet-ssl - buffer overflow
+         {CAN-2005-0469}
+         - netkit-telnet-ssl 0.17.24+0.1-7.1
+         NOTE: not fixed in testing at time of DSA
+ [29 Mar 2005] DSA-698-1 mc - buffer overflow
+         {CAN-2005-0763}
+         NOTE: Not clear which unstable/testing version fixed this,
+         NOTE: but advisory says it's fixed.
+ [29 Mar 2005] DSA-697-1 netkit-telnet - buffer overflow
+         {CAN-2005-0469}
+         - netkit-telnet 0.17-28
+         NOTE: not fixed in testing at time of DSA
+ [22 Mar 2005] DSA-696-1 perl - design flaw
+         {CAN-2005-0448}
+         - perl 5.8.4-8
+         NOTE: fixed in testing at time of DSA
+ [21 Mar 2005] DSA-695-1 xli - buffer overflow, input sanitising, integer overflow
+         {CAN-2001-0775 CAN-2005-0638 CAN-2005-0639}
+         - xli 1.17.0-18
+         NOTE: not fixed in testing at time of DSA
+ [21 Mar 2005] DSA-694-1 xloadimage - missing input sanitising, integer overflow
+         {CAN-2005-0638 CAN-2005-0639}
+         - xloadimage 4.1-14.2
+         NOTE: not fixed in testing at time of DSA
+ [14 Mar 2005] DSA-693-1 luxman - buffer overflow
+         {CAN-2005-0385}
+         NOTE: not fixed in testing at time of DSA
+         NOTE: not in unstable at time of DSA though DSA claimed it was
+         - luxman 0.41-20
+ [14 Mar 2005] DSA-662-2 squirrelmail - several
+         NOTE: only an update to a prior DSA, did not affct sid/sarge.
+ [08 Mar 2005] DSA-692-1 kppp - design flaw
+         {CAN-2005-0205}
+         - kppp 4:3.1.6
+         NOTE: fixed in testing at time of DSA
+ [07 Mar 2005] DSA-691-1 abuse - several
+         {CAN-2005-0098 CAN-2005-0099}
+         NOTE: not in unstable/testing
+ [25 Feb 2005] DSA-690-1 bsmtpd - missing input sanitising
+         {CAN-2005-0107}
+         - bsmtpd 2.3pl8b-16
+         NOTE: not fixed in testing at time of DSA
+ [23 Feb 2005] DSA-689-1 libapache-mod-python - missing input sanitising
+         {CAN-2005-0088}
+         - libapache-mod-python 2.7.10-4
+         NOTE: fixed in testing at time of DSA
+         - libapache2-mod-python 3.1.3-3
+         NOTE: fixed in testing at time of DSA
+ [23 Feb 2005] DSA-688-1 squid - mising input sanitising
+         {CAN-2005-0446}
+         - squid 2.5.8-3
+         NOTE: fixed in testing at time of DSA
+ [21 Feb 2005] DSA-674-3 mailman - cross-site scripting, directory traversal
+         NOTE: only fixed bug in DSA
+ [18 Feb 2005] DSA-687-1 bidwatcher - format string
+         {CAN-2005-0158}
+         - bidwatcher 1.3.17-1
+         NOTE: not fixed in testing at time of DSA
+ [17 Feb 2005] DSA-686-1 gftp - missing input sanitising
+         {CAN-2005-0372}
+         - gftp 2.0.18-1
+         NOTE: not fixed in testing at time of DSA
+ [17 Feb 2005] DSA-685-1 emacs21 - format string
+         {CAN-2005-0100}
+         - emacs21 21.3+1-9
+         NOTE: not fixed in testing at time of DSA
+ [16 Feb 2005] DSA-684-1 typespeed - format string
+         {CAN-2005-0105}
+         - typespeed 0.4.4-8
+         NOTE: not fixed in testing at time of DSA
+ [15 Feb 2005] DSA-683-1 postgresql - buffer overflows
+         {CAN-2005-0245 CAN-2005-0247}
+         - postgresql 7.4.7-2
+         NOTE: fixed in testing at time of DSA
+ [15 Feb 2005] DSA-682-1 awstats - missing input sanitising
+         {CAN-2005-0363}
+         - awstats 6.2-1.2
+         NOTE: not fixed in testing at time of DSA
+ [14 Feb 2005] DSA-681-1 synaesthesia - privilege escalation
+         {CAN-2005-0070}
+         NOTE: does not apply for sarge, program is not setuid anymore
+ [14 Feb 2005] DSA-680-1 htdig - unsanitised input
+         {CAN-2005-0085}
+         - htdig 3.1.6-11
+         NOTE: fixed in testing at time of DSA
+ [14 Feb 2005] DSA-679-1 toolchain-source - insecure temporary files
+         {CAN-2005-0159}
+         - toolchain-source 3.4-5
+         NOTE: not fixed in testing at time of DSA
+ [11 Feb 2005] DSA-678-1 netkit-rwho - missing input validation
+         {CAN-2004-1180}
+         - netkit-rwho 0.17-8
+         NOTE: not fixed in testing at time of DSA
+ [11 Feb 2005] DSA-677-1 sympa - buffer overflow
+         {CAN-2005-0073}
+         - sympa 4.1.2-2.1
+         NOTE: not fixed in testing at time of DSA
+ [11 Feb 2005] DSA-676-1 xpcd - buffer overflow
+         {CAN-2005-0074}
+         - xpcd 2.08-11.1
+         NOTE: not fixed in testing at time of DSA
+ [11 Feb 2005] DSA-674-2 mailman - cross-site scripting, directory traversal
+         NOTE: only fixed bug in DSA
+ [10 Feb 2005] DSA-675-1 hztty - privilege escalation
+         {CAN-2005-0019}
+         - hztty 2.0-6.1
+         NOTE: not fixed in testing at time of DSA
+ [10 Feb 2005] DSA-674-1 mailman - cross-site scripting, directory traversal
+         {CAN-2004-1177}
+         - mailman 2.1.5-5
+         NOTE: fixed in testing at time of DSA
+         {CAN-2005-0202}
+         - mailman 2.1.5-6
+         NOTE: not fixed in testing at time of DSA
+ [10 Feb 2005] DSA-673-1 evolution - integer overflow
+         {CAN-2005-0102}
+         - evolution 2.0.3-1.2
+         NOTE: fixed in testing at time of DSA
+ [09 Feb 2005] DSA-672-1 xview - buffer overflows
+         {CAN-2005-0076}
+         - xview 3.2p1.4-19
+         NOTE: not fixed in testing at time of DSA
+ [08 Feb 2005] DSA-671-1 xemacs21 - format string
+         {CAN-2005-0100}
+         NOTE: not fixed in testing at time of DSA
+         - xemacs21 21.4.16-2
+ [08 Feb 2005] DSA-670-1 emacs20 - format string
+         {CAN-2005-0100}
+         NOTE: also affects emacs21 in unstable, fixed
+ [04 Feb 2005] DSA-689-1 php3 - several
+         {CAN-2004-0594 CAN-2004-0595}
+         - php3 3.0.18-27
+         NOTE: fixed in testing at time of DSA
+ [04 Feb 2005] DSA-668-1 postgresql - privilege escalation
+         {CAN-2005-0227}
+         - postgresql 7.4.7-1
+         NOTE: not fixed in testing at time of DSA
+ [04 Feb 2005] DSA-667-1 squid - several
+         {CAN-2005-0173 CAN-2005-0175 CAN-2005-0194 CAN-2005-0211}
+         - squid 2.5.7-7
+         NOTE: not fixed in testing at time of DSA
+ [04 Feb 2005] DSA-666-1 python2.2 - design flaw
+         {CAN-2005-0089}
+         - python2.2 2.2.3-14
+         - python2.3 2.3.4-20
+         - python2.4 2.4-5
+         NOTE: not fixed in testing at time of DSA
+ [04 Feb 2005] DSA-665-1 ncpfs - missing privilege release
+         {CAN-2005-0013}
+         - ncpfs 2.2.6-1
+         NOTE: not fixed in testing at time of DSA
+ [02 Feb 2005] DSA-664-1 cpio - broken file permissions
+         {CAN-1999-1572}
+         - cpio 2.5-1.2
+         NOTE: not fixed in testing at time of DSA
+ [02 Feb 2005] DSA-663-1 prozilla - buffer overflows
+         {CAN-2004-1120}
+         - prozilla 1.3.7.3-1
+         NOTE: fixed in testing at time of DSA
+ [01 Feb 2005] DSA-662-1 squirrelmail - several
+         {CAN-2005-0104 CAN-2005-0152}
+         NOTE: CAN-2005-0152 only exists in 1.2.6 version
+         - squirrelmail 1.4.4
+         NOTE: fixed in testing at time of DSA
+ [20 Apr 2005] DSA-661-2 f2c - insecure temporary files
+         {CAN-2005-0017 CAN-2005-0018}
+         - f2c 20020621-3.3
+         NOTE: not fixed in testing at time of DSA
+ [26 Jan 2005] DSA-660-1 kdebase - missing return value check
+         {CAN-2005-0078}
+         - kdebase 4:3.0.5
+         NOTE: fixed in testing at time of DSA
+ [26 Jan 2005] DSA-659-1 libpam-radius-auth - information leak, integer underflow
+         {CAN-2004-1340 CAN-2005-0108}
+         - libpam-radius-auth 1.3.16-3
+         NOTE: 1/2 fixed in testing at time of DSA
+ [25 Jan 2005] DSA-658-1 libdbi-perl - insecure temporary file
+         {CAN-2005-0077}
+         - libdbi-perl 1.46-6
+         NOTE: not fixed in testing at time of DSA
+ [25 Jan 2005] DSA-657-1 xine-lib - buffer overflow
+         {CAN-2004-1379}
+         - xine-lib 1-rc6a-1
+         NOTE: fixed in testing at time of DSA
+ [25 Jan 2005] DSA-656-1 vdr - insecure file access
+         {CAN-2005-0071}
+         - vdr 1.2.6-6
+         NOTE: not fixed in testing at time of DSA
+ [25 Jan 2005] DSA-655-1 zhcon - missing privilege release
+         {CAN-2005-0072}
+         - zhcon 1:0.2.3-8.1
+         NOTE: not fixed in testing at time of DSA
+ [21 Jan 2005] DSA-654-1 enscript - several
+         {CAN-2004-1184 CAN-2004-1185 CAN-2004-1186}
+         - enscript 1.6.4-6
+         NOTE: not fixed in testing at time of DSA
+ [21 Jan 2005] DSA-653-1 ethereal - buffer overflow
+         {CAN-2005-0084}
+         - ethereal 0.10.9-1
+         NOTE: not fixed in testing at time of DSA
+ [21 Jan 2005] DSA-652-1 unarj
+         {CAN-2004-0947 CAN-2004-1027}
+         NOTE: not-for-us (unarj)
+ [20 Jan 2005] DSA-651-1 squid - buffer overflow, integer overflow
+         {CAN-2005-0094 CAN-2005-0095}
+         - squid 2.5.7-4
+         NOTE: not fixed in testing at time of DSA
+ [20 Jan 2005] DSA-650-1 sword - missing input sanitising
+         {CAN-2005-0015}
+         - sword 1.5.7-7
+         NOTE: not fixed in testing at time of DSA
+ [20 Jan 2005] DSA-649-1 xtrlock - buffer overflow
+         {CAN-2005-0079}
+         - xtrlock 2.0-9
+         NOTE: fixed in testing at time of DSA
+ [19 Jan 2005] DSA-648-1 xpdf - buffer overflow
+         {CAN-2005-0064}
+         - xpdf 3.00-12
+         NOTE: not fixed in testing at time of DSA
+ [19 Jan 2005] DSA-647-1 mysql - insecure temporary files
+         {CAN-2005-0004}
+         - mysql-dfsg 4.0.23-3
+         - mysql-dfsg-4.1 4.1.8a-6
+         NOTE: not fixed in testing at time of DSA
+ [19 Jan 2005] DSA-646-1 imagemagick - buffer overflow
+         {CAN-2005-0005}
+         - imagemagick 6.0.6.2-2
+         NOTE: not fixed in testing at time of DSA
+ [19 Jan 2005] DSA-645-1 cupsys - buffer overflow
+         {CAN-2005-0064}
+         NOTE: cupsys not affected in sarge, though other programs are vulnerable
+         NOTE: see CAN/list
+         NOTE: not fixed in testing at time of DSA
+ [18 Jan 2005] DSA-644-1 chbg - buffer overflow
+         {CAN-2004-1264}
+         - chbg 1.5-4
+         NOTE: fixed in testing at time of DSA
+ [18 Jan 2005] DSA-643-1 queue - buffer overflows
+         {CAN-2004-0555}
+         - queue 1.30.1-5
+         NOTE: not fixed in testing at time of DSA
+ [17 Jan 2005] DSA-642-1 gallery - several
+         {CAN-2004-1106}
+         - gallery 1.4.4-pl4-1
+         NOTE: fixed in testing at time of DSA
+ [17 Jan 2005] DSA-641-1 playmidi - buffer overflow
+         {CAN-2005-0020}
+         - playmidi 2.4debian-3
+         NOTE: not fixed in testing at time of DSA
+ [17 Jan 2005] DSA-640-1 gatos - buffer overflow
+         {CAN-2005-0016}
+         - gatos 0.0.5-15
+         NOTE: not fixed in testing at time of DSA
+ [14 Jan 2005] DSA-639-1 mc - several
+         {CAN-2004-1004 CAN-2004-1005 CAN-2004-1009 CAN-2004-1090 CAN-2004-1091 CAN-2004-1092 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2004-1176}
+         NOTE: unstable not vulnerable according to DSA
+         NOTE: DSA was wrong..
+         - mc 1:4.6.0-4.6.1-pre3-1
+         NOTE: not fixed in testing at time of DSA
+ [13 Jan 2005] DSA-638-1 gopher - several
+         {CAN-2004-0560 CAN-2004-0561}
+         NOTE: not in sarge
+ [13 Jan 2005] DSA-637-1 exim-tls - buffer overflow
+         {CAN-2005-0021}
+         NOTE: not in sarge
+ [12 Jan 2005] DSA-636-1 glibc - insecure temporary files
+         {CAN-2004-0968}
+         - glibc 2.3.2.ds1-20
+         NOTE: fixed in testing at time of DSA
+ [12 Jan 2005] DSA-635-1 exim - buffer overflow
+         {CAN-2005-0021}
+         - exim4 4.34-10
+         NOTE: fixed in testing at time of DSA
+         - exim 3.36-13
+         NOTE: not fixed in testing at time of DSA
+ [11 Jan 2005] DSA-634-1 hylafax - weak hostname and username validation
+         {CAN-2004-1182}
+         - hylafax 4.2.1-1
+         NOTE: fixed in testing at time of DSA
+ [11 Jan 2005] DSA-633-1 bmv - insecure temporary file
+         {CAN-2003-0014}
+         - bmv 1.2-17
+         NOTE: fixed in testing at time of DSA
+ [10 Jan 2005] DSA-632-1 linpopup - buffer overflow
+         {CAN-2004-1282}
+         - linpopup 1.2.0-7
+         NOTE: fixed in testing at time of DSA
+ [10 Jan 2005] DSA-631-1 kdelibs - unsanitised input
+         {CAN-2004-1165}
+         - kdelibs 4:3.3.2-1
+         NOTE: not fixed in testing at time of DSA
+ [10 Jan 2005] DSA-630-1 lintian - insecure temporary directory
+         {CAN-2004-1000}
+         - lintian 1.23.6
+         NOTE: not fixed in testing at time of DSA
+ [07 Jan 2005] DSA-629-1 krb5 - buffer overflow
+         {CAN-2004-1189}
+         - krb5 1.3.6-1
+         NOTE: not fixed in testing at time of DSA
+ [06 Jan 2005] DSA-628-1 imlib2 - integer overflows
+         {CAN-2004-1026}
+         - imlib2 1.1.2-2.1
+         NOTE: not fixed in testing at time of DSA
+ [06 Jan 2005] DSA-627-1 namazu2 - unsanitised input
+         {CAN-2004-1318}
+         - namazu2 2.0.14-1
+         NOTE: not fixed in testing at time of DSA
+ [06 Jan 2005] DSA-626-1 tiff - unsanitised input
+         {CAN-2004-1183}
+         - libtiff4 3.6.1-5
+         NOTE: not fixed in testing at time of DSA
+ [05 Jan 2005] DSA-625-1 pcal - buffer overflows
+         {CAN-2004-1289}
+         - pcal 4.8.0-1
+         NOTE: not fixed in testing at time of DSA
+ [05 Jan 2005] DSA-624-1 zip - buffer overflow
+         {CAN-2004-1010}
+         - zip 2.30-8
+         NOTE: fixed in testing at time of DSA
+ [04 Jan 2005] DSA-623-1 nasm - buffer overflow
+         {CAN-2004-1287}
+         - nasm 0.98.38-1.1
+ [03 Jan 2005] DSA-622-1 htmlheadline - insecure temporary files
+         {CAN-2004-1181}
+         NOTE: not in unstable
+ [31 Dec 2004] DSA-621-1 cupsys - buffer overflow
+         {CAN-2004-1125}
+         - cupsys 1.1.22-2
+ [30 Dec 2004] DSA-620-1 perl - insecure temporary files / directories
+         {CAN-2004-0452 CAN-2004-0976}
+         - perl 5.8.4-5
+ [30 Dev 2004] DSA-619-1 xpdf - buffer overflow
+         {CAN-2004-1125}
+         - xpdf 3.00-11
+ [24 Dec 2004] DSA-618-1 imlib - buffer overflows, integer overflows
+         {CAN-2004-1025 CAN-2004-1026}
+         - imlib 1.9.14-17.1
+         - imlib-png2 1.9.14-16.1
+ [24 Dec 2004] DSA-617-1 libtiff - insufficient input validation
+         {CAN-2004-1308}
+         - libtiff4 3.6.1-4
+ [23 Dec 2004] DSA-616-1 telnetd-ssl - format string
+         {CAN-2004-0998}
+         - telnetd-ssl 0.17.24+0.1-6
+ [22 Dec 2004] DSA-615-1 debmake - insecure temporary file
+         {CAN-2004-1179}
+         - debmake 3.7.7
+ [21 Dec 2004] DSA-614-1 xzgv - integer overflows
+         {CAN-2004-0994}
+         - xzgv 0.8-3
+ [21 Dec 2004] DSA-613-1 ethereal - inifinite loop
+         {CAN-2004-114}
+         - ethereal 0.10.8-1
+ [21 Dec 2004] DSA-614-1 xzgv - integer overflows
+         {CAN-2004-0994}
+         - xzgv 0.8-3
+ [20 Dec 2004] DSA-612-1 a2ps - unsanitised input
+         {CAN-2004-1170}
+         - a2ps 4.13b-4.2
+ [20 Dec 2004] DSA-611-1 htget - buffer overflow
+         {CAN-2004-0852}
+         NOTE: htget not in sarge or unstable
+ [17 Dec 2004] DSA-610-1 cscope - insecure temporary file
+         {CAN-2004-0996}
+         - cscope 15.5-1
+ [14 Dec 2004] DSA-609-1 atari800 - buffer overflows
+         {CAN-2004-1076}
+         - atari800 1.3.2-1
+ [14 Dec 2004] DSA-608-1 zgv - integer overflows, unsanitised input
+         {CAN-2004-1095 CAN-2004-0999}
+         - zgv 5.7-1.3
+         NOTE: changelog says he only patched 1095, but diff comparison
+         NOTE: shows 0999 was also fixed.
+ [10 Dec 2004] DSA-607-1 xfree86 - several
+         {CAN-2004-0914}
+         - xfree86 4.3.0.dfsg.1-9
+ [08 Dec 2004] DSA-606-1 nfs-utils - wrong signal handler
+         {CAN-2004-1014}
+         - nfs-utils 1:1.0.6-3.1
+ [06 Dec 2004] DSA-605-1 viewcvs - settings not honored
+         {CAN-2004-0915}
+         - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2
+ [03 Dec 2004] DSA-604-1 hpsockd - missing input sanitising
+         {CAN-2004-0993}
+         - hpsockd 0.14
+ [01 Dec 2004] DSA-603-1 openssl - insecure temporary file
+         {CAN-2004-0975}
+         - openssl 0.9.7e-3
+ [29 Nov 2004] DSA-602-1 libgd2 - integer overlow
+         {CAN-2004-0941 CAN-2004-0990}
+         NOTE: different from fixes from earlier DSA for these CANs; 2004-0941 new
+         - libgd2 2.0.33-1.1
+ [29 Nov 2004] DSA-601-1 libgd1 - integer overflow
+         {CAN-2004-0941 CAN-2004-0990}
+         NOTE: different from fixes from earlier DSA for these CANs; 2004-0941 new
+         - libgd 1.8.4-36.1
+ [25 Nov 2004] DSA-599-1 tetex-bin - integer overflows
+         {CAN-2004-0888}
+         - tetex-bin 2.0.2-23
+ [25 Nov 2004] DSA-598-1 yardradius - buffer overflow
+         {CAN-2004-0987}
+         - yardradius 1.0.20-15
+ [25 Nov 2004] DSA-597-1 cyrus-imapd - buffer overflow
+         {CAN-2004-1012 CAN-2004-1013}
+         - cyrus21-imapd 2.1.17-1
+ [24 Nov 2004] DSA-596-2 sudo - missing input sanitising
+         {CAN-2004-1051}
+         - sudo 1.6.8p3-1
+ [24 Nov 2004] DSA-596-1 sudo - missing input sanitising
+         {CAN-2004-1051}
+         - sudo 1.6.8p3-1
+ [24 Nov 2004] DSA-595-1 bnc - buffer overflow
+         {CAN-2004-1052}
+         NOTE: package not in sarge or sid
+ [17 Nov 2004] DSA-594-1 apache - buffer overflows
+         {CAN-2004-0940}
+         - apache 1.3.33-2
+ [16 Nov 2004] DSA-593-1 imagemagick - buffer overflow
+         {CAN-2004-0981}
+         - imagemagick 6:6.0.6.2-1.5
+ [12 Nov 2004] DSA-592-1 ez-ipupdate - format string
+         {CAN-2004-0980}
+         - ez-ipupdate 3.0.11b8-8
+ [09 Nov 2004] DSA-591-1 libgd2 - integer overflows
+         {CAN-2004-0990}
+         - libgd2 2.0.30-1
+ [09 Nov 2004] DSA-590-1 gnats - format string vulnerability
+         {CAN-2004-0623}
+         NOTE: DSA got version of fix for unstable wrong
+         - gnats 4.0-6.1
+ [09 Nov 2004] DSA-589-1 libgd - integer overflows
+         {CAN-2004-0990}
+         - libgd1 1.8.4-36.1
+ [08 Nov 2004] DSA-588-1 gzip - insecure temporary files
+         {CAN-2004-0970}
+         NOTE: dsa says sid not affected
+ [08 Nov 2004] DSA-587-1 freeamp - buffer overflow
+         {CAN-2004-0964}
+         NOTE: DSA says zinf not vulnerable in sarge
+ [08 Nov 2004] DSA-586-1 ruby - infinite loop
+         {CAN-2004-0983}
+         - ruby1.6 1.6.8-12
+         - ruby1.8 1.8.1+1.8.2pre2-4
  [05 Nov 2004] DSA-585-1 shadow - programming error
          {CAN-2004-1001}
          - shadow 1:4.0.3-30.3
-Line 6
+Line 901
          - dhcp 2.0pl5-19.1
  [03 Nov 2004] DSA-583-1 lvm10 - insecure temporary directory
          {CAN-2004-0972}
-         TODO: I thought this didn't really matter because the script
-         TODO: was not included in the binary package. Check or fix.
  [02 Nov 2004] DSA-582-1 libxml - buffer overflow
          {CAN-2004-0989}
          - libxml 1.8.17-9
-Line 40
+Line 933
          {CAN-2004-0888}
          - cupsys 1.1.20final+rc1-10
          {CAN-2004-0889}
-         - xpdf 3.00-9
+         - xpdf 3.00-10
-         - kpdf (unfixed; bug #278173)
+         NOTE: kpdf and kfax are fixed in sarge, bug #278173 and #280373 for reference
+         - kpdf 4:3.3.1-1
          - gpdf 2.8.0-1
+         - kfax 4:3.3.1-1
  [21 Oct 2004] DSA-572-1 ecartis - multiple
          {CAN-2004-0913}
          - ecartis 1.0.0+cvs.20030911-8
-Line 57
+Line 952
          - netkit-telnet-ssl 0.17.24+0.1-4
  [16 Oct 2004] DSA-568-1 cyrus-sasl-mit - unsanitised input
          {CAN-2004-0884}
-         NOTE removed from testing
+         NOTE: removed from testing
-         NOTE maintainer reports hole not in cyrus-sasl2-mit
+         NOTE: maintainer reports hole not in cyrus-sasl2-mit
  [15 Oct 2004] DSA-567-1 tiff - heap overflows
          {CAN-2004-0803 CAN-2004-0804 CAN-2004-0886}
          - tiff 3.6.1-2
-Line 125
+Line 1020
  [16 Sep 2004] DSA-548-1 imlib - unsanitised input
          {CAN-2004-0817}
          - imlib 1.9.14-17
-         - imlib+png2 1.9.14-16
+         - imlib+png2 1.9.14-16.2
  [16 Sep 2004] DSA-547-1 imagemagic - buffer overflows
          {CAN-2004-0827}
          - imagemagic 6.0.6.2-1
-Line 159
+Line 1054
          - kdelibs 4:3.2.3-3.sarge.1
  [17 Aug 2004] DSA-538 rsync - unauthorised directory traversal and file access
          - rsync 2.6.2-3
- [16 Aug 2004] DSA-537 ruby -- insecure file permissions
+ [16 Aug 2004] DSA-537 ruby - insecure file permissions
          {CAN-2004-0755}
          - ruby1.8 1.8.1+1.8.2pre1-4
-         HELP: is ruby1.6 vulnerable?
+         TODO: is ruby1.6 vulnerable?
  [04 Aug 2004] DSA-536 libpng - several vulnerabilities
          {CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-0768}
          - libpng 1.0.15-6
-Line 223
+Line 1118
          {CAN-2004-0411}
          - kdelibs 3.2.3
  [10 Jun 2004] DSA-517 cvs - buffer overflow
-         {CAN-2004-0414]
+         {CAN-2004-0414}
          - cvs 1.12.9-1
  [07 Jun 2004] DSA-516 postgresql - buffer overflow
          {CAN-2004-0547}
-Line 232
+Line 1127
          {CAN-2004-0234 CAN-2004-0235}
          ! lha 1.14i-8
          NOTE: If 1.14i-8 cannot get into testing, the fix for 1.14i-2.0.1
-         from the DSA could to updated via t-p-u.
+         NOTE: from the DSA could to updated via t-p-u.
  [04 Jun 2004] DSA-514 kernel-image-sparc-2.2 - failing function and TLB flush
          {CAN-2004-0077}
          - kernel-image-sparc-2.2 9.1
-Line 244
+Line 1139
          {CAN-2004-0522}
          - gallery 1.4.3-pl2-1
  [30 May 2004] DSA-511 ethereal - buffer overflows
-         {CAN-2004-0176
+         {CAN-2004-0176}
          - ethereal 0.10.3-1
  [29 May 2004] DSA-510 jftpgw - format string
          {CAN-2004-0448}
-Line 333
+Line 1228
          {CAN-2004-0381}
          - mysql-dfsg 4.0.18-4
          {CAN-2004-0388}
-         ! mysql-dfsg 4.0.18-6
+         - mysql-dfsg 4.0.18-6
  [14 Apr 2004] DSA-482 linux-kernel-2.4.17-apus+s390 - several vulnerabilities
          {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
          NOTE: 2.4.17 not present. Did not check newer kernels.
-Line 391
+Line 1286
          NOTE: CAN-2004-0081 only affects 0.9.6.
          NOTE: 0.9.7d also fixes CAN-2004-0112
          - openssl 0.9.6l
+         - openssl096 0.9.6m-1
  [16 Mar 2004] DSA-464 gdk-pixbuf - broken image handling
          {CAN-2004-0111}
          - gdk-pixbuf 0.22.0-3
-Line 413
+Line 1309
          {CAN-2004-0150}
          NOTE: not affected according to DSA
  [08 Mar 2004] DSA-457 wu-ftpd - several vulnerabilities
-         CAN-2004-0148 CAN-2004-0185}
+         {CAN-2004-0148 CAN-2004-0185}
          - wu-ftpd 2.6.2-17.1
  [06 Mar 2004] DSA-456 linux-kernel-2.2.19-arm - failing function and TLB flush
          {CAN-2004-0077}
-Line 448
+Line 1344
          ! hsftp 1.15-1
  [21 Feb 2004] DSA-446 synaesthesia - insecure file creation
          {CAN-2004-0160}
-         DSA notes not setuid anymore so ok
+         NOTE: DSA notes not setuid anymore so ok
  [21 Feb 2004] DSA-445 lbreakout2 - buffer overflow
          {CAN-2004-0158}
          - lbreakout2 2.4
-Line 519
+Line 1415
          - netpbm-free 2:9.25-9
  [16 Jan 2004] DSA-425 tcpdump - multiple vulnerabilities
          {CAN-2003-1029 CAN-2003-0989 CAN-2004-0055 CAN-2004-0057}
-         HELP: No idea if this is fixed, we have a new upstream version
+         TODO: No idea if this is fixed, we have a new upstream version
-         HELP: that came out after these advisories, but neither the debian nor
+         TODO: that came out after these advisories, but neither the debian nor
-         HELP: the upstream changelog seem to mention them.
+         TODO: the upstream changelog seem to mention them.
-         NOTE: Mailed maintainr.
+         NOTE: Mailed maintainer.
  [16 Jan 2004] DSA-424 mc - buffer overflow
          {CAN-2003-1023}
          - mc 1:4.6.0-4.6.1-pre1-1
-Line 547
+Line 1443
          {CAN-2003-0961 CAN-2003-0985}
          NOTE: 2.4.18 not present. Did not check newer kernels.
  [06 Jan 2004] DSA-416 fsp - buffer overflow, directory traversal
-         {CAN-2003-1022, CAN-2004-0011}
+         {CAN-2003-1022 CAN-2004-0011}
          - fsp 2.81.b18-1
  [06 Jan 2004] DSA-415 zebra - denial of service
          {CAN-2003-0795 CAN-2003-0858}
-Line 574
+Line 1470
          {CAN-2003-0972}
          - screen 4.0.2-0.1
  [05 Jan 2004] DSA-407 ethereal - buffer overflows
-         {CAN-2003-0925 CAN-2003-0926 CAN-2003-0927 CAN-2003-1012 CAN-2003-1013
+         {CAN-2003-0925 CAN-2003-0926 CAN-2003-0927 CAN-2003-1012 CAN-2003-1013}
          - ethereal 0.10.0-1
  [05 Jan 2004] DSA-406 lftp - buffer overflow
          - lftp 2.6.10-1
-Line 611
+Line 1507
  [15 Oct 2003] DSA-395 tomcat4 - incorrect input handling
          {CAN-2003-0866}
          ! tomcat4 4.1.24-2
-         NOTE another RC (unreproducible?) bug and missing deps (#263201)
+         NOTE: another RC (unreproducible?) bug and missing deps (#263201)
-         NOTE are keeping the fix out of testing
+         NOTE: are keeping the fix out of testing
  [11 Oct 2003] DSA-394 openssl095 - ASN.1 parsing vulnerability
          {CAN-2003-0543 CAN-2003-0544 CAN-2003-0545}
          - openssl 0.9.7c
-Line 629
+Line 1525
          - freesweep 0.88-4.1
  [26 Sep 2003] DSA-390 marbles - buffer overflow
          {CAN-2003-0830}
-         NOTE not present in sid, sarge
+         NOTE: not present in sid, sarge
  [20 Sep 2003] DSA-389 ipmasq - insecure packet filtering rules
          {CAN-2003-0785}
          - ipmasq 3.5.12
-Line 652
+Line 1548
          {CAN-2003-0693}
          {CAN-2003-0695}
          {CAN-2003-0682}
-         HELP: Screwy changelog does not make sense. Filed bug.
+         TODO: Screwy changelog does not make sense. Filed bug.
  [16 Sep 2003] DSA-382 ssh - possible remote vulnerability
          {CAN-2003-0693}
          - openssh 1:3.6.1p2-6.0
-Line 716
+Line 1612
          - eroaster 2.2.0-0.5-1
  [05 Aug 2003] DSA-365 phpgroupware - several vulnerabilities
          {CAN-2003-0504 CAN-2003-0599 CAN-2003-0657}
-         - phpgroupware 0.9.14.007-1)
+         - phpgroupware 0.9.14.007-1
  [04 Aug 2003] DSA-364 man-db - buffer overflows, arbitrary command execution
          {CAN-2003-0620 CAN-2003-0645}
          - man-db 2.4.1-13
-Line 741
+Line 1637
          {CAN-2003-0461 CAN-2003-0462 CAN-2003-0476 CAN-2003-0501 CAN-2003-0550 CAN-2003-0551 CAN-2003-0552 CAN-2003-0018 CAN-2003-0619 CAN-2003-0643}
          NOTE: 2.4.18/2.4.20 not in unstable/testing. Did not check newer ones.
  [31 Jul 2003] DSA-357 wu-ftpd - remote root exploit
+         {CAN-2003-0466}
          - wu-ftpd 2.6.2-12
  [30 Jul 2003] DSA-356 xtokkaetama - buffer overflows
          {CAN-2003-0611}
-Line 873
+Line 1770
          NOTE: DSA contains some strange non-nethack version numbers
  [11 Jun 2003] DSA-315 gnocatan - buffer overflows, denial of service
          {CAN-2003-0433}
-         HELP: no mention of any security fixes in debian changelog,
+         TODO: no mention of any security fixes in debian changelog,
-         HELP: upstream changelog. Mailed maintainer.
+         TODO: upstream changelog. Mailed maintainer.
  [11 Jun 2003] DSA-314 atftp - buffer overflow
          {CAN-2003-0380}
          - atftp 0.6.2
-Line 912
+Line 1809
          {CAN-2003-0073}
          - mysql-dfsg 4.0.12-2
          {CAN-2003-0150}
-         HELP: not sure if this is fixed
+         TODO: not sure if this is fixed
  [07 May 2003] DSA-302 fuzz - privilege escalation
          {CAN-2003-0261}
          - fuzz 0.6-7.1
-Line 1164
+Line 2061
  [09 Jan 2003] DSA-225 tomcat4 - source disclosure
          {CAN-2002-1394}
          ! tomcat4 4.1.16-1
-         NOTE another RC (unreproducible?) bug and missing deps (#263201)
+         NOTE: another RC (unreproducible?) bug and missing deps (#263201)
-         NOTE are keeping the fix out of testing
+         NOTE: are keeping the fix out of testing
-         NOTE this is the second unfixed security hole in tomcat4 in testing..
+         NOTE: this is the second unfixed security hole in tomcat4 in testing..
  [08 Jan 2003] DSA-224 canna - buffer overflow and more
          {CAN-2002-1158 CAN-2002-1159}
          - canna 3.6p1-1
-Line 1285
+Line 2182
          - apache 1.3.27-0.1
          {CAN-2001-0131 CAN-2002-1233}
          - apache 1.3.27-1
-         HELP: note sure about this
+         TODO: note sure about this
          NOTE: I have mailed maintainers
          {NO-CAN Several buffer overflows in ApacheBench}
-         HELP: I don't know about this
+         TODO: I don't know about this
          NOTE: I have mailed maintainers
  [04 Nov 2002] DSA-187 apache - several vulnerabilities
          {CAN-2002-0839 CAN-2002-0840 CAN-2002-0843}
          - apache 1.3.27-0.1
          {CAN-2001-0131 CAN-2002-1233}
          - apache 1.3.27-1
-         HELP: note sure about this
+         TODO: note sure about this
          NOTE: I have mailed maintainers
          {NO-CAN Several buffer overflows in ApacheBench}
-         HELP: I don't know about this
+         TODO: I don't know about this
          NOTE: I have mailed maintainers
  [01 Nov 2002] DSA-186 log2mail - buffer overflow
          {CAN-2002-1251}
-Line 1325
+Line 2222
          {CAN-2002-0838}
          - gnome-gv 1.99.7-9
  [17 Oct 2002] DSA-178 heimdal - remote command execution
-         {CAN-2002-1225, CAN-2002-1226}
+         {CAN-2002-1225 CAN-2002-1226}
          - heimdal 0.4e-21
  [17 Oct 2002] DSA-177 pam - serious security violation
          {CAN-2002-1227}
-Line 1346
+Line 2243
          {CAN-2002-1193}
          NOTE: not in testing nor unstable (was fixed in 4.0beta9-9)
  [07 Oct 2002] DSA-171 fetchmail - buffer overflows
-         {CAN-2002-1175, CAN-2002-1174}
+         {CAN-2002-1175 CAN-2002-1174}
          - fetchmail 6.1.0-1
          NOTE: fetchmail-ssl not in testing, fixed in unstable (fetchmail-ssl 6.1.0-1)
  [04 Oct 2002] DSA-170 tomcat4 - source code disclosure

 Legend:



Removed from v.84
 


changed lines


 
Added in v.1922
 Legend:



Removed from v.84
 


changed lines


 
Added in v.1922
-Removed from v.84
+Added in v.1922

	ViewVC Help
Powered by ViewVC 1.1.5