/[secure-testing]/data/DSA/list
ViewVC logotype

Contents of /data/DSA/list

Parent Directory Parent Directory | Revision Log Revision Log

Revision 8000 - (show annotations) (download)
Mon Jan 21 18:26:50 2008 UTC (5 years, 4 months ago) by nion
File size: 203050 byte(s) 
adding DSA-1471-1 (libvorbis)
1 [21 Jan 2008] DSA-1471-1 libvorbis - several vulnerabilities
2 {CVE-2007-3106 CVE-2007-4029 CVE-2007-4066}
3 [etch] - libvorbis 1.1.2.dfsg-1.3
4 [sarge] - 1.1.0-2
5 [20 Jan 2008] DSA-1469-1 flac
6 {CVE-2007-4619 CVE-2007-6277}
7 [etch] - flac 1.1.2-8
8 [sarge] - flac 1.1.1-5sarge1
9 [20 Jan 2008] DSA-1468-1 tomcat5.5
10 {CVE-2008-0128 CVE-2007-2450}
11 [etch] - tomcat5.5 5.5.20-2etch2
12 [19 Jan 2008] DSA-1467-1 mantis - several vulnerabilities
13 {CVE-2006-6574 CVE-2007-6611}
14 [sarge] - mantis 0.19.2-5sarge5
15 [19 Jan 2008] DSA-1466-2 libxfont xfree86 xorg-server - several vulnerabilities
16 {CVE-2007-5760 CVE-2007-5958 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006}
17 [sarge] - xfree86 4.3.0.dfsg.1-14sarge6
18 [etch] - xorg-server 2:1.1.1-21etch3
19 [etch] - libxfont 1:1.2.2-2.etch1
20 [17 Jan 2008] DSA-1465-2 apt-listchanges - arbitrary code execution
21 {CVE-2008-0302}
22 [etch] - apt-listchanges 2.72.5etch2
23 [15 Jan 2008] DSA-1464-1 syslog-ng - denial of service
24 {CVE-2007-6437}
25 [etch] - syslog-ng 2.0.0-1etch1
26 [14 Jan 2008] DSA-1463-1 postgresql-7.4 - several
27 {CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601}
28 [etch] - postgresql-7.4 7.4.19-0etch1
29 [sarge] - postgresql 7.4.7-6sarge6
30 [13 Jan 2008] DSA-1462-1 hplip - missing input sanitising
31 {CVE-2007-5208}
32 [etch] - hplip 1.6.10-3etch1
33 [13 Jan 2008] DSA-1461-1 libxml2 - denial of service
34 {CVE-2007-6284}
35 [etch] - libxml2 2.6.27.dfsg-2
36 [sarge] - libxml2 2.6.16-7sarge1
37 [13 Jan 2008] DSA-1460-1 postgresql-8.1 - several
38 {CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601}
39 [etch] - postgresql-8.1 8.1.11-0etch1
40 [13 Jan 2008] DSA-1459-1 gforge - SQL injection
41 {CVE-2008-0173}
42 [sarge] - gforge 3.1-31sarge5
43 [etch] - gforge 4.5.14-22etch4
44 [10 Jan 2008] DSA-1458-1 openafs
45 {CVE-2007-6599}
46 [etch] - openafs 1.4.2-6etch1
47 [sarge] - openafs 1.3.81-3sarge3
48 [09 Jan 2008] DSA-1457-1 dovecot
49 {CVE-2007-6598}
50 [etch] - dovecot 1.0.rc15-2etch3
51 [09 Jan 2008] DSA-1456-1 fail2ban
52 {CVE-2007-4321}
53 [etch] - fail2ban 0.7.5-2etch1
54 [08 Jan 2008] DSA-1455-1 libarchive
55 {CVE-2007-3641 CVE-2007-3644 CVE-2007-3645}
56 [etch] - libarchive 1.2.53-2etch1
57 [07 Jan 2008] DSA-1454-1 freetype - arbitrary code execution
58 {CVE-2007-1351}
59 [etch] - freetype 2.2.1-5+etch2
60 [07 Jan 2008] DSA-1453-1 tomcat5 - several vulnerabilities
61 {CVE-2007-3382 CVE-2007-3385 CVE-2007-5461}
62 [etch] - tomcat5 5.0.30-12etch1
63 [06 Jan 2008] DSA-1452-1 wzdftpd denial of service
64 {CVE-2007-5300}
65 [etch] - wzdftpd 0.8.1-2etch1
66 [sarge] - wzdftpd 0.5.2-1.1sarge3
67 [06 Jan 2008] DSA-1451-1 mysql-dfsg-5.0 several vulnerabilities
68 {CVE-2007-3781 CVE-2007-5969 CVE-2007-6304}
69 [etch] - mysql-dfsg-5.0 5.0.32-7etch4
70 [05 Jan 2008] DSA-1450-1 util-linux privilege escalation
71 {CVE-2007-5191}
72 [etch] - util-linux 2.12r-19etch1
73 [sarge] - util-linux 2.12p-4sarge2
74 [05 Jan 2008] DSA-1449-1 loop-aes-utils privilege escalation
75 {CVE-2007-5191}
76 [etch] - loop-aes-utils 2.12r-15+etch1
77 [sarge] - loop-aes-utils 2.12p-4sarge2
78 [05 Jan 2008] DSA-1448-1 eggdrop arbitrary code execution
79 {CVE-2007-2807}
80 [etch] - eggdrop 1.6.18-1etch1
81 [sarge] - eggdrop 1.6.17-3sarge1
82 [03 Jan 2008] DSA-1447-1 tomcat5.5 several vulnerabilities
83 {CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 CVE-2007-5342 CVE-2007-5461}
84 [etch] - tomcat5.5 5.5.20-2etch1
85 [03 Jan 2008] DSA-1446-1 wireshark denial of service
86 {CVE-2007-6450 CVE-2007-6451}
87 [etch] - wireshark 0.99.4-5.etch.2
88 [sarge] - ethereal 0.10.10-2sarge11
89 [03 Jan 2008] DSA-1445-1 maradns denial of service
90 {CVE-2008-0061}
91 [etch] - maradns 1.2.12.04-1etch2
92 [sarge] - maradns 1.0.27-2
93 [03 Jan 2008] DSA-1444-1 php5 several issues
94 {CVE-2007-3799 CVE-2007-3998 CVE-2007-4657 CVE-2007-4658 CVE-2007-4659 CVE-2007-4660 CVE-2007-4662 CVE-2007-5898 CVE-2007-5899}
95 [etch] - php5 5.2.0-8+etch9
96 [03 Jan 2008] DSA-1443-1 tcpreen buffer overflows
97 {CVE-2007-6562}
98 [etch] - tcpreen 1.4.3-0.1etch1
99 [29 Dec 2007] DSA-1442-1 libsndfile
100 {CVE-2007-4974}
101 [etch] - libsndfile 1.0.16-2
102 [28 Dec 2007] DSA-1441-1 peercast
103 {CVE-2007-6454}
104 [etch] - peercast 0.1217.toots.20060314-1etch0
105 [28 Dec 2007] DSA-1440-1 inotify-tools
106 {CVE-2007-5037}
107 [etch] - inotify-tools 3.3-2
108 [28 Dec 2007] DSA-1439-1 typo3-src
109 {CVE-2007-6381}
110 [etch] - typo3-src 4.0.2+debian-4
111 [28 Dec 2007] DSA-1438-1 tar
112 {CVE-2007-4131 CVE-2007-4476}
113 [etch] - tar 1.16-2etch1
114 [sarge] - tar 1.14-2.4
115 [26 Dec 2007] DSA-1437-1 cupsys
116 {CVE-2007-5849 CVE-2007-6358}
117 [etch] - cupsys 1.2.7-4etch2
118 [20 Dec 2007] DSA-1436-1 linux-2.6 fai-kernels user-mode-linux - several vulnerabilities
119 {CVE-2006-6058 CVE-2007-5966 CVE-2007-6063 CVE-2007-6206 CVE-2007-6417}
120 [etch] - linux-2.6 2.6.18.dfsg.1-13etch6
121 [etch] - fai-kernels 1.17+etch.13etch6
122 [etch] - user-mode-linux 2.6.18-1um-2etch.13etch6
123 [19 Dec 2007] DSA-1435-1 clamav
124 {CVE-2007-6335 CVE-2007-6336}
125 [etch] - clamav 0.90.1-3etch8
126 [16 Dec 2007] DSA-1434-1 mydns - denial of service
127 {CVE-2007-2362}
128 [etch] - mydns 1:1.1.0-7etch1
129 [16 Dec 2007] DSA-1433-1 centericq - buffer overflow
130 {CVE-2007-3713}
131 [etch] - centericq 4.21.0-18etch1
132 [sarge] - centericq 4.20.0-1sarge5
133 [16 Dec 2007] DSA-1432-1 link-grammar - buffer overflow
134 {CVE-2007-5395}
135 [etch] - link-grammar 4.2.2-4etch1
136 [11 Dec 2007] DSA-1431-1 ruby-gnome2 - format string
137 {CVE-2007-6183}
138 [etch] - ruby-gnome2 0.15.0-1.1etch1
139 [sarge] - ruby-gnome2 0.12.0-2sarge1
140 [11 Dec 2007] DSA-1430-1 libnss-ldap - information disclosure
141 {CVE-2007-5794}
142 [etch] - libnss-ldap 251-7.5etch1
143 [sarge] - libnss-ldap 238-1sarge1
144 [11 Dec 2007] DSA-1429-1 htdig - cross site scripting
145 {CVE-2007-6110}
146 [etch] - htdig 1:3.2.0b6-3.1etch1
147 [10 Dec 2007] DSA-1428-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
148 {CVE-2007-3104 CVE-2007-4997 CVE-2007-5500 CVE-2007-5904}
149 [etch] - linux-2.6 2.6.18.dfsg.1-13etch5
150 [etch] - fai-kernels 1.17+etch.13etch5
151 [etch] - user-mode-linux 2.6.18-1um-2etch.13etch5
152 [10 Dec 2007] DSA-1427-1 samba - buffer overflow
153 {CVE-2007-6015}
154 [etch] - samba 3.0.24-6etch9
155 [sarge] - samba 3.0.14a-3sarge11
156 [08 Dec 2007] DSA-1426-1 qt-x11-free - several vulnerabilities
157 {CVE-2007-3388 CVE-2007-4137}
158 [sarge] - qt-x11-free 3:3.3.4-3sarge3
159 [etch] - qt-x11-free 3:3.3.7-4etch1
160 [08 Dec 2007] DSA-1425-1 xulrunner - several vulnerabilities
161 {CVE-2007-5947 CVE-2007-5959 CVE-2007-5960}
162 [etch] - xulrunner 1.8.0.14~pre071019c-0etch1
163 [08 Dec 2007] DSA-1424-1 iceweasel - several vulnerabilities
164 {CVE-2007-5947 CVE-2007-5959 CVE-2007-5960}
165 [etch] - iceweasel 2.0.0.10-0etch1
166 [07 Dec 2007] DSA-1423-1 sitebar - several vulnerabilities
167 {CVE-2007-5491 CVE-2007-5492 CVE-2007-5693 CVE-2007-5694 CVE-2007-5695 CVE-2007-5692}
168 [etch] - sitebar 3.3.8-7etch1
169 [sarge] - sitebar 3.2.6-7.1sarge1
170 [07 Dec 2007] DSA-1422-1 e2fsprogs - arbitrary code execution
171 {CVE-2007-5497}
172 [etch] - e2fsprogs 1.39+1.40-WIP-2006.11.14+dfsg-2etch1
173 [06 Dec 2007] DSA-1421-1 wesnoth - directory traversal
174 {CVE-2007-5742}
175 [sarge] - wesnoth 0.9.0-7
176 [etch] - wesnoth 1.2-3
177 [05 Dec 2007] DSA-1420-1 zabbix - programming error
178 {CVE-2007-6210}
179 [etch] - zabbix 1:1.1.4-10etch1
180 [05 Dec 2007] DSA-1419-1 openoffice.org
181 {CVE-2007-4575}
182 [etch] - openoffice.org 2.0.4.dfsg.2-7etch4
183 [etch] - hsqldb 1.8.0.7-1etch1
184 [sarge] - openoffice.org <not-affected> (Vulnerable code not present)
185 [sarge] - hsqldb <not-affected> (Vulnerable code not present)
186 [02 Dec 2007] DSA-1418-1 cacti - SQL injection
187 {CVE-2007-6035}
188 [sarge] - cacti 0.8.6c-7sarge5
189 [etch] - cacti 0.8.6i-3.2
190 [02 Dec 2007] DSA-1417-1 asterisk - SQL injection
191 {CVE-2007-6170}
192 [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge6
193 [etch] - asterisk 1:1.2.13~dfsg-2etch2
194 [22 Nov 2007] DSA-1409-3 samba - several vulnerabilities (update)
195 {CVE-2007-4572 CVE-2007-5398}
196 [etch] - samba 3.0.24-6etch8
197 [sarge] - samba 3.0.14a-3sarge10
198 NOTE: this fixes all regressions introduced by the previous DSAs
199 [27 Nov 2007] DSA-1416-1 tk8.3 - buffer overflow
200 {CVE-2007-5378}
201 [etch] - tk8.3 8.3.5-6etch1
202 [27 Nov 2007] DSA-1415-1 tk8.4 - buffer overflow
203 {CVE-2007-5378}
204 [etch] - tk8.4 8.4.12-1etch1
205 [sarge] - tk8.4 8.4.9-1sarge1
206 [27 Nov 2007] DSA-1414-1 wireshark - several vulnerabilities
207 {CVE-2007-6114 CVE-2007-6117 CVE-2007-6118 CVE-2007-6120 CVE-2007-6121}
208 [etch] - wireshark 0.99.4-5.etch.1
209 [sarge] - ethereal 0.10.10-2sarge10
210 [26 Nov 2007] DSA-1413-1 mysql - multiple
211 {CVE-2007-2583 CVE-2007-2691 CVE-2007-2692 CVE-2007-3780 CVE-2007-3782 CVE-2007-5925}
212 [etch] - mysql-dfsg-5.0 5.0.32-7etch3
213 [sarge] - mysql-dfsg 4.0.24-10sarge3
214 [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge8
215 [24 Nov 2007] DSA-1412-1 ruby1.9 - possible man-in-the-middle attacks
216 {CVE-2007-5162 CVE-2007-5770}
217 [etch] - ruby1.9 1.9.0+20060609-1etch1
218 [24 Nov 2007] DSA-1411-1 libopenssl-ruby - possible man-in-the-middle attacks
219 {CVE-2007-5162 CVE-2007-5770}
220 [sarge] - libopenssl-ruby 0.1.4a-1sarge1
221 NOTE: libopenssl-ruby is not in etch
222 [24 Nov 2007] DSA-1410-1 ruby1.8 - possible man-in-the-middle attacks
223 {CVE-2007-5162 CVE-2007-5770}
224 [etch] - ruby1.8 1.8.5-4etch1
225 [sarge] - ruby1.8 1.8.2-7sarge6
226 [22 Nov 2007] DSA-1409-2 samba - several vulnerabilities
227 {CVE-2007-4572 CVE-2007-5398}
228 [etch] - samba 3.0.24-6etch7
229 [sarge] - samba 3.0.14a-3sarge9
230 NOTE: the previous DSA introduced regressions
231 [22 Nov 2007] DSA-1409-1 samba - several vulnerabilities
232 {CVE-2007-4572 CVE-2007-5398}
233 [etch] - samba 3.0.24-6etch5
234 [sarge] - samba 3.0.14a-3sarge7
235 [21 Nov 2007] DSA-1408-1 kdegraphics - buffer overflow with arbitrary code execution
236 {CVE-2007-5393}
237 [etch] - kdegraphics 4:3.5.5-3etch2
238 [18 Nov 2007] DSA-1407-1 cupsys - buffer overflow with arbitrary code execution
239 {CVE-2007-4351}
240 [etch] - cupsys 1.2.7-4etch1
241 [11 Nov 2007] DSA-1405-2 zope-cmfplone - arbitrary code
242 {CVE-2007-5741}
243 [etch] - zope-cmfplone 2.5.1-4etch2
244 NOTE: the previous DSA introduced a regression
245 [09 Nov 2007] DSA-1406-1 horde3 - several vulnerabilities
246 {CVE-2006-3548 CVE-2006-3549 CVE-2006-4256 CVE-2007-1473 CVE-2007-1474}
247 [sarge] - horde3 3.0.4-4sarge6
248 [etch] - horde3 3.1.3-4etch1
249 [09 Nov 2007] DSA-1405-1 zope-cmfplone - arbitrary code
250 {CVE-2007-5741}
251 [etch] - zope-cmfplone 2.5.1-4etch1
252 [08 Nov 2007] DSA-1404-1 gallery2 - privilege escalation
253 {CVE-2007-4650}
254 [etch] - gallery2 2.1.2-2.0.etch.1
255 [08 Nov 2007] DSA-1403-1 phpmyadmin - cross-site scripting
256 {CVE-2007-5386 CVE-2007-5589}
257 [sarge] - phpmyadmin 4:2.6.2-3sarge6
258 [etch] - phpmyadmin 4:2.9.1.1-6
259 [08 Nov 2007] DSA-1402-1 gforge - insecure temporary files
260 {CVE-2007-3921}
261 [sarge] - gforge 3.1-31sarge4
262 [etch] - gforge 4.5.14-22etch3
263 [06 Nov 2007] DSA-1400-1 perl - arbitrary code execution
264 {CVE-2007-5116}
265 [sarge] - perl 5.8.4-8sarge6
266 [etch] - perl 5.8.8-7etch1
267 [05 Nov 2007] DSA-1401-1 iceape - several vulnerabilities
268 {CVE-2006-2894 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340}
269 [etch] - iceape 1.0.11~pre071022-0etch1
270 [05 Nov 2007] DSA-1399-1 pcre3 - arbitrary code execution
271 {CVE-2007-1659 CVE-2007-1660 CVE-2007-1661 CVE-2007-1662 CVE-2007-4766 CVE-2007-4767 CVE-2007-4768}
272 [sarge] - pcre3 4.5+7.4-1
273 [etch] - pcre3 6.7+7.4-2
274 [05 Nov 2007] DSA-1398-1 perdition - format string vulnerability
275 {CVE-2007-5740}
276 [etch] - perdition 1.17-7etch1
277 [sarge] - perdition 1.15-5sarge1
278 [03 Nov 2007] DSA-1397-1 mono - buffer overflow
279 {CVE-2007-5197}
280 [etch] - mono 1.2.2.1-1etch1
281 [29 Oct 2007] DSA-1388-3 dhcp - buffer overflow
282 {CVE-2007-5365}
283 [etch] - dhcp 2.0pl5-19.5etch2
284 NOTE: DSA-1388-1 was incomplete
285 [27 Oct 2007] DSA-1396-1 iceweasel
286 {CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5335 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340}
287 [etch] - iceweasel 2.0.0.6+2.0.0.8-0etch1
288 [25 Oct 2007] DSA-1395-1 xen-3.0 - insecure temporary files
289 {CVE-2007-3919}
290 [etch] - xen-3.0 3.0.3-0-4
291 [24 Oct 2007] DSA-1389-2 zoph - SQL injection
292 {CVE-2007-3905}
293 [sarge] - zoph 0.3.3-12sarge3
294 [23 Oct 2007] DSA-1394-1 reprepro - authentication bypass
295 {CVE-2007-4739}
296 [etch] - reprepro 1.3.1+1-1
297 [23 Oct 2007] DSA-1393-1 xfce4-terminal - insecure execution
298 {CVE-2007-3770}
299 [etch] - xfce4-terminal 0.2.5.6rc1-2etch1
300 [23 Oct 2007] DSA-1373-2 ktorrent - directory traversal
301 {CVE-2007-1799}
302 [etch] - ktorrent 2.0.3+dfsg1-2.2etch1
303 [20 Oct 2007] DSA-1392-1 xulrunner - several vulnerabilities
304 {CVE-2006-2894 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340}
305 [etch] - xulrunner 1.8.0.14~pre071019b-0etch1
306 [19 Oct 2007] DSA-1391-1 icedove - several vulnerabilities
307 {CVE-2007-3734 CVE-2007-3735 CVE-2007-3844 CVE-2007-3845 CVE-2007-5339 CVE-2007-5340}
308 [etch] - icedove 1.5.0.13+1.5.0.14b.dfsg1-0etch1
309 [18 Oct 2007] DSA-1390-1 t1lib - arbitrary code execution
310 {CVE-2007-4033}
311 [sarge] - t1lib 5.0.2-3sarge1
312 [etch] - t1lib 5.1.0-2etch1
313 [18 Oct 2007] DSA-1389-1 zoph - SQL injection
314 {CVE-2007-3905}
315 [etch] - zoph 0.6-2.1etch1
316 [18 Oct 2007] DSA-1388-1 dhcp
317 {CVE-2007-5365}
318 [etch] - dhcp 2.0pl5-19.5etch1
319 [sarge] - dhcp 2.0pl5-19.1sarge3
320 [15 Oct 2007] DSA-1387-1 librpcsecgss
321 {CVE-2007-4743}
322 [etch] - librpcsecgss 0.14-2etch3
323 [15 Oct 2007] DSA-1386-1 wesnoth
324 {CVE-2007-3917}
325 [etch] - wesnoth 1.2-2
326 [sarge] - wesnoth 0.9.0-6
327 [08 Oct 2007] DSA-1385-1 xfs
328 {CVE-2007-4568 CVE-2007-4990}
329 [etch] - xfs 1.0.1-7
330 [sarge] - xfree86 4.3.0.dfsg.1-14sarge5
331 [05 Oct 2007] DSA-1384-1 xen-3.0
332 {CVE-2007-4993 CVE-2007-1320}
333 [etch] - xen-3.0 3.0.3-0-3
334 [04 Oct 2007] DSA-1383-1 gforge - cross-site scripting
335 {CVE-2007-3918}
336 [sarge] - gforge 3.1-31sarge3
337 [etch] - gforge 4.5.14-22etch2
338 [03 Oct 2007] DSA-1382-1 quagga
339 {CVE-2007-4826}
340 [etch] - quagga 0.99.5-5etch3
341 [sarge] - quagga 0.98.3-7.5
342 [02 Oct 2007] DSA-1381-2 linux-2.6
343 {CVE-2006-5755 CVE-2007-4133 CVE-2007-4573 CVE-2007-5093}
344 [etch] - linux-2.6 2.6.18.dfsg.1-13etch4
345 [02 Oct 2007] DSA-1380-1 elinks - information disclosure
346 {CVE-2007-5034}
347 [etch] - elinks 0.11.1-1.2etch1
348 [02 Oct 2007] DSA-1379-1 openssl - arbitrary code execution
349 {CVE-2007-5135}
350 [sarge] - openssl 0.9.7e-3sarge5
351 [sarge] - openssl096 0.9.6m-1sarge5
352 [etch] - openssl 0.9.8c-4etch1
353 [etch] - openssl097 0.9.7k-3.1etch1
354 [02 Oct 2007] DSA-1365-3 id3lib3.8.3 - denial of service
355 {CVE-2007-4460}
356 [sarge] - id3lib3.8.3 3.8.3-4.1sarge1
357 [etch] - id3lib3.8.3 3.8.3-6etch1
358 [28 Sep 2007] DSA-1378-2 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
359 {CVE-2007-3731 CVE-2007-3739 CVE-2007-3740 CVE-2007-4573 CVE-2007-4849}
360 [etch] - linux-2.6 2.6.18.dfsg.1-13etch3
361 [etch] - fai-kernels 1.17+etch.13etch3
362 [etch] - user-mode-linux 2.6.18-1um-2etch.13etch3
363 [27 Sep 2007] DSA-1378-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
364 {CVE-2007-3731 CVE-2007-3739 CVE-2007-3740 CVE-2007-4573 CVE-2007-4849}
365 [etch] - linux-2.6 2.6.18.dfsg.1-13etch3
366 [etch] - fai-kernels 1.17+etch.13etch3
367 [etch] - user-mode-linux 2.6.18-1um-2etch.13etch3
368 [02 Aug 2007] DSA-1343-2 file
369 {CVE-2007-2799}
370 [etch] - file 4.17-5etch3
371 [21 Sep 2007] DSA-1377-2 fetchmail - null pointer dereference
372 {CVE-2007-4565}
373 [etch] - fetchmail 6.3.6-1etch1
374 [21 Sep 2007] DSA-1376-1 kdebase - programming error
375 {CVE-2007-4569}
376 [etch] - kdebase 4:3.5.5a.dfsg.1-6etch1
377 [19 Sep 2007] DSA-1364-2 vim - several vulnerabilities
378 {CVE-2007-2438 CVE-2007-2953}
379 [etch] - vim 1:7.0-122+1etch3
380 [17 Sep 2007] DSA-1375-1 openoffice.org - buffer overflow
381 {CVE-2007-2834}
382 [etch] - openoffice.org 2.0.4.dfsg.2-7etch2
383 [sarge] - openoffice.org 1.1.3-9sarge8
384 [11 Sep 2007] DSA-1373-1 ktorrent - directory traversal vulnerabilities
385 {CVE-2007-1799}
386 [etch] - ktorrent 2.0.3+dfsg1-2etch1
387 [11 Sep 2007] DSA-1374-1 jffnms - several vulnerabilities
388 {CVE-2007-3189 CVE-2007-3190 CVE-2007-3191 CVE-2007-3192}
389 [etch] - jffnms 0.8.3dfsg.1-2.1etch1
390 [11 Sep 2007] DSA-1371-1 phpwiki - several vulnerabilities
391 {CVE-2007-2024 CVE-2007-2025 CVE-2007-3193}
392 [etch] - phpwiki 1.3.12p3-5etch1
393 [10 Sep 2007] DSA-1370-2 phpmyadmin - several vulnerabilities
394 {CVE-2006-6942 CVE-2006-6944 CVE-2007-1325 CVE-2007-1395 CVE-2007-2245}
395 [sarge] - phpmyadmin 4:2.6.2-3sarge5
396 [etch] - phpmyadmin 4:2.9.1.1-4
397 [09 Sep 2007] DSA-1365-2 id3lib3.8.3 - denial of service
398 {CVE-2007-4460}
399 [etch] - id3lib3.8.3 3.8.3-6etch1
400 [09 Sep 2007] DSA-1372-1 xorg-server - privilege escalation
401 {CVE-2007-4730}
402 [etch] - xorg-server 2:1.1.1-21etch1
403 [10 Sep 2007] DSA-1370-1 phpmyadmin - several vulnerabilities
404 {CVE-2006-6942 CVE-2006-6944 CVE-2007-1325 CVE-2007-1395 CVE-2007-2245}
405 [sarge] - phpmyadmin 4:2.6.2-3sarge5
406 [etch] - phpmyadmin 4:2.9.1.1-4
407 [06 Sep 2007] DSA-1369-1 gforge - SQL injection
408 {CVE-2007-3913}
409 [sarge] - gforge 3.1-31sarge2
410 [etch] - gforge 4.5.14-22etch1
411 [04 Sep 2007] DSA-1368-1 librpcsecgss - arbitrary code execution
412 {CVE-2007-3999}
413 [etch] - librpcsecgss 0.14-2etch1
414 [06 Sep 2007] DSA-1367-1 krb5 - arbitrary code execution
415 {CVE-2007-3999 CVE-2007-4743}
416 [etch] - krb5 1.4.4-7etch4
417 [02 Sep 2007] DSA-1288-2 pptpd - regression
418 {CVE-2007-0244}
419 [etch] - pptpd 1.3.0-2etch2
420 [01 Sep 2007] DSA-1366-1 clamav
421 {CVE-2007-4510 CVE-2007-4560}
422 [etch] - clamav 0.90.1-3etch7
423 [01 Sep 2007] DSA-1365-1 id3lib3.8.3
424 {CVE-2007-4460}
425 [sarge] - id3lib3.8.3 3.8.3-4.1sarge1
426 [etch] - id3lib3.8.3 3.8.3-6etch1
427 [01 Sep 2007] DSA-1364-1 vim
428 {CVE-2007-2438 CVE-2007-2953}
429 [sarge] - vim 1:6.3-071+1sarge2
430 [etch] - vim 1:7.0-122+1etch3
431 [31 Aug 2007] DSA-1363-1 linux-2.6
432 {CVE-2007-2172 CVE-2007-2875 CVE-2007-3105 CVE-2007-3843 CVE-2007-4308}
433 [etch] - linux-2.6 2.6.18.dfsg.1-13etch2
434 [29 Aug 2007] DSA-1362-1 lighttpd - several vulnerabilities
435 {CVE-2007-3946 CVE-2007-3947 CVE-2007-3949 CVE-2007-3950 CVE-2007-4727}
436 [etch] - lighttpd 1.4.13-4etch4
437 [29 Aug 2007] DSA-1361-1 postfix-policyd - arbitrary code execution
438 {CVE-2007-3791}
439 [etch] - postfix-policyd 1.80-2.1etch1
440 [28 Aug 2007] DSA-1360-1 rsync - arbitrary code execution
441 {CVE-2007-4091}
442 [etch] - rsync 2.6.9-2etch1
443 [28 Aug 2007] DSA-1359-1 dovecot - directory traversal
444 {CVE-2007-2231}
445 [etch] - dovecot 1.0.rc15-2etch1
446 [26 Aug 2007] DSA-1358-1 asterisk
447 {CVE-2007-1306 CVE-2007-1561 CVE-2007-2294 CVE-2007-2297 CVE-2007-2488 CVE-2007-3762 CVE-2007-3763 CVE-2007-3764}
448 [etch] - asterisk 1:1.2.13~dfsg-2etch1
449 [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge5
450 [19 Aug 2007] DSA-1357-1 koffice - integer overflow
451 {CVE-2007-3387}
452 [etch] - koffice 1:1.6.1-2etch1
453 [15 Aug 2007] DSA-1356-1 linux-2.6 - several vulnerabilities
454 {CVE-2007-1353 CVE-2007-2172 CVE-2007-2453 CVE-2007-2525 CVE-2007-2876 CVE-2007-3513 CVE-2007-3642 CVE-2007-3848 CVE-2007-3851 CVE-2007-2242 CVE-2006-5753}
455 [etch] - linux-2.6 2.6.18.dfsg.1-13etch1
456 NOTE: The above entry includes fixes pulled in through -13 in 4.0r1
457 [13 Aug 2007] DSA-1355-1 kdegraphics - integer overflow
458 {CVE-2007-3387}
459 [sarge] - kdegraphics 4:3.3.2-2sarge5
460 [etch] - kdegraphics 4:3.5.5-3etch1
461 [13 Aug 2007] DSA-1354-1 gpdf - integer overflow
462 {CVE-2007-3387}
463 [sarge] - gpdf 2.8.2-1.2sarge6
464 [08 Aug 2007] DSA-1353-1 tcpdump - integer overflow
465 {CVE-2007-3798}
466 [sarge] - tcpdump 3.8.3-5sarge3
467 [etch] - tcpdump 3.9.5-2etch1
468 [07 Aug 2007] DSA-1352-1 pdfkit.framework - integer overflow
469 {CVE-2007-3387}
470 [sarge] - pdfkit.framework 0.8-2sarge4
471 [07 Aug 2007] DSA-1351-1 bochs - buffer overflow
472 {CVE-2007-2893}
473 [sarge] - bochs 2.1.1+20041109-3sarge1
474 [etch] - bochs 2.3-2etch1
475 [06 Aug 2007] DSA-1350-1 tetex-bin
476 {CVE-2007-3387}
477 [sarge] - tetex-bin 2.0.2-30sarge5
478 [05 Aug 2007] DSA-1349-1 libextractor - integer overflow
479 {CVE-2007-3387}
480 [sarge] - libextractor 0.4.2-2sarge6
481 [04 Aug 2007] DSA-1348-1 poppler
482 {CVE-2007-3387}
483 [etch] - poppler 0.4.5-5.1etch1
484 [04 Aug 2007] DSA-1347-1 xpdf
485 {CVE-2007-3387}
486 [etch] - xpdf 3.01-9etch1
487 [sarge] - xpdf 3.00-13.7
488 [04 Aug 2007] DSA-1346-1 iceape
489 {CVE-2007-3844 CVE-2007-3845 CVE-2007-4041}
490 [etch] - iceape 1.0.10~pre070720-0etch3
491 [04 Aug 2007] DSA-1345-1 xulrunner
492 {CVE-2007-3844 CVE-2007-3845 CVE-2007-4041}
493 [etch] - xulrunner 1.8.0.13~pre070720-0etch3
494 [03 Aug 2007] DSA-1344-1 iceweasel
495 {CVE-2007-3844 CVE-2007-3845 CVE-2007-4041}
496 [etch] - iceweasel 2.0.0.6-0etch1
497 [02 Aug 2007] DSA-1343-1 file
498 {CVE-2007-2799}
499 [sarge] - file 4.12-1sarge2
500 [etch] - file 4.17-5etch2
501 [30 Jul 2007] DSA-1342-1 xfs
502 {CVE-2007-3103}
503 [etch] - xfs 1:1.0.1-6
504 [25 Jul 2007] DSA-1341-2 bind9 - DNS cache poisoning vulnerability
505 {CVE-2007-2926}
506 [etch] - bind9 1:9.3.4-2etch1
507 [sarge] - bind9 1:9.2.4-1sarge3
508 [24 Jul 2007] DSA-1340-1 clamav - null pointer dereference
509 {CVE-2007-3725}
510 [etch] - clamav 0.90.1-3etch4
511 [24 Jul 2007] DSA-1339-1 iceape - several
512 {CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738}
513 [etch] - iceape 1.0.10~pre070720-0etch1
514 [23 Jul 2007] DSA-1338-1 iceweasel
515 {CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738 CVE-2007-4038}
516 [etch] - iceweasel 2.0.0.5-0etch1
517 [22 Jul 2007] DSA-1337-1 xulrunner
518 {CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738}
519 [etch] - xulrunner 1.8.0.13~pre070720-0etch1
520 [22 Jul 2007] DSA-1336-1 mozilla-firefox
521 {CVE-2007-1282 CVE-2007-0994 CVE-2007-0995 CVE-2007-0996 CVE-2007-0981 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0778 CVE-2007-0045 CVE-2006-6077}
522 [sarge] - mozilla-firefox 1.0.4-2sarge17
523 [18 Jul 2007] DSA-1335-1 gimp
524 {CVE-2006-4519 CVE-2007-2949}
525 [sarge] - gimp 2.2.6-1sarge4
526 [etch] - gimp 2.2.13-1etch4
527 [18 Jul 2007] DSA-1334-1 freetype
528 {CVE-2007-2754}
529 [sarge] - freetype 2.1.7-8
530 [18 Jul 2007] DSA-1333-1 curl
531 {CVE-2007-3564}
532 [etch] - curl 7.15.5-1etch1
533 [09 Jul 2007] DSA-1332-1 vlc
534 {CVE-2007-3316 CVE-2007-3467 CVE-2007-3468}
535 [sarge] - vlc 0.8.1.svn20050314-1sarge3
536 [etch] - vlc 0.8.6-svn20061012.debian-5etch1
537 [07 Jul 2007] DSA-1331-1 php4 - several vulnerabilities
538 {CVE-2006-0207 CVE-2006-4486 CVE-2007-1864}
539 [sarge] - php4 4:4.3.10-22
540 [etch] - php4 6:4.4.4-8+etch4
541 [07 Jul 2007] DSA-1330-1 php5 - several vulnerabilities
542 {CVE-2007-1399 CVE-2007-1864}
543 [etch] - php5 5.2.0-8+etch7
544 [05 Jul 2007] DSA-1329-1 gfax - insecure temporary files
545 {CVE-2007-2839}
546 [sarge] - gfax 0.4.2-11sarge1
547 [01 Jul 2007] DSA-1328-1 unicon - buffer overflow
548 {CVE-2007-2835}
549 [etch] - unicon 3.0.4-11etch1
550 [01 Jul 2007] DSA-1327-1 gsambad - insecure temporary files
551 {CVE-2007-2838}
552 [etch] - gsambad 0.1.4-2etch1
553 [01 Jul 2007] DSA-1326-1 fireflier
554 {CVE-2007-2837}
555 [sarge] - fireflier 1.1.5-1sarge1
556 [etch] - fireflier 1.1.6-3etch1
557 [29 Jun 2007] DSA-1325-1 evolution
558 {CVE-2007-1002 CVE-2007-3257}
559 [sarge] - evolution 2.0.4-2sarge2
560 [etch] - evolution 2.6.3-6etch1
561 [28 Jun 2007] DSA-1324-1 hiki
562 {CVE-2007-2836}
563 [etch] - hiki 0.8.6-1etch1
564 [28 Jun 2007] DSA-1323-1 krb5
565 {CVE-2007-2442 CVE-2007-2443 CVE-2007-2798}
566 [sarge] - krb5 1.3.6-2sarge5
567 [etch] - krb5 1.4.4-7etch2
568 [27 Jun 2007] DSA-1322-1 wireshark
569 {CVE-2007-3390 CVE-2007-3392 CVE-2007-3393}
570 [etch] - wireshark 0.99.4-5.etch.0
571 [23 Jun 2007] DSA-1321-1 evolution-data-server
572 {CVE-2007-3257}
573 [etch] - evolution-data-server 1.6.3-5etch1
574 [23 Jun 2007] DSA-1320-1 clamav
575 {CVE-2007-2650 CVE-2007-3023 CVE-2007-3024 CVE-2007-3122 CVE-2007-3123}
576 [sarge] - clamav 0.84-2.sarge.17
577 [etch] - clamav 0.90.1-3etch3
578 [23 Jun 2007] DSA-1319-1 maradns
579 {CVE-2007-3114 CVE-2007-3115 CVE-2007-3116}
580 [etch] - maradns 1.2.12.04-1etch1
581 [23 Jun 2007] DSA-1318-1 ekg
582 {CVE-2005-2370 CVE-2005-2448 CVE-2007-1663 CVE-2007-1664 CVE-2007-1665}
583 [sarge] - ekg 1:1.5+20050411-7
584 [etch] - ekg 1:1.7~rc2-1etch1
585 [23 Jun 2007] DSA-1317-1 tinymux
586 {CVE-2007-1655}
587 [etch] - tinymux 2.4.3.31-1etch1
588 [21 Jun 2007] DSA-1316-1 emacs21
589 {CVE-2007-2833}
590 [etch] - emacs21 21.4a+1-3etch1
591 [19 Jun 2007] DSA-1315-1 libphp-phpmailer
592 {CVE-2007-3215}
593 [etch] - libphp-phpmailer 1.73-2etch1
594 [19 Jun 2007] DSA-1314-1 open-iscsi
595 {CVE-2007-3099 CVE-2007-3100}
596 [etch] - open-iscsi 2.0.730-1etch1
597 [19 Jun 2007] DSA-1313-1 mplayer
598 {CVE-2007-2948}
599 [etch] - mplayer 1.0~rc1-12etch1
600 [18 Jun 2007] DSA-1312-1 libapache-mod-jk
601 {CVE-2007-1860}
602 [etch] - libapache-mod-jk 1:1.2.18-3etch1
603 [sarge] - libapache-mod-jk 1:1.2.5-2sarge1
604 [17 Jun 2007] DSA-1311-1 postgresql-7.4
605 {CVE-2007-2138}
606 [etch] - postgresql-7.4 1:7.4.17-0etch1
607 [sarge] - postgresql 7.4.7-6sarge5
608 [16 Jun 2007] DSA-1310-1 libexif
609 {CVE-2006-4168}
610 [etch] - libexif 0.6.13-5etch1
611 [sarge] - libexif 0.6.9-6sarge1
612 [16 Jun 2007] DSA-1309-1 postgresql-8.1
613 {CVE-2007-2138}
614 [etch] - postgresql-8.1 8.1.9-0etch1
615 [14 Jun 2007] DSA-1308-1 iceweasel - several vulnerabilities
616 {CVE-2007-1116 CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871}
617 [etch] - iceweasel 2.0.0.4-0etch1
618 [12 Jun 2007] DSA-1307-1 openoffice.org - heap overflow
619 {CVE-2007-0245}
620 [sarge] - openoffice.org 1.1.3-9sarge7
621 [etch] - openoffice.org 2.0.4.dfsg.2-7etch1
622 [12 Jun 2007] DSA-1306-1 xulrunner
623 {CVE-2007-1116 CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871}
624 [etch] - xulrunner 1.8.0.12-0etch1
625 [13 Jun 2007] DSA-1305-1 icedove - several vulnerabilities
626 {CVE-2007-1558 CVE-2007-2867 CVE-2007-2868}
627 [etch] - icedove 1.5.0.12.dfsg1-0etch1
628 [16 Jun 2007] DSA-1304 kernel-source-2.6.8 - several
629 {CVE-2005-4811 CVE-2006-4814 CVE-2006-4623 CVE-2006-5753 CVE-2006-5754 CVE-2006-5757 CVE-2006-6053 CVE-2006-6056 CVE-2006-6060 CVE-2006-6106 CVE-2006-6535 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592}
630 [sarge] - kernel-source-2.6.8 2.6.8-16sarge7
631 [10 Jun 2007] DSA-1303-1 lighttpd - denial of service
632 {CVE-2007-1869 CVE-2007-1870}
633 [etch] - lighttpd 1.4.13-4etch1
634 [10 Jun 2007] DSA-1302-1 freetype - integer overflow
635 {CVE-2007-2754}
636 [etch] - freetype 2.2.1-5+etch1
637 [09 Jun 2007] DSA-1301-1 gimp
638 {CVE-2007-2356}
639 [sarge] - gimp 2.2.6-1sarge2
640 [etch] - gimp 2.2.13-1etch1
641 [07 Jun 2007] DSA-1300-1 iceape
642 {CVE-2007-1116 CVE-2007-1362 CVE-2007-1558 CVE-2007-2867 CVE-2007-2868 CVE-2007-2870 CVE-2007-2871}
643 [etch] - iceape 1.0.9-0etch1
644 [07 Jun 2007] DSA-1299-1 ipsec-tools
645 {CVE-2007-1841}
646 [etch] - ipsec-tools 1:0.6.6-3.1etch1
647 [28 May 2007] DSA-1298-1 otrs2
648 {CVE-2007-2524}
649 [etch] - otrs2 2.0.4p01-17
650 [24 May 2007] DSA-1297-1 gforge-plugin-scmcvs
651 {CVE-2007-0246}
652 [etch] - gforge-plugin-scmcvs 4.5.14-5etch1
653 [21 May 2007] DSA-1296-1 php4
654 {CVE-2007-2509}
655 [etch] - php4 6:4.4.4-8+etch3
656 [sarge] - php4 4:4.3.10-21
657 [19 May 2007] DSA-1295-1 php5
658 {CVE-2007-2509 CVE-2007-2510}
659 [etch] - php5 5.2.0-8+etch4
660 [17 May 2007] DSA-1294-1 xfree86
661 {CVE-2007-1003 CVE-2007-1351 CVE-2007-1352 CVE-2007-1667}
662 [sarge] - xfree86 4.3.0.dfsg.1-14sarge4
663 [17 May 2007] DSA-1293-1 quagga
664 {CVE-2007-1995}
665 [sarge] - quagga 0.98.3-7.4
666 [etch] - quagga 0.99.5-5etch2
667 [15 May 2007] DSA-1292-1 qt4-x11
668 {CVE-2007-0242}
669 [etch] - qt4-x11 4.2.1-2etch1
670 [17 May 2007] DSA-1291-2 samba
671 {CVE-2007-2444 CVE-2007-2446 CVE-2007-2447}
672 [etch] - samba 3.0.24-6etch2
673 [sarge] - samba 3.0.14a-3sarge6
674 [13 May 2007] DSA-1290-1 squirrelmail
675 {CVE-2007-1262 CVE-2007-2589}
676 [sarge] - squirrelmail 2:1.4.4-11
677 [etch] - squirrelmail 2:1.4.9a-2
678 [13 May 2007] DSA-1289-1 linux-2.6
679 {CVE-2007-1496 CVE-2007-1497 CVE-2007-1861}
680 [etch] - linux-2.6 2.6.18.dfsg.1-12etch2
681 [08 May 2007] DSA-1288-1 pptpd
682 {CVE-2007-0244}
683 [etch] - pptpd 1.3.0-2etch1
684 [07 May 2007] DSA-1287-1 ldap-account-manager
685 {CVE-2006-7191 CVE-2007-1840}
686 [sarge] - ldap-account-manager 0.4.9-2sarge1
687 [02 May 2007] DSA-1286-1 linux-2.6
688 {CVE-2007-0005 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592}
689 [etch] - linux-2.6 2.6.18.dfsg.1-12etch1
690 [01 May 2007] DSA-1285-1 wordpress
691 {CVE-2007-1622 CVE-2007-1893 CVE-2007-1894 CVE-2007-1897}
692 [etch] - wordpress 2.0.10-1
693 [01 May 2007] DSA-1284-1 qemu
694 {CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1366 CVE-2007-5729 CVE-2007-5730}
695 [sarge] - qemu 0.6.1+20050407-1sarge1
696 [etch] - qemu 0.8.2-4etch1
697 [29 Apr 2007] DSA-1283-1 php5
698 {CVE-2007-1286 CVE-2007-1375 CVE-2007-1376 CVE-2007-1380 CVE-2007-1453 CVE-2007-1454 CVE-2007-1521 CVE-2007-1583 CVE-2007-1700 CVE-2007-1711 CVE-2007-1718 CVE-2007-1777 CVE-2007-1824 CVE-2007-1887 CVE-2007-1889 CVE-2007-1900 CVE-2007-1522}
699 [etch] - php5 5.2.0-8+etch3
700 [26 Apr 2007] DSA-1282-1 php4
701 {CVE-2007-1286 CVE-2007-1380 CVE-2007-1521 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718 CVE-2007-1777}
702 [sarge] - php4 4:4.3.10-20
703 [etch] - php4 6:4.4.4-8+etch2
704 [25 Apr 2007] DSA-1281-1 clamav - several vulnerabilities
705 {CVE-2007-1745 CVE-2007-1997 CVE-2007-2029}
706 [sarge] - clamav 0.84-2.sarge.16
707 [etch] - clamav 0.90.1-3etch1
708 [24 Apr 2007] DSA-1280-1 aircrack-ng - buffer overflow
709 {CVE-2007-2057}
710 [etch] - aircrack-ng 1:0.6.2-7etch1
711 [22 Apr 2007] DSA-1279-1 webcalendar - missing input sanitising
712 {CVE-2006-6669}
713 [sarge] - webcalendar 0.9.45-4sarge7
714 [06 Apr 2007] DSA-1278-1 man-db - buffer overflow
715 {CVE-2006-4250}
716 [sarge] - man-db 2.4.2-21sarge1
717 [04 Apr 2007] DSA-1277-1 xmms - several
718 {CVE-2007-0654 CVE-2007-0653}
719 [sarge] - xmms 1.2.10+cvs20050209-2sarge1
720 [etch] - xmms 1:1.2.10+20061101-1etch1
721 [03 Apr 2007] DSA-1276-1 krb5 - several vulnerabilities
722 {CVE-2007-0956 CVE-2007-0957 CVE-2007-1216}
723 [sarge] - krb5 1.3.6-2sarge4
724 [etch] - krb5 1.4.4-7etch1
725 [02 Apr 2007] DSA-1275-1 zope2.7 - cross-site scripting
726 {CVE-2007-0240}
727 [sarge] - zope2.7 2.7.5-2sarge4
728 [02 Apr 2007] DSA-1274-1 file - buffer overflow
729 {CVE-2007-1536}
730 [sarge] - file 4.12-1sarge1
731 [etch] - file 4.17-5etch1
732 [27 Mar 2007] DSA-1273-1 nas - several vulnerabilities
733 {CVE-2007-1543 CVE-2007-1544 CVE-2007-1545 CVE-2007-1546 CVE-2007-1547}
734 [sarge] - nas 1.7-2sarge1
735 [22 Mar 2007] DSA-1272-1 tcpdump - buffer overflow
736 {CVE-2007-1218}
737 [sarge] - tcpdump 3.8.3-5sarge2
738 [20 Mar 2007] DSA-1271-1 openafs - design error
739 {CVE-2007-1507}
740 [sarge] - openafs 1.3.81-3sarge2
741 [20 Mar 2007] DSA-1270-1 openoffice.org - several vulnerabilities
742 {CVE-2007-0002 CVE-2007-0238 CVE-2007-0239}
743 [sarge] - openoffice.org 1.1.3-9sarge6
744 [18 Mar 2007] DSA-1269-1 lookup-el - insecure temporary file
745 {CVE-2007-0237}
746 [sarge] - lookup-el 1.4-3sarge1
747 [17 Mar 2007] DSA-1268-1 libwpd - integer overflow
748 {CVE-2007-0002}
749 [sarge] - libwpd 0.8.1-1sarge1
750 [etch] - libwpd 0.8.7-6
751 [15 Mar 2006] DSA-1267-1 webcalendar - missing input sanitising
752 {CVE-2007-1343}
753 [sarge] - webcalendar 0.9.45-4sarge6
754 [13 Mar 2007] DSA-1266-1 gnupg - several vulnerabilities
755 {CVE-2007-1263}
756 [sarge] - gnupg 1.4.1-1.sarge7
757 [10 Dec 2006] DSA-1265-1 mozilla
758 {CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501 CVE-2006-6502 CVE-2006-6503 CVE-2006-6505}
759 [sarge] - mozilla 2:1.7.8-1sarge10
760 [07 Mar 2007] DSA-1264-1 php4
761 {CVE-2007-0906 CVE-2007-0907 CVE-2006-0908 CVE-2007-0909 CVE-2007-0910 CVE-2007-0988}
762 [sarge] - php4 4:4.3.10-19
763 [06 Mar 2007] DSA-1263-1 clamav
764 {CVE-2007-0897 CVE-2007-0898 CVE-2007-0899}
765 [sarge] - clamav 0.84-2.sarge.15
766 NOTE: We fixed the issue, but it's not 100% confirmed, that this is -0899
767 [04 Mar 2007] DSA-1262-1 gnomemeeting
768 {CVE-2007-1007}
769 [sarge] - gnomemeeting 1.2.1-1sarge1
770 [16 Feb 2007] DSA-1261-1 postgresql
771 {CVE-2007-0555}
772 [sarge] - postgresql 7.4.7-6sarge4
773 [14 Feb 2007] DSA-1260 imagemagick
774 {CVE-2007-0770}
775 [sarge] - imagemagick 6:6.0.6.2-2.9
776 [14 Feb 2007] DSA-1259-1 fetchmail
777 {CVE-2006-5867}
778 [sarge] - fetchmail 6.2.5-12sarge5
779 [07 Feb 2007] DSA-1258-1 mozilla-thunderbird
780 {CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501 CVE-2006-6502 CVE-2006-6503}
781 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8e.2
782 [05 Feb 2007] DSA-1257 samba
783 {CVE-2007-0452 CVE-2007-0454}
784 [sarge] - samba 3.0.14a-3sarge4
785 [31 Jan 2007] DSA-1256-1 gtk+2.0
786 {CVE-2007-0010}
787 [sarge] - gtk+2.0 2.6.4-3.2
788 [31 Jan 2007] DSA-1255-1 libgtop2
789 {CVE-2007-0235}
790 [sarge] - libgtop2 2.6.0-4sarge1
791 [27 Jan 2007] DSA-1254-1 bind9
792 {CVE-2007-0494}
793 [sarge] - bind9 1:9.2.4-1sarge2
794 [27 Jan 2007] DSA-1253-1 mozilla-firefox
795 {CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501 CVE-2006-6502 CVE-2006-6503}
796 [sarge] - mozilla-firefox 1.0.4-2sarge15
797 [27 Jan 2007] DSA-1252-1 vlc
798 {CVE-2007-0017}
799 [sarge] - vlc 0.8.1.svn20050314-1sarge2
800 [etch] - vlc 0.8.6-svn20061012.debian-3
801 [21 Jan 2007] DSA-1251-1 netrik
802 {CVE-2006-6678}
803 [sarge] - netrik 1.15.3-1sarge1
804 [17 Jan 2007] DSA-1250-1 cacti
805 {CVE-2006-6799}
806 [sarge] - cacti 0.8.6c-7sarge4
807 [15 Jan 2007] DSA-1249-1 xfree86
808 {CVE-2006-6101 CVE-2006-6102 CVE-2006-6103}
809 [sarge] - xfree86 4.3.0.dfsg.1-14sarge3
810 [12 Jan 2007] DSA-1248-1 libsoup
811 {CVE-2006-5876}
812 [sarge] - libsoup 2.2.3-2sarge1
813 [08 Jan 2007] DSA-1247-1 libapache-mod-auth-kerb
814 {CVE-2006-5989}
815 [sarge] - libapache-mod-auth-kerb 4.996-5.0-rc6-1sarge1
816 [08 Jan 2007] DSA-1246-1 openoffice.org
817 {CVE-2006-5870}
818 [sarge] - openoffice.org 1.1.3-9sarge4
819 [07 Jan 2007] DSA-1245-1 proftpd
820 {CVE-2005-4816}
821 [sarge] - proftpd 1.2.10-15sarge4
822 [28 Dec 2006] DSA-1244-1 xine-lib
823 {CVE-2006-6172}
824 [sarge] - xine-lib 1.0.1-1sarge5
825 [28 Dec 2006] DSA-1243-1 evince
826 {CVE-2006-5864}
827 [sarge] - evince 0.1.5-2sarge1
828 [27 Dec 2006] DSA-1242-1 elog
829 {CVE-2006-5063 CVE-2006-5790 CVE-2006-5791 CVE-2006-6318}
830 [sarge] - elog 2.5.7+r1558-4+sarge3
831 [25 Dec 2006] DSA-1241-1 squirrelmail
832 {CVE-2006-6142}
833 [sarge] - squirrelmail 2:1.4.4-10
834 [21 Dec 2006] DSA-1240-1 links2
835 {CVE-2006-5925}
836 [sarge] - links2 2.1pre16-1sarge1
837 [17 Dec 2006] DSA-1239-1 sql-ledger
838 {CVE-2006-4244 CVE-2006-4731 CVE-2006-5872}
839 [sarge] - sql-ledger 2.4.7-2sarge1
840 [17 Dec 2006] DSA-1238-1 clamav
841 {CVE-2006-6406 CVE-2006-6481}
842 [sarge] - clamav 0.84-2.sarge.13
843 [17 Dec 2006] DSA-1237 kernel-source-2.4.27 - several
844 {CVE-2006-4093 CVE-2006-4538 CVE-2006-4997 CVE-2006-5174 CVE-2006-5649 CVE-2006-5871}
845 [sarge] - kernel-source-2.6.8 2.6.8-16sarge6
846 [13 Dec 2006] DSA-1236-1 enemies-of-carlotta
847 {CVE-2006-5875}
848 [sarge] - enemies-of-carlotta 1.0.3-1sarge1
849 [13 Dec 2006] DSA-1235-1 ruby1.8
850 {CVE-2006-5467}
851 [sarge] - ruby1.8 1.8.2-7sarge5
852 [13 Dec 2006] DSA-1234-1 ruby1.6
853 {CVE-2006-5467}
854 [sarge] - ruby1.6 1.6.8-12sarge3
855 [10 Dec 2006] DSA-1233 kernel-source-2.6.8 - several
856 {CVE-2006-3741 CVE-2006-4538 CVE-2006-4813 CVE-2006-4997 CVE-2006-5174 CVE-2006-5619 CVE-2006-5649 CVE-2006-5751 CVE-2006-5871}
857 [sarge] - kernel-source-2.6.8 2.6.8-16sarge6
858 [09 Dec 2006] DSA-1232-1 clamav
859 {CVE-2006-5874}
860 [sarge] - clamav 0.84-2.sarge.12
861 [09 Dec 2006] DSA-1231-1 gnupg
862 {CVE-2006-6169 CVE-2006-6235}
863 [sarge] - gnupg 1.4.1-1.sarge6
864 [08 Dec 2006] DSA-1230-1 l2tpns
865 {CVE-2006-5873}
866 [sarge] - l2tpns 2.0.14-1sarge1
867 [06 Dec 2006] DSA-1229-1 asterisk
868 {CVE-2006-5444}
869 [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge4
870 [05 Dec 2006] DSA-1228-1 elinks
871 {CVE-2006-5925}
872 [sarge] - elinks 0.10.4-7.1
873 [04 Dec 2006] DSA-1227-1 mozilla-thunderbird
874 {CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464 CVE-2006-5748}
875 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8d.1
876 [03 Dec 2006] DSA-1226-1 links
877 {CVE-2006-5925}
878 [sarge] - links 0.99+1.00pre12-1sarge1
879 [03 Dec 2006] DSA-1225-1 mozilla-firefox
880 {CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464 CVE-2006-5748}
881 [sarge] - mozilla-firefox 1.0.4-2sarge13
882 [03 Dec 2006] DSA-1224-1 mozilla
883 {CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464 CVE-2006-5748}
884 [sarge] - mozilla 2:1.7.8-1sarge8
885 [01 Dec 2006] DSA-1223-1 tar
886 {CVE-2006-6097}
887 [sarge] - tar 1.14-2.3
888 [30 Nov 2006] DSA-1222-1 proftpd
889 {CVE-2006-5815 CVE-2006-6170}
890 [sarge] - proftpd 1.2.10-15sarge3
891 [30 Nov 2006] DSA-1221-1 libgsf
892 {CVE-2006-4514}
893 [sarge] - libgsf 1.11.1-1sarge1
894 [27 Nov 2006] DSA-1220 pstotext
895 {CVE-2006-5869}
896 [sarge] - pstotext 1.9-1sarge2
897 [27 Nov 2006] DSA-1219 texinfo
898 {CVE-2005-3011 CVE-2006-4810}
899 [sarge] - texinfo 4.7-2.2sarge2
900 [21 Nov 2006] DSA-1218 proftpd
901 {CVE-2006-6171}
902 [sarge] - proftpd 1.2.10-15sarge2
903 [20 Nov 2006] DSA-1217 linux-ftpd
904 {CVE-2006-5778 CVE-2006-6008}
905 [sarge] - linux-ftpd 0.17-20sarge2
906 [20 Nov 2006] DSA-1216 flexbackup
907 {CVE-2005-4802}
908 [sarge] - flexbackup 1.2.1-2sarge1
909 [20 Nov 2006] DSA-1215 xine-lib
910 {CVE-2006-4799 CVE-2006-4800}
911 [sarge] - xine-lib 1.0.1-1sarge4
912 [20 Nov 2006] DSA-1214 gv
913 {CVE-2006-5864}
914 [sarge] - gv 1:3.6.1-10sarge2
915 [19 Nov 2006] DSA-1213 imagemagick
916 {CVE-2006-0082 CVE-2006-4144 CVE-2006-5456 CVE-2006-5868}
917 [sarge] - imagemagick 6:6.0.6.2-2.8
918 [15 Nov 2006] DSA-1212 openssh
919 {CVE-2006-4924 CVE-2006-5051}
920 [sarge] - openssh 1:3.8.1p1-8.sarge.6
921 [14 Nov 2006] DSA-1211 pdns
922 {CVE-2006-4251}
923 [sarge] - pdns 2.9.17-13sarge3
924 [14 Nov 2006] DSA-1210 mozilla-firefox
925 {CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4571}
926 [sarge] - mozilla-firefox 1.0.4-2sarge12
927 [12 Nov 2006] DSA-1209 trac
928 {CVE-2006-5878}
929 [sarge] - trac 0.8.1-3sarge6
930 [11 Nov 2006] DSA-1208-1 bugzilla
931 {CVE-2005-4534 CVE-2006-5453}
932 [sarge] - bugzilla 2.16.7-7sarge2
933 [09 Nov 2006] DSA-1207-1 phpmyadmin
934 {CVE-2006-1678 CVE-2006-2418 CVE-2005-3621 CVE-2005-3665 CVE-2006-5116}
935 [sarge] - phpmyadmin 4:2.6.2-3sarge2
936 [06 Nov 2006] DSA-1206-1 php4
937 {CVE-2005-3353 CVE-2006-3017 CVE-2006-4482 CVE-2006-5465}
938 [sarge] - php4 4:4.3.10-18
939 [02 Nov 2006] DSA-1205-1 thttpd - insecure temporary files
940 {CVE-2006-4248}
941 [sarge] - thttpd 2.23beta1-3sarge2
942 [02 Nov 2006] DSA-1204-1 ingo1
943 {CVE-2006-5449}
944 [sarge] - ingo1 1.0.1-1sarge1
945 [02 Nov 2006] DSA-1203-1 libpam-ldap
946 {CVE-2006-5170}
947 [sarge] - libpam-ldap 178-1sarge3
948 [31 Oct 2006] DSA-1202-1 screen - programming error
949 {CVE-2006-4573}
950 [sarge] - screen 4.0.2-4.1sarge1
951 [31 Oct 2006] DSA-1201-1 ethereal - several vulnerabilities
952 {CVE-2005-4574 CVE-2006-4805}
953 [sarge] - ethereal 0.10.10-2sarge9
954 [30 Oct 2006] DSA-1200-1 qt-x11-free - integer overflow
955 {CVE-2006-4811}
956 [sarge] - qt-x11-free 3:3.3.4-3sarge1
957 [23 Oct 2006] DSA-1199-1 webmin
958 {CVE-2005-3912 CVE-2006-3392 CVE-2006-4542}
959 [sarge] - webmin 1.180-3sarge1
960 [23 Oct 2006] DSA-1198-1 python2.3
961 {CVE-2006-4980}
962 [sarge] - python2.3 2.3.5-3sarge2
963 [22 Oct 2006] DSA-1197-1 python2.4
964 {CVE-2006-4980}
965 [sarge] - python2.4 2.4.1-2sarge1
966 [19 Oct 2006] DSA-1196-1 clamav
967 {CVE-2006-4182 CVE-2006-5295}
968 [sarge] - clamav 0.84-2.sarge.11
969 [10 Oct 2006] DSA-1195-1 openssl096
970 {CVE-2006-2940 CVE-2006-3738 CVE-2006-4343}
971 [sarge] - openssl096 0.9.6m-1sarge4
972 [09 Oct 2006] DSA-1194-1 libwmf
973 {CVE-2006-3376}
974 [sarge] - libwmf 0.2.8.3-2sarge1
975 [09 Oct 2006] DSA-1193-1 xfree86
976 {CVE-2006-3467 CVE-2006-3739 CVE-2006-3740 CVE-2006-4447}
977 [sarge] - xfree86 4.3.0.dfsg.1-14sarge2
978 [06 Oct 2006] DSA-1192-1 mozilla
979 {CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4570 CVE-2006-4571}
980 [sarge] - mozilla 2:1.7.8-1sarge7.3.1
981 [05 Oct 2006] DSA-1191-1 mozilla-thunderbird
982 {CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4570 CVE-2006-4571}
983 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8c.1
984 [04 Oct 2006] DSA-1190-1 maxdb-7.5.00
985 {CVE-2006-4305}
986 [sarge] - maxdb-7.5.00 7.5.00.24-4
987 [04 Oct 2006] DSA-1189-1 openssh-krb5
988 {CVE-2006-4924 CVE-2006-5051}
989 [sarge] - openssh-krb5 3.8.1p1-7sarge1
990 [04 Oct 2006] DSA-1188-1 mailman
991 {CVE-2006-3636 CVE-2006-4624}
992 [sarge] - mailman 2.1.5-8sarge5
993 [30 Sep 2006] DSA-1187-1 migrationtools
994 {CVE-2006-0512}
995 [sarge] - migrationtools 46-1sarge1
996 [30 Sep 2006] DSA-1186-1 cscope
997 {CVE-2006-4262}
998 [sarge] - cscope 15.5-1.1sarge2
999 [28 Sep 2006] DSA-1185-2 openssl
1000 {CVE-2006-2940 CVE-2006-3738 CVE-2006-4343 CVE-2006-2937}
1001 [sarge] - openssl 0.9.7e-3sarge4
1002 NOTE: First DSA had a minor regression
1003 [22 Sep 2006] DSA-1182-1 gnutls11
1004 {CVE-2006-4790}
1005 [sarge] - gnutls11 1.0.16-13.2sarge2
1006 [19 Sep 2006] DSA-1181-1 gzip
1007 {CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338}
1008 [sarge] - gzip 1.3.5-10sarge2
1009 [19 Sep 2006] DSA-1180-1 bomberclone
1010 {CVE-2006-4005 CVE-2006-4006}
1011 [sarge] - bomberclone 0.11.5-1sarge2
1012 [16 Sep 2006] DSA-1179-1 alsaplayer
1013 {CVE-2006-4089}
1014 [sarge] - alsaplayer 0.99.76-0.3sarge1
1015 [16 Sep 2006] DSA-1178-1 freetype
1016 {CVE-2006-3467}
1017 [sarge] - freetype 2.1.7-6
1018 [15 Sep 2006] DSA-1177-1 usermin
1019 {CVE-2006-4246}
1020 [sarge] - usermin 1.110-3.1
1021 [13 Sep 2006] DSA-1176-1 zope2.7
1022 {CVE-2006-4684}
1023 [sarge] - zope2.7 2.7.5-2sarge2
1024 [13 Sep 2006] DSA-1175-1 isakmpd
1025 {CVE-2006-4436}
1026 [sarge] - isakmpd 20041012-1sarge1
1027 [11 Sep 2006] DSA-1174-1 openssl096 - cryptographic weakness
1028 {CVE-2006-4339}
1029 [sarge] - openssl096 0.9.6m-1sarge2
1030 [10 Sep 2006] DSA-1173-1 openssl - cryptographic weakness
1031 {CVE-2006-4339}
1032 [sarge] - openssl 0.9.7e-3sarge2
1033 [09 Sep 2006] DSA-1172-1 bind9 - programming error
1034 {CVE-2006-4095 CVE-2006-4096}
1035 [sarge] - bind9 1:9.2.4-1sarge1
1036 [07 Sep 2006] DSA-1171 ethereal - several
1037 {CVE-2006-4333 CVE-2005-3241 CVE-2005-3242 CVE-2005-3243 CVE-2005-3244 CVE-2005-3246 CVE-2005-3248 CVE-2005-3249}
1038 [sarge] - ethereal 0.10.10-2sarge8
1039 [06 Sep 2006] DSA-1170 gcc-3.4 - missing sanity check
1040 {CVE-2006-3619}
1041 [sarge] - gcc-3.4 3.4.3-13sarge1
1042 [05 Sep 2006] DSA-1169 mysql-dfsg-4.1 - several
1043 {CVE-2006-4226 CVE-2006-4380}
1044 [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge7
1045 [04 Sep 2006] DSA-1168-1 imagemagick
1046 {CVE-2006-2440 CVE-2006-3743 CVE-2006-3744}
1047 [sarge] - imagemagick 6:6.0.6.2-2.7
1048 [04 Sep 2005] DSA-1167-1 apache - missing input sanitising
1049 {CVE-2005-3352 CVE-2006-3918}
1050 [sarge] - apache 1.3.33-6sarge3
1051 [03 Sep 2006] DSA-1166 cheesetracker - buffer overflow
1052 {CVE-2006-3814}
1053 [sarge] - cheesetracker 0.9.9-1sarge1
1054 [01 Sep 2006] DSA-1165 capi4hylafax - missing input sanitising
1055 {CVE-2006-3126}
1056 [sarge] - capi4hylafax 1:01.02.03-10sarge2
1057 [31 Aug 2006] DSA-1164 sendmail - programming error
1058 {CVE-2006-4434}
1059 [sarge] - sendmail 8.13.4-3sarge3
1060 [30 Aug 2006] DSA-1163 gtetrinet - programming error
1061 {CVE-2006-3125}
1062 [sarge] - gtetrinet 0.7.8-1sarge2
1063 [30 Aug 2006] DSA-1162 libmusicbrainz-2.0 - buffer overflows
1064 {CVE-2006-4197}
1065 [sarge] - libmusicbrainz-2.1 2.1.1-3sarge1
1066 [sarge] - libmusicbrainz-2.0 2.0.2-10sarge1
1067 [29 Aug 2006] DSA-1161 mozilla-firefox - several vulnerabilities
1068 {CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3811}
1069 [sarge] - mozilla-firefox 1.0.4-2sarge11
1070 [29 Aug 2006] DSA-1160 mozilla - several
1071 {CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3811}
1072 [sarge] - mozilla 2:1.7.8-1sarge7.2.2
1073 [28 Aug 2006] DSA-1159 mozilla-thunderbird - several
1074 {CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810 CVE-2006-3811}
1075 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8b.1
1076 [27 Aug 2006] DSA-1158 streamripper
1077 {CVE-2006-3124}
1078 [sarge] - streamripper 1.61.7-1sarge1
1079 [27 Aug 2006] DSA-1157 ruby1.8
1080 {CVE-2006-3694 CVE-2006-1931}
1081 [sarge] - ruby1.8 1.8.2-7sarge4
1082 [27 Aug 2006] DSA-1156 kdebase
1083 {CVE-2006-2449}
1084 [sarge] - kdebase 4:3.3.2-1sarge3
1085 [24 Aug 2006] DSA-1155 sendmail - programming error
1086 {CVE-2006-1173}
1087 [sarge] - sendmail 8.13.4-3sarge2
1088 [20 Aug 2006] DSA-1154 squirrelmail - variable overwriting
1089 {CVE-2006-4019}
1090 [sarge] - squirrelmail 2:1.4.4-9
1091 [18 Aug 2006] DSA-1153 clamav - buffer overflow
1092 {CVE-2006-4018}
1093 [sarge] - clamav 0.84-2.sarge.10
1094 [18 Aug 2006] DSA-1152 trac - missing input sanitising
1095 {CVE-2006-3695}
1096 [sarge] - trac 0.8.1-3sarge5
1097 [15 Aug 2006] DSA-1151-1 heartbeat - out-of-bounds read
1098 {CVE-2006-3121}
1099 [sarge] - heartbeat 1.2.3-9sarge6
1100 [12 Aug 2006] DSA-1150-1 shadow - programming error
1101 {CVE-2006-3378}
1102 [sarge] - shadow 1:4.0.3-31sarge8
1103 [10 Aug 2006] DSA-1149-1 ncompress - buffer underflow
1104 {CVE-2006-1168}
1105 [sarge] - ncompress 4.2.4-15sarge2
1106 [09 Aug 2006] DSA-1148-1 gallery - several vulnerabilities
1107 {CVE-2005-2734 CVE-2006-0330 CVE-2006-4030}
1108 [sarge] - gallery 1.5-1sarge2
1109 [09 Aug 2006] DSA-1147-1 drupal - missing input sanitising
1110 {CVE-2006-4002}
1111 [sarge] - drupal 4.5.3-6.1sarge3
1112 [09 Aug 2006] DSA-1146-1 krb5 - programming error
1113 {CVE-2006-3083 CVE-2006-3084}
1114 [sarge] - krb5 1.3.6-2sarge3
1115 [08 Aug 2006] DSA-1145-1 freeradius - several
1116 {CVE-2005-4745 CVE-2005-4746}
1117 [sarge] - freeradius 1.0.2-4sarge3
1118 [07 Aug 2006] DSA-1144-1 chmlib - missing input sanitising
1119 {CVE-2006-3178}
1120 [sarge] - chmlib 0.35-6sarge3
1121 [04 Aug 2006] DSA-1143-1 dhcp - programming error
1122 {CVE-2006-3122}
1123 [sarge] - dhcp 2.0pl5-19.1sarge2
1124 [04 Aug 2006] DSA-1142-1 freeciv - missing bouncary checks
1125 {CVE-2006-3913}
1126 [sarge] - freeciv 2.0.1-1sarge2
1127 [04 Aug 2006] DSA-1141-1 gnupg2 - integer overflow
1128 {CVE-2006-3746}
1129 [sarge] - gnupg2 1.9.15-6sarge2
1130 [03 Aug 2006] DSA-1140-1 gnupg - integer overflow
1131 {CVE-2006-3746}
1132 [sarge] - gnupg 1.4.1-1.sarge5
1133 [03 Aug 2006] DSA-1139-1 ruby1.6 - missing privilege checks
1134 {CVE-2006-3694}
1135 [sarge] - ruby1.6 1.6.8-12sarge2
1136 [02 Aug 2006] DSA-1138-1 cfs - integer overflow
1137 {CVE-2006-3123}
1138 [sarge] - cfs 1.4.1-15sarge1
1139 [02 Aug 2006] DSA-1137-1 tiff - several vulnerabilities
1140 {CVE-2006-3459 CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465}
1141 [sarge] - tiff 3.7.2-7
1142 [02 Aug 2006] DSA-1136-1 gpdf - wrong input sanitising
1143 {CVE-2005-2097}
1144 [sarge] - gpdf 2.8.2-1.2sarge5
1145 [02 Aug 2006] DSA-1135-1 libtunepimp - buffer overflow
1146 {CVE-2006-3600}
1147 [sarge] - libtunepimp 0.3.0-3sarge2
1148 [02 Aug 2006] DSA-1134-1 mozilla-thunderbird - several vulnerabilities
1149 {CVE-2006-1729 CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787}
1150 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8a
1151 [01 Aug 2006] DSA-1133-1 mantis - cross site scripting
1152 {CVE-2006-0664 CVE-2006-0665 CVE-2006-0841 CVE-2006-1577}
1153 [sarge] - mantis 0.19.2-5sarge4.1
1154 [01 Aug 2006] DSA-1132-1 apache2 - buffer overflow
1155 {CVE-2006-3747}
1156 [sarge] - apache2 2.0.54-5sarge1
1157 [01 Aug 2006] DSA-1131-1 apache - buffer overflow
1158 {CVE-2006-3747}
1159 [sarge] - apache 1.3.33-6sarge2
1160 [30 Jul 2006] DSA-1130-1 sitebar - missing input validation
1161 {CVE-2006-3320}
1162 [sarge] - sitebar 3.2.6-7.1
1163 [28 Jul 2006] DSA-1129 osiris - format string
1164 {CVE-2006-3120}
1165 [sarge] - osiris 4.0.6-1sarge1
1166 [28 Jul 2006] DSA-1128 heartbeat - permission error
1167 {CVE-2006-3815}
1168 [sarge] - heartbeat 1.2.3-9sarge5
1169 [28 Jul 2006] DSA-1127 ethereal - several
1170 {CVE-2006-3628 CVE-2006-3629 CVE-2006-3630 CVE-2006-3631 CVE-2006-3632}
1171 [sarge] - ethereal 0.10.10-2sarge6
1172 [27 Jul 2006] DSA-1126 asterisk - several
1173 {CVE-2006-2898}
1174 [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge3
1175 [26 Jul 2006] DSA-1125 drupal - several
1176 {CVE-2006-2742 CVE-2006-2743 CVE-2006-2831 CVE-2006-2832 CVE-2006-2833}
1177 [sarge] - drupal 4.5.3-6.1sarge1
1178 [24 Jul 2006] DSA-1124 fbi - typo
1179 {CVE-2006-3119}
1180 [sarge] - fbi 2.01-1.2sarge2
1181 [24 Jul 2006] DSA-1123 libdumb - buffer overflow
1182 {CVE-2006-3668}
1183 [sarge] - libdumb 1:0.9.2-6
1184 [24 Jul 2006] DSA-1122 libnet-server-perl - format string
1185 {CVE-2005-1127}
1186 [sarge] - libnet-server-perl 0.87-3sarge1
1187 [24 Jul 2006] DSA-1121 postgrey - format string
1188 {CVE-2005-1127}
1189 [sarge] - postgrey 1.21-1sarge1
1190 NOTE: also fixed in 1.21-1volatile4
1191 [23 Jul 2006] DSA-1120 mozilla-firefox - several vulnerabilities
1192 {CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787}
1193 [sarge] - mozilla-firefox 1.0.4-2sarge9
1194 [23 Jul 2006] DSA-1119 hiki - design flaw
1195 {CVE-2006-3379}
1196 [sarge] - hiki 0.6.5-2
1197 [22 Jul 2006] DSA-1118 mozilla - several
1198 {CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787}
1199 [sarge] - mozilla 2:1.7.8-1sarge7.1
1200 [21 Jul 2006] DSA-1117 libgd2 - insufficient input sanitising
1201 {CVE-2006-2906}
1202 [sarge] - libgd2 2.0.33-1.1sarge1
1203 [21 Jul 2006] DSA-1116 gimp - buffer overflow
1204 {CVE-2006-3404}
1205 [sarge] - gimp 2.2.6-1sarge1
1206 [21 Jul 2006] DSA-1115 gnupg2 - integer overflow
1207 {CVE-2006-3082}
1208 [sarge] - gnupg 1.4.1-1.sarge4
1209 [sarge] - gnupg2 1.9.15-6sarge1
1210 [21 Jul 2006] DSA-1114 hashcash - buffer overflow
1211 {CVE-2006-3251}
1212 [sarge] - hashcash 1.17-1sarge1
1213 [18 Jul 2006] DSA-1113 zope2.7 - programming error
1214 {CVE-2006-3458}
1215 [sarge] - zope2.7 2.7.5-2sarge2
1216 [18 Jul 2006] DSA-1112 mysql-dfsg-4.1 - several vulnerabilities
1217 {CVE-2006-3081 CVE-2006-3469}
1218 [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge5
1219 [16 Jul 2006] DSA-1111 kernel-source-2.6.8 - race condition
1220 {CVE-2006-3626}
1221 [sarge] - kernel-source-2.6.8 2.6.8-16sarge4
1222 [16 Jul 2006] DSA-1110 samba - missing input sanitising
1223 {CVE-2006-3403}
1224 [sarge] - samba 3.0.14a-3sarge2
1225 [16 Jul 2006] DSA-1109 rssh - programming error
1226 {CVE-2006-1320}
1227 [sarge] - rssh 2.2.3-1.sarge.2
1228 [11 Jul 2006] DSA-1108 mutt - buffer overflow
1229 {CVE-2006-3242}
1230 [sarge] - mutt 1.5.9-2sarge2
1231 [10 Jul 2006] DSA-1107 gnupg - integer overflow
1232 {CVE-2006-3082}
1233 [sarge] - gnupg 1.4.1-1.sarge4
1234 [10 Jul 2006] DSA-1106 ppp - programming error
1235 {CVE-2006-2194}
1236 [sarge] - ppp 2.4.3-20050321+2sarge1
1237 [07 Jul 2006] DSA-1105 xine-lib - buffer overflow
1238 {CVE-2006-2802}
1239 [woody] - xine-lib 0.9.8-2woody5
1240 [sarge] - xine-lib 1.0.1-1sarge3
1241 [30 Jun 2006] DSA-1104 openoffice.org - several vulnerabilities
1242 {CVE-2006-2198 CVE-2006-2199 CVE-2006-3117}
1243 [sarge] - openoffice.org 1.1.3-9sarge3
1244 [27 Jun 2006] DSA-1103 kernel-source-2.6.8 - several vulnerabilities
1245 {CVE-2005-3359 CVE-2006-0038 CVE-2006-0039 CVE-2006-0456 CVE-2006-0554 CVE-2006-0555 CVE-2006-0557 CVE-2006-0558 CVE-2006-0741 CVE-2006-0742 CVE-2006-0744 CVE-2006-1056 CVE-2006-1242 CVE-2006-1368 CVE-2006-1523 CVE-2006-1524 CVE-2006-1525 CVE-2006-1857 CVE-2006-1858 CVE-2006-1863 CVE-2006-1864 CVE-2006-2271 CVE-2006-2272 CVE-2006-2274}
1246 [sarge] - kernel-source-2.6.8 2.6.8-16sarge3
1247 [26 Jun 2006] DSA-1102 pinball - design error
1248 {CVE-2006-2196}
1249 [sarge] - pinball 0.3.1-3sarge1
1250 [23 Jun 2006] DSA-1101 courier - programming error
1251 {CVE-2006-2659}
1252 [woody] - courier 0.37.3-2.9
1253 [sarge] - courier 0.47-4sarge5
1254 [15 Jun 2006] DSA-1100 wv2 - integer overflow
1255 {CVE-2006-2197}
1256 [sarge] - wv2 0.2.2-1sarge1
1257 [14 Jun 2006] DSA-1099-1 - horde2 - missing input sanitising
1258 {CVE-2006-2195}
1259 [sarge] - horde2 2.2.8-1sarge3
1260 [14 Jun 2006] DSA-1098-1 - horde3 - missing input sanitising
1261 {CVE-2006-2195}
1262 [sarge] - horde3 3.0.4-4sarge4
1263 [14 Jun 2006] DSA-1097-1 kernel-source-2.4.27 - several vulnerabilities
1264 {CVE-2006-0038 CVE-2006-0039 CVE-2006-0741 CVE-2006-0742 CVE-2006-1056 CVE-2006-1242 CVE-2006-1343 CVE-2006-1368 CVE-2006-1524 CVE-2006-1525 CVE-2006-1857 CVE-2006-1858 CVE-2006-1864 CVE-2006-2271 CVE-2006-2272 CVE-2006-2274}
1265 [sarge] - kernel-source-2.4.27 2.4.27-10sarge3
1266 [13 Jun 2006] DSA-1096-1 webcalendar - uninitialised variable
1267 {CVE-2006-2762}
1268 [sarge] - webcalendar 0.9.45-4sarge5
1269 [10 Jun 2006] DSA-1095-1 freetype - integer overflows
1270 {CVE-2006-0747 CVE-2006-1861 CVE-2006-2661}
1271 [woody] - freetype 2.0.9-1woody1
1272 [sarge] - freetype 2.1.7-2.5
1273 [08 Jun 2006] DSA-1094-1 gforge - missing input sanitising
1274 {CVE-2005-2430}
1275 [sarge] - gforge 3.1-31sarge1
1276 [08 Jun 2006] DSA-1093-1 xine - format string
1277 {CVE-2006-2230}
1278 [sarge] - xine-ui 0.99.3-1sarge1
1279 [08 Jun 2006] DSA-1092-1 mysql-dfsg-4.1 - programming error
1280 {CVE-2006-2753}
1281 [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge4
1282 [08 Jun 2006] DSA-1091-1 tiff - buffer overflows
1283 {CVE-2006-2193 CVE-2006-2656}
1284 [woody] - tiff 3.5.5-7woody2
1285 [sarge] - tiff 3.7.2-5
1286 [06 Jun 2006] DSA-1090-1 spamassassin - programming error
1287 {CVE-2006-2447}
1288 [sarge] - spamassassin 3.0.3-2sarge1
1289 [03 Jun 2006] DSA-1089-1 freeradius - several vulnerabilities
1290 {CVE-2005-4744 CVE-2006-1354}
1291 [sarge] - freeradius 1.0.2-4sarge1
1292 [03 Jun 2006] DSA-1088-1 centericq - buffer overflow
1293 {CVE-2005-3863}
1294 [woody] - centericq 4.5.1-1.1woody2
1295 [sarge] - centericq 4.20.0-1sarge4
1296 [03 Jun 2006] DSA-1087-1 postgresql - programming error
1297 {CVE-2006-2313 CVE-2006-2314}
1298 [sarge] - postgresql 7.4.7-6sarge2
1299 [02 Jun 2006] DSA-1086-1 xmcd - design flaw
1300 {CVE-2006-2542}
1301 [woody] - xmcd 2.6-14woody1
1302 [sarge] - xmcd 2.6-17sarge1
1303 [01 Jun 2006] DSA-1085-1 lynx-cur - several vulnerabilities
1304 {CVE-2005-3120}
1305 [woody] - lynx-cur 2.8.5-2.5woody1
1306 [sarge] - lynx-cur 2.8.6-9sarge1
1307 [31 May 2006] DSA-1084-1 typespeed - buffer overflow
1308 {CVE-2006-1515}
1309 [woody] - typespeed 0.4.1-2.4
1310 [sarge] - typespeed 0.4.4-8sarge1
1311 [31 May 2006] DSA-1083-1 motor - buffer overflow
1312 {CVE-2005-3863}
1313 [woody] - motor 2:3.2.2-2woody1
1314 [sarge] - motor 2:3.4.0-2sarge1
1315 [29 May 2006] DSA-1082-1 kernel-source-2.4.17 - several vulnerabilities
1316 {CVE-2003-0984 CVE-2004-0138 CVE-2004-0394 CVE-2004-0427 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2004-0883 CVE-2004-0949 CVE-2004-0997 CVE-2004-1016 CVE-2004-1017 CVE-2004-1068 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-1234 CVE-2004-1235 CVE-2004-1333 CVE-2004-1335 CVE-2005-0001 CVE-2005-0003 CVE-2005-0124 CVE-2005-0135 CVE-2005-0384 CVE-2005-0489 CVE-2005-0504}
1317 [woody] - kernel-source-2.4.17 2.4.17-1woody4
1318 [29 May 2006] DSA-1081-1 libextractor - buffer overflow
1319 {CVE-2006-2458}
1320 [sarge] - libextractor 0.4.2-2sarge5
1321 [29 May 2006] DSA-1080-1 dovecot - programming error
1322 {CVE-2006-2414}
1323 [sarge] - dovecot 0.99.14-1sarge0
1324 [29 May 2006] DSA-1079-1 mysql-dfsg - several
1325 {CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518}
1326 [sarge] - mysql-dfsg 4.0.24-10sarge2
1327 [27 May 2006] DSA-1078-1 tiff - out-of-bounds read
1328 {CVE-2006-2120}
1329 [sarge] - tiff 3.7.2-4
1330 [26 May 2006] DSA-1077-1 lynx-ssl - programming error
1331 {CVE-2004-1617}
1332 [woody] - lynx-ssl 1:2.8.4.1b-3.3
1333 [26 May 2006] DSA-1076-1 lynx - programming error
1334 {CVE-2004-1617}
1335 [woody] - lynx 2.8.4.1b-3.4
1336 [sarge] - lynx 2.8.5-2sarge2
1337 [26 May 2006] DSA-1075-1 awstats - programming error
1338 {CVE-2006-2644 CVE-2006-1945}
1339 [sarge] - awstats 6.4-1sarge3 (bug #365910)
1340 [24 May 2006] DSA-1074-1 mpg123 - buffer overflow
1341 {CVE-2006-1655}
1342 [sarge] - mpg123 0.59r-20sarge1
1343 [22 May 2006] DSA-1073-1 mysql-dfsg-4.1 - several vulnerabilities
1344 {CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518}
1345 [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge3
1346 [22 May 2006] DSA-1072-1 nagios - buffer overflow
1347 {CVE-2006-2162 CVE-2006-2489}
1348 [sarge] - nagios 2:1.3-cvs.20050402-2.sarge.2
1349 [22 May 2006] DSA-1071-1 mysql - several vulnerabilities
1350 {CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518}
1351 [woody] - mysql 3.23.49-8.15
1352 [21 May 2006] DSA-1070-1 kernel-source-2.4.19 - several vulnerabilities
1353 {CVE-2003-0984 CVE-2004-0138 CVE-2004-0394 CVE-2004-0427 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2004-0883 CVE-2004-0949 CVE-2004-0997 CVE-2004-1016 CVE-2004-1017 CVE-2004-1068 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-1234 CVE-2004-1235 CVE-2004-1333 CVE-2004-1335 CVE-2005-0001 CVE-2005-0003 CVE-2005-0124 CVE-2005-0135 CVE-2005-0384 CVE-2005-0489 CVE-2005-0504}
1354 [woody] - kernel-image-sparc-2.4 26woody1
1355 [woody] - kernel-patch-2.4.19-mips 2.4.19-0.020911.1.woody5
1356 [woody] - kernel-source-2.4.19 2.4.19-4.woody3
1357 [20 May 2006] DSA-1069-1 kernel-source-2.4.18 - several
1358 {CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384}
1359 [woody] - kernel-source-2.4.18 2.4.18-14.4
1360 [20 May 2006] DSA-1068-1 fbi - insecure temporary file
1361 {CVE-2006-1695}
1362 [woody] - fbi 1.23woody1
1363 [sarge] - fbi 2.01-1.2sarge1
1364 [20 May 2006] DSA-1067-1 kernel-source-2.4.16 - several
1365 {CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135}
1366 [woody] - kernel-source-2.4.16 2.4.16-1woody2
1367 [19 May 2006] DSA-1066-1 phpbb2 - missing input sanitising
1368 {CVE-2006-1896}
1369 [sarge] - phpbb2 2.0.13+1-6sarge3
1370 [19 May 2006] DSA-1065-1 hostapd - missing input sanitising
1371 {CVE-2006-2213}
1372 [sarge] - hostapd 1:0.3.7-2sarge1
1373 [19 May 2006] DSA-1064-1 cscope - buffer overflows
1374 {CVE-2004-2541}
1375 [woody] - cscope 15.3-1woody3
1376 [sarge] - cscope 15.5-1.1sarge1
1377 [19 May 2006] DSA-1063-1 phpgroupware - missing input sanitising
1378 {CVE-2005-2781}
1379 [woody] - phpgroupware 0.9.14-0.RC3.2.woody6
1380 [sarge] - phpgroupware 0.9.16.005-3.sarge5
1381 [19 May 2006] DSA-1062-1 kphone - insecure file creation
1382 {CVE-2006-2442}
1383 [sarge] - kphone 1:4.1.0-2sarge1
1384 [19 May 2006] DSA-1061-1 popfile - missing input sanitising
1385 {CVE-2006-0876}
1386 [sarge] - popfile 0.22.2-2sarge1
1387 [19 May 2006] DSA-1060-1 kernel-patch-server - programming error
1388 {CVE-2006-2110}
1389 [sarge] - kernel-patch-vserver 1.9.5.6
1390 [19 May 2006] DSA-1059-1 quagga - several
1391 {CVE-2006-2223 CVE-2006-2224 CVE-2006-2276}
1392 [sarge] - quagga 0.98.3-7.2
1393 [18 May 2006] DSA-1058-1 awstats - missing input sanitising
1394 {CVE-2006-2237}
1395 [woody] - awstats <not-affected>
1396 [sarge] - awstats 6.4-1sarge2
1397 [15 May 2006] DSA-1057-1 phpldapadmin - missing input sanitising
1398 {CVE-2006-2016}
1399 [sarge] - phpldapadmin 0.9.5-3sarge3
1400 [15 May 2006] DSA-1056-1 webcalendar - verbose error message
1401 {CVE-2006-2247}
1402 [sarge] - webcalendar 0.9.45-4sarge4
1403 [11 May 2006] DSA-1055-1 mozilla-firefox - programming error
1404 {CVE-2006-1993}
1405 [sarge] - mozilla-firefox 1.0.4-2sarge7
1406 [09 May 2006] DSA-1054-1 tiff - several vulnerabilities
1407 {CVE-2006-2024 CVE-2006-2025 CVE-2006-2026}
1408 [woody] - tiff 3.5.5-7woody1
1409 [sarge] - tiff 3.7.2-3sarge1
1410 [09 May 2006] DSA-1053-1 mozilla - programming error
1411 {CVE-2006-1993}
1412 [sarge] - mozilla 2:1.7.8-1sarge6
1413 [08 May 2006] DSA-1052-1 cgiirc - buffer overflows
1414 {CVE-2006-2148}
1415 [sarge] - cgiirc 0.5.4-6sarge1
1416 [04 May 2006] DSA-1051-1 mozilla-thunderbird - several vulnerabilities
1417 {CVE-2005-2353 CVE-2005-4134 CVE-2006-0292 CVE-2006-0293 CVE-2006-0296 CVE-2006-0748 CVE-2006-0749 CVE-2006-0884 CVE-2006-1045 CVE-2006-1723 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1732 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790}
1418 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
1419 [02 May 2006] DSA-1050-1 clamav - buffer overflow
1420 {CVE-2006-1989}
1421 [sarge] - clamav 0.84-2.sarge.9
1422 [02 May 2006] DSA-1049-1 ethereal - several vulnerabilities
1423 {CVE-2006-1932 CVE-2006-1933 CVE-2006-1934 CVE-2006-1935 CVE-2006-1936 CVE-2006-1937 CVE-2006-1938 CVE-2006-1939 CVE-2006-1940}
1424 [woody] - ethereal 0.9.4-1woody15
1425 [sarge] - ethereal 0.10.10-2sarge5
1426 [01 May 2006] DSA-1048-1 asterisk - several vulnerabilities
1427 {CVE-2005-3559 CVE-2006-1827}
1428 [woody] - asterisk 0.1.11-3woody1
1429 [sarge] - asterisk 1:1.0.7.dfsg.1-2sarge2
1430 [30 Apr 2006] DSA-1047-1 resmgr - programming error
1431 {CVE-2006-2147}
1432 [sarge] - resmgr 1.0-2sarge2
1433 [27 Apr 2006] DSA-1046-1 mozilla - several
1434 {CVE-2006-1732 CVE-2005-2353 CVE-2005-4134 CVE-2006-0292 CVE-2006-0293 CVE-2006-0748 CVE-2006-0749 CVE-2006-0884 CVE-2006-1045 CVE-2006-1529 CVE-2006-1530 CVE-2006-1531 CVE-2006-1723 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790 CVE-2006-0296}
1435 [sarge] - mozilla 2:1.7.8-1sarge5
1436 [27 Apr 2006] DSA-1045-1 openvpn - design error
1437 {CVE-2006-1629}
1438 [sarge] - openvpn 2.0-1sarge3
1439 [26 Apr 2006] DSA-1044-1 mozilla-firefox - several
1440 {CVE-2006-1724 CVE-2006-0292 CVE-2005-4134 CVE-2006-1741 CVE-2006-1742 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1736 CVE-2006-1735 CVE-2006-1734 CVE-2006-1733 CVE-2006-1732 CVE-2006-0749 CVE-2006-1731 CVE-2006-1730 CVE-2006-1729 CVE-2006-1728 CVE-2006-1727 CVE-2006-0748 CVE-2005-4720 CVE-2006-0296}
1441 [sarge] - mozilla-firefox 1.0.4-2sarge6
1442 [26 Apr 2006] DSA-1043-1 abcmidi - buffer overflows
1443 {CVE-2006-1514}
1444 [woody] - abcmidi 17-1woody1
1445 [sarge] - abcmidi 20050101-1sarge1
1446 [25 Apr 2006] DSA-1042-1 cyrus-sasl2 - programming error
1447 {CVE-2006-1721}
1448 [woody] - cyrus-sasl2 <not-affected>
1449 [sarge] - cyrus-sasl2 2.1.19-1.5sarge1
1450 [25 Apr 2006] DSA-1041-1 abc2ps - buffer overflows
1451 {CVE-2006-1513}
1452 [woody] - abc2ps 1.3.3-2woody1
1453 [sarge] - abc2ps 1.3.3-3sarge1
1454 [24 Apr 2006] DSA-1040-1 gdm - programming error
1455 {CVE-2006-1057}
1456 [sarge] - gdm 2.6.0.8-1sarge2
1457 [24 Apr 2006] DSA-1039-1 blender - several
1458 {CVE-2005-3302 CVE-2005-4470}
1459 [sarge] - blender 2.36-1sarge1
1460 [21 Apr 2006] DSA-1038-1 xzgv - programming error
1461 {CVE-2006-1060}
1462 [woody] - xzgv 0.7-6woody3
1463 [sarge] - xzgv 0.8-3sarge1
1464 [21 Apr 2006] DSA-1037-1 zgv - programming error
1465 {CVE-2006-1060}
1466 [woody] - zgv 5.5-3woody3
1467 [sarge] - zgv 5.7-1.4
1468 [17 Apr 2006] DSA-1036-1 bsdgames - buffer overflow
1469 {CVE-2006-1744}
1470 [woody] - bsdgames 2.13-7woody0
1471 [sarge] - bsdgames 2.7.59-7sarge1
1472 [15 Apr 2006] DSA-1035-1 fcheck - insecure temporary file
1473 {CVE-2006-1753}
1474 [woody] - fcheck <not-affected>
1475 [sarge] - fcheck 2.7.59-7sarge1
1476 [14 Apr 2006] DSA-1034-1 horde2 - several vulnerabilities
1477 {CVE-2006-1260 CVE-2006-1491}
1478 [sarge] - horde2 2.2.8-1sarge2
1479 [12 Apr 2006] DSA-1033-1 horde3 - several vulnerabilities
1480 {CVE-2005-4190 CVE-2006-1260 CVE-2006-1491}
1481 [sarge] - horde3 3.0.4-4sarge3
1482 [12 Apr 2006] DSA-1032-1 zope-cmfplone - programming error
1483 {CVE-2006-1711}
1484 [sarge] - zope-cmfplone 2.0.4-3sarge1
1485 [08 Apr 2006] DSA-1031-1 cacti - several
1486 {CVE-2006-0146 CVE-2006-0147 CVE-2006-0410 CVE-2006-0806}
1487 [sarge] - cacti 0.8.6c-7sarge3
1488 [08 Apr 2006] DSA-1030-1 moodle - several
1489 {CVE-2006-0146 CVE-2006-0147 CVE-2006-0410 CVE-2006-0806}
1490 [sarge] - moodle 1.4.4.dfsg.1-3sarge1
1491 [08 Apr 2006] DSA-1029-1 libphp-adodb - several
1492 {CVE-2006-0146 CVE-2006-0147 CVE-2006-0410 CVE-2006-0806}
1493 [woody] - libphp-adodb 1.51-1.2
1494 [sarge] - libphp-adodb 4.52-1sarge1
1495 [07 Apr 2006] DSA-1028-1 libimager-perl - denial of service
1496 {CVE-2006-0053}
1497 [sarge] - libimager-perl 0.44-1sarge1
1498 [06 Apr 2006] DSA-1027-1 mailman - programming error
1499 {CVE-2006-0052}
1500 [woody] - mailman <not-affected> (Vulnerable code not present)
1501 [sarge] - mailman 2.1.5-8sarge2
1502 [06 Apr 2006] DSA-1026-1 sash - buffer overflows
1503 {CVE-2005-1849 CVE-2005-2096}
1504 [woody] - sash <not-affected> (Older zlib not vulnerable)
1505 [sarge] - sash 3.7-5sarge1
1506 [06 Apr 2006] DSA-1025-1 dia - programming error
1507 {CVE-2006-1550}
1508 [woody] - dia 0.88.1-3woody1
1509 [sarge] - dia 0.94.0-7sarge3
1510 [05 Apr 2006] DSA-1024-1 clamav - heap overflow
1511 {CVE-2006-1614 CVE-2006-1615 CVE-2006-1630}
1512 [sarge] - clamav 0.84-2.sarge.8
1513 [05 Apr 2006] DSA-1023-1 kaffeine - buffer overflow
1514 {CVE-2006-0051}
1515 [sarge] - kaffeine 0.6-1sarge1
1516 [04 Apr 2006] DSA-1022-1 storebackup - several
1517 {CVE-2005-3146 CVE-2005-3147 CVE-2005-3148}
1518 [sarge] - storebackup 1.18.4-2sarge1
1519 [28 Mar 2006] DSA-1021-1 netpbm-free - insecure program execution
1520 {CVE-2005-2471}
1521 [woody] - netpbm-free 2:9.20-8.6
1522 [sarge] - netpbm-free 2:10.0-8sarge3
1523 [28 Mar 2006] DSA-1020-1 flex - buffer overflow
1524 {CVE-2006-0459}
1525 [sarge] - flex 2.5.31-31sarge1
1526 [24 Mar 2006] DSA-1019-1 koffice - several
1527 {CVE-2006-1244 CVE-2005-3192 CVE-2006-0301}
1528 [sarge] - koffice 1.3.5-4.sarge.3
1529 [24 Mar 2006] DSA-1018-1 kernel-source-2.4.27 - several
1530 {CVE-2004-0887 CVE-2004-1058 CVE-2004-2607 CVE-2005-0449 CVE-2005-1761 CVE-2005-2457 CVE-2005-2555 CVE-2005-2709 CVE-2005-2973 CVE-2005-3257 CVE-2005-3783 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4618}
1531 [sarge] - kernel-source-2.4.27 2.4.27-10sarge2
1532 NOTE: An update 1018-2 was issued later, but it doesn't contain noteworthy data
1533 [23 Mar 2006] DSA-1017-1 kernel-source-2.6.8 - several
1534 {CVE-2004-1017 CVE-2005-0124 CVE-2005-0449 CVE-2005-2457 CVE-2005-2490 CVE-2005-2555 CVE-2005-2709 CVE-2005-2800 CVE-2005-2973 CVE-2005-3044 CVE-2005-3053 CVE-2005-3055 CVE-2005-3180 CVE-2005-3181 CVE-2005-3257 CVE-2005-3356 CVE-2005-3358 CVE-2005-3783 CVE-2005-3784 CVE-2005-3806 CVE-2005-3847 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4605 CVE-2005-4618 CVE-2006-0095 CVE-2006-0096 CVE-2006-0482 CVE-2006-1066}
1535 [sarge] - kernel-source-2.6.8 2.6.8-16sarge2
1536 [23 Mar 2006] DSA-1016-1 evolution - format string vulnerabilities
1537 {CVE-2005-2549 CVE-2005-2550}
1538 [woody] - evolution 1.0.5-1woody3
1539 [sarge] - evolution 2.0.4-2sarge1
1540 [23 Mar 2006] DSA-1015-1 sendmail - programming error
1541 {CVE-2006-0058}
1542 [woody] - sendmail 8.12.3-7.2
1543 [sarge] - sendmail 8.13.4-3sarge1
1544 [23 Mar 2006] DSA-1014-1 firebird2 - buffer overflow
1545 {CVE-2004-2043}
1546 [sarge] - firebird2 1.5.1-4sarge1
1547 [22 Mar 2006] DSA-1013-1 snmptrapfmt - insecure temporary file
1548 {CVE-2006-0050}
1549 [woody] - snmptrapfmt 1.03woody1
1550 [sarge] - snmptrapfmt 1.08sarge1
1551 NOTE: fixed in testing at time of DSA
1552 [21 Mar 2006] DSA-1012-1 unzip - buffer overflow
1553 {CVE-2005-4667}
1554 [woody] - unzip 5.50-1woody6
1555 [sarge] - unzip 5.52-1sarge4
1556 NOTE: not fixed in testing at time of DSA (too young)
1557 [21 Mar 2006] DSA-1011-1 kernel-patch-server, util-vserver - missing attribute support
1558 {CVE-2005-4347 CVE-2005-4418}
1559 [sarge] - kernel-patch-vserver 1.9.5.4
1560 [sarge] - util-vserver 0.30.204-5sarge3
1561 NOTE: not fixed in testing at the time of DSA
1562 [21 Mar 2006] DSA-1010-1 ilohamail - missing input sanitising
1563 {CVE-2006-1236}
1564 [sarge] - ilohamail 0.8.14-0rc3sarge1
1565 NOTE: not fixed in testing at the time of DSA (too young)
1566 [21 Mar 2006] DSA-1009-1 crossfire - buffer overflow
1567 {CVE-2006-1236}
1568 [woody] - crossfire 1.1.0-1woody2
1569 [sarge] - crossfire 1.6.0.dfsg.1-4sarge2
1570 NOTE: fixed in testing at the time of DSA
1571 [17 Mar 2006] DSA-1008-1 kpdf - buffer overflow
1572 {CVE-2006-0746}
1573 [sarge] - kdegraphics 4:3.3.2-2sarge4
1574 NOTE: Sid is not affected according to DSA
1575 [17 Mar 2006] DSA-1007-1 drupal - several
1576 {CVE-2006-1225 CVE-2006-1226 CVE-2006-1227 CVE-2006-1228}
1577 [sarge] - drupal 4.5.3-6
1578 NOTE: not fixed in testing at the time of DSA (too young)
1579 [16 Mar 2006] DSA-1006-1 wzdftpd - missing input sanitising
1580 {CVE-2005-3081}
1581 [sarge] - wzdftpd 0.5.2-1.1sarge1
1582 NOTE: fixed in testing at the time of DSA
1583 [16 Mar 2006] DSA-1005-1 xine-lib - buffer overflow
1584 {CVE-2005-4048}
1585 [woody] - xine-lib <not-affected>
1586 [sarge] - xine-lib 1.0.1-1sarge2
1587 NOTE: fixed in testing at the time of DSA
1588 [16 Mar 2006] DSA-1004-1 vlc - buffer overflow
1589 {CVE-2005-4048}
1590 [woody] - vlc <not-affected>
1591 [sarge] - vlc 0.8.1.svn20050314-1sarge1
1592 NOTE: not fixed in testing at the time of DSA (waiting on deps)
1593 [16 Mar 2006] DSA-1003-1 xpvm - insecure temporary file
1594 {CVE-2005-2240}
1595 [woody] - xpvm 1.2.5-7.2woody1
1596 [sarge] - xpvm 1.2.5-7.3sarge1
1597 NOTE: fixed in testing at the time of DSA (not in testing)
1598 [15 Mar 2006] DSA-1002-1 webcalendar - several
1599 {CVE-2005-3949 CVE-2005-3961 CVE-2005-3982 CVE-2005-3984}
1600 [sarge] - webcalendar 0.9.45-4sarge3
1601 NOTE: not fixed in testing at the time of DSA (too young)
1602 [14 Mar 2006] DSA-1001-1 crossfire - buffer overflow
1603 {CVE-2006-1010}
1604 [woody] - crossfire 1.1.0-1woody1
1605 [sarge] - crossfire 1.6.0.dfsg.1-4sarge1
1606 NOTE: not fixed in testing at the time of DSA (too young)
1607 [14 Mar 2006] DSA-1000-2 libapreq2-perl - design error
1608 {CVE-2006-0042}
1609 [sarge] - libapreq2-perl 2.04-dev-1sarge2
1610 [14 Mar 2006] DSA-999-1 lurker - several
1611 {CVE-2006-1062 CVE-2006-1063 CVE-2006-1064}
1612 [sarge] - lurker 1.2-5sarge1
1613 NOTE: not fixed in testing at the time of DSA (too young)
1614 [14 Mar 2006] DSA-998-1 libextractor - several
1615 {CVE-2006-0301}
1616 [sarge] - libextractor 0.4.2-2sarge3
1617 NOTE: not fixed in testing at the time of DSA (missing mips builds)
1618 [13 Mar 2006] DSA-997-1 bomberclone - buffer overflows
1619 {CVE-2006-0460}
1620 [sarge] - bomberclone 0.11.5-1sarge1
1621 NOTE: not fixed in testing at the time of DSA (missing builds)
1622 [13 Mar 2006] DSA-996-1 libcrypt-cbc-perl - programming error
1623 {CVE-2006-0898}
1624 [sarge] - libcrypt-cbc-perl 2.12-1sarge1
1625 NOTE: fixed in testing at the time of DSA
1626 [13 Mar 2006] DSA-995-1 metamail - buffer overflow
1627 {CVE-2006-0709}
1628 [woody] - metamail 2.7-45woody.4
1629 [sarge] - metamail 2.7-47sarge1
1630 NOTE: fixed in testing at the time of DSA
1631 [13 Mar 2006] DSA-994-1 freeciv - denial of service
1632 {CVE-2006-0047}
1633 [sarge] - freeciv 2.0.1-1sarge1
1634 NOTE: fixed in testing at the time of DSA
1635 [10 Mar 2006] DSA-993-2 gnupg - remote
1636 {CVE-2006-0049}
1637 [woody] - gnupg 1.0.6-4woody5
1638 [sarge] - gnupg 1.4.1-1.sarge3
1639 NOTE: not fixed in testing at the time of DSA (too young)
1640 NOTE: Initial -1 DSA lacked a Woody version
1641 [10 Mar 2006] DSA-992-1 ffmpeg - buffer overflow
1642 {CVE-2005-4048}
1643 [sarge] - ffmpeg 0.cvs20050313-2sarge1
1644 NOTE: fixed in testing at the time of DSA
1645 [10 Mar 2006] DSA-991-1 zoo - buffer overflow
1646 {CVE-2006-0855}
1647 [woody] - zoo 2.10-9woody0
1648 [sarge] - zoo 2.10-11sarge0
1649 NOTE: not fixed in testing at the time of DSA (too young)
1650 [10 Mar 2006] DSA-990-1 bluez-hcidump - programming error
1651 {CVE-2006-0670}
1652 [sarge] - bluez-hcidump 1.17-1sarge1
1653 NOTE: fixed in testing at the time of DSA
1654 [08 Mar 2006] DSA-989-1 zoph - SQL injection
1655 {CVE-2006-0402}
1656 [sarge] - zoph 0.3.3-12sarge1
1657 NOTE: not fixed in testing at the time of DSA (too young)
1658 [08 Mar 2006] DSA-988-1 squirrelmail - several
1659 {CVE-2006-0377 CVE-2006-0195 CVE-2006-0188}
1660 [woody] - squirrelmail 1.2.6-5
1661 [sarge] - squirrelmail 2:1.4.4-8
1662 NOTE: not fixed in testing at the time of DSA (unfixed in sid)
1663 [07 Mar 2006] DSA-987-1 tar - buffer overflow
1664 {CVE-2006-0300}
1665 [sarge] - tar 1.14-2.1
1666 NOTE: fixed in testing at the time of DSA
1667 [06 Mar 2006] DSA-986-1 gnutls11 - buffer overflows
1668 {CVE-2006-0645}
1669 [sarge] - gnutls11 1.0.16-13.2
1670 NOTE: not fixed in testing at the time of DSA (unfixed in sid)
1671 [06 Mar 2006] DSA-985-1 libtasn1-2 - buffer overflows
1672 {CVE-2006-0645}
1673 [sarge] - libtasn1-2 0.2.10-3sarge1
1674 NOTE: not fixed in testing at the time of DSA (unfixed in sid)
1675 [02 Mar 2006] DSA-984-1 xpdf - several
1676 {CVE-2005-2097 CVE-2005-3191 CVE-2005-3193 CVE-2006-0301}
1677 [sarge] - xpdf 3.00-13.6
1678 NOTE: sid is not affected, just a revamp of previous patches
1679 [27 Feb 2006] DSA-983-1 pdftohtml - several
1680 {CVE-2005-3191 CVE-2005-3192 CVE-2006-0301}
1681 [sarge] - pdftohtml 0.36-11sarge2
1682 NOTE: sid is not affected, just a revamp of previous patches
1683 [27 Feb 2006] DSA-982-1 gpdf - several
1684 {CVE-2005-2097 CVE-2005-3191 CVE-2005-3193 CVE-2006-0301 CVE-2006-1244}
1685 [sarge] - gpdf 2.8.2-1.2sarge4
1686 NOTE: sid is not affected, just a revamp of previous patches
1687 [26 Feb 2006] DSA-981-1 bmv - integer overflow
1688 {CVE-2005-3278}
1689 [woody] - bmv 1.2-14.3
1690 [sarge] - bmv 1.2-17sarge1
1691 NOTE: fixed in testing at the time of DSA
1692 [22 Feb 2006] DSA-980-1 tutos - several
1693 {CVE-2004-2161 CVE-2004-2162}
1694 [sarge] - tutos 1.1.20031017-2+1sarge1
1695 NOTE: fixed in testing at the time of DSA (removed from sid)
1696 [17 Feb 2006] DSA-979-1 pdfkit.framework - several
1697 {CVE-2005-3191 CVE-2005-3193 CVE-2006-0301}
1698 [sarge] - pdfkit.framework 0.8-2sarge3
1699 NOTE: sid is not affected
1700 [17 Feb 2006] DSA-978-1 gnupg - invalid success return
1701 {CVE-2006-0455}
1702 [woody] - gnupg 1.0.6-4woody4
1703 [sarge] - gnupg 1.4.1-1sarge1
1704 NOTE: not fixed in sid at the time of DSA
1705 [16 Feb 2006] DSA-977-1 heimdal - several
1706 {CVE-2006-0582 CVE-2006-0677}
1707 [woody] - heimdal <not-affected>
1708 [sarge] - heimdal 0.6.3-10sarge2
1709 NOTE: not fixed in testing at time of DSA (unfixed in sid)
1710 [15 Feb 2006] DSA-976-1 libast - buffer overflow
1711 {CVE-2006-0224}
1712 [woody] - libast1 0.4-3woody2
1713 [sarge] - libast 0.6-0pre2003010606sarge1
1714 NOTE: Fixed in sid at time of DSA - need 10 days for migration
1715 [15 Feb 2006] DSA-975-1 nfs-user-server - buffer overflow
1716 {CVE-2006-0043}
1717 [woody] - nfs-user-server 2.2beta47-12woody1
1718 [sarge] - nfs-user-server 2.2beta47-20sarge2
1719 NOTE: fixed in testing at time of DSA
1720 [15 Feb 2006] DSA-974-1 gpdf - buffer overflow
1721 {CVE-2006-0301}
1722 [sarge] - gpdf 2.8.2-1.2sarge3
1723 NOTE: not fixed in testing at time of DSA (unfixed in sid)
1724 [15 Feb 2006] DSA-973-1 otrs - several
1725 {CVE-2005-3893 CVE-2005-3894 CVE-2005-3895}
1726 [sarge] - otrs 1.3.2p01-6
1727 NOTE: fixed in testing at time of DSA
1728 [15 Feb 2006] DSA-972-1 pdfkit.framework - buffer overflows
1729 {CVE-2006-0301}
1730 [sarge] - pdfkit.framework 0.8-2sarge2
1731 NOTE: not fixed in testing at time of DSA (too young)
1732 [14 Feb 2006] DSA-971-1 xpdf - buffer overflow
1733 {CVE-2006-0301}
1734 [sarge] - xpdf 3.00-13.5
1735 NOTE: fixed in testing at time of DSA
1736 [14 Feb 2006] DSA-970-1 kronolith - missing input sanitising
1737 {CVE-2005-4189}
1738 [sarge] - kronolith 1.1.4-2sarge1
1739 NOTE: fixed in testing at time of DSA (removed from sid)
1740 [13 Feb 2006] DSA-969-1 scponly - design error
1741 {CVE-2005-4532 CVE-2005-4533}
1742 [sarge] - scponly 4.0-1sarge1
1743 NOTE: not fixed in testing at time of DSA (mips/mipsel missing)
1744 [13 Feb 2006] DSA-968-1 noweb - insecure temporary file
1745 {CVE-2005-3342}
1746 [woody] - noweb 2.9a-7.4
1747 [sarge] - noweb 2.10c-3.2
1748 NOTE: not fixed in testing at time of DSA (too young)
1749 [10 Feb 2006] DSA-967-1 elog - several
1750 {CVE-2005-4439 CVE-2006-0347 CVE-2006-0348 CVE-2006-0597 CVE-2006-0598 CVE-2006-0599 CVE-2006-0600}
1751 [sarge] - elog 2.5.7+r1558-4+sarge2
1752 NOTE: fixed in testing at time of DSA
1753 [09 Feb 2006] DSA-966-1 adzapper - denial of service
1754 {CVE-2006-0046}
1755 [sarge] - adzapper 20050316-1sarge1
1756 NOTE: fixed in testing at time of DSA
1757 [06 Feb 2006] DSA-965-1 ipsec-tools - null dereference
1758 {CVE-2005-3732}
1759 [sarge] - ipsec-tools 1:0.5.2-1sarge1
1760 NOTE: fixed in testing at time of DSA
1761 [03 Feb 2006] DSA-964-1 gnocatan - buffer overflow
1762 { CVE-2006-0467 }
1763 [woody] - gnocatan 0.6.1-5woody3
1764 [sarge] - gnocatan 0.8.1.59-1sarge1
1765 NOTE: not fixed in testing at time of DSA
1766 NOTE: Fixed in sid at time of DSA (package name change to pioneers)
1767 [02 Feb 2006] DSA-963-1 mydns - missing input sanitising
1768 { CVE-2006-0351 }
1769 [sarge] - mydns 1.0.0-4sarge1
1770 NOTE: not fixed in testing at time of DSA
1771 NOTE: fixed in sid at time of DSA
1772 [01 Feb 2006] DSA-962-1 pdftohtml - buffer overflows
1773 {CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
1774 [sarge] - pdftohtml 0.36-11sarge1
1775 NOTE: not fixed in testing at time of DSA (unfixed in sid)
1776 [01 Feb 2006] DSA-961-1 pdfkit.framework - buffer overflows
1777 {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
1778 [sarge] - pdfkit.framework 0.8-2sarge1
1779 NOTE: not fixed in testing at time of DSA (unfixed in sid)
1780 [31 Jan 2006] DSA-960-3 libmail-audit-perl - insecure temporary file creation
1781 {CVE-2005-4536}
1782 [woody] - libmail-audit-perl 2.0-4woody3
1783 [sarge] - libmail-audit-perl 2.1-5sarge4
1784 NOTE: 960-1 and 960-2 had regressions
1785 [30 Jan 2006] DSA-959-1 unalz - buffer overflow
1786 {CVE-2005-3862}
1787 [sarge] - unalz 0.30.1
1788 NOTE: not fixed in testing at time of DSA (unfixed in sid)
1789 [27 Jan 2006] DSA-958-1 drupal - several
1790 {CVE-2005-3973 CVE-2005-3974 CVE-2005-3975}
1791 [sarge] - drupal 4.5.3-5
1792 NOTE: fixed in testing at time of DSA
1793 [26 Jan 2006] DSA-957-2 imagemagick - missing shell meta sanitising
1794 {CVE-2005-4601}
1795 [woody] - imagemagick 4:5.4.4.5-1woody8
1796 [sarge] - imagemagick 6:6.0.6.2-2.6
1797 NOTE: fixed in testing at time of DSA
1798 [26 Jan 2006] DSA-956-1 lsh-server - filedescriptor leak
1799 {CVE-2006-0353}
1800 [sarge] - lsh-utils 2.0.1-3sarge1
1801 NOTE: not fixed in testing at time of DSA (not yet built)
1802 [25 Jan 2006] DSA-955-1 mailman - DoS
1803 {CVE-2005-3573 CVE-2005-4153}
1804 [woody] - mailman <not-affected> (Vulnerable code not present)
1805 [sarge] - mailman 2.1.5-8sarge1
1806 NOTE: fixed in testing at time of DSA
1807 [25 Jan 2006] DSA-954-1 wine - design flaw
1808 {CVE-2006-0106}
1809 [sarge] - wine 0.0.20050310-1.2
1810 NOTE: not fixed in testing at time of DSA (too young, 1/10)
1811 [24 Jan 2006] DSA-953-1 flyspray - missing input sanitising
1812 {CVE-2005-3334}
1813 [sarge] - flyspray 0.9.7-2.1
1814 NOTE: fixed in testing at time of DSA
1815 [23 Jan 2006] DSA-952-1 libapache-auth-ldap - format string vulnerability
1816 {CVE-2006-0150}
1817 [woody] - libapache-auth-ldap 1.6.0-3.1
1818 [sarge] - libapache-auth-ldap 1.6.0-8.1
1819 NOTE: fixed in testing at time of DSA (no longer present in testing/sid)
1820 [23 Jan 2006] DSA-951-2 trac - missing input sanitising
1821 {CVE-2005-4065 CVE-2005-4644}
1822 [sarge] - trac 0.8.1-3sarge4
1823 NOTE: fixed in testing at time of DSA
1824 NOTE: Original fix in 951-1 had regressions
1825 [23 Jan 2006] DSA-950-1 cupsys - buffer overflow
1826 {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
1827 [woody] - cupsys 1.1.14-5woody14
1828 [sarge] - cupsys <not-affected> (Cups uses xpdf-utils in Sarge)
1829 NOTE: fixed in testing at time of DSA
1830 [20 Jan 2006] DSA-949-1 crawl - insecure program execution
1831 {CVE-2006-0045}
1832 [woody] - crawl 1:4.0.0beta23-2woody2
1833 [sarge] - crawl 1:4.0.0beta26-4sarge0
1834 NOTE: not fixed in testing at time of DSA (unfixed in sid)
1835 [20 Jan 2006] DSA-948-1 kdelibs - heap overflow
1836 {CVE-2006-0019}
1837 [sarge] - kdelibs 4:3.3.2-6.4
1838 NOTE: not fixed in testing at time of DSA (unfixed in sid)
1839 [20 Jan 2006] DSA-947-1 clamav - heap overflow
1840 {CVE-2006-0162 CVE-2005-3587}
1841 [sarge] - clamav 0.84-2.sarge.7
1842 NOTE: fixed in testing at time of DSA
1843 [08 Apr 2006] DSA-946-2 sudo - missing input sanitising
1844 {CVE-2005-4158 CVE-2006-0151}
1845 [woody] - sudo 1.6.6-1.6
1846 [sarge] - sudo 1.6.8p7-1.4
1847 NOTE: fixed in testing at time of DSA
1848 NOTE: The fix for stable and oldstable switched from a black list
1849 NOTE: of dangerous env vars to a white list of known-to-be-safe env vars
1850 NOTE: sid's 1.6.8p12 still has the black list (although with the strong
1851 NOTE: recommendation to use env_reset, which basically does the same),
1852 NOTE: but 1.7 will have a white list as well
1853 [17 Jan 2006] DSA-945-1 antiword - insecure temporary file
1854 {CVE-2005-3126}
1855 [woody] - antiword 0.32-2woody0
1856 NOTE: fixed in testing at time of DSA
1857 NOTE: sarge is also affected, but the uploaded version is greater
1858 NOTE: than the fixed sid version.
1859 [17 Jan 2006] DSA-944-1 mantis - several
1860 {CVE-2005-4238 CVE-2005-4518 CVE-2005-4519 CVE-2005-4520 CVE-2005-4521 CVE-2005-4522 CVE-2005-4523 CVE-2005-4524 CVE-2006-0840}
1861 [woody] - mantis <not-affected> (Vulnerable code not present)
1862 [sarge] - mantis 0.19.2-5sarge1
1863 NOTE: fixed in testing at time of DSA
1864 [16 Jan 2006] DSA-943-1 perl - integer overflow
1865 {CVE-2005-3962}
1866 [woody] - perl <not-affected>
1867 [sarge] - perl 5.8.4-8sarge3
1868 NOTE: Fixed in testing at time of DSA
1869 [16 Jan 2006] DSA-942-1 albatross - design error
1870 {CVE-2006-0044}
1871 [sarge] - albatross 1.20-2
1872 NOTE: Fixed in testing at time of DSA
1873 [16 Jan 2006] DSA-941-1 tuxpaint - insecure temporary file
1874 {CVE-2005-3340}
1875 [sarge] - tuxpaint 1:0.9.14-2sarge0
1876 NOTE: Not fixed in testing at time of DSA (only 2/2 days old)
1877 [13 Jan 2006] DSA-940-1 gpdf - buffer overflows
1878 {CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
1879 [sarge] - gpdf 2.8.2-1.2sarge2
1880 NOTE: Not fixed in testing at time of DSA (waiting on dep)
1881 [13 Jan 2006] DSA-939-1 fetchmail - programming error
1882 {CVE-2005-4348}
1883 [woody] - fetchmail <not-affected> (Vulnerable code not present)
1884 [sarge] - fetchmail 6.2.5-12sarge4
1885 NOTE: Not fixed in testing at time of DSA (unfixed in sid)
1886 [12 Jan 2006] DSA-938-1 koffice - buffer overflows
1887 {CVE-2005-3191 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
1888 [sarge] - koffice 1:1.3.5-4.sarge.2
1889 NOTE: Not fixed in testing at time of DSA (too new)
1890 [12 Jan 2006] DSA-937-1 tetex-bin - buffer overflows
1891 {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
1892 [sarge] - tetex-bin 2.0.2-30sarge4
1893 [woody] - tetex-bin 1.0.7+20011202-7.7
1894 NOTE: Not fixed in testing at time of DSA (waiting on dep)
1895 [11 Jan 2006] DSA-936-1 libextractor - buffer overflows
1896 {CVE-2005-2097 CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
1897 [sarge] - libextractor 0.4.2-2sarge2
1898 NOTE: Fixed in testing at time of DSA
1899 [10 Jan 2006] DSA-935-1 libapache2-mod-auth-pgsql - format string vulnerability
1900 {CVE-2005-3656}
1901 [sarge] - libapache2-mod-auth-pgsql 2.0.2b1-5sarge0
1902 NOTE: Not fixed in sid at the time of DSA
1903 [09 Jan 2006] DSA-934-1 pound - remote
1904 {CVE-2005-1391 CVE-2005-3751}
1905 [sarge] - pound 1.8.2-1sarge1
1906 NOTE: Fixed in testing at time of DSA
1907 [09 Jan 2006] DSA-933-1 hylafax - arbitrary command execution
1908 {CVE-2005-3539}
1909 [woody] - hylafax 4.1.1-4woody1
1910 [sarge] - hylafax 1:4.2.1-5sarge3
1911 NOTE: Not fixed in testing at time of DSA (Valid candidate should sync today)
1912 [09 Jan 2006] DSA-932-1 kdegraphics - buffer overflows
1913 {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
1914 [sarge] - kdegraphics 4:3.3.2-2sarge3
1915 [09 Jan 2006] DSA-931-1 xpdf - buffer overflows
1916 {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
1917 [woody] - xpdf 1.00-3.8
1918 [sarge] - xpdf 3.00-13.4
1919 [10 Jan 2006] DSA-930-2 smstools - format string attack
1920 {CVE-2006-0083}
1921 [woody] - smstools 1.5.0-2woody0
1922 [sarge] - smstools 1.14.8-1sarge0
1923 NOTE: not fixed in sid at time of DSA
1924 [09 Jan 2006] DSA-930-1 smstools - format string error
1925 {CVE-2006-0083}
1926 [sarge] - smstools 1.14.8-1sarge0
1927 [09 Jan 2006] DSA-929-1 petris - buffer overflow
1928 {CVE-2005-3540}
1929 [sarge] - petris 1.0.1-4sarge0
1930 [27 Dec 2005] DSA-928-1 dhis-tools-dns - insecure temporary file
1931 {CVE-2005-3341}
1932 [sarge] - dhis-tools-dns 5.0-3sarge1
1933 [27 Dec 2005] DSA-927-1 tkdiff - insecure temporary file
1934 {CVE-2005-3343}
1935 [woody] - tkdiff 1:3.08-3woody0
1936 [sarge] - tkdiff 1:4.0.2-1sarge0
1937 NOTE: fixed in testing at time of DSA
1938 [23 Dec 2005] DSA-926-1 ketm - buffer overflow
1939 {CVE-2005-3535}
1940 [woody] - ketm 0.0.6-7woody0
1941 [sarge] - ketm 0.0.6-17sarge1
1942 NOTE: not fixed in testing at time of DSA (unfixed in sid)
1943 [22 Dec 2005] DSA-925-1 phpbb2 - several
1944 {CVE-2005-3310 CVE-2005-3415 CVE-2005-3416 CVE-2005-3417 CVE-2005-3418 CVE-2005-3419 CVE-2005-3420 CVE-2005-3536 CVE-2005-3537}
1945 [sarge] - phpbb2 2.0.13+1-6sarge2
1946 NOTE: fixed in testing at time of DSA
1947 [21 Dec 2005] DSA-924-1 nbd - buffer overflow
1948 {CVE-2005-3534}
1949 [woody] - nbd 1.2cvs20020320-3.woody.3
1950 [sarge] - nbd 1:2.7.3-3sarge1
1951 NOTE: not fixed in testing at time of DSA (unfixed in sid)
1952 [19 Dec 2005] DSA-923-1 dropbear - buffer overflow
1953 {CVE-2005-4178}
1954 [sarge] - dropbear 0.45-2sarge0
1955 NOTE: fixed in testing at time of DSA
1956 [14 Dec 2005] DSA-922-1 kernel-source-2.6.8 - several
1957 {CVE-2004-2302 CVE-2005-0756 CVE-2005-0757 CVE-2005-1265 CVE-2005-1761 CVE-2005-1762 CVE-2005-1763 CVE-2005-1765 CVE-2005-1767 CVE-2005-2456 CVE-2005-2458 CVE-2005-2459 CVE-2005-2548 CVE-2005-2801 CVE-2005-2872 CVE-2005-3105 CVE-2005-3106 CVE-2005-3107 CVE-2005-3108 CVE-2005-3109 CVE-2005-3110 CVE-2005-3271 CVE-2005-3272 CVE-2005-3273 CVE-2005-3274 CVE-2005-3275 CVE-2005-3276}
1958 [sarge] - kernel-source-2.6.8 2.6.8-16sarge1
1959 [sarge] - kernel-image-2.6.8-alpha 2.6.8-16sarge1
1960 [sarge] - kernel-image-2.6.8-amd64 2.6.8-16sarge1
1961 [sarge] - kernel-image-2.6.8-hppa 2.6.8-6sarge1
1962 [sarge] - kernel-image-2.6.8-i386 2.6.8-16sarge1
1963 [sarge] - kernel-image-2.6.8-ia64 2.6.8-14sarge1
1964 [sarge] - kernel-image-2.6.8-m68k 2.6.8-4sarge1
1965 [sarge] - kernel-patch-powerpc-2.6.8 2.6.8-12sarge1
1966 [sarge] - kernel-image-2.6.8-s390 2.6.8-5sarge1
1967 [sarge] - kernel-image-2.6.8-sparc 2.6.8-15sarge1
1968 NOTE: fixed in testing at time of DSA
1969 [14 Dec 2005] DSA-921-1 kernel-source-2.4.27 - several
1970 {CVE-2005-0756 CVE-2005-0757 CVE-2005-1762 CVE-2005-1767 CVE-2005-1768 CVE-2005-2456 CVE-2005-2458 CVE-2005-2459 CVE-2005-2553 CVE-2005-2801 CVE-2005-2872 CVE-2005-3275}
1971 [sarge] - kernel-source-2.4.27 2.4.27-10sarge1
1972 [sarge] - kernel-image-2.4.27-alpha 2.4.27-10sarge1
1973 [sarge] - kernel-patch-2.4.27-arm 2.4.27-1sarge1
1974 [sarge] - kernel-image-2.4.27-arm 2.4.27-2sarge1
1975 [sarge] - kernel-image-2.4.27-i386 2.4.27-10sarge1
1976 [sarge] - kernel-image-2.4.27-ia64 2.4.27-10sarge1
1977 [sarge] - kernel-image-2.4.27-m68k 2.4.27-3sarge1
1978 [sarge] - kernel-patch-2.4.27-mips 2.4.27-10.sarge1.040815-1
1979 [sarge] - kernel-patch-powerpc-2.4.27 2.4.27-10sarge1
1980 [sarge] - kernel-image-2.4.27-s390 2.4.27-2sarge1
1981 [sarge] - kernel-image-2.4.27-sparc 2.4.27-9sarge1
1982 NOTE: fixed in testing at time of DSA
1983 [13 Dec 2005] DSA-920-1 ethereal - buffer overflow
1984 {CVE-2005-3651}
1985 [woody] - ethereal 0.9.4-1woody14
1986 [sarge] - ethereal 0.10.10-2sarge3
1987 NOTE: not fixed in testing at time of DSA (unfixed in sid)
1988 [12 Dec 2005] DSA-919-2 curl - buffer overflow
1989 {CVE-2005-4077 CVE-2005-3185}
1990 [woody] - curl 7.9.5-1woody2
1991 [sarge] - curl 7.13.2-2sarge5
1992 NOTE: partially fixed in testing at time of DSA
1993 NOTE: Initial -1 DSA was incomplete
1994 [09 Dec 2005] DSA-918-1 osh - programming error
1995 {CVE-2005-3346 CVE-2005-3533}
1996 [woody] - osh 1.7-11woody2
1997 [sarge] - osh 1.7-13sarge1
1998 NOTE: fixed in testing at time of DSA (has been removed)
1999 [08 Dec 2005] DSA-917-1 courier - programming error
2000 {CVE-2005-3532}
2001 [woody] - courier 0.37.3-2.8
2002 [sarge] - courier 0.47-4sarge4
2003 NOTE: not fixed in testing at time of DSA (waiting on GCC)
2004 [07 Dec 2005] DSA-916-1 inkscape - buffer overflow
2005 {CVE-2005-3737 CVE-2005-3885}
2006 [sarge] - inkscape 0.41-4.99.sarge2
2007 NOTE: not fixed in testing at time of DSA (RC bug, waiting on GCC)
2008 [02 Dec 2005] DSA-915-1 helix-player - buffer overflow
2009 {CVE-2005-2629}
2010 [sarge] - helix-player 1.0.4-1sarge2
2011 NOTE: fixed in testing at time of DSA (not in testing due to RC bugs)
2012 [01 Dec 2005] DSA-914-1 horde2 - missing input sanitising
2013 {CVE-2005-3570}
2014 [sarge] - horde2 2.2.8-1sarge1
2015 NOTE: fixed in testing at time of DSA
2016 [01 Dec 2005] DSA-913-1 gdk-pixbuf - several
2017 {CVE-2005-2975 CVE-2005-2976 CVE-2005-3186}
2018 [woody] - gdk-pixbuf 0.17.0-2woody3
2019 [sarge] - gdk-pixbuf 0.22.0-8.1
2020 NOTE: fixed in testing at time of DSA
2021 [30 Nov 2005] DSA-912-1 centericq - denial of service
2022 {CVE-2005-3694}
2023 [woody] - centericq 4.5.1-1.1woody1
2024 [sarge] - centericq 4.20.0-1sarge3
2025 NOTE: not fixed in testing at time of DSA (waiting on deps)
2026 [30 Nov 2005] DSA-911-1 gtk+2.0 - several
2027 {CVE-2005-2975 CVE-2005-2976 CVE-2005-3186}
2028 [woody] - gtk+2.0 2.0.2-5woody3
2029 [sarge] - gtk+2.0 2.6.4-3.1
2030 NOTE: not fixed in testing at time of DSA (RC bug)
2031 [24 Nov 2005] DSA-910-1 zope2.7 - design error
2032 {CVE-2005-3323}
2033 [sarge] - zope2.7 2.7.5-2sarge1
2034 NOTE: fixed in testing at time of DSA
2035 [23 Nov 2005] DSA-909-1 horde3 - missing input sanitising
2036 {CVE-2005-3759}
2037 [sarge] - horde3 3.0.4-4sarge2
2038 NOTE: not fixed in testing at time of DSA (too young 0/2)
2039 [23 Nov 2005] DSA-908-1 sylpheed-claws - buffer overflows
2040 {CVE-2005-3354}
2041 [woody] - sylpheed-claws 0.7.4claws-3woody1
2042 [sarge] - sylpheed-claws 1.0.4-1sarge1
2043 NOTE: not fixed in testing at time of DSA (too young 0/2)
2044 [23 Nov 2005] DSA-907-1 ipmenu - insecure temporary file
2045 {CVE-2004-2569}
2046 [woody] - ipmenu 0.0.3-4woody1
2047 NOTE: fixed in testing at time of DSA (not part of testing/sarge due to long-standing blocking deps)
2048 [22 Nov 2005] DSA-906-1 sylpheed - several
2049 {CVE-2005-3354}
2050 [woody] - sylpheed 0.7.4-4woody1
2051 [sarge] - sylpheed 1.0.4-1sarge1
2052 NOTE: not fixed in testing at time of DSA (too young 7/10, RC bugs)
2053 [22 Nov 2005] DSA-905-1 mantis - several
2054 {CVE-2005-3091 CVE-2005-3335 CVE-2005-3336 CVE-2005-3338 CVE-2005-3339}
2055 [woody] - mantis <not-affected> (Vulnerable code not present)
2056 [sarge] - mantis 0.19.2-4.1
2057 NOTE: fixed in testing at time of DSA
2058 [21 Nov 2005] DSA-904-1 netpbm-free - buffer overflows
2059 {CVE-2005-3632 CVE-2005-3662}
2060 [woody] - netpbm-free 2:9.20-8.5
2061 [sarge] - netpbm-free 2:10.0-8sarge2
2062 NOTE: not fixed in testing at time of DSA (unfixed in sid)
2063 [21 Nov 2005] DSA-903-1 unzip - race condition
2064 {CVE-2005-2475}
2065 [woody] - unzip 5.50-1woody5
2066 [sarge] - unzip 5.52-1sarge3
2067 NOTE: fixed in testing at time of DSA
2068 NOTE: Original 903-1 DSA had a regression
2069 [21 Nov 2005] DSA-902-1 xmail - buffer overflow
2070 {CVE-2005-2943}
2071 [sarge] - xmail 1.21-3sarge1
2072 NOTE: fixed in testing at time of DSA
2073 [19 Nov 2005] DSA-901-1 gnump3d - programming error
2074 {CVE-2005-3349 CVE-2005-3355}
2075 [sarge] - gnump3d 2.9.3-1sarge3
2076 NOTE: not fixed in testing at time of DSA (unfixed in sid)
2077 [22 Nov 2005] DSA-900-3 fetchmail - programming error
2078 {CVE-2005-3088}
2079 [woody] - fetchmail 5.9.11-6.4
2080 [woody] - fetchmail-ssl 5.9.11-6.3
2081 [sarge] - fetchmail 6.2.5-12sarge3
2082 NOTE: Original two Woody fixes had regressions
2083 NOTE: not fixed in testing at time of DSA (too young 2/2)
2084 [17 Nov 2005] DSA-899-1 egroupware - programming errors
2085 {CVE-2005-0870 CVE-2005-2600 CVE-2005-3347 CVE-2005-3348}
2086 [sarge] - egroupware 1.0.0.007-2.dfsg-2sarge4
2087 NOTE: not fixed in testing at time of DSA (too young 1/2)
2088 [17 Nov 2005] DSA-898-1 phpgroupware - programming errors
2089 {CVE-2005-0870 CVE-2005-3347 CVE-2005-3348}
2090 [woody] - phpgroupware 0.9.14-0.RC3.2.woody5
2091 [sarge] - phpgroupware 0.9.16.005-3.sarge4
2092 NOTE: not fixed in testing at time of DSA (too young 1/2)
2093 [15 Nov 2005] DSA-897-1 phpsysinfo - programming errors
2094 {CVE-2005-0870 CVE-2005-3347 CVE-2005-3348}
2095 [woody] - phpsysinfo 2.0-3woody3
2096 [sarge] - phpsysinfo 2.3-4sarge1
2097 NOTE: not fixed in testing at time of DSA (unfixed in sid)
2098 [15 Nov 2005] DSA-896-1 linux-ftpd-ssl - buffer overflow
2099 {CVE-2005-3524}
2100 [sarge] - linux-ftpd-ssl 0.17.18+0.3-3sarge1
2101 NOTE: not fixed in testing at time of DSA (unfixed in sid)
2102 [14 Nov 2005] DSA-895-1 uim - programming error
2103 {CVE-2005-3149}
2104 [sarge] - uim 1:0.4.6final1-3sarge1
2105 NOTE: not fixed in testing at time of DSA (missing deps)
2106 [14 Nov 2005] DSA-894-1 abiword - buffer overflows
2107 {CVE-2005-2964 CVE-2005-2972}
2108 [woody] - abiword 1.0.2+cvs.2002.06.05-1woody3
2109 [sarge] - abiword 2.2.7-3sarge2
2110 NOTE: sid fix from DSA text in wrong, pinged security@
2111 NOTE: fixed in testing at time of DSA
2112 [14 Nov 2005] DSA-893-1 acidlab - missing input sanitising
2113 {CVE-2005-3325}
2114 [woody] - acidlab 0.9.6b20-2.1
2115 [sarge] - acidlab 0.9.6b20-10.1
2116 NOTE: fixed in testing at time of DSA
2117 [10 Nov 2005] DSA-892-1 awstats - missing input sanitising
2118 {CVE-2005-1527}
2119 [sarge] - awstats 6.4-1sarge1 (bug #322591; bug #334833; bug #336137; medium)
2120 [woody] - awstats <not-affected> (vulnerable code not present)
2121 NOTE: fixed in testing at time of DSA
2122 [09 Nov 2005] DSA-891-1 gpsdrive - format string
2123 {CVE-2005-3523}
2124 [sarge] - gpsdrive 2.09-2sarge1
2125 NOTE: not fixed in testing at time of DSA (DSA fix propagated to sid)
2126 [09 Nov 2005] DSA-890-1 libungif4 - several
2127 {CVE-2005-2974 CVE-2005-3350}
2128 [woody] - libungif4 4.1.0b1-2woody1
2129 [sarge] - libungif4 4.1.3-2sarge1
2130 NOTE: not fixed in testing at time of DSA (unfixed in sid)
2131 [08 Nov 2005] DSA-889-1 enigmail - programming error
2132 {CVE-2005-3256}
2133 [sarge] - enigmail 2:0.91-4sarge2
2134 NOTE: fixed in testing at time of DSA
2135 [07 Nov 2005] DSA-888-1 openssl - cryptographic weakness
2136 {CVE-2005-2969}
2137 [woody] - openssl 0.9.6c-2.woody.8
2138 [sarge] - openssl 0.9.7e-3sarge1
2139 NOTE: fixed in testing at time of DSA
2140 [07 Nov 2005] DSA-887-1 clamav - several
2141 {CVE-2005-3239 CVE-2005-3303 CVE-2005-3500 CVE-2005-3501}
2142 [sarge] - clamav 0.84-2.sarge.6
2143 NOTE: fixed in testing at time of DSA (unfixed in sid; DTSA issued)
2144 [07 Nov 2005] DSA-886-1 chmlib - several
2145 {CVE-2005-2659 CVE-2005-2930 CVE-2005-3318}
2146 [sarge] - chmlib 0.35-6sarge1
2147 NOTE: not fixed in testing at time of DSA (not built on all archs)
2148 [07 Nov 2005] DSA-885-1 openvpn - several
2149 {CVE-2005-3393 CVE-2005-3409}
2150 [sarge] - openvpn 2.0-1sarge2
2151 NOTE: not fixed in testing at time of DSA (too young 0/2 days)
2152 [07 Nov 2005] DSA-884-1 horde3 - design error
2153 {CVE-2005-3344}
2154 [sarge] - horde3 3.0.4-4sarge1
2155 NOTE: fixed in testing at time of DSA
2156 [04 Nov 2005] DSA-883-1 thttpd - insecure temporary file
2157 {CVE-2005-3124}
2158 [woody] - thttpd 2.21b-11.3
2159 [sarge] - thttpd 2.23beta1-3sarge1
2160 NOTE: fixed in testing at time of DSA (not present in testing/sid anymore)
2161 [04 Nov 2005] DSA-882-1 openssl095 - cryptographic weakness
2162 {CVE-2005-2969}
2163 [woody] - openssl095 0.9.5a-6.woody.6
2164 NOTE: fixed in testing at time of DSA (not present in testing/sid anymore)
2165 [04 Nov 2005] DSA-881-1 openssl096 - cryptographic weakness
2166 {CVE-2005-2969}
2167 [sarge] - openssl096 0.9.6m-1sarge1
2168 NOTE: fixed in testing at time of DSA (not present in testing/sid anymore)
2169 [02 Nov 2005] DSA-880-1 phpmyadmin - several
2170 {CVE-2005-2869 CVE-2005-3300 CVE-2005-3301 CVE-2005-3787}
2171 [woody] - phpmyadmin <unfixed>
2172 [sarge] - phpmyadmin 4:2.6.2-3sarge1
2173 NOTE: fixed in testing at time of DSA
2174 [02 Nov 2005] DSA-879-1 gallery - programming error
2175 {CVE-2005-2596}
2176 [woody] - gallery <not-affected> (Not affected, according to DSA-879)
2177 [sarge] - gallery 1.5-1sarge1
2178 NOTE: fixed in testing at time of DSA
2179 [28 Oct 2005] DSA-878-1 netpbm-free - buffer overflow
2180 {CVE-2005-2978}
2181 [woody] - netpbm-free <not-affected> (Does not contain the vulnerable code)
2182 [sarge] - netpbm-free 2:10.0-8sarge1
2183 NOTE: not fixed in testing at time of DSA (png transition)
2184 [28 Oct 2005] DSA-877-1 gnump3d - cross-site-scripting, directory traversal
2185 {CVE-2005-3123 CVE-2005-3424 CVE-2005-3425}
2186 [sarge] - gnump3d 2.9.3-1sarge2
2187 NOTE: not fixed in testing at time of DSA (unfixed in sid)
2188 [27 Oct 2005] DSA-876-1 lynx-ssl - buffer overflow
2189 {CVE-2005-3120}
2190 [woody] - lynx 2.8.4.1b-3.2
2191 [sarge] - lynx 2.8.5-2sarge1
2192 NOTE: not fixed in testing at time of DSA (lynx provides now TLS support; unfixed in sid)
2193 [27 Oct 2005] DSA-875-1 openssl094 - cryptographic weakness
2194 {CVE-2005-2969}
2195 [woody] - openssl094 0.9.4-6.woody.4
2196 NOTE: fixed in testing at time of DSA (not present in testing/sid anymore)
2197 [27 Oct 2005] DSA-874-1 lynx - buffer overflow
2198 {CVE-2005-3120}
2199 [woody] - lynx 2.8.4.1b-3.3
2200 [sarge] - lynx 2.8.5-2sarge1
2201 NOTE: not fixed in testing at time of DSA (unfixed in sid)
2202 [26 Oct 2005] DSA-873-1 net-snmp - programming error
2203 {CVE-2005-2177}
2204 [sarge] - net-snmp 5.1.2-6.2
2205 NOTE: not fixed in testing at time of DSA (libsnmp transition)
2206 [26 Oct 2005] DSA-872-1 koffice - buffer overflow
2207 {CVE-2005-2971}
2208 [sarge] - koffice 1:1.3.5-4.sarge.1
2209 NOTE: not fixed in testing at time of DSA (KDE transition)
2210 [25 Oct 2005] DSA-871-1 libgda2 - format string
2211 {CVE-2005-2958}
2212 [woody] - libgda <not-affected> (Does not contain the vulnerable code)
2213 [sarge] - libgda2 1.2.1-2sarge1
2214 NOTE: not fixed in testing at time of DSA (waiting on deps)
2215 [25 Oct 2005] DSA-870-1 sudo - missing input sanitising
2216 {CVE-2005-2959}
2217 [woody] - sudo 1.6.6-1.4
2218 [sarge] - sudo 1.6.8p7-1.2
2219 NOTE: fixed in testing at time of DSA
2220 [20 Oct 2005] DSA-869-1 eric - missing input sanitising
2221 {CVE-2005-3068}
2222 [sarge] - eric 3.6.2-2
2223 NOTE: not fixed in testing at time of DSA (KDE/qt transition)
2224 [20 Oct 2005] DSA-868-1 mozilla-thunderbird - several
2225 {CVE-2005-2871 CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706 CVE-2005-2707 CVE-2005-2968}
2226 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.7
2227 NOTE: not fixed in testing at time of DSA (missing builds)
2228 [20 Oct 2005] DSA-867-1 module-assistant - insecure temporary file
2229 {CVE-2005-3121}
2230 [sarge] - module-assistant 0.9sarge1
2231 NOTE: fixed in testing at time of DSA
2232 [20 Oct 2005] DSA-866-1 mozilla - several
2233 {CVE-2005-2871 CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706 CVE-2005-2707}
2234 [woody] - mozilla <unfixed>
2235 [sarge] - mozilla 1:1.7.8-1sarge3
2236 NOTE: not fixed in testing at time of DSA (missing hppa, RC bugs)
2237 NOTE: DSA claims to fix CVE-2005-2968 and contains a patch. But
2238 NOTE: mozilla-browser 1.7.8-1sarge2 does not contain the
2239 NOTE: wrapper script in a vulnerable version.
2240 [13 Oct 2005] DSA-865-1 hylafax - insecure temporary files
2241 {CVE-2005-3069}
2242 [woody] - hylafax 1:4.1.1-3.2
2243 [sarge] - hylafax 1:4.2.1-5sarge1
2244 NOTE: not fixed in testing at time of DSA (missing arm)
2245 [13 Oct 2005] DSA-864-1 ruby1.8 - programming error
2246 {CVE-2005-2337}
2247 [sarge] - ruby1.8 1.8.2-7sarge2
2248 NOTE: not fixed in testing at time of DSA (RC bugs)
2249 [12 Oct 2005] DSA-863-1 xine-lib - format string vulnerability
2250 {CVE-2005-2967}
2251 [woody] - xine-lib 0.9.8-2woody4
2252 [sarge] - xine-lib 1.0.1-1sarge1
2253 NOTE: not fixed in testing at time of DSA (unfixed in sid)
2254 [11 Oct 2005] DSA-862-1 ruby1.6 - programming error
2255 {CVE-2005-2337}
2256 [sarge] - ruby1.6 1.6.8-12sarge1
2257 NOTE: not fixed in testing at time of DSA (RC bugs)
2258 [11 Oct 2005] DSA-861-1 up-imap - buffer overflow
2259 {CVE-2005-2933}
2260 [sarge] - uw-imap 7:2002edebian1-11sarge1
2261 NOTE: not fixed in testing at time of DSA (unfixed in sid)
2262 [11 Oct 2005] DSA-860-1 ruby - programming error
2263 {CVE-2005-2337}
2264 [woody] - ruby 1.6.7-3woody5
2265 NOTE: fixed in testing at time of DSA (woody-only DSA)
2266 [10 Oct 2005] DSA-859-1 xli - buffer overflows
2267 {CVE-2005-3178}
2268 [woody] - xli 1.17.0-11woody2
2269 [sarge] - xli 1.17.0-18sarge1
2270 NOTE: not fixed in testing at time of DSA (unfixed in sid)
2271 [10 Oct 2005] DSA-858-1 xloadimage - buffer overflows
2272 {CVE-2005-3178}
2273 [woody] - xloadimage 4.1-10woody2 (bug #332524; medium)
2274 [sarge] - xloadimage 4.1-14.3
2275 NOTE: not fixed in testing at time of DSA (too young)
2276 [10 Oct 2005] DSA-857-1 graphviz - insecure temporary file
2277 {CVE-2005-4803}
2278 [sarge] - graphviz 2.2.1-1sarge1 (low)
2279 NOTE: fixed in testing at time of DSA
2280 [10 Oct 2005] DSA-856-1 py2play - design error
2281 {CVE-2005-2875}
2282 [sarge] - py2play 0.1.7-1sarge1 (bug #326976; medium)
2283 NOTE: fixed in testing at time of DSA
2284 [10 Oct 2005] DSA-855-1 weex - format string vulnerability
2285 {CVE-2005-3150}
2286 [sarge] - weex 2.6.1-6sarge1 (bug #332424; medium)
2287 [woody] - weex 2.6.1-4woody2 (bug #332424; medium)
2288 NOTE: not fixed in testing at time of DSA (DSA fix propagated to sid)
2289 [09 Oct 2005] DSA-854-1 tcpdump - infinite loop
2290 {CVE-2005-1267}
2291 [sarge] - tcpdump 3.8.3-5sarge1
2292 [woody] - tcpdump <not-affected> (not affected according to DSA)
2293 NOTE: fixed in testing at time of DSA
2294 [09 Oct 2005] DSA-853-1 ethereal - several
2295 {CVE-2005-2360 CVE-2005-2361 CVE-2005-2363 CVE-2005-2364 CVE-2005-2365 CVE-2005-2366 CVE-2005-2367}
2296 [woody] - ethereal 0.9.4-1woody13
2297 [sarge] - ethereal 0.10.10-2sarge3
2298 NOTE: not fixed in testing at time of DSA (not fixed in unstable)
2299 [08 Oct 2005] DSA-852-1 up-imapproxy - arbitrary code execution
2300 {CVE-2005-2661}
2301 [sarge] - up-imapproxy 1.2.3-1sarge1
2302 NOTE: not fixed in testing at time of DSA (not fixed in unstable)
2303 [08 Oct 2005] DSA-851-1 openvpn - denial of service
2304 {CVE-2005-2531 CVE-2005-2532 CVE-2005-2533 CVE-2005-2534}
2305 [sarge] - openvpn 2.0-1sarge1
2306 NOTE: fixed in testing at time of DSA
2307 [08 Oct 2005] DSA-850-1 tcpdump - denial of service
2308 {CVE-2005-1279}
2309 [woody] - tcpdump 3.6.2-2.9
2310 NOTE: fixed in testing at time of DSA (woody-only DSA)
2311 [08 Oct 2005] DSA-849-1 shorewall - programming error
2312 {CVE-2005-2317}
2313 [woody] - shorewall <not-affected> (vulnerable code not yet present)
2314 [sarge] - shorewall 2.2.3-2
2315 NOTE: fixed in testing at time of DSA
2316 [08 Oct 2005] DSA-848-1 masqmail - several
2317 {CVE-2005-2662 CVE-2005-2663}
2318 [woody] - masqmail 0.1.16-2.2
2319 [sarge] - masqmail 0.2.20-1sarge1
2320 NOTE: not fixed in testing at time of DSA (not fixed in unstable)
2321 [08 Oct 2005] DSA-847-1 dia - missing input sanitising
2322 {CVE-2005-2966}
2323 [sarge] - dia 0.94.0-7sarge1 (bug #330890; medium)
2324 [woody] - dia <not-affected> (not affected according to DSA)
2325 NOTE: not fixed in testing at time of DSA, missing sparc build, gcc-4.0
2326 [07 Oct 2005] DSA-846-1 cpio - several
2327 {CVE-2005-1111 CVE-2005-1229}
2328 [woody] - cpio 2.4.2-39woody2
2329 [sarge] - cpio 2.5-1.3
2330 NOTE: fixed in testing at time of DSA
2331 [06 Oct 2005] DSA-845-1 mason - programming error
2332 {CVE-2005-3118}
2333 [woody] - mason 0.13.0.92-2woody1
2334 [sarge] - mason 1.0.0-2.2
2335 NOTE: fixed in testing at time of DSA
2336 [05 Oct 2005] DSA-844-1 mod-auth-shadow - programming error
2337 {CVE-2005-2963}
2338 [woody] - mod-auth-shadow 1.3-3.1woody.2
2339 [sarge] - mod-auth-shadow 1.4-1sarge1
2340 NOTE: not fixed in testing at time of DSA (missing m68k)
2341 [05 Oct 2005] DSA-843-1 arc - insecure temporary file
2342 {CVE-2005-2945 CVE-2005-2992}
2343 [sarge] - arc 5.21l-1sarge1
2344 NOTE: fixed in testing at time of DSA
2345 [04 Oct 2005] DSA-842-1 egroupware - missing input sanitising
2346 {CVE-2005-2498}
2347 [sarge] - egroupware 1.0.0.007-2.dfsg-2sarge2
2348 NOTE: fixed in testing at time of DSA
2349 [04 Oct 2005] DSA-841-1 mailutils - format string vulnerability
2350 {CVE-2005-2878}
2351 [woody] - mailutils <not-affected> (not affected according to DSA)
2352 [sarge] - mailutils 1:0.6.1-4sarge1
2353 NOTE: not fixed in testing at time of DSA (missing arm)
2354 [04 Jul 2005] DSA-840-1 drupal - missing input sanitising
2355 {CVE-2005-2498}
2356 [sarge] - drupal 4.5.3-4
2357 NOTE: fixed in testing at time of DSA
2358 [04 Oct 2005] DSA-839-1 apachetop - insecure temporary file
2359 {CVE-2005-2660}
2360 [sarge] - apachetop 0.12.5-1sarge1
2361 NOTE: not fixed in testing at time of DSA (not built on m68k, waiting on gcc-4)
2362 [03 Oct 2005] DSA-838-1 mozilla-firefox - multiple vulnerabilities
2363 {CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706 CVE-2005-2707}
2364 [sarge] - mozilla-firefox 1.0.4-2sarge5
2365 NOTE: not fixed in testing at time of DSA (not built on arm, silly RC bugs)
2366 [02 Oct 2005] DSA-837-1 mozilla-firefox - buffer overflow
2367 {CVE-2005-2871}
2368 [sarge] - mozilla-firefox 1.0.4-2sarge4 (medium; bug #327452)
2369 NOTE: not fixed in testing at time of DSA (not built on arm, silly RC bugs)
2370 [01 Oct 2005] DSA-836-1 cfengine2 - insecure temporary files
2371 {CVE-2005-2960 CVE-2005-3137}
2372 [sarge] - cfengine2 2.1.14-1sarge1
2373 NOTE: not fixed in testing at time of DSA (unfixed in sid)
2374 NOTE: No bug exists for this issue
2375 [01 Oct 2005] DSA-835-1 cfengine - insecure temporary files
2376 {CVE-2005-2960 CVE-2005-3137}
2377 [woody] - cfengine 1.6.3-9woody1
2378 [sarge] - cfengine 1.6.5-1sarge1
2379 NOTE: not fixed in testing at time of DSA (unfixed in sid)
2380 NOTE: No bug exists for this issue
2381 [01 Oct 2005] DSA-834-1 prozilla - buffer overflow
2382 {CVE-2005-2961}
2383 [woody] - prozilla 1:1.3.6-3woody3
2384 NOTE: Prozilla has been removed before Sarge release
2385 [30 Sep 2005] DSA-832-1 gopher - buffer overflows
2386 {CVE-2005-2772}
2387 [woody] - gopher 3.0.3woody4
2388 [sarge] - gopher 3.0.7sarge2
2389 NOTE: fixed in testing at time of DSA
2390 [30 Sep 2005] DSA-831-1 mysql-dfsg-4.1 - several
2391 {CVE-2005-2558}
2392 [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge2
2393 NOTE: not fixed in testing at time of DSA (waiting on gmp, missing builds)
2394 [30 Sep 2005] DSA-830-1 ntlmaps - wrong permissions
2395 {CVE-2005-2962}
2396 [sarge] - ntlmaps 0.9.9-2sarge1
2397 NOTE: fixed in testing at time of DSA
2398 [30 Sep 2005] DSA-829-1 mysql - several
2399 {CVE-2005-2558}
2400 [woody] - mysql 3.23.49-8.14
2401 NOTE: fixed in testing at time of DSA
2402 [30 Sep 2005] DSA-828-1 squid - several
2403 {CVE-2005-2917}
2404 [woody] - squid <not-affected> (not affected according to DSA)
2405 [sarge] - squid 2.5.9-10sarge2
2406 NOTE: fixed in testing at time of DSA
2407 [07 Nov 2005] DSA-809-3 squid - assertion error
2408 {CVE-2005-2794}
2409 [woody] - squid 2.4.6-2woody11
2410 [sarge] - squid 2.5.9-10sarge1
2411 NOTE: fixed in testing at time of DSA
2412 NOTE: -1 and -2 had regressions
2413 [29 Sep 2005] DSA-827-1 backupninja - insecure temporary file creation
2414 {CVE-2005-3111}
2415 [sarge] - backupninja 0.5-3sarge1 (medium)
2416 NOTE: not fixed in testing at time of DSA (too young 1/2 days)
2417 [29 Sep 2005] DSA-826-1 helix-player - multiple
2418 {CVE-2005-1766 CVE-2005-2710}
2419 [sarge] - helix-player 1.0.4-1sarge1 (high)
2420 NOTE: not fixed in testing at time of DSA
2421 [29 Sep 2005] DSA-825-1 loop-aes-utils - privilege escalation
2422 {CVE-2005-2876}
2423 [sarge] - loop-aes-utils 2.12p-4sarge1 (medium)
2424 NOTE: fixed in testing at the time of the DSA
2425 [29 Sep 2005] DSA-823-1 util-linux - privilege escalation
2426 {CVE-2005-2876}
2427 [woody] - util-linux 2.11n-7woody1 (high)
2428 [sarge] - util-linux 2.12p-4sarge1 (high)
2429 NOTE: not fixed in testing at time of DSA
2430 [29 Sep 2005] DSA-822-1 gtkdiskfree - insecure temporary file creation
2431 {CVE-2005-2918}
2432 [sarge] - gtkdiskfree 1.9.3-4sarge1 (bug #328566; medium)
2433 NOTE: not fixed even in unstable at time of DSA
2434 [29 Sep 2005] DSA-824-1 clamav - infinite loop, buffer overflow
2435 {CVE-2005-2919 CVE-2005-2920}
2436 [sarge] - clamav 0.84-2.sarge.4 (high)
2437 NOTE: not fixed in testing at time of DSA
2438 [28 Sep 2005] DSA-797-2 zsync - buffer overflow
2439 {CVE-2005-1849 CVE-2005-2096}
2440 NOTE: An upload to fix a build failure on i386
2441 [28 Sep 2005] DSA-821-1 python2.3 - integer overflow
2442 {CVE-2005-2491}
2443 [sarge] - python2.3 2.3.5-3sarge1 (medium)
2444 NOTE: not fixed in testing at time of DSA (waiting on gmp)
2445 NOTE: python2.3 is not in woody
2446 [24 Sep 2005] DSA-820-1 courier - missing input sanitising
2447 {CVE-2005-2820 CVE-2005-2769}
2448 [woody] - courier 0.37.3-2.7 (medium)
2449 [sarge] - courier 0.47-4sarge3 (medium)
2450 NOTE: fixed in testing at time of DSA
2451 NOTE: CVE-2005-2769 listed as fixed in the changelog, missing from
2452 NOTE: DSA.
2453 [23 Sep 2005] DSA-819-1 python2.1 - integer overflow
2454 {CVE-2005-2491}
2455 [woody] - python2.1 2.1.3-3.4 (medium)
2456 [sarge] - python2.1 2.1.3dfsg-1sarge1 (medium)
2457 NOTE: not fixed in testing at time of DSA (waiting on gmp)
2458 [22 Sep 2005] DSA-818-1 kdeedu - insecure temporary files
2459 {CVE-2005-2101}
2460 [sarge] - kdeedu 4:3.3.2-3.sarge.1 (low)
2461 NOTE: not fixed in testing at time of DSA
2462 NOTE: woody is not affected according to the DSA
2463 [22 Sep 2005] DSA-817-1 python2.2 - integer overflow
2464 {CVE-2005-2491}
2465 [woody] - python2.2 2.2.1-4.8 (bug #324531; medium)
2466 [sarge] - python2.2 2.2.3dfsg-2sarge1 (bug #324531; medium)
2467 NOTE: not fixed in testing at time of DSA (waiting on gmp)
2468 [19 Sep 2005] DSA-816-1 xfree86 - integer overflow
2469 { VU#102441 }
2470 {CVE-2005-2495}
2471 [woody] - xfree86 4.1.0-16woody7
2472 [sarge] - xfree86 4.3.0.dfsg.1-14sarge1
2473 NOTE: not fixed in testing at time of DSA (waiting on gcc, which is waiting on gmp)
2474 [16 Sep 2005] DSA-815-1 kdebase - programming error
2475 {CVE-2005-2494}
2476 [sarge] - kdebase 4:3.3.2-1sarge1 (bug #327039; medium)
2477 [woody] - kdebase <not-affected> (according to the DSA)
2478 NOTE: not fixed in testing at time of DSA (not even fixed in unstable)
2479 [15 Sep 2005] DSA-814-1 lm-sensors - insecure temporary file
2480 {CVE-2005-2672}
2481 [sarge] - lm-sensors 1:2.9.1-1sarge2 (bug #324193)
2482 [woody] - lm-sensors <not-affected> (according to DSA)
2483 NOTE: not fixed in testing at time of DSA (waiting on rrdtool, which is waiting on perl)
2484 [15 Sep 2005] DSA-813-1 centericq - several
2485 {CVE-2005-2369 CVE-2005-2370 CVE-2005-2448}
2486 [woody] - centericq <not-affected> (according to DSA)
2487 [sarge] - centericq 4.20.0-1sarge2
2488 NOTE: fixed in testing in time of DSA
2489 [15 Sep 2005] DSA-812-1 turqstat - buffer overflow
2490 {CVE-2005-2658}
2491 [woody] - turqstat 2.2.1woody1 (medium)
2492 [sarge] - turqstat 2.2.2sarge1 (medium)
2493 NOTE: not fixed in testing at time of DSA (waiting on qt, borked on m68k)
2494 [21 Nov 2005] DSA-811-2 common-lisp-controller - design error
2495 {CVE-2005-2657}
2496 [woody] - common-lisp-controller <not-affected> (according to the DSA)
2497 [sarge] - common-lisp-controller 4.15sarge3 (bug #328633; medium)
2498 NOTE: Original sarge2 fix had regressions
2499 NOTE: fixed in testing at time of DSA
2500 [13 Sep 2005] DSA-810-1 mozilla - several
2501 {CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2263 CVE-2005-2265 CVE-2005-2266 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270}
2502 [sarge] - mozilla 2:1.7.8-1sarge2 (medium)
2503 NOTE: not fixed in testing at time of DSA (buggy and TBS)
2504 [13 Sep 2005] DSA-809-1 squid - several
2505 {CVE-2005-2794 CVE-2005-2796}
2506 [sarge] - squid 2.5.9-10sarge1 (medium)
2507 NOTE: not fixed in testing at time of DSA (too young)
2508 [12 Sep 2005] DSA-808-1 tdiary - design error
2509 {CVE-2005-2411}
2510 [sarge] - tdiary 2.0.1-1sarge1 (medium)
2511 NOTE: fixed in testing at time of DSA
2512 [12 Sep 2005] DSA-807-1 libapache-mod-ssl - acl restriction bypass
2513 {CVE-2005-2700}
2514 [woody] - libapache-mod-ssl 2.8.9-2.5 (medium)
2515 [sarge] - libapache-mod-ssl 2.8.22-1sarge1 (medium)
2516 NOTE: not fixed in testing at time of DSA (too young)
2517 [09 Sep 2005] DSA-806-1 gcvs - insecure temporary files
2518 {CVE-2005-2693}
2519 [woody] - gcvs 1.0a7-2woody1 (low)
2520 [sarge] - gcvs 1.0final-5sarge1 (low)
2521 NOTE: fixed in testing at time of DSA
2522 [08 Sep 2005] DSA-805-1 apache2 - several
2523 {CVE-2005-1268 CVE-2005-2088 CVE-2005-2700 CVE-2005-2728}
2524 [sarge] - apache2 2.0.54-5 (medium)
2525 NOTE: not fixed in testing at time of DSA (too young)
2526 [08 Sep 2005] DSA-804-2 kdelibs - insecure permissions
2527 {CVE-2005-1920}
2528 [sarge] - kdelibs 4:3.3.2-6.3 (medium)
2529 NOTE: fixed in testing at time of DSA
2530 NOTE: original fix from -1 was only included, not applied
2531 [07 Sep 2005] DSA-803-1 apache - programming error
2532 {CVE-2005-2088}
2533 [woody] - apache 1.3.26-0woody7 (medium)
2534 [sarge] - apache 1.3.33-6sarge1 (medium)
2535 NOTE: not fixed in testing at time of DSA (too young)
2536 [07 Sep 2005] DSA-802-1 cvs - insecure temporary files
2537 {CVE-2005-2693}
2538 [woody] - cvs 1.11.1p1debian-13 (low)
2539 NOTE: not exposed in sarge according to the DSA
2540 NOTE: fixed in testing at time of DSA
2541 [05 Sep 2005] DSA-801-1 ntp - programming error
2542 {CVE-2005-2496}
2543 [sarge] - ntp 1:4.2.0a+stable-2sarge1 (medium)
2544 [woody] - ntp <not-affected> (not affected according to DSA)
2545 NOTE: not fixed in testing at time of DSA (RC bugs)
2546 [02 Sep 2005] DSA-800-1 pcre3 - integer overflow
2547 {CVE-2005-2491}
2548 [woody] - pcre3 3.4-1.1woody1
2549 [sarge] - pcre3 4.5-1.2sarge1
2550 NOTE: not fixed in testing at time of DSA (glibc transition)
2551 NOTE: however, fixed in secure-testing archive
2552 [02 Sep 2005] DSA-799-1 webcalendar - input validation
2553 {CVE-2005-2717}
2554 [sarge] - webcalendar 0.9.45-4sarge2 (bug #326223; high)
2555 NOTE: not fixed in testing at time of DSA (coordinated disclosure)
2556 [02 Sep 2005] DSA-798-1 phpgroupware - several
2557 {CVE-2005-2498 CVE-2005-2600 CVE-2005-2761}
2558 [woody] - phpgroupware <not-affected> (according to the DSA)
2559 [sarge] - phpgroupware 0.9.16.005-3.sarge2 (high)
2560 NOTE: not fixed in testing at time of DSA (too young)
2561 [01 Sep 2005] DSA-797-1 zsync - buffer overflow
2562 {CVE-2005-1849 CVE-2005-2096}
2563 [sarge] - zsync 0.3.3-1.sarge.1 (medium)
2564 NOTE: fixed in testing at time of DSA
2565 [01 Sep 2005] DSA-796-1 affix - unsafe use of popen
2566 {CVE-2005-2716}
2567 [sarge] - affix 2.1.1-3 (medium)
2568 NOTE: not fixed in testing at time of DSA (glibc transition, builds)
2569 [01 Sep 2005] DSA-795-2 proftpd - format string error
2570 {CVE-2005-2390}
2571 [woody] - proftpd <not-affected> (not affected according to the DSA)
2572 [sarge] - proftpd 1.2.10-15sarge1 (medium)
2573 NOTE: fixed in testing at time of DSA
2574 NOTE: Initial -1 release had a build problem
2575 [01 Sep 2005] DSA-794-1 polygen - programming error
2576 {CVE-2005-2656}
2577 [sarge] - polygen 1.0.6-7sarge1 (low)
2578 NOTE: not fixed in testing at time of DSA (too young)
2579 [21 Aug 2005] DSA-779-2 mozilla-firefox - several
2580 NOTE: Essentially 1.0.6 with rolled-back version number, backported version had regressions
2581 {CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270}
2582 [sarge] - mozilla-firefox 1.0.4-2sarge3 (medium)
2583 NOTE: not fixed in testing at time of DSA (waiting on dependencies)
2584 NOTE: Fixed in DTSA, which will have the same regressions, should be checked/reverted
2585 [01 Sep 2005] DSA-793-1 courier - missing input sanitising
2586 {CVE-2005-2724}
2587 [woody] - courier 0.37.3-2.6 (medium)
2588 [sarge] - courier 0.47-4sarge2 (medium)
2589 NOTE: not fixed in testing at time of DSA (glibc transition, too young)
2590 [31 Aug 2005] DSA-792-1 pstotext - missing input sanitising
2591 {CVE-2005-2536}
2592 [woody] - pstotext 1.8g-5woody1 (medium)
2593 [sarge] - pstotext 1.9-1sarge1 (medium)
2594 NOTE: not fixed in testing at time of DSA (glibc transition, builds)
2595 [30 Aug 2005] DSA-791-1 maildrop - missing privilege release
2596 {CVE-2005-2655}
2597 [sarge] - maildrop 1.5.3-1.1sarge1
2598 [woody] - maildrop <not-affected> (not affected according to the DSA)
2599 NOTE: not fixed in testing at time of DSA (glibc transition)
2600 NOTE: but fixed in secure-testing repo
2601 [30 Aug 2005] DSA-790-1 phpldapadmin - programming error
2602 {CVE-2005-2654}
2603 [sarge] - phpldapadmin 0.9.5-3sarge2 (medium)
2604 NOTE: fixed in testing at time of DSA
2605 [29 Aug 2005] DSA-789-1 php4 - several
2606 {CVE-2005-1751 CVE-2005-1921 CVE-2005-2498}
2607 [woody] - php4 4:4.1.2-7.woody5 (high)
2608 [sarge] - php4 4:4.3.10-16 (high)
2609 NOTE: not fixed in testing at time of DSA (not uploaded yet)
2610 [29 Aug 2005] DSA-788-1 kismet - several
2611 {CVE-2005-2626 CVE-2005-2627}
2612 [woody] - kismet <not-affected> (not affected according to DSA)
2613 [sarge] - kismet 2005.04.R1-1sarge1 (medium)
2614 NOTE: not fixed in testing at time of DSA (glibc transition)
2615 NOTE: but fixed in secure-testing repo
2616 [26 Aug 2005] DSA-787-1 backup-manager - insecure permissions and tempfile
2617 {CVE-2005-1855 CVE-2005-1856}
2618 [sarge] - backup-manager 0.5.7-1sarge1 (medium)
2619 NOTE: fixed in testing at time of DSA
2620 [26 Aug 2005] DSA-786-1 simpleproxy - format string vulnerability
2621 {CVE-2005-1857}
2622 [sarge] - simpleproxy 3.2-3sarge1 (medium)
2623 NOTE: not fixed in testing at time of DSA (embargoed disclosure)
2624 [25 Aug 2005] DSA-785-1 libpam-ldap - authentication bypass
2625 {CVE-2005-2641 CVE-2005-2069}
2626 [woody] - libpam-ldap <not-affected> (not affected according to DSA)
2627 [sarge] - libpam-ldap 178-1sarge1 (medium)
2628 NOTE: not fixed in testing at time of DSA (embargoed disclosure)
2629 [25 Aug 2005] DSA-784-1 courier - programming error
2630 {CVE-2005-2151}
2631 [woody] - courier <not-affected> (no SPF support)
2632 [sarge] - courier 0.47-4sarge1 (low)
2633 NOTE: not fixed in testing at time of DSA (glibc transition)
2634 [24 Aug 2005] DSA-783-1 mysql-dfsg-4.1 - insecure temporary file
2635 {CVE-2005-1636}
2636 [sarge] - mysql-dfsg-4.1 4.1.11a-4sarge1 (low)
2637 [23 Aug 2005] DSA-782-1 bluez-utils - missing input sanitising
2638 {CVE-2005-2547}
2639 [sarge] - bluez-utils 2.15-1.1 (high)
2640 NOTE: not fixed in testing at time of DSA (missing builds)
2641 [23 Aug 2005] DSA-781-1 mozilla-thunderbird - several
2642 {CVE-2005-0989 CVE-2005-1159 CVE-2005-1160 CVE-2005-1532 CVE-2005-2261 CVE-2005-2265 CVE-2005-2266 CVE-2005-2269 CVE-2005-2270}
2643 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.6 (medium)
2644 NOTE: not fixed in testing at time of DSA (missing builds)
2645 [22 Aug 2005] DSA-780-1 kdegraphics - wrong input sanitising
2646 {CVE-2005-2097}
2647 [woody] - kdegraphics <not-affected> (not affected according to DSA)
2648 [sarge] - kdegraphics 4:3.3.2-2sarge1 (bug #322458; low)
2649 NOTE: not fixed in testing at time of DSA (nor in unstable; C++ ABI transition)
2650 [21 Aug 2005] DSA-779-1 mozilla-firefox - several
2651 {CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270}
2652 [sarge] - mozilla-firefox 1.0.4-2sarge2 (medium)
2653 NOTE: not fixed in testing at time of DSA (build and deps)
2654 [19 Aug 2005] DSA-778-1 mantis - missing input sanitising
2655 {CVE-2005-2556 CVE-2005-2557}
2656 [sarge] - mantis 0.19.2-4 (medium)
2657 NOTE: not fixed in testing at time of DSA (nor unstable)
2658 [17 Aug 2005] DSA-777-1 mozilla - frame injection spoofing
2659 {CVE-2004-0718 CVE-2005-1937}
2660 [sarge] - mozilla 2:1.7.8-1sarge1 (medium)
2661 NOTE: not fixed in testing at time of DSA (waiting on builds)
2662 [16 Aug 2005] DSA-776-1 clamav - integer overflows, infinite loop
2663 {CVE-2005-2450}
2664 [sarge] - clamav 0.84-2.sarge.2 (medium)
2665 NOTE: not fixed in testing at time of DSA (waiting on dependencies)
2666 [12 Aug 2005] DSA-775-1 mozilla-firefox - frame injection spoofing
2667 {CVE-2004-0718 CVE-2005-1937}
2668 [sarge] - mozilla-firefox 1.0.4-2sarge1 (medium)
2669 NOTE: IMO the information about the sid fix in the DSA is wrong, pinged security@
2670 NOTE: fixed in testing at time of DSA
2671 [12 Aug 2005] DSA-774-1 fetchmail - buffer overflow
2672 {CVE-2005-2335}
2673 [woody] - fetchmail <not-affected> (not affected according to DSA)
2674 [sarge] - fetchmail 6.2.5-12sarge1 (medium)
2675 NOTE: fixed in testing at time of DSA
2676 [11 Aug 2005] DSA-773-1 New amd64 packages fix several bugs
2677 NOTE: amd64 catch-up DSA, no new holes
2678 [03 Aug 2005] DSA-772-1 apt-cacher - missing input sanitising
2679 {CVE-2005-1854}
2680 [sarge] - apt-cacher 0.9.4sarge1 (high)
2681 NOTE: not fixed in testing at time of DSA (not uploaded to unstable yet)
2682 [01 Aug 2005] DSA-771-1 pdns - several
2683 {CVE-2005-2301 CVE-2005-2302}
2684 [sarge] - pdns 2.9.17-13sarge1 (medium)
2685 NOTE: not fixed in testing at time of DSA (too young)
2686 [29 Jul 2005] DSA-770-1 gopher - insecure tmpfile handling
2687 {CVE-2005-1853}
2688 [woody] - gopher 3.0.3woody3
2689 [sarge] - gopher 3.0.7sarge1
2690 NOTE: not fixed in testing at time of DSA (Debian server outage)
2691 [29 Jul 2005] DSA-769-1 gaim - memory alignment bug
2692 {CVE-2005-2370}
2693 [sarge] - gaim 1:1.2.1-1.4 (low)
2694 NOTE: not fixed in testing at time of DSA (?)
2695 [27 Jul 2005] DSA-768-1 phpbb2 - missing input validation
2696 {CVE-2005-2161}
2697 [sarge] - phpbb2 2.0.13+1-6sarge1
2698 NOTE: not fixed in testing at time of DSA (Debian server outage)
2699 [27 Jul 2005] DSA-767-1 ekg - integer overflows
2700 {CVE-2005-1852}
2701 [sarge] - ekg 1:1.5+20050411-5 (medium)
2702 NOTE: not fixed in testing at time of DSA (Debian server outage)
2703 [26 Jul 2005] DSA-766-1 webcalendar - authorisation failure
2704 {CVE-2005-2320}
2705 [sarge] - webcalendar 0.9.45-4sarge1 (medium)
2706 NOTE: not fixed in testing at time of DSA (Debian server outage)
2707 [22 Jul 2005] DSA-765-1 heimdal - buffer overflow
2708 {CVE-2005-0469}
2709 [woody] - heimdal 0.4e-7.woody.11 (medium)
2710 NOTE: fixed in testing at time of DSA
2711 [21 Jul 2005] DSA-764-1 cacti - several
2712 {CVE-2005-1524 CVE-2005-1525 CVE-2005-1526 CVE-2005-2148 CVE-2005-2149}
2713 [woody] - cacti 0.6.7-2.5 (high)
2714 [sarge] - cacti 0.8.6c-7sarge2 (high)
2715 NOTE: fixed in testing at time of DSA
2716 NOTE: DSA information is incorrect, sid fix is 6f, not 6e
2717 [20 Jul 2005] DSA-763-1 zlib - buffer overflow
2718 {CVE-2005-1849}
2719 [woody] - zlib <not-affected> (vulnerable code introduced later)
2720 [sarge] - zlib 1:1.2.2-4.sarge.2 (medium)
2721 NOTE: not fixed in testing at time of DSA (only 1/2 days old, not built on s390)
2722 [19 Jul 2005] DSA-762-1 affix - several
2723 {CVE-2005-2250 CVE-2005-2277}
2724 [sarge] - affix 2.1.1-2 (medium)
2725 NOTE: not fixed in testing at time of DSA (only 2/2 days old)
2726 [19 Jul 2005] DSA-761-2 heartbeat - insecure temporary files
2727 {CVE-2005-2231}
2728 [woody] - heartbeat 0.4.9.0l-7.3 (medium)
2729 [sarge] - heartbeat 1.2.3-9sarge3 (medium)
2730 NOTE: not fixed in testing at time of DSA (only 0/2 days old)
2731 [18 Jul 2005] DSA-760-1 ekg - several
2732 {CVE-2005-1850 CVE-2005-1851 CVE-2005-1916}
2733 [sarge] - ekg 1:1.5+20050411-4 (low)
2734 NOTE: not fixed in testing at time of DSA (waiting on dependencies, not built on five archs)
2735 [18 Jul 2005] DSA-759-1 phppgadmin - missing input sanitising
2736 {CVE-2005-2256}
2737 [woody] - phppgadmin <not-affected> (not affected according to the DSA)
2738 [sarge] - phppgadmin 3.5.2-5 (medium)
2739 NOTE: not fixed in testing at time of DSA (only 0/10 days old)
2740 [18 Jul 2005] DSA-758-1 heimdal - buffer overflow
2741 {CVE-2005-2040}
2742 [woody] - heimdal 0.4e-7.woody.10 (medium)
2743 [sarge] - heimdal 0.6.3-10sarge1 (medium)
2744 NOTE: not fixed in testing at time of DSA (waiting on dependencies)
2745 [17 Jul 2005] DSA-757-1 krb5 - buffer overflow, double-free memory
2746 {CVE-2005-1689 CVE-2005-1174 CVE-2005-1175}
2747 [woody] - krb5 1.2.4-5woody10 (medium)
2748 [sarge] - krb5 1.3.6-2sarge2 (medium)
2749 NOTE: not fixed in testing at time of DSA (waiting on dependencies, not built on m68k)
2750 [14 Jul 2005] DSA-746-1 phpgroupware - remote command execution
2751 {CVE-2005-1921}
2752 [woody] - phpgroupware <unfixed> (high)
2753 [sarge] - phpgroupware 0.9.16.005-3.sarge0 (high)
2754 NOTE: fixed in testing at time of DSA
2755 [13 Jul 2005] DSA-756-1 squirrelmail - several
2756 {CVE-2005-1769 CVE-2005-2095}
2757 [woody] - squirrelmail 1:1.2.6-4 (medium)
2758 [sarge] - squirrelmail 2:1.4.4-6sarge1 (medium)
2759 NOTE: not fixed in testing at time of DSA (only 0/2 days old)
2760 [13 Jul 2005] DSA-755-1 tiff - buffer overflow
2761 {CVE-2005-1544}
2762 [woody] - tiff 3.5.5-7 (medium)
2763 NOTE: fixed in testing at time of DSA
2764 [13 Jul 2005] DSA-754-1 centericq - insecure temporary file
2765 {CVE-2005-1914}
2766 [woody] - centericq <not-affected> (not affected according to DSA)
2767 [sarge] - centericq 4.20.0-1sarge1 (low)
2768 NOTE: not fixed in testing at time of DSA (waiting on dependencies)
2769 [12 Jul 2005] DSA-753-1 gedit - format string
2770 {CVE-2005-1686}
2771 [woody] - gedit <not-affected> (not affected according to DSA)
2772 [sarge] - gedit 2.8.3-4sarge1 (low)
2773 NOTE: not fixed in testing at time of DSA (waiting on dependencies)
2774 [11 Jul 2005] DSA-752-1 gzip - several
2775 {CVE-2005-0988 CVE-2005-1228}
2776 [woody] - gzip 1.3.2-3woody5
2777 NOTE: fixed in testing at time of DSA
2778 [11 Jul 2005] DSA-751-1 squid - IP spoofing
2779 {CVE-2005-1519}
2780 [woody] - squid 2.4.6-2woody9
2781 NOTE: fixed in testing at time of DSA
2782 [10 Jul 2005] DSA-748-1 ruby1.8 - bad default value
2783 {CVE-2005-1992}
2784 [sarge] - ruby1.8 1.8.2-7sarge1 (medium)
2785 NOTE: not fixed in testing at time of DSA (waiting on dependencies)
2786 [11 Jul 2005] DSA-750-1 dhcpcd - out-of-bound memory access
2787 {CVE-2005-1848}
2788 [sarge] - dhcpcd 1:1.3.22pl4-21sarge1
2789 NOTE: fixed in testing at time of DSA
2790 [10 Jul 2005] DSA-749-1 ettercap - format string error
2791 {CVE-2005-1796}
2792 [sarge] - ettercap 1:0.7.1-1sarge1 (medium)
2793 NOTE: fixed in testing at time of DSA
2794 [10 Jul 2005] DSA-747-1 egroupware - input validation error
2795 {CVE-2005-1921}
2796 [sarge] - egroupware 1.0.0.007-2.dfsg-2sarge1 (high)
2797 NOTE: not fixed in testing at time of DSA (only 1/2 days old)
2798 [10 Jul 2005] DSA-745-1 drupal - arbitrary command execution
2799 {CVE-2005-1921 CVE-2005-2106}
2800 [sarge] - drupal 4.5.3-3 (high)
2801 NOTE: fixed in testing at time of DSA
2802 [08 Jul 2005] DSA-744-1 fuse - programming error
2803 {CVE-2005-1858}
2804 [sarge] - fuse 2.2.1-4sarge2
2805 NOTE: fixed in testing at time of DSA
2806 [08 Jul 2005] DSA-743-1 ht - buffer overflows, integer overflows
2807 {CVE-2005-1545 CVE-2005-1546}
2808 [woody] - ht 0.5.0-1woody4
2809 [sarge] - ht 0.8.0-2sarge4
2810 NOTE: fixed in testing at time of DSA
2811 [09 Jul 2005] DSA-742-1 cvs - buffer overflow
2812 {CVE-2005-0753}
2813 [woody] - cvs 1.11.1p1debian-12
2814 NOTE: fixed in testing at time of DSA
2815 [07 Jul 2005] DSA-741-1 bzip2 - infinite loop
2816 {CVE-2005-1260}
2817 [woody] - bzip2 1.0.2-1.woody5 (low)
2818 NOTE: fixed in testing at time of DSA
2819 [06 Jul 2005] DSA-740-1 zlib - buffer overflow
2820 {CVE-2005-2096}
2821 [woody] - zlib <not-affected> (vulnerability was introduced later)
2822 [sarge] - zlib 1:1.2.2-4.sarge.1 (medium)
2823 NOTE: anything statically linking zlib needs rebuild
2824 NOTE: not fixed in testing at time of DSA (embargoed disclosure)
2825 [06 Jul 2005] DSA-739-1 trac - missing input sanitising
2826 {CVE-2005-2147}
2827 [sarge] - trac 0.8.1-3sarge2 (medium)
2828 NOTE: fixed in testing at time of DSA
2829 [19 May 2005] DSA-725-2 ppxp - missing privilege release
2830 {CVE-2005-0392}
2831 [sarge] - ppxp 0.2001080415-10sarge2
2832 NOTE: fixed in testing at time of DSA
2833 [05 Jul 2005] DSA-738-1 razor - email header parsing error
2834 {CVE-2005-2024}
2835 [woody] - razor <not-affected> (not affected according to DSA)
2836 [sarge] - razor 2.670-1sarge2 (low)
2837 NOTE: not fixed in testing at time of DSA (not built on arm)
2838 [05 Jul 2005] DSA-737-1 clamav - various DOS vulnerabilities
2839 {CVE-2005-1922 CVE-2005-1923 CVE-2005-2056 CVE-2005-2070}
2840 [sarge] - clamav 0.84-2.sarge.1 (medium)
2841 NOTE: not fixed in testing at time of DSA (uploaded with low urgency only, one fix missing for sid)
2842 [05 Jul 2005] DSA-734-1 gaim - denial of service
2843 {CVE-2005-1269 CVE-2005-1934}
2844 [woody] - gaim <not-affected> (DSA: "does not seem to be affected")
2845 [sarge] - gaim 1:1.2.1-1.3
2846 NOTE: not fixed in testing at time of DSA (not built on sparc)
2847 [01 Jul 2005] DSA-736-2 spamassassin - mail header parsing error
2848 {CVE-2005-1266}
2849 [woody] - spamassassin <not-affected> (not vulnerable according to DSA)
2850 [sarge] - spamassassin 3.0.3-2
2851 NOTE: fixed in testing at time of DSA
2852 NOTE: Some architectures were not ready, that's why another DSA was
2853 NOTE: issued.
2854 [01 Jul 2005] DSA-736-1 spamassassin - mail header parsing error
2855 {CVE-2005-1266}
2856 [woody] - spamassassin <not-affected> (not vulnerable according to DSA)
2857 [sarge] - spamassassin 3.0.3-2
2858 NOTE: fixed in testing at time of DSA
2859 [08 Jul 2005] DSA-735-2 sudo - pathname validation race
2860 {CVE-2005-1993}
2861 [woody] - sudo 1.6.6-1.3woody1 (medium)
2862 [sarge] - sudo 1.6.8p7-1.1sarge1 (medium)
2863 NOTE: fixed in testing at time of DSA
2864 NOTE: Some architectures were not ready, that's why another DSA was
2865 NOTE: issued.
2866 [01 Jul 2005] DSA-735-1 sudo - pathname validation race
2867 {CVE-2005-1993}
2868 [woody] - sudo 1.6.6-1.3woody1 (medium)
2869 [sarge] - sudo 1.6.8p7-1.1sarge1 (medium)
2870 NOTE: not fixed in testing at time of DSA
2871 [30 Jun 2005] DSA-733-1 crip - insecure temporary files
2872 {CVE-2005-0393}
2873 [sarge] - crip 3.5-1sarge2 (low)
2874 NOTE: not fixed in testing at time of DSA (reserved)
2875 [03 Jun 2005] DSA-732-1 mailutils - several
2876 {CVE-2005-1520 CVE-2005-1521 CVE-2005-1522 CVE-2005-1523}
2877 [woody] - mailutils 20020409-1woody2
2878 NOTE: fixed in testing at time of DSA
2879 [02 Jun 2005] DSA-731-1 krb4 - buffer overflows
2880 {CVE-2005-0468 CVE-2005-0469}
2881 [woody] - krb4 1.1-8-2.4
2882 NOTE: fixed in testing at time of DSA
2883 [27 May 2005] DSA-730-1 bzip2 - race condition
2884 {CVE-2005-0953}
2885 [woody] - bzip2 1.0.2-1.woody2
2886 NOTE: fixed in testing at time of DSA
2887 [26 May 2005] DSA-729-1 php4 - missing input sanitising
2888 {CVE-2005-0525}
2889 [woody] - php4 4:4.1.2-7.woody4
2890 NOTE: fixed in testing at time of DSA
2891 [25 May 2005] DSA-728-1 qpopper - missing privilege release
2892 {CVE-2005-1151 CVE-2005-1152}
2893 [woody] - qpopper 4.0.4-2.woody.5
2894 NOTE: fixed in testing at time of DSA by security team
2895 [20 May 2005] DSA-727-1 libconvert-uulib-perl - buffer overflow
2896 {CVE-2005-1349}
2897 [woody] - libconvert-uulib-perl 0.201-2woody1
2898 NOTE: fixed in testing at time of DSA
2899 [20 May 2005] DSA-726-1 oops - format string vulnerability
2900 {CVE-2005-1121}
2901 [woody] - oops 1.5.19.cvs.20010818-0.1woody1
2902 NOTE: not in testing at time of DSA
2903 [19 May 2005] DSA-725-1 ppxp - missing privilege release
2904 {CVE-2005-0392}
2905 [woody] - ppxp 0.2001080415-6woody2
2906 NOTE: not fixed in testing at time of DSA
2907 [18 May 2005] DSA-724-1 phpsysinfo - design flaw
2908 {CVE-2005-0870}
2909 [woody] - phpsysinfo 2.0-3woody2
2910 NOTE: fixed in testing at time of DSA
2911 [09 May 2005] DSA-723-1 xfree86 - buffer overflow
2912 {CVE-2005-0605}
2913 [woody] - xfree86 4.1.0-16woody6
2914 NOTE: not fixed in testing at time of DSA
2915 [09 May 2005] DSA-722-1 smail - buffer overflow
2916 {CVE-2005-0892}
2917 [woody] - smail 3.2.0.114-4woody1
2918 NOTE: Package not in testing at time of DSA
2919 [06 May 2005] DSA-721-1 squid - design flaw
2920 {CVE-2005-1345}
2921 [woody] - squid 2.4.6-2woody8
2922 NOTE: not fixed in testing at time of DSA
2923 [03 May 2005] DSA-720-1 smartlist - wrong input processing
2924 {CVE-2005-0157}
2925 [woody] - smartlist 3.15-5.woody.1
2926 NOTE: fixed in testing at time of DSA
2927 [28 Apr 2005] DSA-719-1 prozilla - format string problems
2928 {CVE-2005-0523}
2929 [woody] - prozilla 1:1.3.6-3woody2
2930 NOTE: fixed in testing at time of DSA
2931 [28 Apr 2005] DSA-718-1 ethereal - buffer overflow
2932 {CVE-2005-0739}
2933 [woody] - ethereal 0.9.4-1woody12
2934 NOTE: fixed in testing at time of DSA
2935 [27 Apr 2005] DSA-717-1 lsh-utils - buffer overflow, typo
2936 {CVE-2003-0826 CVE-2005-0814}
2937 [woody] - lsh-utils 1.2.5-2woody3
2938 NOTE: fixed in testing at time of DSA
2939 [27 Apr 2005] DSA-716-1 gaim - denial of service
2940 {CVE-2005-0472}
2941 [woody] - gaim 1:0.58-2.5
2942 NOTE: fixed in testing at time of DSA
2943 [27 Apr 2005] DSA-715-1 cvs - several
2944 {CVE-2004-1342 CVE-2004-1343}
2945 [woody] - cvs 1.11.1p1debian-10
2946 NOTE: not fixed in testing at time of DSA
2947 [26 Apr 2005] DSA-714-1 kdelibs - several
2948 {CVE-2005-1046}
2949 [woody] - kdelibs 4:2.2.2-13.woody.14
2950 NOTE: not fixed in testing at time of DSA
2951 [21 Apr 2005] DSA-701-2 samba - integer overflows
2952 NOTE: only a bug in the backported fix to stable, testing is ok
2953 [21 Apr 2005] DSA-713-1 junkbuster - several
2954 {CVE-2005-1108 CVE-2005-1109}
2955 [woody] - junkbuster 2.0.2-0.2woody1 (bug #304793)
2956 [19 Apr 2005] DSA-712-1 geneweb - insecure file operations
2957 {CVE-2005-0391}
2958 [woody] - geneweb 4.06-2woody1
2959 NOTE: fixed in testing at time of DSA
2960 [19 Apr 2005] DSA-711-1 info2www - missing input sanitising
2961 {CVE-2004-1341}
2962 [woody] - info2www 1.2.2.9-20woody1
2963 NOTE: fixed in testing at time of DSA
2964 [18 Apr 2005] DSA-710-1 gtkhtml - null pointer dereference
2965 {CVE-2003-0541}
2966 [woody] - gtkhtml 1.0.2-1.woody1
2967 NOTE: fixed in testing at time of DSA
2968 [15 Apr 2005] DSA-709-1 libexif - buffer overflow
2969 {CVE-2005-0664}
2970 [woody] - libexif 0.5.0-1woody1 (bug #298464)
2971 [15 Apr 2005] DSA-708-1 php3 - missing input sanitising
2972 {CVE-2005-0525}
2973 [woody] - php3 3:3.0.18-23.1woody3 (bug #302701)
2974 [13 Apr 2005] DSA-707-1 mysql - several
2975 {CVE-2004-0957 CVE-2005-0709 CVE-2005-0710 CVE-2005-0711}
2976 [woody] - mysql 3.23.49-8.11
2977 NOTE: not fixed in testing at time of DSA
2978 [13 Apr 2005] DSA-706-1 axel - buffer overflow
2979 {CVE-2005-0390}
2980 [woody] - axel 1.0a-1woody1
2981 NOTE: fixed in testing at time of DSA
2982 [04 Apr 2005] DSA-705-1 wu-ftpd - missing input sanitising
2983 {CVE-2005-0256}
2984 [woody] - wu-ftpd 2.6.2-3woody5
2985 NOTE: DSA mentions CVE-2003-0854 as fixed, but this update only
2986 NOTE: contains a workaround.
2987 [04 Apr 2005] DSA-704-1 remstats - tempfile, missing input sanitising
2988 {CVE-2005-0387 CVE-2005-0388}
2989 [woody] - remstats 1.00a4-8woody1
2990 NOTE: not fixed in testing at time of DSA
2991 [01 Apr 2005] DSA-703-1 krb5 - buffer overflows
2992 {CVE-2005-0468 CVE-2005-0469}
2993 [woody] - krb5 1.2.4-5woody8
2994 [01 Apr 2005] DSA-702-1 imagemagick - several
2995 {CVE-2005-0397 CVE-2005-0759 CVE-2005-0760 CVE-2005-0762}
2996 [woody] - imagemagick 4:5.4.4.5-1woody6
2997 [31 Mar 2005] DSA-701-1 samba - integer overflows
2998 {CVE-2004-1154}
2999 [woody] - samba 2.2.3a-15
3000 [30 Mar 2005] DSA-700-1 mailreader - missing input sanitising
3001 {CVE-2005-0386}
3002 [woody] - mailreader 2.3.29-5woody2
3003 NOTE: not fixed in testing at time of DSA
3004 [29 Mar 2005] DSA-699-1 netkit-telnet-ssl - buffer overflow
3005 {CVE-2005-0469}
3006 [woody] - netkit-telnet-ssl 0.17.17+0.1-2woody4
3007 NOTE: not fixed in testing at time of DSA
3008 [29 Mar 2005] DSA-698-1 mc - buffer overflow
3009 {CVE-2005-0763}
3010 [woody] - mc 4.5.55-1.2woody6
3011 NOTE: Seems to be a "fix the fix", correcting a previous DSA.
3012 [29 Mar 2005] DSA-697-1 netkit-telnet - buffer overflow
3013 {CVE-2005-0469}
3014 [woody] - netkit-telnet 0.17-18woody3
3015 NOTE: not fixed in testing at time of DSA
3016 [22 Mar 2005] DSA-696-1 perl - design flaw
3017 {CVE-2005-0448}
3018 [woody] - perl 5.6.1-8.9
3019 NOTE: fixed in testing at time of DSA
3020 NOTE: (sid version in DSA is 5.8.4-8, but 5.8.4-7 is more correct)
3021 [21 Mar 2005] DSA-695-1 xli - buffer overflow, input sanitising, integer overflow
3022 {CVE-2001-0775 CVE-2005-0638 CVE-2005-0639}
3023 [woody] - xli 1.17.0-11woody1
3024 NOTE: not fixed in testing at time of DSA
3025 [21 Mar 2005] DSA-694-1 xloadimage - missing input sanitising, integer overflow
3026 {CVE-2005-0638 CVE-2005-0639}
3027 [woody] - xloadimage 4.1-10woody1
3028 NOTE: not fixed in testing at time of DSA
3029 [14 Mar 2005] DSA-693-1 luxman - buffer overflow
3030 {CVE-2005-0385}
3031 NOTE: not fixed in testing at time of DSA
3032 NOTE: not in unstable at time of DSA though DSA claimed it was
3033 [woody] - luxman 0.41-17.2
3034 [14 Mar 2005] DSA-662-2 squirrelmail - several
3035 NOTE: only an update to a prior DSA, did not affct sid/sarge.
3036 [08 Mar 2005] DSA-692-1 kppp - design flaw
3037 {CVE-2005-0205}
3038 [woody] - kdenetwork 4:2.2.2-14.7
3039 NOTE: fixed in testing at time of DSA
3040 [07 Mar 2005] DSA-691-1 abuse - several
3041 {CVE-2005-0098 CVE-2005-0099}
3042 [woody] - abuse 2.00+-3woody4
3043 NOTE: not in unstable/testing
3044 [25 Feb 2005] DSA-690-1 bsmtpd - missing input sanitising
3045 {CVE-2005-0107}
3046 [woody] - bsmtpd 2.3pl8b-12woody1
3047 NOTE: not fixed in testing at time of DSA
3048 [23 Feb 2005] DSA-689-1 libapache-mod-python - missing input sanitising
3049 {CVE-2005-0088}
3050 [woody] - libapache-mod-python 2:2.7.8-0.0woody5
3051 NOTE: fixed in testing at time of DSA
3052 [23 Feb 2005] DSA-688-1 squid - mising input sanitising
3053 {CVE-2005-0446}
3054 [woody] - squid 2.4.6-2woody7
3055 NOTE: fixed in testing at time of DSA
3056 [21 Feb 2005] DSA-674-3 mailman - cross-site scripting, directory traversal
3057 NOTE: only fixed bug in DSA
3058 [18 Feb 2005] DSA-687-1 bidwatcher - format string
3059 {CVE-2005-0158}
3060 [woody] - bidwatcher 1.3.3-1woody1
3061 NOTE: not fixed in testing at time of DSA
3062 [17 Feb 2005] DSA-686-1 gftp - missing input sanitising
3063 {CVE-2005-0372}
3064 [woody] - gftp 2.0.11-1woody1
3065 NOTE: not fixed in testing at time of DSA
3066 [17 Feb 2005] DSA-685-1 emacs21 - format string
3067 {CVE-2005-0100}
3068 [woody] - emacs21 21.2-1woody3
3069 NOTE: not fixed in testing at time of DSA
3070 [16 Feb 2005] DSA-684-1 typespeed - format string
3071 {CVE-2005-0105}
3072 [woody] - typespeed 0.4.4-8
3073 NOTE: not fixed in testing at time of DSA
3074 [15 Feb 2005] DSA-683-1 postgresql - buffer overflows
3075 {CVE-2005-0245 CVE-2005-0247}
3076 [woody] - postgresql 7.2.1-2woody8
3077 NOTE: fixed in testing at time of DSA
3078 [15 Feb 2005] DSA-682-1 awstats - missing input sanitising
3079 {CVE-2005-0363}
3080 [woody] - awstats 4.0-0.woody.2
3081 NOTE: not fixed in testing at time of DSA
3082 [14 Feb 2005] DSA-681-1 synaesthesia - privilege escalation
3083 {CVE-2005-0070}
3084 [woody] - synaesthesia 2.1-2.1woody3
3085 NOTE: does not apply for sarge, program is not setuid anymore
3086 [14 Feb 2005] DSA-680-1 htdig - unsanitised input
3087 {CVE-2005-0085}
3088 [woody] - htdig 3.1.6-3woody1
3089 NOTE: fixed in testing at time of DSA
3090 [14 Feb 2005] DSA-679-1 toolchain-source - insecure temporary files
3091 {CVE-2005-0159}
3092 [woody] - toolchain-source 3.0.4-1woody1
3093 NOTE: not fixed in testing at time of DSA
3094 [11 Feb 2005] DSA-678-1 netkit-rwho - missing input validation
3095 {CVE-2004-1180}
3096 [woody] - netkit-rwho 0.17-4woody2
3097 NOTE: not fixed in testing at time of DSA
3098 [11 Feb 2005] DSA-677-1 sympa - buffer overflow
3099 {CVE-2005-0073}
3100 [woody] - sympa 3.3.3-3woody2
3101 NOTE: not fixed in testing at time of DSA
3102 [11 Feb 2005] DSA-676-1 xpcd - buffer overflow
3103 {CVE-2005-0074}
3104 [woody] - xpcd 2.08-8woody3
3105 NOTE: not fixed in testing at time of DSA
3106 [11 Feb 2005] DSA-674-2 mailman - cross-site scripting, directory traversal
3107 NOTE: only fixed bug in DSA
3108 [10 Feb 2005] DSA-675-1 hztty - privilege escalation
3109 {CVE-2005-0019}
3110 [woody] - hztty 2.0-5.2woody2
3111 NOTE: not fixed in testing at time of DSA
3112 [10 Feb 2005] DSA-674-1 mailman - cross-site scripting, directory traversal
3113 {CVE-2004-1177 CVE-2005-0202}
3114 [woody] - mailman 2.0.11-1woody11
3115 NOTE: not fixed in testing at time of DSA
3116 [10 Feb 2005] DSA-673-1 evolution - integer overflow
3117 {CVE-2005-0102}
3118 [woody] - evolution 1.0.5-1woody2
3119 NOTE: fixed in testing at time of DSA
3120 [09 Feb 2005] DSA-672-1 xview - buffer overflows
3121 {CVE-2005-0076}
3122 [woody] - xview 3.2p1.4-16woody2
3123 NOTE: not fixed in testing at time of DSA
3124 [08 Feb 2005] DSA-671-1 xemacs21 - format string
3125 {CVE-2005-0100}
3126 NOTE: not fixed in testing at time of DSA
3127 [woody] - xemacs21 21.4.6-8woody2
3128 [08 Feb 2005] DSA-670-1 emacs20 - format string
3129 {CVE-2005-0100}
3130 [woody] - emacs20 20.7-13.3
3131 NOTE: also affects emacs21 in unstable, fixed
3132 [04 Feb 2005] DSA-669-1 php3 - several
3133 {CVE-2004-0594 CVE-2004-0595}
3134 [woody] - php3 3:3.0.18-23.1woody2
3135 NOTE: fixed in testing at time of DSA
3136 [04 Feb 2005] DSA-668-1 postgresql - privilege escalation
3137 {CVE-2005-0227}
3138 [woody] - postgresql 7.2.1-2woody7
3139 NOTE: not fixed in testing at time of DSA
3140 [04 Feb 2005] DSA-667-1 squid - several
3141 {CVE-2005-0173 CVE-2005-0175 CVE-2005-0194 CVE-2005-0211}
3142 [woody] - squid 2.4.6-2woody6
3143 NOTE: not fixed in testing at time of DSA
3144 [04 Feb 2005] DSA-666-1 python2.2 - design flaw
3145 {CVE-2005-0089}
3146 [woody] - python2.2 2.2.1-4.7
3147 NOTE: not fixed in testing at time of DSA
3148 [04 Feb 2005] DSA-665-1 ncpfs - missing privilege release
3149 {CVE-2005-0013}
3150 [woody] - ncpfs 2.2.0.18-10woody2
3151 NOTE: not fixed in testing at time of DSA
3152 [02 Feb 2005] DSA-664-1 cpio - broken file permissions
3153 {CVE-1999-1572}
3154 [woody] - cpio 2.4.2-39woody1
3155 NOTE: not fixed in testing at time of DSA
3156 [02 Feb 2005] DSA-663-1 prozilla - buffer overflows
3157 {CVE-2004-1120}
3158 [woody] - prozilla 1:1.3.6-3woody3
3159 NOTE: fixed in testing at time of DSA
3160 [01 Feb 2005] DSA-662-1 squirrelmail - several
3161 {CVE-2005-0104 CVE-2005-0152}
3162 [woody] - squirrelmail 1:1.2.6-3
3163 NOTE: CVE-2005-0152 only exists in 1.2.6 version
3164 NOTE: fixed in testing at time of DSA
3165 [20 Apr 2005] DSA-661-2 f2c - insecure temporary files
3166 {CVE-2005-0017 CVE-2005-0018}
3167 [woody] - f2c 20010821-3.2 (bug #292792)
3168 NOTE: not fixed in testing at time of DSA
3169 [26 Jan 2005] DSA-660-1 kdebase - missing return value check
3170 {CVE-2005-0078}
3171 [woody] - kdebase 4:2.2.2-14.9
3172 NOTE: fixed in testing at time of DSA
3173 [26 Jan 2005] DSA-659-1 libpam-radius-auth - information leak, integer underflow
3174 {CVE-2004-1340 CVE-2005-0108}
3175 [woody] - libpam-radius-auth 1.3.14-1.3
3176 NOTE: 1/2 fixed in testing at time of DSA
3177 [25 Jan 2005] DSA-658-1 libdbi-perl - insecure temporary file
3178 {CVE-2005-0077}
3179 [woody] - libdbi-perl 1.21-2woody2
3180 NOTE: not fixed in testing at time of DSA
3181 [25 Jan 2005] DSA-657-1 xine-lib - buffer overflow
3182 {CVE-2004-1379}
3183 [woody] - xine-lib 0.9.8-2woody2
3184 NOTE: fixed in testing at time of DSA
3185 [25 Jan 2005] DSA-656-1 vdr - insecure file access
3186 {CVE-2005-0071}
3187 [woody] - vdr 1.0.0-1woody2
3188 NOTE: not fixed in testing at time of DSA
3189 [25 Jan 2005] DSA-655-1 zhcon - missing privilege release
3190 {CVE-2005-0072}
3191 [woody] - zhcon 1:0.2-4woody3
3192 NOTE: not fixed in testing at time of DSA
3193 [21 Jan 2005] DSA-654-1 enscript - several
3194 {CVE-2004-1184 CVE-2004-1185 CVE-2004-1186}
3195 [woody] - enscript 1.6.3-1.3
3196 NOTE: not fixed in testing at time of DSA
3197 [21 Jan 2005] DSA-653-1 ethereal - buffer overflow
3198 {CVE-2005-0084}
3199 [woody] - ethereal 0.9.4-1woody11
3200 NOTE: not fixed in testing at time of DSA
3201 [21 Jan 2005] DSA-652-1 unarj
3202 {CVE-2004-0947 CVE-2004-1027}
3203 [woody] - unarj 2.43-3woody1
3204 NOTE: package was in non-free, different code base
3205 [20 Jan 2005] DSA-651-1 squid - buffer overflow, integer overflow
3206 {CVE-2005-0094 CVE-2005-0095}
3207 [woody] - squid 2.4.6-2woody5
3208 NOTE: not fixed in testing at time of DSA
3209 [20 Jan 2005] DSA-650-1 sword - missing input sanitising
3210 {CVE-2005-0015}
3211 [woody] - sword 1.5.3-3woody2
3212 NOTE: not fixed in testing at time of DSA
3213 [20 Jan 2005] DSA-649-1 xtrlock - buffer overflow
3214 {CVE-2005-0079}
3215 [woody] - xtrlock 2.0-6woody2
3216 NOTE: fixed in testing at time of DSA
3217 [19 Jan 2005] DSA-648-1 xpdf - buffer overflow
3218 {CVE-2005-0064}
3219 [woody] - xpdf 1.00-3.4
3220 NOTE: not fixed in testing at time of DSA
3221 [19 Jan 2005] DSA-647-1 mysql - insecure temporary files
3222 {CVE-2005-0004}
3223 [woody] - mysql 3.23.49-8.9
3224 NOTE: not fixed in testing at time of DSA
3225 [19 Jan 2005] DSA-646-1 imagemagick - buffer overflow
3226 {CVE-2005-0005}
3227 [woody] - imagemagick 4:5.4.4.5-1woody5
3228 NOTE: not fixed in testing at time of DSA
3229 [19 Jan 2005] DSA-645-1 cupsys - buffer overflow
3230 {CVE-2005-0064}
3231 NOTE: cupsys not affected in sarge, though other programs are vulnerable
3232 NOTE: see CVE/list
3233 [woody] - cupsys 1.1.14-5woody12
3234 NOTE: not fixed in testing at time of DSA
3235 [18 Jan 2005] DSA-644-1 chbg - buffer overflow
3236 {CVE-2004-1264}
3237 [woody] - chbg 1.5-1woody1
3238 NOTE: fixed in testing at time of DSA
3239 [18 Jan 2005] DSA-643-1 queue - buffer overflows
3240 {CVE-2004-0555}
3241 [woody] - queue 1.30.1-4woody2
3242 NOTE: not fixed in testing at time of DSA
3243 [17 Jan 2005] DSA-642-1 gallery - several
3244 {CVE-2004-1106}
3245 [woody] - gallery 1.2.5-8woody3
3246 NOTE: fixed in testing at time of DSA
3247 [17 Jan 2005] DSA-641-1 playmidi - buffer overflow
3248 {CVE-2005-0020}
3249 [woody] - playmidi 2.4-4woody1
3250 NOTE: not fixed in testing at time of DSA
3251 [17 Jan 2005] DSA-640-1 gatos - buffer overflow
3252 {CVE-2005-0016}
3253 [woody] - gatos 0.0.5-6woody3
3254 NOTE: not fixed in testing at time of DSA
3255 [14 Jan 2005] DSA-639-1 mc - several
3256 {CVE-2004-1004 CVE-2004-1005 CVE-2004-1009 CVE-2004-1090 CVE-2004-1091 CVE-2004-1092 CVE-2004-1093 CVE-2004-1174 CVE-2004-1175 CVE-2004-1176}
3257 NOTE: unstable not vulnerable according to DSA
3258 NOTE: DSA was wrong..
3259 [woody] - mc 4.5.55-1.2woody5
3260 NOTE: not fixed in testing at time of DSA
3261 [13 Jan 2005] DSA-638-1 gopher - several
3262 {CVE-2004-0560 CVE-2004-0561}
3263 [woody] - gopher 3.0.3woody2
3264 NOTE: gopherd binary package removed post-woody
3265 [13 Jan 2005] DSA-637-1 exim-tls - buffer overflow
3266 {CVE-2005-0021}
3267 [woody] - exim-tls 3.35-3woody3
3268 NOTE: not in sarge
3269 [12 Jan 2005] DSA-636-1 glibc - insecure temporary files
3270 {CVE-2004-0968}
3271 [woody] - glibc 2.2.5-11.8
3272 NOTE: fixed in testing at time of DSA
3273 [12 Jan 2005] DSA-635-1 exim - buffer overflow
3274 {CVE-2005-0021}
3275 [woody] - exim 3.35-1woody4
3276 NOTE: exim4 fixed in testing at time of DSA
3277 NOTE: exim not fixed in testing at time of DSA
3278 [11 Jan 2005] DSA-634-1 hylafax - weak hostname and username validation
3279 {CVE-2004-1182}
3280 [woody] - hylafax 1:4.1.1-3.1
3281 NOTE: fixed in testing at time of DSA
3282 [11 Jan 2005] DSA-633-1 bmv - insecure temporary file
3283 {CVE-2003-0014}
3284 [woody] - bmv 1.2-14.2
3285 NOTE: fixed in testing at time of DSA
3286 [10 Jan 2005] DSA-632-1 linpopup - buffer overflow
3287 {CVE-2004-1282}
3288 [woody] - linpopup 1.2.0-2woody1
3289 NOTE: fixed in testing at time of DSA
3290 [10 Jan 2005] DSA-631-1 kdelibs - unsanitised input
3291 {CVE-2004-1165}
3292 [woody] - kdelibs 4:2.2.2-13.woody.13
3293 NOTE: not fixed in testing at time of DSA
3294 [10 Jan 2005] DSA-630-1 lintian - insecure temporary directory
3295 {CVE-2004-1000}
3296 [woody] - lintian 1.20.17.1
3297 NOTE: not fixed in testing at time of DSA
3298 [07 Jan 2005] DSA-629-1 krb5 - buffer overflow
3299 {CVE-2004-1189}
3300 [woody] - krb5 1.2.4-5woody7
3301 NOTE: not fixed in testing at time of DSA
3302 [06 Jan 2005] DSA-628-1 imlib2 - integer overflows
3303 {CVE-2004-1026}
3304 [woody] - imlib2 1.0.5-2woody2
3305 NOTE: not fixed in testing at time of DSA
3306 [06 Jan 2005] DSA-627-1 namazu2 - unsanitised input
3307 {CVE-2004-1318}
3308 [woody] - namazu2 2.0.10-1woody3
3309 NOTE: not fixed in testing at time of DSA
3310 [06 Jan 2005] DSA-626-1 tiff - unsanitised input
3311 {CVE-2004-1183}
3312 [woody] - tiff 3.5.5-6.woody5
3313 NOTE: not fixed in testing at time of DSA
3314 [05 Jan 2005] DSA-625-1 pcal - buffer overflows
3315 {CVE-2004-1289}
3316 [woody] - pcal 4.7-8woody1
3317 NOTE: not fixed in testing at time of DSA
3318 [05 Jan 2005] DSA-624-1 zip - buffer overflow
3319 {CVE-2004-1010}
3320 [woody] - zip 2.30-5woody2
3321 NOTE: fixed in testing at time of DSA
3322 [04 Jan 2005] DSA-623-1 nasm - buffer overflow
3323 {CVE-2004-1287}
3324 [woody] - nasm 0.98.28cvs-1woody2
3325 [03 Jan 2005] DSA-622-1 htmlheadline - insecure temporary files
3326 {CVE-2004-1181}
3327 [woody] - htmlheadline 21.8-3
3328 NOTE: not in unstable
3329 [31 Dec 2004] DSA-621-1 cupsys - buffer overflow
3330 {CVE-2004-1125}
3331 [woody] - cupsys 1.1.14-5woody11
3332 [30 Dec 2004] DSA-620-1 perl - insecure temporary files / directories
3333 {CVE-2004-0452 CVE-2004-0976}
3334 [woody] - perl 5.6.1-8.8
3335 [30 Dec 2004] DSA-619-1 xpdf - buffer overflow
3336 {CVE-2004-1125}
3337 [woody] - xpdf 1.00-3.3
3338 [24 Dec 2004] DSA-618-1 imlib - buffer overflows, integer overflows
3339 {CVE-2004-1025 CVE-2004-1026}
3340 [woody] - imlib 1.9.14-2woody2
3341 [24 Dec 2004] DSA-617-1 libtiff - insufficient input validation
3342 {CVE-2004-1308}
3343 [woody] - tiff 3.5.5-6.woody3
3344 [23 Dec 2004] DSA-616-1 telnetd-ssl - format string
3345 {CVE-2004-0998}
3346 [woody] - netkit-telnet-ssl 0.17.17+0.1-2woody3
3347 [22 Dec 2004] DSA-615-1 debmake - insecure temporary file
3348 {CVE-2004-1179}
3349 [woody] - debmake 3.6.10.woody.1
3350 [21 Dec 2004] DSA-614-1 xzgv - integer overflows
3351 {CVE-2004-0994}
3352 [woody] - xzgv 0.7-6woody2
3353 [21 Dec 2004] DSA-613-1 ethereal - infinite loop
3354 {CVE-2004-1142}
3355 [woody] - ethereal 0.9.4-1woody9
3356 [20 Dec 2004] DSA-612-1 a2ps - unsanitised input
3357 {CVE-2004-1170}
3358 - a2ps 1:4.13b-4.2
3359 [20 Dec 2004] DSA-611-1 htget - buffer overflow
3360 {CVE-2004-0852}
3361 [woody] - htget 0.93-1.1woody1
3362 [17 Dec 2004] DSA-610-1 cscope - insecure temporary file
3363 {CVE-2004-0996}
3364 [woody] - cscope 15.3-1woody2
3365 [14 Dec 2004] DSA-609-1 atari800 - buffer overflows
3366 {CVE-2004-1076}
3367 [woody] - atari800 1.2.2-1woody3
3368 [14 Dec 2004] DSA-608-1 zgv - integer overflows, unsanitised input
3369 {CVE-2004-1095 CVE-2004-0999}
3370 [woody] - zgv 5.5-3woody1
3371 [10 Dec 2004] DSA-607-1 xfree86 - several
3372 {CVE-2004-0914}
3373 [woody] - xfree86 4.1.0-16woody5
3374 [08 Dec 2004] DSA-606-1 nfs-utils - wrong signal handler
3375 {CVE-2004-1014}
3376 [woody] - nfs-utils 1.0-2woody2
3377 [06 Dec 2004] DSA-605-1 viewcvs - settings not honored
3378 {CVE-2004-0915}
3379 [woody] - viewcvs 0.9.2-4woody1
3380 [03 Dec 2004] DSA-604-1 hpsockd - missing input sanitising
3381 {CVE-2004-0993}
3382 [woody] - hpsockd 0.6.woody1
3383 [01 Dec 2004] DSA-603-1 openssl - insecure temporary file
3384 {CVE-2004-0975}
3385 [woody] - openssl 0.9.6c-2.woody.7
3386 [29 Nov 2004] DSA-602-1 libgd2 - integer overlow
3387 {CVE-2004-0941 CVE-2004-0990}
3388 NOTE: different from fixes from earlier DSA for these CVEs; 2004-0941 new
3389 [woody] - libgd2 2.0.1-10woody2
3390 [29 Nov 2004] DSA-601-1 libgd1 - integer overflow
3391 {CVE-2004-0941 CVE-2004-0990}
3392 NOTE: different from fixes from earlier DSA for these CVEs; 2004-0941 new
3393 [woody] - libgd 1.8.4-17.woody4
3394 [25 Nov 2004] DSA-599-1 tetex-bin - integer overflows
3395 {CVE-2004-0888}
3396 [woody] - tetex-bin 1.0.7+20011202-7.3
3397 [25 Nov 2004] DSA-598-1 yardradius - buffer overflow
3398 {CVE-2004-0987}
3399 [woody] - yardradius 1.0.20-2woody1
3400 [25 Nov 2004] DSA-597-1 cyrus-imapd - buffer overflow
3401 {CVE-2004-1012 CVE-2004-1013}
3402 [woody] - cyrus21-imapd 1.5.19-9.2
3403 [24 Nov 2004] DSA-596-2 sudo - missing input sanitising
3404 {CVE-2004-1051}
3405 [woody] - sudo 1.6.6-1.3
3406 [24 Nov 2004] DSA-595-1 bnc - buffer overflow
3407 {CVE-2004-1052}
3408 [woody] - bnc 2.6.4-3.3
3409 [17 Nov 2004] DSA-594-1 apache - buffer overflows
3410 {CVE-2004-0940}
3411 [woody] - apache 1.3.26-0woody6
3412 [16 Nov 2004] DSA-593-1 imagemagick - buffer overflow
3413 {CVE-2004-0981}
3414 [woody] - imagemagick 5.4.4.5-1woody4
3415 [12 Nov 2004] DSA-592-1 ez-ipupdate - format string
3416 {CVE-2004-0980}
3417 [woody] - ez-ipupdate 3.0.11b5-1woody2
3418 [09 Nov 2004] DSA-591-1 libgd2 - integer overflows
3419 {CVE-2004-0990}
3420 [woody] - libgd 1.8.4-17.woody3
3421 [woody] - libgd2 2.0.1-10woody1
3422 [09 Nov 2004] DSA-590-1 gnats - format string vulnerability
3423 {CVE-2004-0623}
3424 [woody] - gnats 3.999.beta1+cvs20020303-2
3425 [09 Nov 2004] DSA-589-1 libgd - integer overflows
3426 {CVE-2004-0990}
3427 [woody] - libgd 1.8.4-17.woody3
3428 [08 Nov 2004] DSA-588-1 gzip - insecure temporary files
3429 {CVE-2004-0970}
3430 [woody] - gzip 1.3.2-3woody3
3431 [08 Nov 2004] DSA-587-1 freeamp - buffer overflow
3432 {CVE-2004-0964}
3433 [woody] - freeamp 2.1.1.0-4woody2
3434 NOTE: Was later renamed to zinf
3435 [08 Nov 2004] DSA-586-1 ruby - infinite loop
3436 {CVE-2004-0983}
3437 [woody] - ruby 1.6.7-3woody4
3438 [05 Nov 2004] DSA-585-1 shadow - programming error
3439 {CVE-2004-1001}
3440 [woody] - shadow 20000902-12woody1
3441 [04 Nov 2004] DSA-584-1 dhcp - format string vulnerability
3442 {CVE-2004-1006}
3443 [woody] - dhcp 2.0pl5-11woody1
3444 [03 Nov 2004] DSA-583-1 lvm10 - insecure temporary directory
3445 {CVE-2004-0972}
3446 [woody] - lvm10 1.0.4-5woody2
3447 [02 Nov 2004] DSA-582-1 libxml - buffer overflow
3448 {CVE-2004-0989}
3449 [woody] - libxml 1.8.17-2woody2
3450 [woody] - libxml2 2.4.19-4woody2
3451 [01 Nov 2004] DSA-581-1 xpdf - integer overflows
3452 {CVE-2004-0888}
3453 [woody] - xpdf 1.00-3.2
3454 [01 Nov 2004] DSA-580-1 iptables - missing initialisation
3455 {CVE-2004-0986}
3456 [woody] - iptables 1.2.6a-5.0woody2
3457 [01 Nov 2004] DSA-579-1 abiword - buffer overflow
3458 {CVE-2004-0645}
3459 [woody] - abiword 1.0.2+cvs.2002.06.05-1woody2
3460 [01 Nov 2004] DSA-578-1 mpg123 - buffer overflow
3461 {CVE-2004-0982}
3462 [woody] - mpg123 0.59r-13woody4
3463 [29 Oct 2004] DSA-577-1 postgresql - symlink vulnerability
3464 {CVE-2004-0977}
3465 [woody] - postgresql 7.2.1-2woody6
3466 [29 Oct 2004] DSA-576-1 squid - multiple
3467 {CVE-1999-0710 CVE-2004-0918}
3468 [woody] - squid 2.4.6-2woody4
3469 [28 Oct 2004] DSA-575-1 catdoc - insecure temporary file
3470 {CVE-2003-0193}
3471 [woody] - catdoc 0.91.5-1.woody3
3472 [28 Oct 2004] DSA-574-1 cabextract - missing directory sanitising
3473 {CVE-2004-0916}
3474 [woody] - cabextract 0.2-2b
3475 [21 Oct 2004] DSA-573-1 cupsys - integer overflows
3476 {CVE-2004-0888}
3477 [woody] - cupsys 1.1.14-5woody10
3478 [21 Oct 2004] DSA-572-1 ecartis - multiple
3479 {CVE-2004-0913}
3480 [woody] - ecartis 0.129a+1.0.0-snap20020514-1.3
3481 [20 Oct 2004] DSA-571-1 libpng3 - buffer overflows, integer overflow
3482 {CVE-2004-0599}
3483 [woody] - libpng3 1.2.1-1.1.woody.9
3484 [20 Oct 2004] DSA-570-1 libpng - integer overflow
3485 {CVE-2004-0599}
3486 [woody] - libpng 1.0.12-3.woody.9
3487 [18 Oct 2004] DSA-569-1 netkit-telnet-ssl - invalid free(3)
3488 {CVE-2004-0911}
3489 [woody] - netkit-telnet-ssl 0.17.17+0.1-2woody2
3490 [16 Oct 2004] DSA-568-1 cyrus-sasl-mit - unsanitised input
3491 {CVE-2004-0884}
3492 [woody] - cyrus-sasl-mit 1.5.24-15woody3
3493 [15 Oct 2004] DSA-567-1 tiff - heap overflows
3494 {CVE-2004-0803 CVE-2004-0804 CVE-2004-0886}
3495 [woody] - tiff 3.5.5-6woody1
3496 [14 Oct 2004] DSA-566-1 cupsys - unsanitised input
3497 {CVE-2004-0923}
3498 [woody] - cupsys 1.1.14-5woody7
3499 [13 Oct 2004] DSA-565-1 sox - buffer overflows
3500 {CVE-2004-0557}
3501 [woody] - sox 12.17.3-4woody2 (bug #262083)
3502 [13 Oct 2004] DSA-564-1 mpg123 - missing user input sanitising
3503 {CVE-2004-0805}
3504 [woody] - mpg123 0.59r-13woody3
3505 [12 Oct 2004] DSA-563-3 cyrus-sasl - unsanitised input
3506 {CVE-2004-0884}
3507 [woody] - cyrus-sasl 1.5.27-3.1woody5 (bug #275432)
3508 NOTE: 563-1 and 563-2 had problems on sparc/arm and with sendmail
3509 [11 Oct 2004] DSA-562-2 mysql - several vulnerabilities
3510 {CVE-2004-0835 CVE-2004-0836 CVE-2004-0837}
3511 [woody] - mysql 3.23.49-8.8
3512 [11 Oct 2004] DSA-561-1 xfree86 - integer and stack overflows
3513 {CVE-2004-0687 CVE-2004-0688}
3514 [woody] - xfree86 4.1.0-16woody4
3515 [07 Oct 2004] DSA-600-1 samba - arbitrary file access
3516 {CVE-2004-0815}
3517 [woody] - samba 2.2.3a-14.1
3518 [07 Oct 2004] DSA-560-1 lesstif1-1 - integer and stack overflows
3519 {CVE-2004-0687 CVE-2004-0688}
3520 [woody] - lesstif1-1 0.93.18-5
3521 [06 Oct 2004] DSA-559-1 net-acct - insecure temporary file
3522 {CVE-2004-0851}
3523 [woody] - net-acct 0.71-5woody1
3524 [06 Oct 2004] DSA-558-1 libapache-mod-dav - null pointer dereference
3525 {CVE-2004-0809}
3526 [woody] - libapache-mod-dav 1.0.3-3.1
3527 [04 Oct 2004] DSA-557-1 pppoe - missing privilegue dropping
3528 {CVE-2004-0564}
3529 [woody] - rp-pppoe 3.3-1.2
3530 [03 Oct 2004] DSA-556-1 netkit-telnet - invalid free(3)
3531 {CVE-2004-0911}
3532 [woody] - netkit-telnet 0.17-18woody2
3533 [30 Sep 2004] DSA-555-1 freenet6 - file permissions
3534 {CVE-2004-0563}
3535 [woody] - freenet6 0.9.6-1woody2
3536 [27 Sep 2004] DSA-554-1 sendmail - pre-set password
3537 {CVE-2004-0833}
3538 [woody] - sendmail 8.12.3-7.1
3539 [27 Sep 2004] DSA-553-1 getmail - symlink vulnerability
3540 {CVE-2004-0880 CVE-2004-0881}
3541 [woody] - getmail 2.3.7-2
3542 [22 Sep 2004] DSA-552-1 imlib2 - unsanitised input
3543 {CVE-2004-0802}
3544 [woody] - imlib2 1.0.5-2woody1
3545 [21 Sep 2004] DSA-551-1 lukemftpd - incorrect internal variable handling
3546 {CVE-2004-0794}
3547 [woody] - lukemftpd 1.1-1woody2
3548 [20 Sep 2004] DSA-550-1 wv - buffer overflow
3549 {CVE-2004-0645}
3550 [woody] - wv 0.7.1+rvt-2woody3 (bug #264972)
3551 [17 Sep 2004] DSA-549-1 gtk+2.0 - multiple holes
3552 {CVE-2004-0782 CVE-2004-0783 CVE-2004-0788}
3553 [woody] - gtk+2.0 2.0.2-5woody2
3554 [26 Oct 2005] DSA-548-2 imlib - unsanitised input
3555 {CVE-2004-0817}
3556 [woody] - imlib 1.9.14-2woody3
3557 [sarge] - imlib 1.9.14-16.2
3558 NOTE: Initial -1 fix was incomplete
3559 [16 Sep 2004] DSA-547-1 imagemagick - buffer overflows
3560 {CVE-2004-0827}
3561 [woody] - imagemagick 5.4.4.5-1woody3
3562 [16 Sep 2004] DSA-546-1 gdk-pixbuf - several vulnerabilities
3563 {CVE-2004-0753 CVE-2004-0782 CVE-2004-0788}
3564 [woody] - gdk-pixbuf 0.17.0-2woody2
3565 [15 Sep 2004] DSA-545-1 cupsys - denial of service
3566 {CVE-2004-0558}
3567 [woody] - cupsys 1.1.14-5woody6
3568 [14 Sep 2004] DSA-544-1 webmin - insecure temporary directory
3569 {CVE-2004-0559}
3570 [woody] - webmin 0.94-7woody3
3571 [31 Aug 2004] DSA-543-1 krb5 -- several vulnerabilities
3572 {CVE-2004-0642 CVE-2004-0643 CVE-2004-0644 CVE-2004-0772}
3573 [woody] - krb5 1.2.4-5woody6
3574 [31 Aug 2004] DSA-458-3 python2.2 - buffer overflow
3575 {CVE-2004-0150}
3576 [woody] - python2.2 2.2.1-4.6
3577 NOTE: Previous DSA had regressions
3578 [30 Aug 2004] DSA-542-1 qt - unsanitised input
3579 {CVE-2004-0691 CVE-2004-0692 CVE-2004-0693}
3580 [woody] - qt-copy 3.0.3-20020329-1woody2
3581 [25 Aug 2004] DSA-541 icecast-server - cross site scripting
3582 {CVE-2004-0781}
3583 [woody] - icecast-server 1:1.3.11-4.2
3584 [18 Aug 2004] DSA-540 mysql-dfsg - insecure file creation
3585 {CVE-2004-0457}
3586 [woody] - mysql 3.23.49-8.7
3587 [18 Aug 2004] DSA-539 kdelibs - denial of service
3588 {CVE-2004-0689}
3589 [woody] - kdelibs 4:2.2.2-13.woody.12
3590 [17 Aug 2004] DSA-538 rsync - unauthorised directory traversal and file access
3591 {CVE-2004-0792}
3592 [woody] - rsync 2.5.5-0.6
3593 [16 Aug 2004] DSA-537 ruby - insecure file permissions
3594 {CVE-2004-0755}
3595 [woody] - ruby 1.6.7-3woody3
3596 [04 Aug 2004] DSA-536 libpng - several vulnerabilities
3597 {CVE-2004-0597 CVE-2004-0598 CVE-2004-0599 CVE-2004-0768}
3598 [woody] - libpng 1.0.12-3.woody.7
3599 [woody] - libpng3 1.2.1-1.1.woody.7
3600 [02 Aug 2004] DSA-535 squirrelmail - several vulnerabilities
3601 {CVE-2004-0519 CVE-2004-0520 CVE-2004-0521 CVE-2004-0639}
3602 [woody] - squirrelmail 1:1.2.6-1.4
3603 [22 Jul 2004] DSA-534 mailreader - directory traversal
3604 {CVE-2002-1581}
3605 [woody] - mailreader 2.3.29-5woody1
3606 [22 Jul 2004] DSA-533 courier - cross-site scripting
3607 {CVE-2004-0591}
3608 [woody] - courier 0.37.3-2.5
3609 [22 Jul 2004] DSA-532 libapache-mod-ssl - several vulnerabilities
3610 {CVE-2004-0488 CVE-2004-0700}
3611 [woody] - libapache-mod-ssl 2.8.9-2.4
3612 [20 Jul 2004] DSA-531 php4 - several vulnerabilities
3613 {CVE-2004-0594 CVE-2004-0595}
3614 [woody] - php4 4.1.2-7
3615 [17 Jul 2004] DSA-530 l2tpd - buffer overflow
3616 {CVE-2004-0649}
3617 [woody] - l2tpd 0.67-1.2
3618 [17 Jul 2004] DSA-529 netkit-telnet-ssl - format string
3619 {CVE-2004-0640}
3620 [woody] - netkit-telnet-ssl 0.17.17+0.1-2woody1
3621 [17 Jul 2004] DSA-528 ethereal - denial of service
3622 {CVE-2004-0635}
3623 [woody] - ethereal 0.9.4-1woody8
3624 [03 Jul 2004] DSA-527 pavuk - buffer overflow
3625 {CVE-2004-0456}
3626 NOTE: DSA is incorrect; pavuk is in sarge and unstable.
3627 [woody] - pavuk 0.9pl28-1woody1
3628 [03 Jul 2004] DSA-526 webmin - several vulnerabilities
3629 {CVE-2004-0582 CVE-2004-0583}
3630 [woody] - webmin 0.94-7woody2
3631 [24 Jun 2004] DSA-525 apache - buffer overflow
3632 {CVE-2004-0492}
3633 [woody] - apache 1.3.26-0woody5
3634 [19 Jun 2004] DSA-524 rlpr - several vulnerabilities
3635 {CVE-2004-0393 CVE-2004-0454}
3636 [woody] - rlpr 2.02-7woody1
3637 [19 Jun 2004] DSA-523 www-sql - buffer overflow
3638 {CVE-2004-0455}
3639 [woody] - www-sql 0.5.7-17woody1
3640 [19 Jun 2004] DSA-522 super - format string vulnerability
3641 {CVE-2004-0579}
3642 [woody] - super 3.16.1-1.2
3643 [18 Jun 2004] DSA-521 sup - format string vulnerability
3644 {CVE-2004-0451}
3645 [woody] - sup 1.8-8woody2
3646 [16 Jun 2004] DSA-520 krb5 - buffer overflows
3647 {CVE-2004-0523}
3648 [woody] - krb5 1.2.4-5woody5
3649 [15 Jun 2004] DSA-519 cvs - several vulnerabilities
3650 {CVE-2004-0416 CVE-2004-0417 CVE-2004-0418}
3651 [woody] - cvs 1.11.1p1debian-9woody7
3652 [14 Jun 2004] DSA-518 kdelibs - unsanitised input
3653 {CVE-2004-0411}
3654 [woody] - kdelibs 4:2.2.2-13.woody.10
3655 [10 Jun 2004] DSA-517 cvs - buffer overflow
3656 {CVE-2004-0414}
3657 [woody] - cvs 1.11.1p1debian-9woody6
3658 [07 Jun 2004] DSA-516 postgresql - buffer overflow
3659 {CVE-2004-0547}
3660 [woody] - postgresql 7.2.1-2woody5
3661 [05 Jun 2004] DSA-515 lha - several vulnerabilities
3662 {CVE-2004-0234 CVE-2004-0235}
3663 [woody] - lha 1.14i-2woody1
3664 [04 Jun 2004] DSA-514 kernel-image-sparc-2.2 - failing function and TLB flush
3665 {CVE-2004-0077}
3666 [woody] - kernel-source-2.2.20 2.2.20-5woody3
3667 [03 Jun 2004] DSA-513 log2mail - format string
3668 {CVE-2004-0450}
3669 [woody] - log2mail 0.2.5.2
3670 [02 Jun 2004] DSA-512 gallery - unauthenticated access
3671 {CVE-2004-0522}
3672 [woody] - gallery 1.2.5-8woody2
3673 [30 May 2004] DSA-511 ethereal - buffer overflows
3674 {CVE-2004-0176}
3675 [woody] - ethereal 0.9.4-1woody7
3676 [29 May 2004] DSA-510 jftpgw - format string
3677 {CVE-2004-0448}
3678 [woody] - jftpgw 0.13.1-1woody1
3679 [29 May 2004] DSA-509 gatos - privilege escalation
3680 {CVE-2004-0395}
3681 [woody] - gatos 0.0.5-6woody1
3682 [22 May 2004] DSA-508 xpcd - buffer overflow
3683 {CVE-2004-0402}
3684 [woody] - xpcd 2.08-8woody2
3685 [19 May 2004] DSA-507 cadaver - buffer overflow
3686 {CVE-2004-0398}
3687 [woody] - cadaver 0.18.0-1woody3
3688 [19 May 2004] DSA-506 neon - buffer overflow
3689 {CVE-2004-0398}
3690 [woody] - neon 0.19.3-2woody5
3691 [19 May 2004] DSA-505 cvs - heap overflow
3692 {CVE-2004-0396}
3693 [woody] - cvs 1.11.1p1debian-9woody4
3694 [18 May 2004] DSA-504 heimdal - missing input sanitising
3695 {CVE-2004-0434}
3696 [woody] - heimdal 0.4e-7.woody.9
3697 [13 May 2004] DSA-503 mah-jong - missing argument check
3698 {CVE-2004-0458}
3699 [woody] - mah-jong 1.4-3
3700 [11 May 2004] DSA-502 exim-tls - buffer overflow
3701 {CVE-2004-0399 CVE-2004-0400}
3702 [woody] - exim-tls 3.35-3woody2
3703 [07 May 2004] DSA-501 exim - buffer overflow
3704 {CVE-2004-0399 CVE-2004-0400}
3705 [woody] - exim 3.35-1woody3
3706 [01 May 2004] DSA-500 flim - insecure temporary file
3707 {CVE-2004-0422}
3708 [woody] - flim 1.14.3-9woody1
3709 [01 May 2004] DSA-499 rsync - directory traversal
3710 {CVE-2004-0426}
3711 [woody] - rsync 2.5.5-0.5
3712 [30 Apr 2004] DSA-498 libpng - out of bound access
3713 {CVE-2004-0421}
3714 [woody] - libpng 1.0.12-3.woody.5
3715 [woody] - libpng3 1.2.1-1.1.woody.5
3716 [29 Apr 2004] DSA-497 mc - several vulnerabilities
3717 {CVE-2004-0226 CVE-2004-0231 CVE-2004-0232}
3718 [woody] - mc 4.5.55-1.2woody3
3719 [29 Apr 2004] DSA-496 eterm - missing input sanitising
3720 {CVE-2003-0068}
3721 [woody] - eterm 0.9.2-0pre2002042903.3
3722 [26 Apr 2004] DSA-495 linux-kernel-2.4.16-arm - several vulnerabilities
3723 {CVE-2003-0127 CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
3724 [woody] - kernel-source-2.4.16 2.4.16-1woody2
3725 [woody] - kernel-patch-2.4.16-arm 20040419
3726 [woody] - kernel-image-2.4.16-lart 20040419
3727 [woody] - kernel-image-2.4.16-netwinder 20040419
3728 [woody] - kernel-image-2.4.16-riscpc 20040419
3729 [21 Apr 2004] DSA-494 ident2 - buffer overflow
3730 {CVE-2004-0408}
3731 [woody] - ident2 1.03-3woody1
3732 [21 Apr 2004] DSA-493 xchat - buffer overflow
3733 {CVE-2004-0409}
3734 [woody] - xchat 1.8.9-0woody3
3735 [18 Apr 2004] DSA-492 iproute - denial of service
3736 {CVE-2003-0856}
3737 [woody] - iproute 20010824-8woody1
3738 [17 Apr 2004] DSA-491 linux-kernel-2.4.19-mips - several vulnerabilities
3739 {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
3740 [woody] - kernel-source-2.4.19 2.4.19-4.woody2
3741 [woody] - kernel-patch-2.4.19-mips 2.4.19-0.020911.1.woody4
3742 [17 Apr 2004] DSA-490 zope - arbitrary code execution
3743 {CVE-2002-0688}
3744 [woody] - zope 2.5.1-1woody1
3745 [17 Apr 2004] DSA-489 linux-kernel-2.4.17-mips+mipsel - several vulnerabilities
3746 {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
3747 [woody] - kernel-source-2.4.17 2.4.17-1woody3
3748 [woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody6
3749 [woody] - kernel-patch-2.4.17-mipsel 2.4.17-0.020226.2.woody6
3750 [16 Apr 2004] DSA-488 logcheck - insecure temporary directory
3751 {CVE-2004-0404}
3752 [woody] - logcheck 1.1.1-13.1woody1
3753 [16 Apr 2004] DSA-487 neon - format string
3754 {CVE-2004-0179}
3755 [woody] - neon 0.19.3-2woody3
3756 [16 Apr 2004] DSA-486 cvs - several vulnerabilities
3757 {CVE-2004-0180 CVE-2004-0405}
3758 [woody] - cvs 1.11.1p1debian-9woody2
3759 [14 Apr 2004] DSA-485 ssmtp - format string
3760 {CVE-2004-0156}
3761 [woody] - ssmtp 2.50.6.1
3762 [14 Apr 2004] DSA-484 xonix - failure to drop privileges
3763 {CVE-2004-0157}
3764 [woody] - xonix 1.4-19woody1
3765 [14 Apr 2004] DSA-483 mysql - insecure temporary file creation
3766 {CVE-2004-0381 CVE-2004-0388}
3767 [woody] - mysql 3.23.49-8.6
3768 [14 Apr 2004] DSA-482 linux-kernel-2.4.17-apus+s390 - several vulnerabilities
3769 {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
3770 [woody] - kernel-source-2.4.17 2.4.17-1woody3
3771 [woody] - kernel-patch-2.4.17-apus 2.4.17-5
3772 [woody] - kernel-patch-2.4.17-s390 2.4.17-2.woody.4
3773 [woody] - kernel-image-2.4.17-s390 2.4.17-2.woody.4
3774 [14 Apr 2004] DSA-481 linux-kernel-2.4.17-ia64 - several vulnerabilities
3775 {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
3776 [woody] - kernel-image-2.4.17-ia64 011226.17
3777 [14 Apr 2004] DSA-480 linux-kernel-2.4.17+2.4.18-hppa - several vulnerabilities
3778 {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
3779 [woody] - kernel-image-2.4.17-hppa 32.4
3780 [woody] - kernel-image-2.4.18-hppa 62.3
3781 [14 Apr 2004] DSA-479 linux-kernel-2.4.18-alpha+i386+powerpc - several vulnerabilities
3782 {CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
3783 [woody] - kernel-source-2.4.18 2.4.18-14.3
3784 [woody] - kernel-image-2.4.18-1-alpha 2.4.18-15
3785 [woody] - kernel-image-2.4.18-1-i386 2.4.18-13
3786 [woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody8
3787 [woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody5
3788 [06 Apr 2004] DSA-478 tcpdump - denial of service
3789 {CVE-2004-0183 CVE-2004-0184}
3790 [woody] - tcpdump 3.6.2-2.8
3791 [06 Apr 2004] DSA-477 xine-ui - insecure temporary file creation
3792 {CVE-2004-0372}
3793 [woody] - xine-ui 0.9.8-5
3794 [06 Apr 2004] DSA-476 heimdal - cross-realm
3795 {CVE-2004-0371}
3796 [woody] - heimdal 0.4e-7.woody.8.1
3797 [05 Apr 2004] DSA-475 linux-kernel-2.4.18-hppa - several vulnerabilities
3798 {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
3799 [woody] - kernel-image-2.4.18-hppa 62.1
3800 [03 Apr 2004] DSA-474 squid - ACL bypass
3801 {CVE-2004-0189}
3802 [woody] - squid 2.4.6-2woody2
3803 [03 Apr 2004] DSA-473 oftpd - denial of service
3804 {CVE-2004-0376}
3805 [woody] - oftpd 0.3.6-6
3806 [03 Apr 2004] DSA-472 fte - several vulnerabilities
3807 {CVE-2003-0648}
3808 [woody] - fte 0.49.13-15woody1
3809 [02 Apr 2004] DSA-471 interchange - missing input sanitising
3810 {CVE-2004-0374}
3811 [woody] - interchange 4.8.3.20020306-1.woody.2
3812 [01 Apr 2004] DSA-470 linux-kernel-2.4.17-hppa - several vulnerabilities
3813 {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
3814 [woody] - kernel-image-2.4.17-hppa 32.3
3815 [29 Mar 2004] DSA-469 pam-pgsql - missing input sanitising
3816 {CVE-2004-0366}
3817 [woody] - pam-pgsql 0.5.2-3woody2
3818 [24 Mar 2004] DSA-468 emil - several vulnerabilities
3819 {CVE-2004-0152 CVE-2004-0153}
3820 [woody] - emil 2.1.0-beta9-11woody1
3821 [23 Mar 2004] DSA-467 ecartis - several vulnerabilities
3822 {CVE-2003-0781 CVE-2003-0782}
3823 [woody] - ecartis 0.129a+1.0.0-snap20020514-1.2
3824 [18 Mar 2004] DSA-466 linux-kernel-2.2.10-powerpc-apus - failing function and TLB flush
3825 {CVE-2004-0077}
3826 [woody] - kernel-source-2.2.10 2.2.10-2
3827 [woody] - kernel-image-2.2.10-powerpc-apus 2.2.10-13woody1
3828 [17 Mar 2004] DSA-465 openssl - several vulnerabilities
3829 {CVE-2004-0079 CVE-2004-0081}
3830 [woody] - openssl 0.9.6c-2.woody.6
3831 [woody] - openssl094 0.9.4-6.woody.4
3832 [woody] - openssl095 0.9.5a-6.woody.5
3833 [16 Mar 2004] DSA-464 gdk-pixbuf - broken image handling
3834 {CVE-2004-0111}
3835 [woody] - gdk-pixbuf 0.17.0-2woody1
3836 [12 Mar 2004] DSA-463 samba - privilege escalation
3837 {CVE-2004-0186}
3838 [woody] - samba 2.2.3a-13
3839 [12 Mar 2004] DSA-462 xitalk - missing privilege release
3840 {CVE-2004-0151}
3841 [woody] - xitalk 1.1.11-9.1woody1
3842 [11 Mar 2004] DSA-461 calife - buffer overflow
3843 {CVE-2004-0188}
3844 [woody] - calife 2.8.4c-1woody1
3845 [10 Mar 2004] DSA-460 sysstat - insecure temporary file
3846 {CVE-2004-0108}
3847 [woody] - sysstat 5.0.1-1
3848 [10 Mar 2004] DSA-459 kdelibs - cookie path traversal
3849 {CVE-2003-0592}
3850 [woody] - kdelibs 4:2.2.2-6woody3
3851 [woody] - kdelibs-crypto 4:2.2.2-13.woody.9
3852 [08 Mar 2004] DSA-457 wu-ftpd - several vulnerabilities
3853 {CVE-2004-0148 CVE-2004-0185}
3854 [woody] - wu-ftpd 2.6.2-3woody4
3855 [06 Mar 2004] DSA-456 linux-kernel-2.2.19-arm - failing function and TLB flush
3856 {CVE-2004-0077}
3857 [woody] - kernel-source-2.2.19 2.2.19.1-4woody1
3858 [woody] - kernel-patch-2.2.19-arm 20040303
3859 [woody] - kernel-image-2.2.19-netwinder 20040303
3860 [woody] - kernel-image-2.2.19-riscpc 20040303
3861 [03 Mar 2004] DSA-455 libxml - buffer overflows
3862 {CVE-2004-0110}
3863 [woody] - libxml 1.8.17-2woody1
3864 [woody] - libxml2 2.4.19-4woody1
3865 [02 Mar 2004] DSA-454 linux-kernel-2.2.22-alpha - failing function and TLB flush
3866 {CVE-2004-0077}
3867 [woody] - kernel-source-2.2.22 2.2.22-1woody1
3868 [woody] - kernel-image-2.2.22-alpha 2.2.22-2
3869 [02 Mar 2004] DSA-453 linux-kernel-2.2.20-i386+m68k+powerpc - failing function and TLB flush
3870 {CVE-2004-0077}
3871 [woody] - kernel-source-2.2.20 2.2.20-5woody3
3872 [woody] - kernel-image-2.2.20-i386 2.2.20-5woody5
3873 [woody] - kernel-image-2.2.20-reiserfs-i386 2.2.20-4woody1
3874 [woody] - kernel-image-2.2.20-amiga 2.20-4
3875 [woody] - kernel-image-2.2.20-atari 2.2.20-3
3876 [woody] - kernel-image-2.2.20-bvme6000 2.2.20-3
3877 [woody] - kernel-image-2.2.20-mac 2.2.20-3
3878 [woody] - kernel-image-2.2.20-mvme147 2.2.20-3
3879 [woody] - kernel-image-2.2.20-mvme16x 2.2.20-3
3880 [woody] - kernel-patch-2.2.20-powerpc 2.2.20-3woody1
3881 [29 Feb 2004] DSA-452 libapache-mod-python - denial of service
3882 {CVE-2003-0973}
3883 [woody] - libapache-mod-python 2:2.7.8-0.0woody2
3884 [27 Feb 2004] DSA-451 xboing - buffer overflows
3885 {CVE-2004-0149}
3886 [woody] - xboing 2.4-26woody1
3887 [27 Feb 2004] DSA-450 linux-kernel-2.4.19-mips - several vulnerabilities
3888 {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
3889 [woody] - kernel-source-2.4.19 2.4.19-0.020911.1.woody3
3890 [woody] - kernel-patch-2.4.19-mips 2.4.19-4.woody1
3891 [24 Feb 2004] DSA-449 metamail - buffer overflow, format string bugs
3892 {CVE-2004-0104 CVE-2004-0105}
3893 [woody] - metamail 2.7-45woody.2
3894 [22 Feb 2004] DSA-448 pwlib - several vulnerabilities
3895 {CVE-2004-0097}
3896 [woody] - pwlib 1.2.5-5woody1
3897 [22 Feb 2004] DSA-447 hsftp - format string
3898 {CVE-2004-0159}
3899 [woody] - hsftp 1.11-1woody1
3900 [21 Feb 2004] DSA-446 synaesthesia - insecure file creation
3901 {CVE-2004-0160}
3902 [woody] - synaesthesia 2.1-2.1woody1
3903 [21 Feb 2004] DSA-445 lbreakout2 - buffer overflow
3904 {CVE-2004-0158}
3905 [woody] - lbreakout2 2.2.2-1woody1
3906 [20 Feb 2004] DSA-444 linux-kernel-2.4.17-ia64 - missing function return value check
3907 {CVE-2004-0077}
3908 [woody] - kernel-image-2.4.17-ia64 011226.16
3909 [19 Feb 2004] DSA-443 xfree86 - several vulnerabilities
3910 {CVE-2003-0690 CVE-2004-0083 CVE-2004-0084 CVE-2004-0106 CVE-2004-0093 CVE-2004-0094}
3911 [woody] - xfree86 4.1.0-16woody3
3912 [19 Feb 2004] DSA-442 linux-kernel-2.4.17-s390 - several vulnerabilities
3913 {CVE-2003-0001 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364 CVE-2003-0961 CVE-2003-0985 CVE-2004-0077 CVE-2002-0429}
3914 [woody] - kernel-patch-2.4.17-s390 0.0.20020816-0.woody.2
3915 [woody] - kernel-image-2.4.17-s390 2.4.17-2.woody.3
3916 [18 Feb 2004] DSA-441 linux-kernel-2.4.17-mips+mipsel - missing function return value check
3917 {CVE-2004-0077}
3918 [woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody5
3919 [18 Feb 2004] DSA-440 linux-kernel-2.4.17-powerpc-apus - several vulnerabilities
3920 {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
3921 [woody] - kernel-source-2.4.17 2.4.17-4
3922 [woody] - kernel-patch-2.4.17-apus 2.4.17-4
3923 [18 Feb 2004] DSA-439 linux-kernel-2.4.16-arm - several vulnerabilities
3924 {CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
3925 [woody] - kernel-image-2.4.16-lart 2.4.16-20040204
3926 [woody] - kernel-image-2.4.16-netwinder 2.4.16-20040204
3927 [woody] - kernel-image-2.4.16-riscpc 2.4.16-20040204
3928 [woody] - kernel-patch-2.4.16-arm 20040204
3929 [18 Feb 2004] DSA-438 linux-kernel-2.4.18-alpha+i386+powerpc - missing function return value check
3930 {CVE-2004-0077}
3931 [woody] - kernel-source-2.4.18 2.4.18-14.2
3932 [woody] - kernel-image-2.4.18-1-alpha 2.4.18-14
3933 [woody] - kernel-image-2.4.18-1-i386 2.4.18-12.2
3934 [woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody7
3935 [woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody4
3936 [11 Feb 2004] DSA-437 cgiemail - open mail relay
3937 {CVE-2002-1575}
3938 [woody] - cgiemail 1.6-14woody1
3939 [08 Feb 2004] DSA-436 mailman - several vulnerabilities
3940 {CVE-2003-0991 CVE-2003-0965 CVE-2003-0038}
3941 [woody] - mailman 2.0.11-1woody7
3942 [06 Feb 2004] DSA-435 mpg123 - heap overflow
3943 {CVE-2003-0865}
3944 [woody] - mpg123 0.59r-13woody2
3945 [05 Feb 2004] DSA-434 gaim - several vulnerabilities
3946 {CVE-2004-0005 CVE-2004-0006 CVE-2004-0007 CVE-2004-0008}
3947 [woody] - gaim 0.58-2.4
3948 [04 Feb 2004] DSA-433 kernel-patch-2.4.17-mips - integer overflow
3949 {CVE-2003-0961}
3950 [woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody4
3951 [03 Feb 2004] DSA-432 crawl - buffer overflow
3952 {CVE-2004-0103}
3953 [woody] - crawl 4.0.0beta23-2woody1
3954 [01 Feb 2004] DSA-431 perl - information leak
3955 {CVE-2003-0618}
3956 [woody] - perl 5.6.1-8.6
3957 [28 Jan 2004] DSA-430 trr19 - missing privilege release
3958 {CVE-2004-0047}
3959 [woody] - trr19 1.0beta5-15woody1
3960 [26 Jan 2004] DSA-429 gnupg - cryptographic weakness
3961 {CVE-2003-0971}
3962 [woody] - gnupg 1.0.6-4woody1
3963 [20 Jan 2004] DSA-428 slocate - buffer overflow
3964 {CVE-2003-0848}
3965 [woody] - slocate 2.6-1.3.2
3966 [19 Jan 2004] DSA-427 linux-kernel-2.4.17-mips+mipsel - missing boundary check
3967 {CVE-2003-0985}
3968 [woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody3
3969 [18 Jan 2004] DSA-426 netpbm-free - insecure temporary files
3970 {CVE-2003-0924}
3971 [woody] - netpbm-free 2:9.20-8.4
3972 [16 Jan 2004] DSA-425 tcpdump - multiple vulnerabilities
3973 {CVE-2003-1029 CVE-2003-0989 CVE-2004-0055 CVE-2004-0057}
3974 [woody] - tcpdump 3.6.2-2.7
3975 [16 Jan 2004] DSA-424 mc - buffer overflow
3976 {CVE-2003-1023}
3977 [woody] - mc 4.5.55-1.2woody2
3978 [15 Jan 2004] DSA-423 linux-kernel-2.4.17-ia64 - several vulnerabilities
3979 {CVE-2003-0001 CVE-2003-0018 CVE-2003-0127 CVE-2003-0461 CVE-2003-0462 CVE-2003-0476 CVE-2003-0501 CVE-2003-0550 CVE-2003-0551 CVE-2003-0552 CVE-2003-0961 CVE-2003-0985}
3980 [woody] - kernel-image-2.4.17-ia64 kernel-image-2.4.17-ia64
3981 [13 Jan 2004] DSA-422 cvs - remote vulnerability
3982 [woody] - cvs 1.11.11
3983 [12 Jan 2004] DSA-421 mod-auth-shadow - password expiration
3984 {CVE-2004-0041}
3985 [woody] - mod-auth-shadow 1.3-3.1woody.1
3986 [12 Jan 2004] DSA-420 jitterbug - improperly sanitised input
3987 {CVE-2004-0028}
3988 [woody] - jitterbug 1.6.2-4.2woody2
3989 [09 Jan 2004] DSA-419 phpgroupware - missing filename sanitising, SQL injection
3990 {CVE-2004-0016 CVE-2004-0017}
3991 [woody] - phpgroupware 0.9.14-0.RC3.2.woody3
3992 [07 Jan 2004] DSA-418 vbox3 - privilege leak
3993 {CVE-2004-0015}
3994 [woody] - vbox3 0.1.7.1
3995 [07 Jan 2004] DSA-417 linux-kernel-2.4.18-powerpc+alpha - missing boundary check
3996 {CVE-2003-0961 CVE-2003-0985}
3997 [woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody3
3998 [woody] - kernel-image-2.4.18-1-alpha 2.4.18-12
3999 [06 Jan 2004] DSA-416 fsp - buffer overflow, directory traversal
4000 {CVE-2003-1022 CVE-2004-0011}
4001 [woody] - fsp 2.81.b3-3.1woody1
4002 [06 Jan 2004] DSA-415 zebra - denial of service
4003 {CVE-2003-0795 CVE-2003-0858}
4004 [woody] - zebra 0.92a-5woody2
4005 [06 Jan 2004] DSA-414 jabber - denial of service
4006 {CVE-2004-0013}
4007 [woody] - jabber 1.4.2a-1.1woody1
4008 [06 Jan 2004] DSA-413 linux-kernel-2.4.18 - missing boundary check
4009 {CVE-2003-0985}
4010 [woody] - kernel-source-2.4.18 2.4.18-14.1
4011 [woody] - kernel-image-2.4.18-1-i386 2.4.18-12.1
4012 [05 Jan 2004] DSA-412 nd - buffer overflows
4013 {CVE-2004-0014}
4014 [woody] - nd 0.5.0-1woody1
4015 [05 Jan 2004] DSA-411 mpg321 - format string vulnerability
4016 {CVE-2003-0969}
4017 [woody] - mpg321 0.2.10.2
4018 [05 Jan 2004] DSA-410 libnids - buffer overflow
4019 {CVE-2003-0850}
4020 [woody] - libnids 1.16-3woody1
4021 [05 Jan 2004] DSA-409 bind - denial of service
4022 {CVE-2003-0914}
4023 [woody] - bind 1:8.3.3-2.0woody2
4024 [05 Jan 2004] DSA-408 screen - integer overflow
4025 {CVE-2003-0972}
4026 [woody] - screen 3.9.11-5woody1
4027 [05 Jan 2004] DSA-407 ethereal - buffer overflows
4028 {CVE-2003-0925 CVE-2003-0926 CVE-2003-0927 CVE-2003-1012 CVE-2003-1013}
4029 [woody] - ethereal 0.9.4-1woody6
4030 [05 Jan 2004] DSA-406 lftp - buffer overflow
4031 {CVE-2003-0963}
4032 [woody] - lftp 2.4.9-1woody2
4033 [30 Dec 2003] DSA-405 xsok - missing privilege release
4034 {CVE-2003-0949}
4035 [woody] - xsok 1.02-9woody2
4036 [04 Dec 2003] DSA-404 rsync - heap overflow
4037 {CVE-2003-0962}
4038 [woody] - rsync 2.5.5-0.2
4039 [01 Dec 2003] DSA-403 kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18 - local root exploit
4040 {CVE-2003-0961}
4041 [woody] - kernel-image-2.4.18-1-alpha 2.4.18-11
4042 [woody] - kernel-image-2.4.18-1-i386 2.4.18-12
4043 [woody] - kernel-source-2.4.18 2.4.18-14
4044 [17 Nov 2003] DSA-402 minimalist - unsanitised input
4045 {CVE-2003-0902}
4046 [woody] - minimalist 2.2-4
4047 [17 Nov 2003] DSA-401 hylafax - format strings
4048 {CVE-2003-0886}
4049 [woody] - hylafax 4.1.1-1.3
4050 [11 Nov 2003] DSA-400 omega-rpg - buffer overflow
4051 {CVE-2003-0932}
4052 [woody] - omega-rpg 0.90-pa9-7woody1
4053 [10 Nov 2003] DSA-399 epic4 - buffer overflow
4054 {CVE-2003-0328}
4055 [woody] - epic4 1.1.2.20020219-2.2
4056 [10 Nov 2003] DSA-398 conquest - buffer overflow
4057 {CVE-2003-0933}
4058 [woody] - conquest 7.1.1-6woody1
4059 [07 Nov 2003] DSA-397 postgresql - buffer overflow
4060 {CVE-2003-0901}
4061 [woody] - postgresql 7.2.1-2woody4
4062 [29 Oct 2003] DSA-396 thttpd - missing input sanitizing, wrong calculation
4063 {CVE-2002-1562 CVE-2003-0899}
4064 [woody] - thttpd 2.21b-11.2
4065 [15 Oct 2003] DSA-395 tomcat4 - incorrect input handling
4066 {CVE-2003-0866}
4067 [woody] - tomcat4 4.0.3-3woody3
4068 [11 Oct 2003] DSA-394 openssl095 - ASN.1 parsing vulnerability
4069 {CVE-2003-0543 CVE-2003-0544 CVE-2003-0545}
4070 [woody] - openssl095 0.9.5a-6.woody.3
4071 [01 Oct 2003] DSA-393 openssl - denial of service
4072 {CVE-2003-0543 CVE-2003-0544 CVE-2003-0545}
4073 [woody] - openssl 0.9.6c-2.woody.4
4074 [29 Sep 2003] DSA-392 webfs - buffer overflows, file and directory exposure
4075 {CVE-2003-0832 CVE-2003-0833}
4076 [woody] - webfs 1.17.2
4077 [28 Sep 2003] DSA-391 freesweep - buffer overflow
4078 {CVE-2003-0828}
4079 [woody] - freesweep 0.88-4woody1
4080 [26 Sep 2003] DSA-390 marbles - buffer overflow
4081 {CVE-2003-0830}
4082 [woody] - marbles 1.0.2-1woody1
4083 [20 Sep 2003] DSA-389 ipmasq - insecure packet filtering rules
4084 {CVE-2003-0785}
4085 [woody] - ipmasq 3.5.10c
4086 [19 Sep 2003] DSA-388 kdebase - several vulnerabilities
4087 {CVE-2003-0690 CVE-2003-0692}
4088 [woody] - kdebase 4:2.2.2-14.7
4089 [18 Sep 2003] DSA-387 gopher - buffer overflows
4090 {CVE-2003-0805}
4091 [woody] - gopher 3.0.3woody1
4092 [18 Sep 2003] DSA-386 libmailtools-perl - input validation bug
4093 {CVE-2002-1271}
4094 [woody] - libmailtools-perl 1.44-1woody1
4095 [18 Sep 2003] DSA-385 hztty - buffer overflows
4096 {CVE-2003-0783}
4097 [woody] - hztty 2.0-5.2woody1
4098 [17 Sep 2003] DSA-384 sendmail - buffer overflows
4099 {CVE-2003-0681 CVE-2003-0694}
4100 [woody] - sendmail 8.12.3-6.6
4101 [woody] - sendmail-wide 8.12.3+3.5Wbeta-5.5
4102 [17 Sep 2003] DSA-383 ssh-krb5 - possible remote vulnerability
4103 {CVE-2003-0693 CVE-2003-0695 CVE-2003-0682}
4104 [woody] - openssh-krb5 3.4p1-0woody4
4105 [16 Sep 2003] DSA-382 ssh - possible remote vulnerability
4106 {CVE-2003-0693 CVE-2003-0695 CVE-2003-0682}
4107 [woody] - openssh 1:3.4p1-1.woody.3
4108 [13 Sep 2003] DSA-381 mysql - buffer overflow
4109 {CVE-2003-0780}
4110 [woody] - mysql 3.23.49-8.5
4111 [12 Sep 2003] DSA-380 xfree86 - buffer overflows, denial of service
4112 {CVE-2003-0063 CVE-2003-0071 CVE-2002-0164 CVE-2003-0730}
4113 [woody] - xfree86 4.1.0-16woody1
4114 [11 Sep 2003] DSA-379 sane-backends - several vulnerabilities
4115 {CVE-2003-0773 CVE-2003-0774 CVE-2003-0775 CVE-2003-0776 CVE-2003-0777 CVE-2003-0778}
4116 [woody] - sane-backends 1.0.7-4
4117 [07 Sep 2003] DSA-378 mah-jong - buffer overflows, denial of service
4118 {CVE-2003-0705 CVE-2003-0706}
4119 [woody] - mah-jong 1.4-2
4120 [04 Sep 2003] DSA-377 wu-ftpd - insecure program execution
4121 {CVE-1999-0997}
4122 [woody] - wu-ftpd 2.6.2-3woody2
4123 [04 Sep 2003] DSA-376 exim - buffer overflow
4124 {CVE-2003-0743}
4125 [woody] - exim 3.35-1woody2
4126 [woody] - exim-tls 3.35-3woody1
4127 [29 Aug 2003] DSA-375 node - buffer overflow, format string
4128 {CVE-2003-0707 CVE-2003-0708}
4129 [woody] - node 0.3.0a-2woody1
4130 [26 Aug 2003] DSA-374 libpam-smb - buffer overflow
4131 {CVE-2003-0686}
4132 [woody] - libpam-smb 1.1.6-1.1woody1
4133 [16 Aug 2003] DSA-373 autorespond - buffer overflow
4134 {CVE-2003-0654}
4135 [woody] - autorespond 2.0.2-2woody1
4136 [16 Aug 2003] DSA-372 netris - buffer overflow
4137 {CVE-2003-0685}
4138 [woody] - netris 0.5-4woody1
4139 [11 Aug 2003] DSA-371 perl - cross-site scripting
4140 {CVE-2003-0615}
4141 [woody] - perl 5.6.1-8.3
4142 [08 Aug 2003] DSA-370 pam-pgsql - format string
4143 {CVE-2003-0672}
4144 [woody] - pam-pgsql 0.5.2-3woody1
4145 [08 Aug 2003] DSA-369 zblast - buffer overflow
4146 {CVE-2003-0613}
4147 [woody] - zblast 1.2pre-5woody2
4148 [08 Aug 2003] DSA-368 xpcd - buffer overflow
4149 {CVE-2003-0649}
4150 [woody] - xpcd 2.08-8woody1
4151 [08 Aug 2003] DSA-367 xtokkaetama - buffer overflow
4152 {CVE-2003-0652}
4153 [woody] - xtokkaetama 1.0b-6woody2
4154 [05 Aug 2003] DSA-366 eroaster - insecure temporary file
4155 {CVE-2003-0656}
4156 [woody] - eroaster 2.1.0.0.3-2woody1
4157 [05 Aug 2003] DSA-365 phpgroupware - several vulnerabilities
4158 {CVE-2003-0504 CVE-2003-0599 CVE-2003-0657}
4159 [woody] - phpgroupware 0.9.14-0.RC3.2.woody2
4160 [04 Aug 2003] DSA-364 man-db - buffer overflows, arbitrary command execution
4161 {CVE-2003-0620 CVE-2003-0645}
4162 [woody] - man-db 2.3.20-18.woody.4
4163 [03 Aug 2003] DSA-363 postfix - denial of service, bounce-scanning
4164 {CVE-2003-0468 CVE-2003-0540}
4165 [woody] - postfix 1.1.11-0.woody3
4166 [02 Aug 2003] DSA-362 mindi - insecure temporary file
4167 {CVE-2003-0617}
4168 [woody] - mindi 0.58.r5-1woody1
4169 [01 Aug 2003] DSA-361 kdelibs, kdelibs-crypto - several vulnerabilities
4170 {CVE-2003-0459 CVE-2003-0370}
4171 [woody] - kdelibs 4:2.2.2-13.woody.8
4172 [woody] - kdelibs-crypto 4:2.2.2-6woody2
4173 [01 Aug 2003] DSA-360 xfstt - several vulnerabilities
4174 {CVE-2003-0581 CVE-2003-0625}
4175 [woody] - xfstt 1.2.1-3
4176 [31 Jul 2003] DSA-359 atari800 - buffer overflows
4177 {CVE-2003-0630}
4178 [woody] - atari800 1.2.2-1woody2
4179 [31 Jul 2003] DSA-358 linux-kernel-2.4.18 - several vulnerabilities
4180 {CVE-2003-0461 CVE-2003-0462 CVE-2003-0476 CVE-2003-0501 CVE-2003-0550 CVE-2003-0551 CVE-2003-0552 CVE-2003-0018 CVE-2003-0619 CVE-2003-0643}
4181 [woody] - kernel-source-2.4.18 2.4.18-13
4182 [woody] - kernel-image-2.4.18-1-i386 2.4.18-11
4183 [woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody4
4184 [woody] - kernel-source-2.4.18 2.4.18-13
4185 [woody] - kernel-image-2.4.18-1-alpha 2.4.18-10.
4186 [31 Jul 2003] DSA-357 wu-ftpd - remote root exploit
4187 {CVE-2003-0466}
4188 [woody] - wu-ftpd 2.6.2-3woody1
4189 [30 Jul 2003] DSA-356 xtokkaetama - buffer overflows
4190 {CVE-2003-0611}
4191 [woody] - xtokkaetama 1.0b-6woody1
4192 [30 Jul 2003] DSA-355 gallery - cross-site scripting
4193 {CVE-2003-0614}
4194 [woody] - gallery 1.2.5-8woody1
4195 [29 Jul 2003] DSA-354 xconq - buffer overflows
4196 {CVE-2003-0607}
4197 [woody] - xconq 7.4.1-2woody2
4198 [29 Jul 2003] DSA-353 sup - insecure temporary file
4199 {CVE-2003-0606}
4200 [woody] - sup 1.8-8woody1
4201 [22 Jul 2003] DSA-352 fdclone - insecure temporary directory
4202 {CVE-2003-0596}
4203 [woody] - fdclone 2.00a-1woody3
4204 [16 Jul 2003] DSA-351 php4 - cross-site scripting
4205 {CVE-2003-0442}
4206 [woody] - php4 4:4.1.2-6woody3
4207 [15 Jul 2003] DSA-350 falconseye - buffer overflow
4208 {CVE-2003-0358}
4209 [woody] - falconseye 1.9.3-7woody3
4210 [14 Jul 2003] DSA-349 nfs-utils - buffer overflow
4211 {CVE-2003-0252}
4212 [woody] - nfs-utils 1:1.0-2woody1
4213 [11 Jul 2003] DSA-348 traceroute-nanog - integer overflow, buffer overflow
4214 {CVE-2003-0453}
4215 [woody] - traceroute-nanog 6.1.1-1.3
4216 [08 Jul 2003] DSA-347 teapop - SQL injection
4217 {CVE-2003-0515}
4218 [woody] - teapop 0.3.4-1woody2
4219 [08 Jul 2003] DSA-346 phpsysinfo - directory traversal
4220 {CVE-2003-0536}
4221 [woody] - phpsysinfo 2.0-3woody1
4222 [08 Jul 2003] DSA-345 xbl - buffer overflow
4223 {CVE-2003-0535}
4224 [woody] - xbl 1.0k-3woody2
4225 [08 Jul 2003] DSA-344 unzip - directory traversal
4226 {CVE-2003-0282}
4227 [woody] - unzip 5.50-1woody2
4228 [08 Jul 2003] DSA-343 skk, ddskk - insecure temporary file
4229 {CVE-2003-0539}
4230 [woody] - skk 10.62a-4woody1
4231 [woody] - ddskk 11.6.rel.0-2woody1
4232 [07 Jul 2003] DSA-342 mozart - unsafe mailcap configuration
4233 {CVE-2003-0538}
4234 [woody] - mozart 1.2.3.20011204-3woody1
4235 [07 Jul 2003] DSA-341 liece - insecure temporary file
4236 {CVE-2003-0537}
4237 [woody] - liece 2.0+0.20020217cvs-2.1
4238 [06 Jul 2003] DSA-340 x-face-el - insecure temporary file
4239 [woody] - x-face-el 1.3.6.19-1woody1
4240 [06 Jul 2003] DSA-339 semi - insecure temporary file
4241 {CVE-2003-0440}
4242 [woody] - semi 1.14.3.cvs.2001.08.10-1woody2
4243 [woody] - wemi 1.14.0.20010802wemiko-1.3
4244 [29 Jun 2003] DSA-338 proftpd - SQL injection
4245 {CVE-2003-0500}
4246 [woody] - proftpd 1.2.4+1.2.5rc1-5woody2
4247 [29 Jun 2003] DSA-337 gtksee - buffer overflow
4248 {CVE-2003-0444}
4249 [woody] - gtksee 0.5.0-6
4250 [29 Jun 2003] DSA-336 linux-kernel-2.2.20 - several vulnerabilities
4251 {CVE-2002-1380 CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0364 CVE-2003-0246 CVE-2003-0244 CVE-2003-0247 CVE-2003-0248}
4252 [woody] - kernel-source-2.2.20 2.2.20-5woody2
4253 [woody] - kernel-image-2.2.20-i386 2.2.20-5woody3
4254 [28 Jun 2003] DSA-335 mantis - incorrect permissions
4255 {CVE-2003-0499}
4256 [woody] - mantis 0.17.1-3
4257 [28 Jun 2003] DSA-334 xgalaga - buffer overflows
4258 {CVE-2003-0454}
4259 [woody] - xgalaga 2.0.34-19woody1
4260 [27 Jun 2003] DSA-333 acm - integer overflow
4261 {CVE-2002-0391}
4262 [woody] - acm 5.0-3.woody.1
4263 [27 Jun 2003] DSA-332 linux-kernel-2.4.17 - several vulnerabilities
4264 {CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364}
4265 [woody] - kernel-source-2.4.17 2.4.17-1woody1
4266 [woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody2
4267 [27 Jun 2003] DSA-331 imagemagick - insecure temporary file
4268 {CVE-2003-0455}
4269 [woody] - imagemagick 4:5.4.4.5-1woody1
4270 [23 Jun 2003] DSA-330 tcptraceroute - failure to drop root privileges
4271 {CVE-2003-0489}
4272 [woody] - tcptraceroute 1.2-2
4273 [20 Jun 2003] DSA-329 osh - buffer overflows
4274 {CVE-2003-0452}
4275 [woody] - osh 1.7-11woody1
4276 [19 Jun 2003] DSA-328 webfs - buffer overflow
4277 {CVE-2003-0445}
4278 [woody] - webfs 1.17.1
4279 [19 Jun 2003] DSA-327 xbl - buffer overflows
4280 {CVE-2003-0451}
4281 [woody] - xbl 1.0k-3woody1
4282 [19 Jun 2003] DSA-326 orville-write - buffer overflows
4283 {CVE-2003-0441}
4284 [woody] - orville-write 2.53-4woody1
4285 [19 Jun 2003] DSA-325 eldav - insecure temporary file
4286 {CVE-2003-0438}
4287 [woody] - eldav 0.0.20020411-1woody1
4288 [18 Jun 2003] DSA-324 ethereal - several vulnerabilities
4289 {CVE-2003-0428 CVE-2003-0429 CVE-2003-0431 CVE-2003-0432}
4290 [woody] - ethereal 0.9.4-1woody5
4291 [16 Jun 2003] DSA-323 noweb - insecure temporary files
4292 {CVE-2003-0381}
4293 [woody] - noweb 2.9a-7.3
4294 [16 Jun 2003] DSA-322 typespeed - buffer overflow
4295 {CVE-2003-0435}
4296 [woody] - typespeed 0.4.1-2.2
4297 [13 Jun 2003] DSA-321 radiusd-cistron - buffer overflow
4298 {CVE-2003-0450}
4299 [woody] - radiusd-cistron 1.6.6-1woody1
4300 [13 Jun 2003] DSA-320 mikmod - buffer overflow
4301 {CVE-2003-0427}
4302 [woody] - mikmod 3.1.6-4woody3
4303 [12 Jun 2003] DSA-319 webmin - session ID spoofing
4304 {CVE-2003-0101}
4305 [woody] - webmin 0.94-7woody1
4306 [12 Jun 2003] DSA-318 lyskom-server - denial of service
4307 {CVE-2003-0366}
4308 [woody] - lyskom-server 2.0.6-1woody1
4309 [11 Jun 2003] DSA-317 cupsys - denial of service
4310 {CVE-2003-0195}
4311 [woody] - cupsys 1.1.14-5
4312 [11 Jun 2003] DSA-316 nethack - buffer overflow, incorrect permissions
4313 {CVE-2003-0358 CVE-2003-0359}
4314 [woody] - nethack 3.4.0-3.0woody3
4315 [woody] - slashem 0.0.6E4F8-4.0woody3
4316 [11 Jun 2003] DSA-315 gnocatan - buffer overflows, denial of service
4317 {CVE-2003-0433}
4318 [woody] - gnocatan 0.6.1-5woody2
4319 [11 Jun 2003] DSA-314 atftp - buffer overflow
4320 {CVE-2003-0380}
4321 [woody] - atftp 0.6.1.1.0woody1
4322 [11 Jun 2003] DSA-313 ethereal - buffer overflows, integer overflows
4323 {CVE-2003-0356 CVE-2003-0357}
4324 [woody] - ethereal 0.9.4-1woody4
4325 [09 Jun 2003] DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities
4326 {CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248}
4327 [woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody1
4328 [08 Jun 2003] DSA-311 linux-kernel-2.4.18 - several vulnerabilities
4329 {CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364}
4330 [woody] - kernel-source-2.4.18 2.4.18-9
4331 [woody] - kernel-image-2.4.18-1-i386 2.4.18-8
4332 [woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody1.
4333 [08 Jun 2003] DSA-310 xaos - improper setuid-root execution
4334 {CVE-2003-0385}
4335 [woody] - xaos 3.0-23woody1
4336 [06 Jun 2003] DSA-309 eterm - buffer overflow
4337 {CVE-2003-0382}
4338 [woody] - eterm 0.9.2-0pre2002042903.1
4339 [06 Jun 2003] DSA-308 gzip - insecure temporary files
4340 {CVE-1999-1332 CVE-2003-0367}
4341 [woody] - gzip 1.3.2-3woody1
4342 [27 May 2003] DSA-307 gps - multiple vulnerabilities
4343 {CVE-2003-0361 CVE-2003-0360 CVE-2003-0362}
4344 [woody] - gps 0.9.4-1woody1
4345 [19 May 2003] DSA-306 ircii-pana - buffer overflows, integer overflow
4346 {CVE-2003-0321 CVE-2003-0322 CVE-2003-0328}
4347 [woody] - ircii-pana 1.0-0c19-1.1
4348 [15 May 2003] DSA-305 sendmail - insecure temporary files
4349 {CVE-2003-0308}
4350 [woody] - sendmail 8.12.3-6.4
4351 [15 May 2003] DSA-304 lv - privilege escalation
4352 {CVE-2003-0188}
4353 [woody] - lv 4.49.4-7woody2
4354 [15 May 2003] DSA-303 mysql - privilege escalation
4355 {CVE-2003-0073}
4356 [woody] - mysql 3.23.49-8.4
4357 [07 May 2003] DSA-302 fuzz - privilege escalation
4358 {CVE-2003-0261}
4359 [woody] - fuzz 0.6-6woody1
4360 [07 May 2003] DSA-301 libgtop - buffer overflow
4361 {CVE-2001-0928}
4362 [woody] - libgtop 1.0.13-3.1
4363 [06 May 2003] DSA-300 balsa - buffer overflow
4364 {CVE-2003-0167}
4365 [woody] - balsa 1.2.4-2.2
4366 [06 May 2003] DSA-299 leksbot - improper setuid-root execution
4367 {CVE-2003-0262}
4368 [woody] - leksbot 1.2-3.1
4369 [02 May 2003] DSA-298 epic4 - buffer overflows
4370 {CVE-2003-0323}
4371 [woody] - epic4 1.1.2.20020219-2.1
4372 [01 May 2003] DSA-297 snort - integer overflow, buffer overflow
4373 {CVE-2003-0033 CVE-2003-0209}
4374 [woody] - snort 1.8.4beta1-3.1
4375 [30 Apr 2003] DSA-296 kdebase - insecure execution
4376 {CVE-2003-0204}
4377 [woody] - kdebase 2.2.2-14.4
4378 [30 Apr 2003] DSA-295 pptpd - buffer overflow
4379 {CVE-2003-0213}
4380 [woody] - pptpd 1.1.2-1.4
4381 [23 Apr 2003] DSA-294 gkrellm-newsticker - missing quoting, incomplete parser
4382 {CVE-2003-0205 CVE-2003-0206}
4383 [woody] - gkrellm-newsticker 0.3-3.1
4384 [23 Apr 2003] DSA-293 kdelibs - insecure execution
4385 {CVE-2003-0204}
4386 [woody] - kdebase 4:2.2.2-13.woody.7
4387 [22 Apr 2003] DSA-292 mime-support - insecure temporary file creation
4388 {CVE-2003-0214}
4389 [woody] - mime-support 3.18-1.3
4390 [22 Apr 2003] DSA-291 ircii - buffer overflows
4391 {CVE-2003-0323}
4392 [woody] - ircii 20020322-1.1
4393 [17 Apr 2003] DSA-290 sendmail-wide - char-to-int conversion
4394 {CVE-2003-0161}
4395 [woody] - sendmail-wide 8.12.3+3.5Wbeta-5.4
4396 [17 Apr 2003] DSA-289 rinetd - incorrect memory resizing
4397 {CVE-2003-0212}
4398 [woody] - rinetd 0.61-1.1
4399 [17 Apr 2003] DSA-288 openssl - several vulnerabilities
4400 {CVE-2003-0147 CVE-2003-0131}
4401 [woody] - openssl 0.9.6c-2.woody.3
4402 [15 Apr 2003] DSA-287 epic - buffer overflows
4403 {CVE-2003-0324}
4404 [woody] - epic 3.004-17.1
4405 [14 Apr 2003] DSA-286 gs-common - insecure temporary file
4406 {CVE-2003-0207}
4407 [woody] - gs-common 0.3.3.0woody1
4408 [14 Apr 2003] DSA-285 lprng - insecure temporary file
4409 {CVE-2003-0136}
4410 [woody] - lprng 3.8.10-1.2
4411 [12 Apr 2003] DSA-284 kdegraphics - insecure execution
4412 {CVE-2003-0204}
4413 [woody] - kdegraphics 3.8.10-1.2
4414 [11 Apr 2003] DSA-283 xfsdump - insecure file creation
4415 {CVE-2003-0173}
4416 [woody] - xfsdump 2.0.1-2
4417 [09 Apr 2003] DSA-282 glibc - integer overflow
4418 {CVE-2003-0028}
4419 [woody] - glibc 2.2.5-11.5
4420 [08 Apr 2003] DSA-281 moxftp - buffer overflow
4421 {CVE-2003-0203}
4422 [woody] - moxftp 2.2-18.1
4423 [07 Apr 2003] DSA-280 samba - buffer overflow
4424 {CVE-2003-0201 CVE-2003-0196}
4425 [woody] - samba 2.2.3a-12.3
4426 [07 Apr 2003] DSA-279 metrics - insecure temporary file creation
4427 {CVE-2003-0202}
4428 NOTE: Potato-only vulnerability, package was removed from woody.
4429 [04 Apr 2003] DSA-278 sendmail - char-to-int conversion
4430 {CVE-2003-0161}
4431 [woody] - sendmail 8.12.3-6.3
4432 [03 Apr 2003] DSA-277 apcupsd - buffer overflows, format string
4433 {CVE-2003-0098 CVE-2003-0099}
4434 [woody] - apcupsd 3.8.5-1.1.1
4435 [03 Apr 2003] DSA-276 linux-kernel-s390 - local privilege escalation
4436 {CVE-2003-0127}
4437 [woody] - kernel-patch-2.4.17-s390 0.0.20020816-0.woody.1.1
4438 [woody] - kernel-image-2.4.17-s390 2.4.17-2.woody.2.2
4439 [02 Apr 2003] DSA-275 lpr-ppd - buffer overflow
4440 {CVE-2003-0144}
4441 [woody] - lpr-ppd 0.72-2.1
4442 [28 Mar 2003] DSA-274 mutt - buffer overflow
4443 {CVE-2003-0167}
4444 [woody] - mutt 1.3.28-2.2
4445 [28 Mar 2003] DSA-273 krb4 - Cryptographic weakness
4446 {CVE-2003-0138 CVE-2003-0139}
4447 [woody] - krb4 1.1-8-2.3
4448 [28 Mar 2003] DSA-272 dietlibc - integer overflow
4449 {CVE-2003-0028}
4450 [woody] - dietlibc 0.12-2.5
4451 [27 Mar 2003] DSA-271 ecartis - unauthorized password change
4452 {CVE-2003-0162}
4453 [woody] - ecartis 0.129a+1.0.0-snap20020514-1.1
4454 [27 Mar 2003] DSA-270 linux-kernel-mips - local privilege escalation
4455 {CVE-2003-0127}
4456 [woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody1
4457 [woody] - kernel-patch-2.4.19-mips 2.4.19-0.020911.1.woody1
4458 [26 Mar 2003] DSA-269 heimdal - Cryptographic weakness
4459 {CVE-2003-0138}
4460 [woody] - heimdal 0.4e-7.woody.8
4461 [25 Mar 2003] DSA-268 mutt - buffer overflow
4462 {CVE-2003-0140}
4463 [woody] - mutt 1.3.28-2.1
4464 [24 Mar 2003] DSA-267 lpr - buffer overflow
4465 {CVE-2003-0144}
4466 [woody] - lpr 2000.05.07-4.3
4467 [24 Mar 2003] DSA-266 krb5 - several vulnerabilities
4468 {CVE-2003-0028 CVE-2003-0072 CVE-2003-0082 CVE-2003-0138 CVE-2003-0139}
4469 [woody] - krb5 1.2.4-5woody4
4470 [21 Mar 2003] DSA-265 bonsai - several vulnerabilities
4471 {CVE-2003-0152 CVE-2003-0153 CVE-2003-0154 CVE-2003-0155}
4472 [woody] - bonsai 1.3+cvs20020224-1woody1
4473 [19 Mar 2003] DSA-264 lxr - missing filename sanitizing
4474 {CVE-2003-0156}
4475 [woody] - lxr 0.3-3
4476 [17 Mar 2003] DSA-263 netpbm-free - math overflow errors
4477 {CVE-2003-0146}
4478 [woody] - netpbm-free 2:9.20-8.2
4479 [15 Mar 2003] DSA-262 samba - remote exploit
4480 {CVE-2003-0085 CVE-2003-0086}
4481 [woody] - samba 2.2.3a-12.1
4482 [14 Mar 2003] DSA-261 tcpdump - infinite loop
4483 {CVE-2003-0093 CVE-2003-0145}
4484 [woody] - tcpdump 3.6.2-2.4
4485 [13 Mar 2003] DSA-260 file - buffer overflow
4486 {CVE-2003-0102}
4487 [woody] - file 3.37-3.1.woody.1
4488 [12 Mar 2003] DSA-259 qpopper - mail user privilege escalation
4489 {CVE-2003-0143}
4490 [woody] - qpopper 4.0.4-2.woody.3
4491 [10 Mar 2003] DSA-258 ethereal - format string vulnerability
4492 {CVE-2003-0081}
4493 [woody] - ethereal 0.9.4-1woody3
4494 [04 Mar 2003] DSA-257 sendmail - remote exploit
4495 {CVE-2002-1337}
4496 [woody] - sendmail 8.12.3-5
4497 [woody] - sendmail-wide 8.12.3+3.5Wbeta-5.2
4498 [28 Feb 2003] DSA-256 mhc - insecure temporary file
4499 {CVE-2003-0120}
4500 [woody] - mhc 0.25+20010625-7.1
4501 [27 Feb 2003] DSA-255 tcpdump - infinite loop
4502 {CVE-2003-0108 CVE-2002-0380}
4503 [woody] - tcpdump 3.6.2-2.3
4504 [27 Feb 2003] DSA-254 traceroute-nanog - buffer overflow
4505 {CVE-2002-1051 CVE-2002-1364 CVE-2002-1386 CVE-2002-1387}
4506 [woody] - traceroute-nanog 6.1.1-1.2
4507 [24 Feb 2003] DSA-253 openssl - information leak
4508 {CVE-2003-0078}
4509 [woody] - openssl 0.9.6c-2.woody.2
4510 [21 Feb 2003] DSA-252 slocate - buffer overflow
4511 {CVE-2003-0056}
4512 [woody] - slocate 2.6-1.3.1
4513 [14 Feb 2003] DSA-251 w3m - missing HTML quoting
4514 {CVE-2002-1335 CVE-2002-1348}
4515 [woody] - w3m 0.3-2.4
4516 [12 Feb 2003] DSA-250 w3mmee-ssl - missing HTML quoting
4517 {CVE-2002-1335 CVE-2002-1348}
4518 NOTE: not in sid/sarge
4519 [11 Feb 2003] DSA-249 w3mmee - missing HTML quoting
4520 {CVE-2002-1335 CVE-2002-1348}
4521 [woody] - w3mmee 0.3-2.4
4522 [31 Jan 2003] DSA-248 hypermail - buffer overflows
4523 {CVE-2003-0057}
4524 [woody] - hypermail 2.1.3-2.0
4525 [30 Jan 2003] DSA-247 courier-ssl - missing input sanitizing
4526 {CVE-2003-0040}
4527 [woody] - courier 0.37.3-3.3
4528 [29 Jan 2003] DSA-246 tomcat - information exposure, cross site scripting
4529 {CVE-2003-0042 CVE-2003-0043 CVE-2003-0044}
4530 [woody] - tomcat 3.3a-4woody.1
4531 [28 Jan 2003] DSA-245 dhcp3 - ignored counter boundary
4532 {CVE-2003-0039}
4533 [woody] - dhcp3 3.0+3.0.1rc9-2.2
4534 [27 Jan 2003] DSA-244 noffle - buffer overflows
4535 {CVE-2003-0037}
4536 [woody] - noffle 1.0.1-1.1
4537 [24 Jan 2003] DSA-243 kdemultimedia - several vulnerabilities
4538 {CVE-2002-1393}
4539 [woody] - kdemultimedia 2.2.2-8.2
4540 [24 Jan 2003] DSA-242 kdebase - several vulnerabilities
4541 {CVE-2002-1393}
4542 [woody] - kdebase 2.2.2-14.2
4543 [24 Jan 2003] DSA-241 kdeutils - several vulnerabilities
4544 {CVE-2002-1393}
4545 [woody] - kdeutils 2.2.2-9.2
4546 [23 Jan 2003] DSA-240 kdegames - several vulnerabilities
4547 {CVE-2002-1393}
4548 [woody] - kdegames 2.2.2-2.2
4549 [23 Jan 2003] DSA-239 kdesdk - several vulnerabilities
4550 {CVE-2002-1393}
4551 [woody] - kdesdk 2.2.2-3.2
4552 [23 Jan 2003] DSA-238 kdepim - several vulnerabilities
4553 {CVE-2002-1393}
4554 [woody] - kdepim 2.2.2-5.2
4555 [22 Jan 2003] DSA-237 kdenetwork - several vulnerabilities
4556 {CVE-2002-1393}
4557 [woody] - kdenetwork 2.2.2-14.6
4558 [22 Jan 2003] DSA-236 kdelibs - several vulnerabilities
4559 {CVE-2002-1393}
4560 [woody] - kdelibs 2.2.2-13.woody.6
4561 [22 Jan 2003] DSA-235 kdegraphics - several vulnerabilities
4562 {CVE-2002-1393}
4563 [woody] - kdegraphics 2.2.2-6.10
4564 [22 Jan 2003] DSA-234 kdeadmin - several vulnerabilities
4565 {CVE-2002-1393}
4566 [woody] - kdeadmin 2.2.2-7.2
4567 [21 Jan 2003] DSA-233 cvs - doubly freed memory
4568 {CVE-2003-0015}
4569 [woody] - cvs 1.11.1p1debian-8.1
4570 [20 Jan 2003] DSA-232 cupsys - several vulnerabilities
4571 {CVE-2002-1366 CVE-2002-1367 CVE-2002-1368 CVE-2002-1369 CVE-2002-1371 CVE-2002-1372 CVE-2002-1383 CVE-2002-1384}
4572 [woody] - cupsys 1.1.14-4.3
4573 [17 Jan 2003] DSA-231 dhcp3 - stack overflows
4574 {CVE-2003-0026}
4575 [woody] - dhcp3 3.0+3.0.1rc9-2.1
4576 [16 Jan 2003] DSA-230 bugzilla - insecure permissions, spurious backup files
4577 {CVE-2003-0012 CVE-2003-0013}
4578 [woody] - bugzilla 2.14.2-0woody4
4579 [15 Jan 2003] DSA-229 imp - SQL injection
4580 {CVE-2003-0025}
4581 [woody] - imp 2.2.6-5.1
4582 [14 Jan 2003] DSA-228 libmcrypt - buffer overflows and memory leak
4583 {CVE-2003-0031 CVE-2003-0032}
4584 [woody] - libmcrypt 2.5.0-1woody1
4585 [13 Jan 2003] DSA-227 openldap2 - buffer overflows and other bugs
4586 {CVE-2002-1378 CVE-2002-1379 CVE-2002-1508}
4587 [woody] - openldap2 2.0.23-6.3
4588 [10 Jan 2003] DSA-226 xpdf-i - integer overflow
4589 {CVE-2002-1384}
4590 [woody] - xpdf <not-affected> (xpdf-i is only a dummy package)
4591 [09 Jan 2003] DSA-225 tomcat4 - source disclosure
4592 {CVE-2002-1394}
4593 [woody] - tomcat4 4.0.3-3woody2
4594 [08 Jan 2003] DSA-224 canna - buffer overflow and more
4595 {CVE-2002-1158 CVE-2002-1159}
4596 [woody] - canna 3.5b2-46.2
4597 [07 Jan 2003] DSA-223 geneweb - information exposure
4598 {CVE-2002-1390}
4599 [woody] - geneweb 4.06-2
4600 [06 Jan 2003] DSA-222 xpdf - integer overflow
4601 {CVE-2002-1384}
4602 [woody] - xpdf 1.00-3.1
4603 [03 Jan 2003] DSA-221 mhonarc - cross site scripting
4604 {CVE-2002-1388}
4605 [woody] - mhonarc 2.5.2-1.3
4606 [02 Jan 2003] DSA-220 squirrelmail - cross site scripting
4607 {CVE-2002-1341}
4608 [woody] - squirrelmail 1.2.6-1.3
4609 [31 Dec 2002] DSA-219 dhcpcd - remote command execution
4610 {CVE-2002-1403}
4611 NOTE: Woody doesn't have dhcpd
4612 [30 Dec 2002] DSA-218 bugzilla - cross site scripting
4613 {CVE-2002-2260}
4614 [woody] - bugzilla 2.14.2-0woody3
4615 [27 Dec 2002] DSA-217 typespeed - buffer overflow
4616 {CVE-2002-1389}
4617 [woody] - typespeed 0.4.1-2.1
4618 [24 Dec 2002] DSA-216 fetchmail - buffer overflow
4619 {CVE-2002-1365}
4620 [woody] - fetchmail 5.9.11-6.2
4621 [23 Dec 2002] DSA-215 cyrus-imapd - buffer overflow
4622 {CVE-2002-1580}
4623 [woody] - cyrus-imapd 1.5.19-9.1
4624 [20 Dec 2002] DSA-214 kdenetwork - buffer overflows
4625 {CVE-2002-1306}
4626 [woody] - kdenetwork 2.2.2-14.5
4627 [19 Dec 2002] DSA-213 libpng - buffer overflow
4628 {CVE-2002-1363}
4629 [woody] - libpng 1.0.12-3.woody.3
4630 [woody] - libpng3 1.2.1-1.1.woody.3
4631 [17 Dec 2002] DSA-212 mysql - multiple problems
4632 {CVE-2002-1373 CVE-2002-1374 CVE-2002-1375 CVE-2002-1376}
4633 [woody] - mysql 3.23.49-8.2
4634 [13 Dec 2002] DSA-211 micq - denial of service
4635 {CVE-2002-1362}
4636 [woody] - micq 0.4.9-0woody3
4637 [13 Dec 2002] DSA-210 lynx - CRLF injection
4638 {CVE-2002-1405}
4639 [woody] - lynx 2.8.3-1.1
4640 [woody] - lynx-ssl 2.8.3.1-1.1
4641 [12 Dec 2002] DSA-209 wget - directory traversal
4642 {CVE-2002-1344}
4643 [woody] - wget 1.8.1-6.1
4644 [12 Dec 2002] DSA-208 perl - broken safe compartment
4645 {CVE-2002-1323}
4646 [woody] - perl 5.6.1-8.2
4647 [11 Dec 2002] DSA-207 tetex-bin - arbitrary command execution
4648 {CVE-2002-0836}
4649 [woody] - tetex-bin 1.0.7+20011202-7.1
4650 [10 Dec 2002] DSA-206 tcpdump - denial of service
4651 {CVE-2002-1350}
4652 [woody] - tcpdump 3.6.2-2.2
4653 [10 Dec 2002] DSA-205 gtetrinet - buffer overflow
4654 [woody] - gtetrinet 0.4.1-9woody1.1
4655 [05 Dec 2002] DSA-204 kdelibs - arbitrary program execution
4656 {CVE-2002-1281 CVE-2002-1282}
4657 [woody] - kdelibs 2.2.2-13.woody.5
4658 [04 Dec 2002] DSA-203 smb2www - arbitrary command execution
4659 {CVE-2002-1342}
4660 [woody] - smb2www 980804-16.1
4661 [03 Dec 2002] DSA-202 im - insecure temporary files
4662 {CVE-2002-1395}
4663 [woody] - im 141-18.1
4664 [02 Dec 2002] DSA-201 freeswan - denial of service
4665 {CVE-2002-0666}
4666 [woody] - freeswan 1.96-1.4
4667 [22 Nov 2002] DSA-200 samba - remote exploit
4668 {CVE-2002-1318}
4669 [woody] - samba 2.2.3a-12
4670 [19 Nov 2002] DSA-199 mhonarc - cross site scripting
4671 {CVE-2002-1307}
4672 [woody] - mhonarc 2.5.2-1.2
4673 [18 Nov 2002] DSA-198 nullmailer - denial of service
4674 {CVE-2002-1313}
4675 [woody] - nullmailer 1.00RC5-16.1woody2
4676 [15 Nov 2002] DSA-197 courier - buffer overflow
4677 {CVE-2002-1311}
4678 [woody] - courier 0.37.3-2.3
4679 [14 Nov 2002] DSA-196 bind - several vulnerabilities
4680 {CVE-2002-0029 CVE-2002-1219 CVE-2002-1220 CVE-2002-1221}
4681 [woody] - bind 8.3.3-2.0woody1
4682 [13 Nov 2002] DSA-195 apache-perl - several vulnerabilities
4683 {CVE-2002-0839 CVE-2002-0840 CVE-2002-0843 CVE-2001-0131 CVE-2002-1233}
4684 [woody] - apache-perl 1.3.26-1-1.26-0woody2
4685 [12 Nov 2002] DSA-194 masqmail - buffer overflows
4686 {CVE-2002-1279}
4687 [woody] - masqmail 0.1.16-2.1
4688 [11 Nov 2002] DSA-193 kdenetwork - buffer overflow
4689 {CVE-2002-1247}
4690 [woody] - kdenetwork 4:2.2.2-14.2
4691 [08 Nov 2002] DSA-192 html2ps - arbitrary code execution
4692 {CVE-2002-1275}
4693 [woody] - html2ps 1.0b3-1.1
4694 [07 Nov 2002] DSA-191 squirrelmail - cross site scripting
4695 {CVE-2002-1131 CVE-2002-1132 CVE-2002-1276}
4696 [woody] - squirrelmail 1.2.6-1.1
4697 [07 Nov 2002] DSA-190 wmaker - buffer overflow
4698 {CVE-2002-1277}
4699 [woody] - wmaker 0.80.0-4.1
4700 [06 Nov 2002] DSA-189 luxman - local root exploit
4701 {CVE-2002-1245}
4702 [woody] - luxman 0.41-17.1
4703 [05 Nov 2002] DSA-188 apache-ssl - several vulnerabilities
4704 {CVE-2002-0839 CVE-2002-0840 CVE-2002-0843 CVE-2001-0131 CVE-2002-1233}
4705 [woody] - apache-ssl 1.3.26.1+1.48-0woody3
4706 [04 Nov 2002] DSA-187 apache - several vulnerabilities
4707 {CVE-2002-0839 CVE-2002-0840 CVE-2002-0843 CVE-2001-0131 CVE-2002-1233}
4708 [woody] - apache 1.3.26-0woody
4709 [01 Nov 2002] DSA-186 log2mail - buffer overflow
4710 {CVE-2002-1251}
4711 [woody] - log2mail 0.2.5.1
4712 [31 Oct 2002] DSA-185 heimdal - buffer overflow
4713 {CVE-2002-1235}
4714 [woody] - heimdal 0.4e-7.woody.5
4715 [30 Oct 2002] DSA-184 krb4 - buffer overflow
4716 {CVE-2002-1235}
4717 [woody] - krb4 1.1-8-2.2
4718 [29 Oct 2002] DSA-183 krb5 - buffer overflow
4719 {CVE-2002-1235}
4720 [woody] - krb5 1.2.4-5woody3
4721 [28 Oct 2002] DSA-182 kdegraphics - buffer overflow
4722 {CVE-2002-0838}
4723 [woody] - kdegraphics 2.2.2-6.8
4724 [22 Oct 2002] DSA-181 libapache-mod-ssl - cross site scripting
4725 {CVE-2002-1157}
4726 [woody] - libapache-mod-ssl 2.8.9-2.1
4727 [21 Oct 2002] DSA-180 nis - information leak
4728 {CVE-2002-1232}
4729 [woody] - nis 3.9-6.1
4730 [18 Oct 2002] DSA-179 gnome-gv - buffer overflow
4731 {CVE-2002-0838}
4732 [woody] - gnome-gv 1.1.96-3.1
4733 [17 Oct 2002] DSA-178 heimdal - remote command execution
4734 {CVE-2002-1225 CVE-2002-1226}
4735 [woody] - heimdal 0.4e-7.woody.4
4736 [17 Oct 2002] DSA-177 pam - serious security violation
4737 {CVE-2002-1227}
4738 [woody] - pam <not-affected>
4739 [sarge] - pam <not-affected>
4740 [16 Oct 2002] DSA-176 gv - buffer overflow
4741 {CVE-2002-0838}
4742 [woody] - gv 3.5.8-26.1
4743 [15 Oct 2002] DSA-175 syslog-ng - buffer overflow
4744 {CVE-2002-1200}
4745 [woody] - syslog-ng 1.5.15-1.1
4746 [14 Oct 2002] DSA-174 heartbeat - buffer overflow
4747 {CVE-2002-1215}
4748 [woody] - heartbeat 0.4.9.0l-7.2
4749 [09 Oct 2002] DSA-173 bugzilla - privilege escalation
4750 {CVE-2002-1196}
4751 [woody] - bugzilla 2.14.2-0woody2
4752 [08 Oct 2002] DSA-172 tkmail - insecure temporary files
4753 {CVE-2002-1193}
4754 [woody] - tkmail 4.0beta9-8.1
4755 [07 Oct 2002] DSA-171 fetchmail - buffer overflows
4756 {CVE-2002-1175 CVE-2002-1174}
4757 [woody] - fetchmail-ssl 5.9.11-6.1
4758 [woody] - fetchmail 5.9.11-6.1
4759 [04 Oct 2002] DSA-170 tomcat4 - source code disclosure
4760 {CVE-2002-1148}
4761 [woody] - tomcat4 4.0.3-3woody1
4762 [25 Sep 2002] DSA-169 htcheck - cross site scripting
4763 {CVE-2002-1195}
4764 [woody] - htcheck 1.1-1.1
4765 [18 Sep 2002] DSA-168 php - bypassing safe_mode, CRLF injection
4766 {CVE-2002-0985 CVE-2002-0986}
4767 [woody] - php3 3.0.18-23.1woody1
4768 [woody] - php4 4.1.2-5
4769 [16 Sep 2002] DSA-167 kdelibs - cross site scripting
4770 {CVE-2002-1151}
4771 [woody] - kdelibs 4:2.2.2-13.woody.3
4772 [13 Sep 2002] DSA-166 purity - buffer overflows
4773 {CVE-2002-1124}
4774 [woody] - purity 1-14.2
4775 [12 Sep 2002] DSA-165 postgresql - buffer overflows
4776 {CVE-2002-0972 CVE-2002-1398 CVE-2002-1400 CVE-2002-1401 CVE-2002-1402}
4777 [woody] - postgresql 7.2.1-2woody2
4778 [10 Sep 2002] DSA-164 cacti - arbitrary code execution
4779 {CVE-2002-1477 CVE-2002-1478}
4780 [woody] - cacti 0.6.7-2.1
4781 [09 Sep 2002] DSA-163 mhonarc - cross site scripting
4782 {CVE-2002-0738}
4783 [woody] - mhonarc 2.5.2-1.1
4784 [06 Sep 2002] DSA-162 ethereal - buffer overflow
4785 {CVE-2002-0834}
4786 [woody] - ethereal 0.9.4-1woody2
4787 [04 Sep 2002] DSA-161 mantis - privilege escalation
4788 {CVE-2002-1115 CVE-2002-1116}
4789 [woody] - mantis 0.17.1-2.5
4790 [03 Sep 2002] DSA-160 scrollkeeper - insecure temporary file creation
4791 {CVE-2002-0662}
4792 [woody] - scrollkeeper 0.3.6-3.1
4793 [28 Aug 2002] DSA-159 python - insecure temporary files
4794 {CVE-2002-1119}
4795 [woody] - python1.5 1.5.2-23.1
4796 [woody] - python2.1 2.1.3-3.1
4797 [woody] - python2.2 2.2.1-4.1
4798 [27 Aug 2002] DSA-158 gaim - arbitrary program execution
4799 {CVE-2002-0989}
4800 [woody] - gaim 0.58-2.2
4801 [23 Aug 2002] DSA-157 irssi-text - denial of service
4802 {CVE-2002-0983}
4803 [woody] - irssi-text 0.8.4-3.1
4804 [22 Aug 2002] DSA-156 epic4-script-light - arbitrary script execution
4805 {CVE-2002-0984}
4806 [woody] - epic4-script-light 2.7.30p5-1.1
4807 [17 Aug 2002] DSA-155 kdelibs - privacy escalation with Konqueror
4808 {CVE-2002-0970}
4809 [woody] - kdelibs 2.2.2-13.woody.2
4810 [15 Aug 2002] DSA-154 fam - privilege escalation
4811 {CVE-2002-0875}
4812 [woody] - fam 2.6.6.1-5.2
4813 [14 Aug 2002] DSA-153 mantis - cross site code execution and privilege escalation
4814 {CVE-2002-1114 CVE-2002-1113 CVE-2002-1112 CVE-2002-1111 CVE-2002-1110}
4815 [woody] - mantis 0.17.1-2.2
4816 [13 Aug 2002] DSA-152 l2tpd - missing random seed
4817 {CVE-2002-0872 CVE-2002-0873}
4818 [woody] - l2tpd 0.67-1.1
4819 [13 Aug 2002] DSA-151 xinetd - pipe exposure
4820 {CVE-2002-0871}
4821 [woody] - xinetd 1:2.3.4-1.2
4822 [13 Aug 2002] DSA-150 interchange - illegal file exposition
4823 {CVE-2002-0874}
4824 [woody] - interchange 4.8.3.20020306-1.woody.1
4825 [13 Aug 2002] DSA-149 glibc - integer overflow
4826 {CVE-2002-0391}
4827 [woody] - glibc 2.2.5-11.1
4828 [12 Aug 2002] DSA-148 hylafax - buffer overflows and format string vulnerabilities
4829 {CVE-2002-1049 CVE-2002-1050 CVE-2001-1034}
4830 [woody] - hylafax 1:4.1.1-1.1
4831 [08 Aug 2002] DSA-147 mailman - cross-site scripting
4832 {CVE-2002-0388 CVE-2002-0855}
4833 [woody] - mailman 2.0.11-1woody4
4834 [08 Aug 2002] DSA-146 dietlibc - integer overflow
4835 {CVE-2002-0391}
4836 [woody] - dietlibc 0.12-2.4
4837 [07 Aug 2002] DSA-145 tinyproxy - doubly freed memory
4838 {CVE-2002-0847}
4839 [woody] - tinyproxy 1.4.3-2woody2
4840 [06 Aug 2002] DSA-144 wwwoffle - improper input handling
4841 {CVE-2002-0818}
4842 [woody] - wwwoffle 2.7a-1.2
4843 [05 Aug 2002] DSA-143 krb5 - integer overflow
4844 {CVE-2002-0391}
4845 [woody] - krb5 1.2.4-5woody1
4846 [05 Aug 2002] DSA-142 openafs - integer overflow
4847 {CVE-2002-0391}
4848 [woody] - openafs 1.2.3final2-6
4849 [01 Aug 2002] DSA-141 mpack - buffer overflow
4850 {CVE-2002-1425}
4851 [woody] - mpack 1.5-7woody2
4852 [05 Aug 2002] DSA-140 libpng - buffer overflow
4853 {CVE-2002-0660 CVE-2002-0728}
4854 [woody] - libpng 1.0.12-3.woody.2
4855 [woody] - libpng3 1.2.1-1.1.woody.2
4856 [01 Aug 2002] DSA-139 super - format string vulnerability
4857 {CVE-2002-0817}
4858 [woody] - super 3.16.1-1.2
4859 [01 Aug 2002] DSA-138 gallery - remote exploit
4860 {CVE-2002-1412}
4861 [woody] - gallery 1.2.5-7
4862 [30 Jul 2002] DSA-137 mm - insecure temporary files
4863 {CVE-2002-0658}
4864 [woody] - mm 1.1.3-6.1
4865 [30 Jul 2002] DSA-136 openssl - multiple remote exploits
4866 {CVE-2002-0655 CVE-2002-0656 CVE-2002-0657 CVE-2002-0659}
4867 [woody] - openssl094 0.9.4-6.woody.2
4868 [woody] - openssl095 0.9.5a-6.woody.1
4869 [woody] - openssl 0.9.6c-2.woody.1
4870 [02 Jul 2002] DSA-135 libapache-mod-ssl -- buffer overflow / DoS
4871 {CVE-2002-0653}
4872 [woody] - libapache-mod-ssl 2.8.9-2
  ViewVC Help
Powered by ViewVC 1.1.5