| 1 |
|
[30 Dec 2004] DSA-620-1 perl - insecure temporary files / directories |
| 2 |
|
{CAN-2004-0452 CAN-2004-0976} |
| 3 |
|
- perl 5.8.4-5 |
| 4 |
|
[30 Dev 2004] DSA-619-1 xpdf - buffer overflow |
| 5 |
|
{CAN-2004-1125} |
| 6 |
|
- xpdf 3.00-11 |
| 7 |
|
[24 Dec 2004] DSA-618-1 imlib - buffer overflows, integer overflows |
| 8 |
|
{CAN-2004-1025 CAN-2004-1026} |
| 9 |
|
- imlib 1.9.14-17.1 |
| 10 |
|
- imlib-png2 1.9.14-16.1 |
| 11 |
|
[24 Dec 2004] DSA-617-1 libtiff - insufficient input validation |
| 12 |
|
{CAN-2004-1308} |
| 13 |
|
- libtiff4 3.6.1-4 |
| 14 |
|
[23 Dec 2004] DSA-616-1 telnetd-ssl - format string |
| 15 |
|
{CAN-2004-0998} |
| 16 |
|
- telnetd-ssl 0.17.24+0.1-6 |
| 17 |
|
[22 Dec 2004] DSA-615-1 debmake - insecure temporary file |
| 18 |
|
{CAN-2004-1179} |
| 19 |
|
- debmake 3.7.7 |
| 20 |
|
[21 Dec 2004] DSA-614-1 xzgv - integer overflows |
| 21 |
|
{CAN-2004-0994} |
| 22 |
|
- xzgv 0.8-3 |
| 23 |
|
[21 Dec 2004] DSA-613-1 ethereal - inifinite loop |
| 24 |
|
{CAN-2004-114} |
| 25 |
|
- ethereal 0.10.8-1 |
| 26 |
|
[21 Dec 2004] DSA-614-1 xzgv - integer overflows |
| 27 |
|
{CAN-2004-0994} |
| 28 |
|
- xzgv 0.8-3 |
| 29 |
|
[20 Dec 2004] DSA-612-1 a2ps - unsanitised input |
| 30 |
|
{CAN-2004-1170} |
| 31 |
|
- a2ps 4.13b-4.2 |
| 32 |
|
[20 Dec 2004] DSA-611-1 htget - buffer overflow |
| 33 |
|
{CAN-2004-0852} |
| 34 |
|
NOTE: htget not in sarge or unstable |
| 35 |
|
[17 Dec 2004] DSA-610-1 cscope - insecure temporary file |
| 36 |
|
{CAN-2004-0996} |
| 37 |
|
- cscope 15.5-1 |
| 38 |
|
[14 Dec 2004] DSA-609-1 atari800 - buffer overflows |
| 39 |
|
{CAN-2004-1076} |
| 40 |
|
- atari800 1.3.2-1 |
| 41 |
|
[14 Dec 2004] DSA-608-1 zgv - integer overflows, unsanitised input |
| 42 |
|
{CAN-2004-1095 CAN-2004-0999} |
| 43 |
|
- zgv (unfixed; no bug or other info yet for reserved CAN-2004-0999) |
| 44 |
|
[10 Dec 2004] DSA-607-1 xfree86 - several |
| 45 |
|
{CAN-2004-0914} |
| 46 |
|
- xfree86 4.3.0.dfsg.1-9 |
| 47 |
|
[08 Dec 2004] DSA-606-1 nfs-utils - wrong signal handler |
| 48 |
|
{CAN-2004-1014} |
| 49 |
|
- nfs-utils (unfixed; bug #284971) |
| 50 |
|
[06 Dec 2004] DSA-605-1 viewcvs - settings not honored |
| 51 |
|
{CAN-2004-0915} |
| 52 |
|
- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2 |
| 53 |
|
[03 Dec 2004] DSA-604-1 hpsockd - missing input sanitising |
| 54 |
|
{CAN-2004-0993} |
| 55 |
|
- hpsockd 0.14 |
| 56 |
|
[01 Dec 2004] DSA-603-1 openssl - insecure temporary file |
| 57 |
|
{CAN-2004-0975} |
| 58 |
|
- openssl 0.9.7e-1 |
| 59 |
|
[29 Nov 2004] DSA-602-1 libgd2 - integer overlow |
| 60 |
|
{CAN-2004-0941 CAN-2004-0990} |
| 61 |
|
NOTE: different from fixes from earlier DSA for these CANs; 2004-0941 new |
| 62 |
|
- libgd2 2.0.33-1.1 |
| 63 |
|
[29 Nov 2004] DSA-601-1 libgd1 - integer overflow |
| 64 |
|
{CAN-2004-0941 CAN-2004-0990} |
| 65 |
|
NOTE: different from fixes from earlier DSA for these CANs; 2004-0941 new |
| 66 |
|
- libgd 1.8.4-36.1 |
| 67 |
|
[25 Nov 2004] DSA-599-1 tetex-bin - integer overflows |
| 68 |
|
{CAN-2004-0888} |
| 69 |
|
- tetex-bin 2.0.2-23 |
| 70 |
|
[25 Nov 2004] DSA-598-1 yardradius - buffer overflow |
| 71 |
|
{CAN-2004-0987} |
| 72 |
|
- yardradius 1.0.20-15 |
| 73 |
|
[25 Nov 2004] DSA-597-1 cyrus-imapd - buffer overflow |
| 74 |
|
{CAN-2004-1012 CAN-2004-1013} |
| 75 |
|
- cyrus21-imapd 2.1.17-1 |
| 76 |
|
[24 Nov 2004] DSA-596-2 sudo - missing input sanitising |
| 77 |
|
{CAN-2004-1051} |
| 78 |
|
- sudo 1.6.8p3-1 |
| 79 |
|
[24 Nov 2004] DSA-596-1 sudo - missing input sanitising |
| 80 |
|
{CAN-2004-1051} |
| 81 |
|
- sudo 1.6.8p3-1 |
| 82 |
|
[24 Nov 2004] DSA-595-1 bnc - buffer overflow |
| 83 |
|
{CAN-2004-1052} |
| 84 |
|
NOTE: package not in sarge or sid |
| 85 |
|
[17 Nov 2004] DSA-594-1 apache - buffer overflows |
| 86 |
|
{CAN-2004-0940} |
| 87 |
|
- apache 1.3.33-2 |
| 88 |
|
[16 Nov 2004] DSA-593-1 imagemagick - buffer overflow |
| 89 |
|
{CAN-2004-0981} |
| 90 |
|
- imagemagick 6:6.0.6.2-1.5 |
| 91 |
|
[12 Nov 2004] DSA-592-1 ez-ipupdate - format string |
| 92 |
|
{CAN-2004-0980} |
| 93 |
|
- ez-ipupdate 3.0.11b8-8 |
| 94 |
|
[09 Nov 2004] DSA-591-1 libgd2 - integer overflows |
| 95 |
|
{CAN-2004-0990} |
| 96 |
|
- libgd2 2.0.30-1 |
| 97 |
|
[09 Nov 2004] DSA-590-1 gnats - format string vulnerability |
| 98 |
|
{CAN-2004-0623} |
| 99 |
|
NOTE: DSA got version of fix for unstable wrong |
| 100 |
|
- gnats 4.0-6.1 |
| 101 |
|
[09 Nov 2004] DSA-589-1 libgd - integer overflows |
| 102 |
|
{CAN-2004-0990} |
| 103 |
|
- libgd1 (unfixed; bug #280134) |
| 104 |
|
[08 Nov 2004] DSA-588-1 gzip - insecure temporary files |
| 105 |
|
{CAN-2004-0970} |
| 106 |
|
NOTE: dsa says sid not affected |
| 107 |
|
[08 Nov 2004] DSA-587-1 freeamp - buffer overflow |
| 108 |
|
{CAN-2004-0964} |
| 109 |
|
NOTE: DSA says zinf not vulnerable in sarge |
| 110 |
|
[08 Nov 2004] DSA-586-1 ruby - infinite loop |
| 111 |
|
{CAN-2004-0983} |
| 112 |
|
- ruby1.6 1.6.8-12 |
| 113 |
|
- ruby1.8 1.8.1+1.8.2pre2-4 |
| 114 |
[05 Nov 2004] DSA-585-1 shadow - programming error |
[05 Nov 2004] DSA-585-1 shadow - programming error |
| 115 |
{CAN-2004-1001} |
{CAN-2004-1001} |
| 116 |
- shadow 1:4.0.3-30.3 |
- shadow 1:4.0.3-30.3 |
| 119 |
- dhcp 2.0pl5-19.1 |
- dhcp 2.0pl5-19.1 |
| 120 |
[03 Nov 2004] DSA-583-1 lvm10 - insecure temporary directory |
[03 Nov 2004] DSA-583-1 lvm10 - insecure temporary directory |
| 121 |
{CAN-2004-0972} |
{CAN-2004-0972} |
|
TODO: I thought this didn't really matter because the script |
|
|
TODO: was not included in the binary package. Check or fix. |
|
| 122 |
[02 Nov 2004] DSA-582-1 libxml - buffer overflow |
[02 Nov 2004] DSA-582-1 libxml - buffer overflow |
| 123 |
{CAN-2004-0989} |
{CAN-2004-0989} |
| 124 |
- libxml 1.8.17-9 |
- libxml 1.8.17-9 |
| 151 |
{CAN-2004-0888} |
{CAN-2004-0888} |
| 152 |
- cupsys 1.1.20final+rc1-10 |
- cupsys 1.1.20final+rc1-10 |
| 153 |
{CAN-2004-0889} |
{CAN-2004-0889} |
| 154 |
- xpdf 3.00-9 |
- xpdf 3.00-10 |
| 155 |
- kpdf (unfixed; bug #278173) |
TODO: kpdf and kfax not fixed in sarge, bug #278173 has a backported patch for the kpdf hole |
| 156 |
|
- kpdf 4:3.3.1-1 |
| 157 |
- gpdf 2.8.0-1 |
- gpdf 2.8.0-1 |
| 158 |
|
- kfax 4:3.3.1-1 |
| 159 |
[21 Oct 2004] DSA-572-1 ecartis - multiple |
[21 Oct 2004] DSA-572-1 ecartis - multiple |
| 160 |
{CAN-2004-0913} |
{CAN-2004-0913} |
| 161 |
- ecartis 1.0.0+cvs.20030911-8 |
- ecartis 1.0.0+cvs.20030911-8 |
| 238 |
[16 Sep 2004] DSA-548-1 imlib - unsanitised input |
[16 Sep 2004] DSA-548-1 imlib - unsanitised input |
| 239 |
{CAN-2004-0817} |
{CAN-2004-0817} |
| 240 |
- imlib 1.9.14-17 |
- imlib 1.9.14-17 |
| 241 |
- imlib+png2 1.9.14-16 |
NOTE: changelog claims it was fixed, but it apparently was not |
| 242 |
|
- imlib+png2 (unfixed; bug #285025) |
| 243 |
[16 Sep 2004] DSA-547-1 imagemagic - buffer overflows |
[16 Sep 2004] DSA-547-1 imagemagic - buffer overflows |
| 244 |
{CAN-2004-0827} |
{CAN-2004-0827} |
| 245 |
- imagemagic 6.0.6.2-1 |
- imagemagic 6.0.6.2-1 |
| 273 |
- kdelibs 4:3.2.3-3.sarge.1 |
- kdelibs 4:3.2.3-3.sarge.1 |
| 274 |
[17 Aug 2004] DSA-538 rsync - unauthorised directory traversal and file access |
[17 Aug 2004] DSA-538 rsync - unauthorised directory traversal and file access |
| 275 |
- rsync 2.6.2-3 |
- rsync 2.6.2-3 |
| 276 |
[16 Aug 2004] DSA-537 ruby -- insecure file permissions |
[16 Aug 2004] DSA-537 ruby - insecure file permissions |
| 277 |
{CAN-2004-0755} |
{CAN-2004-0755} |
| 278 |
- ruby1.8 1.8.1+1.8.2pre1-4 |
- ruby1.8 1.8.1+1.8.2pre1-4 |
| 279 |
HELP: is ruby1.6 vulnerable? |
HELP: is ruby1.6 vulnerable? |
| 505 |
NOTE: CAN-2004-0081 only affects 0.9.6. |
NOTE: CAN-2004-0081 only affects 0.9.6. |
| 506 |
NOTE: 0.9.7d also fixes CAN-2004-0112 |
NOTE: 0.9.7d also fixes CAN-2004-0112 |
| 507 |
- openssl 0.9.6l |
- openssl 0.9.6l |
| 508 |
|
- openssl096 0.9.6m-1 |
| 509 |
[16 Mar 2004] DSA-464 gdk-pixbuf - broken image handling |
[16 Mar 2004] DSA-464 gdk-pixbuf - broken image handling |
| 510 |
{CAN-2004-0111} |
{CAN-2004-0111} |
| 511 |
- gdk-pixbuf 0.22.0-3 |
- gdk-pixbuf 0.22.0-3 |
| 528 |
{CAN-2004-0150} |
{CAN-2004-0150} |
| 529 |
NOTE: not affected according to DSA |
NOTE: not affected according to DSA |
| 530 |
[08 Mar 2004] DSA-457 wu-ftpd - several vulnerabilities |
[08 Mar 2004] DSA-457 wu-ftpd - several vulnerabilities |
| 531 |
CAN-2004-0148 CAN-2004-0185} |
{CAN-2004-0148 CAN-2004-0185} |
| 532 |
- wu-ftpd 2.6.2-17.1 |
- wu-ftpd 2.6.2-17.1 |
| 533 |
[06 Mar 2004] DSA-456 linux-kernel-2.2.19-arm - failing function and TLB flush |
[06 Mar 2004] DSA-456 linux-kernel-2.2.19-arm - failing function and TLB flush |
| 534 |
{CAN-2004-0077} |
{CAN-2004-0077} |
| 637 |
HELP: No idea if this is fixed, we have a new upstream version |
HELP: No idea if this is fixed, we have a new upstream version |
| 638 |
HELP: that came out after these advisories, but neither the debian nor |
HELP: that came out after these advisories, but neither the debian nor |
| 639 |
HELP: the upstream changelog seem to mention them. |
HELP: the upstream changelog seem to mention them. |
| 640 |
NOTE: Mailed maintainr. |
NOTE: Mailed maintainer. |
| 641 |
[16 Jan 2004] DSA-424 mc - buffer overflow |
[16 Jan 2004] DSA-424 mc - buffer overflow |
| 642 |
{CAN-2003-1023} |
{CAN-2003-1023} |
| 643 |
- mc 1:4.6.0-4.6.1-pre1-1 |
- mc 1:4.6.0-4.6.1-pre1-1 |
| 662 |
{CAN-2003-0961 CAN-2003-0985} |
{CAN-2003-0961 CAN-2003-0985} |
| 663 |
NOTE: 2.4.18 not present. Did not check newer kernels. |
NOTE: 2.4.18 not present. Did not check newer kernels. |
| 664 |
[06 Jan 2004] DSA-416 fsp - buffer overflow, directory traversal |
[06 Jan 2004] DSA-416 fsp - buffer overflow, directory traversal |
| 665 |
{CAN-2003-1022, CAN-2004-0011} |
{CAN-2003-1022 CAN-2004-0011} |
| 666 |
- fsp 2.81.b18-1 |
- fsp 2.81.b18-1 |
| 667 |
[06 Jan 2004] DSA-415 zebra - denial of service |
[06 Jan 2004] DSA-415 zebra - denial of service |
| 668 |
{CAN-2003-0795 CAN-2003-0858} |
{CAN-2003-0795 CAN-2003-0858} |
| 856 |
{CAN-2003-0461 CAN-2003-0462 CAN-2003-0476 CAN-2003-0501 CAN-2003-0550 CAN-2003-0551 CAN-2003-0552 CAN-2003-0018 CAN-2003-0619 CAN-2003-0643} |
{CAN-2003-0461 CAN-2003-0462 CAN-2003-0476 CAN-2003-0501 CAN-2003-0550 CAN-2003-0551 CAN-2003-0552 CAN-2003-0018 CAN-2003-0619 CAN-2003-0643} |
| 857 |
NOTE: 2.4.18/2.4.20 not in unstable/testing. Did not check newer ones. |
NOTE: 2.4.18/2.4.20 not in unstable/testing. Did not check newer ones. |
| 858 |
[31 Jul 2003] DSA-357 wu-ftpd - remote root exploit |
[31 Jul 2003] DSA-357 wu-ftpd - remote root exploit |
| 859 |
|
{CAN-2003-0466} |
| 860 |
- wu-ftpd 2.6.2-12 |
- wu-ftpd 2.6.2-12 |
| 861 |
[30 Jul 2003] DSA-356 xtokkaetama - buffer overflows |
[30 Jul 2003] DSA-356 xtokkaetama - buffer overflows |
| 862 |
{CAN-2003-0611} |
{CAN-2003-0611} |
| 1441 |
{CAN-2002-0838} |
{CAN-2002-0838} |
| 1442 |
- gnome-gv 1.99.7-9 |
- gnome-gv 1.99.7-9 |
| 1443 |
[17 Oct 2002] DSA-178 heimdal - remote command execution |
[17 Oct 2002] DSA-178 heimdal - remote command execution |
| 1444 |
{CAN-2002-1225, CAN-2002-1226} |
{CAN-2002-1225 CAN-2002-1226} |
| 1445 |
- heimdal 0.4e-21 |
- heimdal 0.4e-21 |
| 1446 |
[17 Oct 2002] DSA-177 pam - serious security violation |
[17 Oct 2002] DSA-177 pam - serious security violation |
| 1447 |
{CAN-2002-1227} |
{CAN-2002-1227} |
| 1462 |
{CAN-2002-1193} |
{CAN-2002-1193} |
| 1463 |
NOTE: not in testing nor unstable (was fixed in 4.0beta9-9) |
NOTE: not in testing nor unstable (was fixed in 4.0beta9-9) |
| 1464 |
[07 Oct 2002] DSA-171 fetchmail - buffer overflows |
[07 Oct 2002] DSA-171 fetchmail - buffer overflows |
| 1465 |
{CAN-2002-1175, CAN-2002-1174} |
{CAN-2002-1175 CAN-2002-1174} |
| 1466 |
- fetchmail 6.1.0-1 |
- fetchmail 6.1.0-1 |
| 1467 |
NOTE: fetchmail-ssl not in testing, fixed in unstable (fetchmail-ssl 6.1.0-1) |
NOTE: fetchmail-ssl not in testing, fixed in unstable (fetchmail-ssl 6.1.0-1) |
| 1468 |
[04 Oct 2002] DSA-170 tomcat4 - source code disclosure |
[04 Oct 2002] DSA-170 tomcat4 - source code disclosure |
Parent Directory
| 
Revision Log
| 
Patch