/[secure-testing]/sarge-checks/DSA/list
ViewVC logotype

Contents of /sarge-checks/DSA/list

Parent Directory Parent Directory | Revision Log Revision Log

Revision 121 - (hide annotations) (download)
Tue Nov 16 19:26:36 2004 UTC (8 years, 6 months ago) by joeyh
File size: 51901 byte(s) 
new dsa
1 joeyh 121 [16 Nov 2004] DSA-593-1 imagemagick - buffer overflow
2     {CAN-2004-0981}
3     - imagemagick 6:6.0.6.2-1.5
4 joeyh 113 [12 Nov 2004] DSA-592-1 ez-ipupdate - format string
5     {CAN-2004-0980}
6 joeyh 116 - ez-ipupdate 3.0.11b8-8
7 joeyh 103 [09 Nov 2004] DSA-591-1 libgd2 - integer overflows
8     {CAN-2004-0990}
9     - libgd2 2.0.30-1
10     [09 Nov 2004] DSA-590-1 gnats - format string vulnerability
11     {CAN-2004-0623}
12     NOTE: DSA got version of fix for unstable wrong
13     - gnats 4.0-6.1
14     [09 Nov 2004] DSA-589-1 libgd - integer overflows
15     {CAN-2004-0990}
16     - libgd1 (unfixed; bug #280134)
17 joeyh 99 [08 Nov 2004] DSA-588-1 gzip - insecure temporary files
18     {CAN-2004-0970}
19     NOTE: dsa says sid not affected
20     [08 Nov 2004] DSA-587-1 freeamp - buffer overflow
21     {CAN-2004-0964}
22     NOTE: DSA says zinf not vulnerable in sarge
23     [08 Nov 2004] DSA-586-1 ruby - infinite loop
24     {CAN-2004-0983}
25     - ruby1.6 1.6.8-12
26     - ruby1.8 1.8.1+1.8.2pre2-4
27 joeyh 83 [05 Nov 2004] DSA-585-1 shadow - programming error
28     {CAN-2004-1001}
29     - shadow 1:4.0.3-30.3
30 joeyh 73 [04 Nov 2004] DSA-584-1 dhcp - format string vulnerability
31     {CAN-2004-1006}
32     - dhcp 2.0pl5-19.1
33 joeyh 68 [03 Nov 2004] DSA-583-1 lvm10 - insecure temporary directory
34     {CAN-2004-0972}
35     TODO: I thought this didn't really matter because the script
36     TODO: was not included in the binary package. Check or fix.
37 joeyh 61 [02 Nov 2004] DSA-582-1 libxml - buffer overflow
38     {CAN-2004-0989}
39     - libxml 1.8.17-9
40     - libxml2 2.6.11-5
41     [01 Nov 2004] DSA-581-1 xpdf - integer overflows
42     {CAN-2004-0888}
43     - xpdf 3.00-9
44 joeyh 54 [01 Nov 2004] DSA-580-1 iptables - missing initialisation
45     {CAN-2004-0986}
46     - iptables 1.2.11-4
47     [01 Nov 2004] DSA-579-1 abiword - buffer overflow
48     {CAN-2004-0645}
49     NOTE: according to DSA, sid's abiword is not affected. sarge is same
50     [01 Nov 2004] DSA-578-1 mpg123 - buffer overflow
51     {CAN-2004-0982}
52     - mpg123 0.59r-17
53 joeyh 36 [29 Oct 2004] DSA-577-1 postgresql - symlink vulnerability
54     {CAN-2004-0977}
55     - postgresql 7.4.6-1
56     [29 Oct 2004] DSA-576-1 squid - multiple
57     {CVE-1999-0710 CAN-2004-0918}
58     - squid 2.5.7-1
59 joeyh 17 [28 Oct 2004] DSA-575-1 catdoc - insecure temporary file
60     {CAN-2003-0193}
61     - catdoc 0.91.5-2
62     [28 Oct 2004] DSA-574-1 cabextract - missing directory sanitising
63     {CAN-2004-0916}
64     - cabextract 1.1-1
65 joeyh 2 [21 Oct 2004] DSA-573-1 cupsys - integer overflows
66     {CAN-2004-0888}
67     - cupsys 1.1.20final+rc1-10
68     {CAN-2004-0889}
69 joeyh 96 - xpdf 3.00-10
70 joeyh 2 - kpdf (unfixed; bug #278173)
71     - gpdf 2.8.0-1
72 amu 101 - kfax (unfixed; bug #280373)
73 joeyh 2 [21 Oct 2004] DSA-572-1 ecartis - multiple
74     {CAN-2004-0913}
75     - ecartis 1.0.0+cvs.20030911-8
76     [20 Oct 2004] DSA-571-1 libpng3 - buffer overflows, integer overflow
77     {CAN-2004-0955}
78     - libpng3 1.2.5.0-9
79     [20 Oct 2004] DSA-570-1 libpng - integer overflow
80     {CAN-2004-0955}
81     - libpng 1.0.15-8
82     [18 Oct 2004] DSA-569-1 netkit-telnet-ssl - invalid free(3)
83     {CAN-2004-0911}
84     - netkit-telnet-ssl 0.17.24+0.1-4
85     [16 Oct 2004] DSA-568-1 cyrus-sasl-mit - unsanitised input
86     {CAN-2004-0884}
87     NOTE removed from testing
88     NOTE maintainer reports hole not in cyrus-sasl2-mit
89     [15 Oct 2004] DSA-567-1 tiff - heap overflows
90     {CAN-2004-0803 CAN-2004-0804 CAN-2004-0886}
91     - tiff 3.6.1-2
92     - tiff3g 3.6.1-2
93     [14 Oct 2004] DSA-566-1 cupsys - unsanitised input
94     {CAN-2004-0923}
95     - cupsys 1.1.20final+rc1-9
96     [13 Oct 2004] DSA-565-1 sox - buffer overflows
97     {CAN-2004-0557}
98     - sox 12.17.4-9
99     [13 Oct 2004] DSA-564-1 mpg123 - missing user input sanitising
100     {CAN-2004-0805}
101     - mpg123 0.59r-16
102     [12 Oct 2004] DSA-563-1 cyrus-sasl - unsanitised input
103     {CAN-2004-0884}
104     - cyrus-sasl 1.5.28-6.2
105     - cyrus-sasl2 2.1.19-1.3
106     [11 Oct 2004] DSA-562-2 mysql - several vulnerabilities
107     {CAN-2004-0835 CAN-2004-0836 CAN-2004-0837}
108     - mysql 4.0.21-1
109     [11 Oct 2004] DSA-561-1 xfree86 - integer and stack overflows
110     {CAN-2004-0687 CAN-2004-0688}
111     - xfree86 4.3.0.dfsg.1-8
112     [07 Oct 2004] DSA-600-1 samba - arbitrary file access
113     {CAN-2004-0815}
114     NOTE: not affected according to DSA
115     [07 Oct 2004] DSA-560-1 lesstif1-1 - integer and stack overflows
116     {CAN-2004-0687 CAN-2004-0688}
117     - lesstif1-1 0.93.94-10
118     [06 Oct 2004] DSA-559-1 net-acct - insecure temporary file
119     {CAN-2004-0851}
120     - net-acct 0.71-7
121     [06 Oct 2004] DSA-558-1 libapache-mod-dav - null pointer dereference
122     {CAN-2004-0809}
123     - libapache-mod-dav 1.0.3-10
124     - apache2 2.0.51-1
125     [04 Oct 2004] DSA-557-1 pppoe - missing privilegue dropping
126     {CAN-2004-0564}
127     - pppoe 3.5-4
128     [03 Oct 2004] DSA-556-1 netkit-telnet - invalid free(3)
129     {CAN-2004-0911}
130     - netkit-telnet 0.17-26
131     [30 Sep 2004] DSA-555-1 freenet6 - file permissions
132     {CAN-2004-0563}
133     - freenet6 1.0-2.2
134     [27 Sep 2004] DSA-554-1 sendmail - pre-set password
135     {CAN-2004-0833}
136     - sendmail 8.13.1-13
137     [27 Sep 2004] DSA-553-1 getmail - symlink vulnerability
138     {CAN-2004-0880 CAN-2004-0881}
139     - getmail 3.2.5-1
140     [22 Sep 2004] DSA-552-1 imlib2 - unsanitised input
141     {CAN-2004-0802}
142     - imlib2 1.1.0-12.4
143     [21 Sep 2004] DSA-551-1 lukemftpd - incorrect internal variable handling
144     {CAN-2004-0794}
145     - lukemftpd 1.1-2.2
146     [20 Sep 2004] DSA-550-1 wv - buffer overflow
147     {CAN-2004-0645}
148     - wv 1.0.2-0.1
149     [17 Sep 2004] DSA-549-1 gtk+2.0 - multiple holes
150     {CAN-2004-0782 CAN-2004-0783 CAN-2004-0788}
151     - gtk+2.0 2.4.9-2
152     [16 Sep 2004] DSA-548-1 imlib - unsanitised input
153     {CAN-2004-0817}
154     - imlib 1.9.14-17
155     - imlib+png2 1.9.14-16
156     [16 Sep 2004] DSA-547-1 imagemagic - buffer overflows
157     {CAN-2004-0827}
158     - imagemagic 6.0.6.2-1
159     [16 Sep 2004] DSA-546-1 gdk-pixbuf - multiple holes
160     {CAN-2004-0753 CAN-2004-0782 CAN-2004-0788}
161     - gdk-pixbuf 0.22.0-7
162     [15 Sep 2004] DSA-545-1 cupsys - denial of service
163     {CAN-2004-0558}
164     - cupsys 1.1.20final+rc1-6
165     [14 Sep 2004] DSA-544-1 webmin - insecure temporary directory
166     {CAN-2004-0559}
167     - webmin 1.160-1
168     - usermin 1.090-1
169     [31 Aug 2004] DSA-543-1 krb5 -- several vulnerabilities
170     {CAN-2004-0642 CAN-2004-0643 CAN-2004-0644 CAN-2004-0772}
171     - krb5 1.3.4-3
172     [31 Aug 2004] DSA-458-2 python2.2 - buffer overflow
173     {CAN-2004-0150}
174     NOTE: not affected according to DSA
175     [30 Aug 2004] DSA-542-1 qt - unsanitised input
176     {CAN-2004-0691 CAN-2004-0692 CAN-2004-0693}
177     - qt-x11-free 3.3.3-4
178     [25 Aug 2004] DSA-541 icecast-server - cross site scripting
179     {CAN-2004-0781}
180     - icecast-server 1.3.12-8
181     [18 Aug 2004] DSA-540 mysql-dfsg - insecure file creation
182     {CAN-2004-0457}
183     - mysql-dfsg 4.0.20-11
184     [18 Aug 2004] DSA-539 kdelibs - denial of service
185     {CAN-2004-0689}
186     - kdelibs 4:3.2.3-3.sarge.1
187     [17 Aug 2004] DSA-538 rsync - unauthorised directory traversal and file access
188     - rsync 2.6.2-3
189     [16 Aug 2004] DSA-537 ruby -- insecure file permissions
190     {CAN-2004-0755}
191     - ruby1.8 1.8.1+1.8.2pre1-4
192     HELP: is ruby1.6 vulnerable?
193     [04 Aug 2004] DSA-536 libpng - several vulnerabilities
194     {CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-0768}
195     - libpng 1.0.15-6
196     - libpng3 1.2.5.0-7
197     [02 Aug 2004] DSA-535 squirrelmail - several vulnerabilities
198     {CAN-2004-0519 CAN-2004-0520 CAN-2004-0521 CAN-2004-0639}
199     - squirrelmail 2:1.4.3a-0.1
200     [22 Jul 2004] DSA-534 mailreader - directory traversal
201     {CAN-2002-1581}
202     - mailreader 2.3.29-9
203     [22 Jul 2004] DSA-533 courier - cross-site scripting
204     {CAN-2004-0591}
205     - courier 0.45.4-4
206     [22 Jul 2004] DSA-532 libapache-mod-ssl - several vulnerabilities
207     {CAN-2004-0488 CAN-2004-0700}
208     - libapache-mod-ssl 2.8.19-1
209     [20 Jul 2004] DSA-531 php4 - several vulnerabilities
210     {CAN-2004-0594 CAN-2004-0595}
211     ! php4 4:4.3.8-1
212     [17 Jul 2004] DSA-530 l2tpd - buffer overflow
213     {CAN-2004-0649}
214     - l2tpd 0.70-pre20031121-2
215     [17 Jul 2004] DSA-529 netkit-telnet-ssl - format string
216     {CAN-2004-0640}
217     ! netkit-telnet-ssl 0.17.24+0.1-2
218     [17 Jul 2004] DSA-528 ethereal - denial of service
219     {CAN-2004-0635}
220     - ethereal 0.10.5-1
221     [03 Jul 2004] DSA-527 pavuk - buffer overflow
222     {CAN-2004-0456}
223     NOTE: DSA is incorrect; pavuk is in sarge and unstable.
224     ! pavuk 0.9pl28-3
225     [03 Jul 2004] DSA-526 webmin - several vulnerabilities
226     {CAN-2004-0582 CAN-2004-0583}
227     - webmin 1.150-1
228     [24 Jun 2004] DSA-525 apache - buffer overflow
229     {CAN-2004-0492}
230     - apache 1.3.31-2
231     [19 Jun 2004] DSA-524 rlpr - several vulnerabilities
232     {CAN-2004-0393 CAN-2004-0454}
233     - rlpr 2.02-7.1
234     [19 Jun 2004] DSA-523 www-sql - buffer overflow
235     {CAN-2004-0455}
236     - www-sql 0.5.7-18
237     [19 Jun 2004] DSA-522 super - format string vulnerability
238     {CAN-2004-0579}
239     - super 3.23.0-1
240     [18 Jun 2004] DSA-521 sup - format string vulnerability
241     {CAN-2004-0451}
242     - sup 1.8-11
243     [16 Jun 2004] DSA-520 krb5 - buffer overflows
244     {CAN-2004-0523}
245     - krb5 1.3.3-2
246     [15 Jun 2004] DSA-519 cvs - several vulnerabilities
247     {CAN-2004-0416 CAN-2004-0417 CAN-2004-0418}
248     - cvs 1:1.12.9-1
249     [14 Jun 2004] DSA-518 kdelibs - unsanitised input
250     {CAN-2004-0411}
251     - kdelibs 3.2.3
252     [10 Jun 2004] DSA-517 cvs - buffer overflow
253     {CAN-2004-0414]
254     - cvs 1.12.9-1
255     [07 Jun 2004] DSA-516 postgresql - buffer overflow
256     {CAN-2004-0547}
257     - postgresql 07.03.0200-3.
258     [05 Jun 2004] DSA-515 lha - several vulnerabilities
259     {CAN-2004-0234 CAN-2004-0235}
260     ! lha 1.14i-8
261     NOTE: If 1.14i-8 cannot get into testing, the fix for 1.14i-2.0.1
262     from the DSA could to updated via t-p-u.
263     [04 Jun 2004] DSA-514 kernel-image-sparc-2.2 - failing function and TLB flush
264     {CAN-2004-0077}
265     - kernel-image-sparc-2.2 9.1
266     NOTE: did not check other versions of the kernel
267     [03 Jun 2004] DSA-513 log2mail - format string
268     {CAN-2004-0450}
269     ! log2mail 0.2.8-3
270     [02 Jun 2004] DSA-512 gallery - unauthenticated access
271     {CAN-2004-0522}
272     - gallery 1.4.3-pl2-1
273     [30 May 2004] DSA-511 ethereal - buffer overflows
274     {CAN-2004-0176
275     - ethereal 0.10.3-1
276     [29 May 2004] DSA-510 jftpgw - format string
277     {CAN-2004-0448}
278     - jftpgw 0.13.4-1
279     [29 May 2004] DSA-509 gatos - privilege escalation
280     {CAN-2004-0395}
281     - gatos 0.0.5-12
282     [22 May 2004] DSA-508 xpcd - buffer overflow
283     {CAN-2004-0402}
284     - xpcd 2.08-10
285     [19 May 2004] DSA-507 cadaver - buffer overflow
286     {CAN-2004-0398}
287     - cadaver 0.22.1-3
288     [19 May 2004] DSA-506 neon - buffer overflow
289     {CAN-2004-0398}
290     - neon 0.24.6.dfsg-1
291     [19 May 2004] DSA-505 cvs - heap overflow
292     {CAN-2004-0396}
293     - cvs 1.12.5-6
294     [18 May 2004] DSA-504 heimdal - missing input sanitising
295     {CAN-2004-0434}
296     - heimdal 0.6.2-1
297     [13 May 2004] DSA-503 mah-jong - missing argument check
298     {CAN-2004-0458}
299     - mah-jong 1.6.2-1
300     [11 May 2004] DSA-502 exim-tls - buffer overflow
301     {CAN-2004-0399 CAN-2004-0400}
302     NOTE: exim-tls not in sarge
303     [07 May 2004] DSA-501 exim - buffer overflow
304     {CAN-2004-0399 CAN-2004-0400}
305     - exim 3.36-11
306     - exim4 4.33-1
307     [01 May 2004] DSA-500 flim - insecure temporary file
308     {CAN-2004-0422}
309     - flim 1:1.14.6+0.20040415-1
310     [01 May 2004] DSA-499 rsync - directory traversal
311     {CAN-2004-0426}
312     - rsync 2.6.1-1
313     [30 Apr 2004] DSA-498 libpng - out of bound access
314     {CAN-2004-0421}
315     - libpng 1.0.15-5
316     - libpng3 1.2.5.0-6
317     [29 Apr 2004] DSA-497 mc - several vulnerabilities
318     {CAN-2004-0226 CAN-2004-0231 CAN-2004-0232}
319     - mc 1:4.6.0-4.6.1-pre1-2
320     [29 Apr 2004] DSA-496 eterm - missing input sanitising
321     {CAN-2003-0068}
322     - eterm 0.9.2-6
323     [26 Apr 2004] DSA-495 linux-kernel-2.4.16-arm - several vulnerabilities
324     {CAN-2003-0127 CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
325     NOTE: 2.4.16 not present. Did not check newer kernels.
326     [21 Apr 2004] DSA-494 ident2 - buffer overflow
327     {CAN-2004-0408}
328     - ident2 1.04-2
329     [21 Apr 2004] DSA-493 xchat - buffer overflow
330     {CAN-2004-0409}
331     - xchat 2.0.8-1
332     [18 Apr 2004] DSA-492 iproute - denial of service
333     {CAN-2003-0856}
334     - iproute 20010824-13.1
335     [17 Apr 2004] DSA-491 linux-kernel-2.4.19-mips - several vulnerabilities
336     {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
337     NOTE: 2.4.19 not present. Did not check newer kernels.
338     [17 Apr 2004] DSA-490 zope - arbitrary code execution
339     {CVE-2002-0688}
340     - zope 2.6.0-0.1
341     [17 Apr 2004] DSA-489 linux-kernel-2.4.17-mips+mipsel - several vulnerabilities
342     {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
343     NOTE: 2.4.17 not present. Did not check newer kernels.
344     [16 Apr 2004] DSA-488 logcheck - insecure temporary directory
345     {CAN-2004-0404}
346     - logcheck 1.1.1-13.2
347     [16 Apr 2004] DSA-487 neon - format string
348     {CAN-2004-0179}
349     - newo 0.24.5-1
350     [16 Apr 2004] DSA-486 cvs - several vulnerabilities
351     {CAN-2004-0180 CAN-2004-0405}
352     - cvs 1:1.12.5-4
353     [14 Apr 2004] DSA-485 ssmtp - format string
354     {CAN-2004-0156}
355     - ssmtp 2.60.7
356     [14 Apr 2004] DSA-484 xonix - failure to drop privileges
357     {CAN-2004-0157}
358     - xonix 1.4-21
359     [14 Apr 2004] DSA-483 mysql - insecure temporary file creation
360     {CAN-2004-0381}
361     - mysql-dfsg 4.0.18-4
362     {CAN-2004-0388}
363     ! mysql-dfsg 4.0.18-6
364     [14 Apr 2004] DSA-482 linux-kernel-2.4.17-apus+s390 - several vulnerabilities
365     {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
366     NOTE: 2.4.17 not present. Did not check newer kernels.
367     [14 Apr 2004] DSA-481 linux-kernel-2.4.17-ia64 - several vulnerabilities
368     {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
369     NOTE: 2.4.17 not present. Did not check newer kernels.
370     [14 Apr 2004] DSA-480 linux-kernel-2.4.17+2.4.18-hppa - several vulnerabilities
371     {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
372     NOTE: 2.4.17/18 not present. Did not check newer kernels.
373     [14 Apr 2004] DSA-479 linux-kernel-2.4.18-alpha+i386+powerpc - several vulnerabilities
374     {CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178}
375     NOTE: 2.4.18 not present. Did not check newer kernels.
376     [06 Apr 2004] DSA-478 tcpdump - denial of service
377     {CAN-2004-0183 CAN-2004-0184}
378     - tcpdump 3.7.2-4
379     [06 Apr 2004] DSA-477 xine-ui - insecure temporary file creation
380     {CAN-2004-0372}
381     - xine-ui 0.99.1-1
382     [06 Apr 2004] DSA-476 heimdal - cross-realm
383     {CAN-2004-0371}
384     - heimdal 0.6.1-1
385     [05 Apr 2004] DSA-475 linux-kernel-2.4.18-hppa - several vulnerabilities
386     {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077}
387     NOTE: 2.4.18 not present. Did not check newer kernels.
388     [03 Apr 2004] DSA-474 squid - ACL bypass
389     {CAN-2004-0189}
390     - squid 2.5.5-1
391     [03 Apr 2004] DSA-473 oftpd - denial of service
392     {CAN-2004-0376}
393     - oftpd 20040304-1
394     [03 Apr 2004] DSA-472 fte - several vulnerabilities
395     {CAN-2003-0648}
396     - fte 0.50.0-1.1
397     [02 Apr 2004] DSA-471 interchange - missing input sanitising
398     {CAN-2004-0374}
399     - interchange 5.0.1-1
400     [01 Apr 2004] DSA-470 linux-kernel-2.4.17-hppa - several vulnerabilities
401     {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077}
402     NOTE: 2.4.17 not present. Did not check newer kernels.
403     [29 Mar 2004] DSA-469 pam-pgsql - missing input sanitising
404     {CAN-2004-0366}
405     - pam-pgsql 0.5.2-7.1
406     [24 Mar 2004] DSA-468 emil - several vulnerabilities
407     {CAN-2004-0152 CAN-2004-0153}
408     - emil 2.1.0-beta9-14
409     [23 Mar 2004] DSA-467 ecartis - several vulnerabilities
410     {CAN-2003-0781 CAN-2003-0782}
411     - ecartis 1.0.0+cvs.20030911
412     [18 Mar 2004] DSA-466 linux-kernel-2.2.10-powerpc-apus - failing function and TLB flush
413     {CAN-2004-0077}
414     NOTE: 2.2.10 not present. Did not check newer kernels.
415     [17 Mar 2004] DSA-465 openssl - several vulnerabilities
416     {CAN-2004-0079 CAN-2004-0081}
417     - openssl 0.9.7d-1
418     NOTE: CAN-2004-0081 only affects 0.9.6.
419     NOTE: 0.9.7d also fixes CAN-2004-0112
420     - openssl 0.9.6l
421     [16 Mar 2004] DSA-464 gdk-pixbuf - broken image handling
422     {CAN-2004-0111}
423     - gdk-pixbuf 0.22.0-3
424     [12 Mar 2004] DSA-463 samba - privilege escalation
425     {CAN-2004-0186}
426     - samba 3.0.2-2
427     [12 Mar 2004] DSA-462 xitalk - missing privilege release
428     {CAN-2004-0151}
429     - xitalk 1.1.11-11
430     [11 Mar 2004] DSA-461 calife - buffer overflow
431     {CAN-2004-0188}
432     - calife 2.8.6-1
433     [10 Mar 2004] DSA-460 sysstat - insecure temporary file
434     {CAN-2004-0108}
435     - sysstat 5.0.2-1
436     [10 Mar 2004] DSA-459 kdelibs - cookie path traversal
437     {CAN-2003-0592}
438     - kdelibs 4:3.1.3-1
439     [09 Mar 2004] DSA-458 python2.2 - buffer overflow
440     {CAN-2004-0150}
441     NOTE: not affected according to DSA
442     [08 Mar 2004] DSA-457 wu-ftpd - several vulnerabilities
443     CAN-2004-0148 CAN-2004-0185}
444     - wu-ftpd 2.6.2-17.1
445     [06 Mar 2004] DSA-456 linux-kernel-2.2.19-arm - failing function and TLB flush
446     {CAN-2004-0077}
447     NOTE: 2.2.19 not present. Did not check newer kernels.
448     [03 Mar 2004] DSA-455 libxml - buffer overflows
449     {CAN-2004-0110}
450     - libxml 1.8.17-5
451     - libxml2 2.6.6-1
452     [02 Mar 2004] DSA-454 linux-kernel-2.2.22-alpha - failing function and TLB flush
453     {CAN-2004-0077}
454     NOTE: 2.2.22 not present. Did not check newer kernels.
455     [02 Mar 2004] DSA-453 linux-kernel-2.2.20-i386+m68k+powerpc - failing function and TLB flush
456     {CAN-2004-0077}
457     NOTE: 2.2.20 not present. Did not check newer kernels.
458     [29 Feb 2004] DSA-452 libapache-mod-python - denial of service
459     {CAN-2003-0973}
460     - libapache-mod-python 2:2.7.10-1
461     [27 Feb 2004] DSA-451 xboing - buffer overflows
462     {CAN-2004-0149}
463     - xboing 2.4-26.1
464     [27 Feb 2004] DSA-450 linux-kernel-2.4.19-mips - several vulnerabilities
465     {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077}
466     NOTE: 2.4.19 not present. Did not check newer kernels.
467     [24 Feb 2004] DSA-449 metamail - buffer overflow, format string bugs
468     {CAN-2004-0104 CAN-2004-0105}
469     - metamail 2.7-45.2
470     [22 Feb 2004] DSA-448 pwlib - several vulnerabilities
471     {CAN-2004-0097}
472     - pwlib 1.5.2-4
473     [22 Feb 2004] DSA-447 hsftp - format string
474     {CAN-2004-0159}
475     ! hsftp 1.15-1
476     [21 Feb 2004] DSA-446 synaesthesia - insecure file creation
477     {CAN-2004-0160}
478     DSA notes not setuid anymore so ok
479     [21 Feb 2004] DSA-445 lbreakout2 - buffer overflow
480     {CAN-2004-0158}
481     - lbreakout2 2.4
482     [20 Feb 2004] DSA-444 linux-kernel-2.4.17-ia64 - missing function return value check
483     {CAN-2004-0077}
484     NOTE: 2.4.17 not present. Did not check newer kernels.
485     [19 Feb 2004] DSA-443 xfree86 - several vulnerabilities
486     {CAN-2003-0690}
487     - xfree86 4.3.0-0pre1v2
488     {CAN-2004-0083 CAN-2004-0084 CAN-2004-0106}
489     - xfree86 4.3.0-1
490     {CAN-2004-0093 CAN-2004-0094}
491     - xfree86 4.2.1-6
492     [19 Feb 2004] DSA-442 linux-kernel-2.4.17-s390 - several vulnerabilities
493     {CAN-2003-0001 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364 CAN-2003-0961 CAN-2003-0985 CAN-2004-0077 CVE-2002-0429}
494     NOTE: 2.4.17 not present. Did not check newer kernels.
495     [18 Feb 2004] DSA-441 linux-kernel-2.4.17-mips+mipsel - missing function return value check
496     {CAN-2004-0077}
497     NOTE: 2.4.17 not present. Did not check newer kernels.
498     [18 Feb 2004] DSA-440 linux-kernel-2.4.17-powerpc-apus - several vulnerabilities
499     {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077}
500     NOTE: 2.4.17 not present. Did not check newer kernels.
501     [18 Feb 2004] DSA-439 linux-kernel-2.4.16-arm - several vulnerabilities
502     {CAN-2003-0961 CAN-2003-0985 CAN-2004-0077}
503     NOTE: 2.4.16 not present. Did not check newer kernels.
504     [18 Feb 2004] DSA-438 linux-kernel-2.4.18-alpha+i386+powerpc - missing function return value check
505     {CAN-2004-0077}
506     NOTE: 2.4.17 not present. Did not check newer kernels.
507     [11 Feb 2004] DSA-437 cgiemail - open mail relay
508     {CAN-2002-1575}
509     - cgiemail 1.6-20
510     [08 Feb 2004] DSA-436 mailman - several vulnerabilities
511     {CAN-2003-0991}
512 joeyh 68 NOTE: apparently specific to mailman 2.0, not 2.1
513 joeyh 2 {CAN-2003-0965}
514     - mailman 2.1.4-1
515     {CAN-2003-0038}
516     - mailman 2.1.1-1
517     [06 Feb 2004] DSA-435 mpg123 - heap overflow
518     {CAN-2003-0865}
519     - mpg123 0.59r-15
520     [05 Feb 2004] DSA-434 gaim - several vulnerabilities
521     {CAN-2004-0005 CAN-2004-0006 CAN-2004-0007 CAN-2004-0008}
522     - gaim 1:0.75-2
523     [04 Feb 2004] DSA-433 kernel-patch-2.4.17-mips - integer overflow
524     {CAN-2003-0961}
525     NOTE: 2.4.17 not present. Did not check newer kernels.
526     [03 Feb 2004] DSA-432 crawl - buffer overflow
527     {CAN-2004-0103}
528     - crawl 4.0.0beta26-4
529     [01 Feb 2004] DSA-431 perl - information leak
530     {CAN-2003-0618}
531     - perl 5.8.3-3
532     [28 Jan 2004] DSA-430 trr19 - missing privilege release
533     {CAN-2004-0047}
534     - trr19 1.0beta5-17.1
535     [26 Jan 2004] DSA-429 gnupg - cryptographic weakness
536     {CAN-2003-0971}
537     - gnupg 1.2.4-1
538     [20 Jan 2004] DSA-428 slocate - buffer overflow
539     {CAN-2003-0848}
540     - slocate 2.7-3
541     [19 Jan 2004] DSA-427 linux-kernel-2.4.17-mips+mipsel - missing boundary check
542     {CAN-2003-0985}
543     NOTE: 2.4.17 not present. Did not check newer kernels.
544     [18 Jan 2004] DSA-426 netpbm-free - insecure temporary files
545     {CAN-2003-0924}
546     - netpbm-free 2:9.25-9
547     [16 Jan 2004] DSA-425 tcpdump - multiple vulnerabilities
548     {CAN-2003-1029 CAN-2003-0989 CAN-2004-0055 CAN-2004-0057}
549     HELP: No idea if this is fixed, we have a new upstream version
550     HELP: that came out after these advisories, but neither the debian nor
551     HELP: the upstream changelog seem to mention them.
552     NOTE: Mailed maintainr.
553     [16 Jan 2004] DSA-424 mc - buffer overflow
554     {CAN-2003-1023}
555     - mc 1:4.6.0-4.6.1-pre1-1
556     [15 Jan 2004] DSA-423 linux-kernel-2.4.17-ia64 - several vulnerabilities
557     {CAN-2003-0001 CAN-2003-0018 CAN-2003-0127 CAN-2003-0461 CAN-2003-0462 CAN-2003-0476 CAN-2003-0501 CAN-2003-0550 CAN-2003-0551 CAN-2003-0552 CAN-2003-0961 CAN-2003-0985}
558     NOTE: 2.4.17 not present. Did not check newer kernels.
559     [13 Jan 2004] DSA-422 cvs - remote vulnerability
560     - cvs 1.11.11
561     [12 Jan 2004] DSA-421 mod-auth-shadow - password expiration
562     {CAN-2004-0041}
563     - mod-auth-shadow 1.4-1
564     [12 Jan 2004] DSA-420 jitterbug - improperly sanitised input
565     {CAN-2004-0028}
566     - jitterbug 1.6.2-4.5
567     [09 Jan 2004] DSA-419 phpgroupware - missing filename sanitising, SQL injection
568     {CAN-2004-0016 CAN-2004-0017}
569     - phpgroupware 0.9.14.007-4
570     [07 Jan 2004] DSA-418 vbox3 - privilege leak
571     {CAN-2004-0015}
572     - vbox3 0.1.8
573     [07 Jan 2004] DSA-417 linux-kernel-2.4.18-powerpc+alpha - missing boundary check
574     {CAN-2003-0961 CAN-2003-0985}
575     NOTE: 2.4.18 not present. Did not check newer kernels.
576     [06 Jan 2004] DSA-416 fsp - buffer overflow, directory traversal
577     {CAN-2003-1022, CAN-2004-0011}
578     - fsp 2.81.b18-1
579     [06 Jan 2004] DSA-415 zebra - denial of service
580     {CAN-2003-0795 CAN-2003-0858}
581     - quagga 0.96.4x-4
582     [06 Jan 2004] DSA-414 jabber - denial of service
583     {CAN-2004-0013}
584     - jabber 1.4.3-1
585     [06 Jan 2004] DSA-413 linux-kernel-2.4.18 - missing boundary check
586     {CAN-2003-0985}
587     NOTE: 2.4.18 not present. Did not check newer kernels.
588     [05 Jan 2004] DSA-412 nd - buffer overflows
589     {CAN-2004-0014}
590     - nd 0.8.2-1
591     [05 Jan 2004] DSA-411 mpg321 - format string vulnerability
592     {CAN-2003-0969}
593     - mpg321 0.2.10.3
594     [05 Jan 2004] DSA-410 libnids - buffer overflow
595     {CAN-2003-0850}
596     - libnids 1.18-1
597     [05 Jan 2004] DSA-409 bind - denial of service
598     {CAN-2003-0914}
599     - bind 1:8.4.3-1
600     [05 Jan 2004] DSA-408 screen - integer overflow
601     {CAN-2003-0972}
602     - screen 4.0.2-0.1
603     [05 Jan 2004] DSA-407 ethereal - buffer overflows
604     {CAN-2003-0925 CAN-2003-0926 CAN-2003-0927 CAN-2003-1012 CAN-2003-1013
605     - ethereal 0.10.0-1
606     [05 Jan 2004] DSA-406 lftp - buffer overflow
607     - lftp 2.6.10-1
608     [30 Dec 2003] DSA-405 xsok - missing privilege release
609     {CAN-2003-0949}
610     - xsok 1.02-11
611     [04 Dec 2003] DSA-404 rsync - heap overflow
612     {CAN-2003-0962}
613     - rsync 2.5.6-1.1
614     [01 Dec 2003] DSA-403 kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18 - local root exploit
615     {CAN-2003-0961}
616     NOTE: 2.4.18 not present in sarge, did not check newer kernels.
617     [17 Nov 2003] DSA-402 minimalist - unsanitised input
618     {CAN-2003-0902}
619     - minimalist 2.4-1
620     [17 Nov 2003] DSA-401 hylafax - format strings
621     {CAN-2003-0886}
622     - hylafax 1:4.1.8-1
623     [11 Nov 2003] DSA-400 omega-rpg - buffer overflow
624     {CAN-2003-0932}
625     - omega-rpg 0.90-pa9-11
626     [10 Nov 2003] DSA-399 epic4 - buffer overflow
627     {CAN-2003-0328}
628     - epic4 1:1.1.11.20030409-2
629     [10 Nov 2003] DSA-398 conquest - buffer overflow
630     {CAN-2003-0933}
631     - conquest 7.2-5
632     [07 Nov 2003] DSA-397 postgresql - buffer overflow
633     {CAN-2003-0901}
634     - postgresql 7.3.4
635     [29 Oct 2003] DSA-396 thttpd - missing input sanitizing, wrong calculation
636     {CAN-2002-1562 CAN-2003-0899}
637     - thttpd 2.23beta1-2.3
638     [15 Oct 2003] DSA-395 tomcat4 - incorrect input handling
639     {CAN-2003-0866}
640     ! tomcat4 4.1.24-2
641     NOTE another RC (unreproducible?) bug and missing deps (#263201)
642     NOTE are keeping the fix out of testing
643     [11 Oct 2003] DSA-394 openssl095 - ASN.1 parsing vulnerability
644     {CAN-2003-0543 CAN-2003-0544 CAN-2003-0545}
645     - openssl 0.9.7c
646     - openssl096 0.9.6k
647     [01 Oct 2003] DSA-393 openssl - denial of service
648     {CAN-2003-0543 CAN-2003-0544 CAN-2003-0545}
649     - openssl 0.9.7c
650     - openssl096 0.9.6k
651     [29 Sep 2003] DSA-392 webfs - buffer overflows, file and directory exposure
652     {CAN-2003-0832 CAN-2003-0833}
653     - webfs 1.20
654     [28 Sep 2003] DSA-391 freesweep - buffer overflow
655     {CAN-2003-0828}
656     - freesweep 0.88-4.1
657     [26 Sep 2003] DSA-390 marbles - buffer overflow
658     {CAN-2003-0830}
659     NOTE not present in sid, sarge
660     [20 Sep 2003] DSA-389 ipmasq - insecure packet filtering rules
661     {CAN-2003-0785}
662     - ipmasq 3.5.12
663     [19 Sep 2003] DSA-388 kdebase - several vulnerabilities
664     {CAN-2003-0690 CAN-2003-0692}
665     - kdebase 4:3.2
666     [18 Sep 2003] DSA-387 gopher - buffer overflows
667     {CAN-2003-0805}
668     - gopher 3.0.6
669     [18 Sep 2003] DSA-386 libmailtools-perl - input validation bug
670     {CAN-2002-1271}
671     - libmailtools-perl 1.51
672     [18 Sep 2003] DSA-385 hztty - buffer overflows
673     {CAN-2003-0783}
674     - hztty 2.0-6
675     [17 Sep 2003] DSA-384 sendmail - buffer overflows
676     {CAN-2003-0681 CAN-2003-0694}
677     - sendmail 8.12.10-1
678     [17 Sep 2003] DSA-383 ssh-krb5 - possible remote vulnerability
679     {CAN-2003-0693}
680     {CAN-2003-0695}
681     {CAN-2003-0682}
682     HELP: Screwy changelog does not make sense. Filed bug.
683     [16 Sep 2003] DSA-382 ssh - possible remote vulnerability
684     {CAN-2003-0693}
685     - openssh 1:3.6.1p2-6.0
686     {CAN-2003-0695}
687     - openssh 1:3.7.1
688     {CAN-2003-0682}
689     - openssh 1:3.6.1p2-9
690     [13 Sep 2003] DSA-381 mysql - buffer overflow
691     {CAN-2003-0780}
692     - mysql-dfsg 4.0.15-1
693     [12 Sep 2003] DSA-380 xfree86 - buffer overflows, denial of service
694     {CAN-2003-0063}
695     - xfree86 4.2.1-11
696     {CAN-2003-0071}
697     - xfree86 4.2.1-11
698     {CAN-2002-0164}
699     - xfree86 4.2.1-11
700     {CAN-2003-0730}
701     - xfree86 4.2.1-12
702     [11 Sep 2003] DSA-379 sane-backends - several vulnerabilities
703     {CAN-2003-0773 CAN-2003-0774 CAN-2003-0775 CAN-2003-0776 CAN-2003-0777 CAN-2003-0778}
704     - sane-backends 1.0.11-1
705     [07 Sep 2003] DSA-378 mah-jong - buffer overflows, denial of service
706     {CAN-2003-0705 CAN-2003-0706}
707     - mah-jong 1.5.6-2
708     [04 Sep 2003] DSA-377 wu-ftpd - insecure program execution
709     {CVE-1999-0997}
710     - wu-ftpd 2.6.2-15
711     [04 Sep 2003] DSA-376 exim - buffer overflow
712     {CAN-2003-0743}
713     - exim 3.36-8
714     [29 Aug 2003] DSA-375 node - buffer overflow, format string
715     {CAN-2003-0707 CAN-2003-0708}
716     - node 0.3.2-1
717     [26 Aug 2003] DSA-374 libpam-smb - buffer overflow
718     {CAN-2003-0686}
719     NOTE: not in sid/sarge
720     [16 Aug 2003] DSA-373 autorespond - buffer overflow
721     {CAN-2003-0654}
722     - autorespond 2.0.4-1
723     [16 Aug 2003] DSA-372 netris - buffer overflow
724     {CAN-2003-0685}
725     - netris 0.52-1
726     [11 Aug 2003] DSA-371 perl - cross-site scripting
727     {CAN-2003-0615}
728     - perl 5.8.0-19
729     [08 Aug 2003] DSA-370 pam-pgsql - format string
730     {CAN-2003-0672}
731     - pam-pgsql 0.5.2-7
732     [08 Aug 2003] DSA-369 zblast - buffer overflow
733     {CAN-2003-0613}
734     - zblast 1.2.1-7
735     [08 Aug 2003] DSA-368 xpcd - buffer overflow
736     {CAN-2003-0649}
737     - xpcd 2.08-9
738     [08 Aug 2003] DSA-367 xtokkaetama - buffer overflow
739     {CAN-2003-0652}
740     - xtokkaetama 1.0b-9
741     [05 Aug 2003] DSA-366 eroaster - insecure temporary file
742     {CAN-2003-0656}
743     - eroaster 2.2.0-0.5-1
744     [05 Aug 2003] DSA-365 phpgroupware - several vulnerabilities
745     {CAN-2003-0504 CAN-2003-0599 CAN-2003-0657}
746     - phpgroupware 0.9.14.007-1)
747     [04 Aug 2003] DSA-364 man-db - buffer overflows, arbitrary command execution
748     {CAN-2003-0620 CAN-2003-0645}
749     - man-db 2.4.1-13
750     [03 Aug 2003] DSA-363 postfix - denial of service, bounce-scanning
751     {CAN-2003-0468 CAN-2003-0540}
752     - postfix 1.1.12
753     [02 Aug 2003] DSA-362 mindi - insecure temporary file
754     {CAN-2003-0617}
755     - mindi 0.86-1
756     [01 Aug 2003] DSA-361 kdelibs, kdelibs-crypto - several vulnerabilities
757     {CAN-2003-0459 CAN-2003-0370}
758     - kdelibs 4:3.1.3-1
759     [01 Aug 2003] DSA-360 xfstt - several vulnerabilities
760     {CAN-2003-0581}
761     - xfstt 1.5-1
762     {CAN-2003-0625}
763     - xfstt 1.5.1-1
764     [31 Jul 2003] DSA-359 atari800 - buffer overflows
765     {CAN-2003-0630}
766     - atari800 1.3.1-2
767     [31 Jul 2003] DSA-358 linux-kernel-2.4.18 - several vulnerabilities
768     {CAN-2003-0461 CAN-2003-0462 CAN-2003-0476 CAN-2003-0501 CAN-2003-0550 CAN-2003-0551 CAN-2003-0552 CAN-2003-0018 CAN-2003-0619 CAN-2003-0643}
769     NOTE: 2.4.18/2.4.20 not in unstable/testing. Did not check newer ones.
770     [31 Jul 2003] DSA-357 wu-ftpd - remote root exploit
771     - wu-ftpd 2.6.2-12
772     [30 Jul 2003] DSA-356 xtokkaetama - buffer overflows
773     {CAN-2003-0611}
774     - xtokkaetama 1.0b-8
775     [30 Jul 2003] DSA-355 gallery - cross-site scripting
776     {CAN-2003-0614}
777     - gallery 1.3.4-3
778     [29 Jul 2003] DSA-354 xconq - buffer overflows
779     {CAN-2003-0607}
780     - xconq 7.4.1-2.1
781     [29 Jul 2003] DSA-353 sup - insecure temporary file
782     {CAN-2003-0606}
783     - sup 1.8-9
784     [22 Jul 2003] DSA-352 fdclone - insecure temporary directory
785     {CAN-2003-0596}
786     - fdclone 2.04-1
787     [16 Jul 2003] DSA-351 php4 - cross-site scripting
788     {CAN-2003-0442}
789     - php4 4:4.3.2+rc3-1
790     [15 Jul 2003] DSA-350 falconseye - buffer overflow
791     {CAN-2003-0358}
792     NOTE: not in testing, fixed in unstable
793     - falconseye 1.9.3-9
794     [14 Jul 2003] DSA-349 nfs-utils - buffer overflow
795     {CAN-2003-0252}
796     - nfs-utils 1:1.0.3-2
797     [11 Jul 2003] DSA-348 traceroute-nanog - integer overflow, buffer overflow
798     {CAN-2003-0453}
799     - traceroute-nanog 6.1.1-1.3
800     [08 Jul 2003] DSA-347 teapop - SQL injection
801     {CAN-2003-0515}
802     - teapop 0.3.5-2
803     [08 Jul 2003] DSA-346 phpsysinfo - directory traversal
804     {CAN-2003-0536}
805     - phpsysinfo 2.1-1
806     [08 Jul 2003] DSA-345 xbl - buffer overflow
807     {CAN-2003-0535}
808     - xbl 1.0k-6
809     [08 Jul 2003] DSA-344 unzip - directory traversal
810 joeyh 84 {CAN-2003-0282}
811 joeyh 2 - unzip 5.50-3
812     [08 Jul 2003] DSA-343 skk, ddskk - insecure temporary file
813     {CAN-2003-0539}
814     - skk 10.62a-6
815     - ddskk 12.1.cvs.20030622-1
816     [07 Jul 2003] DSA-342 mozart - unsafe mailcap configuration
817     {CAN-2003-0538}
818     NOTE: mozart is not in sarge
819     - mozart 1.2.5.20030212-2
820     [07 Jul 2003] DSA-341 liece - insecure temporary file
821     {CAN-2003-0537}
822     - liece 2.0+0.20030527cvs-1
823     [06 Jul 2003] DSA-340 x-face-el - insecure temporary file
824     - x-face-el 1.3.6.23-1
825     [06 Jul 2003] DSA-339 semi - insecure temporary file
826     {CAN-2003-0440}
827     - semi 1.14.5+20030609-1
828     [29 Jun 2003] DSA-338 proftpd - SQL injection
829     {CAN-2003-0500}
830     - proftpd 1.2.8-8
831     [29 Jun 2003] DSA-337 gtksee - buffer overflow
832     {CAN-2003-0444}
833     ! gtksee 0.5.6-1
834     [29 Jun 2003] DSA-336 linux-kernel-2.2.20 - several vulnerabilities
835     {CAN-2002-1380 CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0364 CAN-2003-0246 CAN-2003-0244 CAN-2003-0247 CAN-2003-0248}
836     - kernel-source-2.2.25 2.2.25-3
837     NOTE: did not check newer kernels
838     [28 Jun 2003] DSA-335 mantis - incorrect permissions
839     {CAN-2003-0499}
840     - mantis 0.17.5-6
841     [28 Jun 2003] DSA-334 xgalaga - buffer overflows
842     {CAN-2003-0454}
843     - xgalaga 2.0.34-22
844     [27 Jun 2003] DSA-333 acm - integer overflow
845     {CVE-2002-0391}
846     - acm 5.0-10
847     [27 Jun 2003] DSA-332 linux-kernel-2.4.17 - several vulnerabilities
848     {CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364}
849     NOTE: note in the archive, and did not check newer kernels
850     [27 Jun 2003] DSA-331 imagemagick - insecure temporary file
851     {CAN-2003-0455}
852     - imagemagick 4:5.5.7-1
853     [23 Jun 2003] DSA-330 tcptraceroute - failure to drop root privileges
854     {CAN-2003-0489}
855     - tcptraceroute 1.4-4
856     [20 Jun 2003] DSA-329 osh - buffer overflows
857     {CAN-2003-0452}
858     - osh 1.7-12
859     [19 Jun 2003] DSA-328 webfs - buffer overflow
860     {CAN-2003-0445}
861     - webfs 1.20
862     [19 Jun 2003] DSA-327 xbl - buffer overflows
863     {CAN-2003-0451}
864     - xbl 1.0k-5
865     [19 Jun 2003] DSA-326 orville-write - buffer overflows
866     {CAN-2003-0441}
867     - orville-write 2.54-1
868     [19 Jun 2003] DSA-325 eldav - insecure temporary file
869     {CAN-2003-0438}
870     - eldav 0.7.2-1
871     [18 Jun 2003] DSA-324 ethereal - several vulnerabilities
872     {CAN-2003-0428 CAN-2003-0429 CAN-2003-0431 CAN-2003-0432}
873     - ethereal 0.9.13-1.
874     [16 Jun 2003] DSA-323 noweb - insecure temporary files
875     {CAN-2003-0381}
876     - noweb 2.10c-2
877     [16 Jun 2003] DSA-322 typespeed - buffer overflow
878     {CAN-2003-0435}
879     - typespeed 0.4.4
880     [13 Jun 2003] DSA-321 radiusd-cistron - buffer overflow
881     {CAN-2003-0450}
882     - radiusd-cistron 1.6.6-2
883     [13 Jun 2003] DSA-320 mikmod - buffer overflow
884     {CAN-2003-0427}
885     - mikmod 3.1.6-6
886     [12 Jun 2003] DSA-319 webmin - session ID spoofing
887     {CAN-2003-0101}
888     - webmin 1.070-1
889     [12 Jun 2003] DSA-318 lyskom-server - denial of service
890     {CAN-2003-0366}
891     - lyskom-server 2.0.7-2
892     [11 Jun 2003] DSA-317 cupsys - denial of service
893     {CAN-2003-0195}
894     - cupsys 1.1.19final-1
895     [11 Jun 2003] DSA-316 nethack - buffer overflow, incorrect permissions
896     {CAN-2003-0358 CAN-2003-0359}
897     - nethack 3.4.1-1
898     - slashem 0.0.6E4F8-6
899     - jnethack 1.1.5-15
900     NOTE: DSA contains some strange non-nethack version numbers
901     [11 Jun 2003] DSA-315 gnocatan - buffer overflows, denial of service
902     {CAN-2003-0433}
903     HELP: no mention of any security fixes in debian changelog,
904     HELP: upstream changelog. Mailed maintainer.
905     [11 Jun 2003] DSA-314 atftp - buffer overflow
906     {CAN-2003-0380}
907     - atftp 0.6.2
908     [11 Jun 2003] DSA-313 ethereal - buffer overflows, integer overflows
909     {CAN-2003-0356 CAN-2003-0357}
910     - ethereal 0.9.12-1
911     [09 Jun 2003] DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities
912     {CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248}
913     NOTE: not in unstable/testing. Did not check other versions.
914     [08 Jun 2003] DSA-311 linux-kernel-2.4.18 - several vulnerabilities
915     {CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364}
916     NOTE: not in unstable/testing. Did not check other versions.
917     [08 Jun 2003] DSA-310 xaos - improper setuid-root execution
918     {CAN-2003-0385}
919     - xaos 3.1r-4
920     [06 Jun 2003] DSA-309 eterm - buffer overflow
921     {CAN-2003-0382}
922     - eterm 0.9.2-1
923     [06 Jun 2003] DSA-308 gzip - insecure temporary files
924     {CVE-1999-1332 CAN-2003-0367}
925     - gzip 1.3.5-6
926     [27 May 2003] DSA-307 gps - multiple vulnerabilities
927     {CAN-2003-0361 CAN-2003-0360 CAN-2003-0362}
928     - gps 1.1.0-1
929     [19 May 2003] DSA-306 ircii-pana - buffer overflows, integer overflow
930     {CAN-2003-0321 CAN-2003-0322 CAN-2003-0328}
931     - ircii-pana 1:1.0-0c19-8
932     [15 May 2003] DSA-305 sendmail - insecure temporary files
933     {CAN-2003-0308}
934     - sendmail 8.12.9-2
935     [15 May 2003] DSA-304 lv - privilege escalation
936     {CAN-2003-0188}
937     - lv 4.49.5-2
938     [15 May 2003] DSA-303 mysql - privilege escalation
939     {CAN-2003-0073}
940     - mysql-dfsg 4.0.12-2
941     {CAN-2003-0150}
942     HELP: not sure if this is fixed
943     [07 May 2003] DSA-302 fuzz - privilege escalation
944     {CAN-2003-0261}
945     - fuzz 0.6-7.1
946     [07 May 2003] DSA-301 libgtop - buffer overflow
947     {CAN-2001-0928}
948     - libgtop 1.0.13-4
949     [06 May 2003] DSA-300 balsa - buffer overflow
950     {CAN-2003-0167}
951     - balse 2.0.10
952     [06 May 2003] DSA-299 leksbot - improper setuid-root execution
953     {CAN-2003-0262}
954     - lexbot 1.2-5
955     [02 May 2003] DSA-298 epic4 - buffer overflows
956     {CAN-2003-0323}
957     - epic4 1:1.1.11.20030409-1
958     [01 May 2003] DSA-297 snort - integer overflow, buffer overflow
959     {CAN-2003-0033 CAN-2003-0209}
960     - snort 2.0.0-1
961     [30 Apr 2003] DSA-296 kdebase - insecure execution
962     {CAN-2003-0204}
963     - kdebase 4:3.1.0-1
964     [30 Apr 2003] DSA-295 pptpd - buffer overflow
965     {CAN-2003-0213}
966     - pptpd 1.1.4-0.b3.2
967     [23 Apr 2003] DSA-294 gkrellm-newsticker - missing quoting, incomplete parser
968     {CAN-2003-0205 CAN-2003-0206}
969     NOTE: not in unstable/testing
970     [23 Apr 2003] DSA-293 kdelibs - insecure execution
971     {CAN-2003-0204}
972     - kdebase 4:3.1.0-1
973     [22 Apr 2003] DSA-292 mime-support - insecure temporary file creation
974     {CAN-2003-0214}
975     - mime-support 3.23-1
976     [22 Apr 2003] DSA-291 ircii - buffer overflows
977     {CAN-2003-0323}
978     - ircii 20030315-1
979     [17 Apr 2003] DSA-290 sendmail-wide - char-to-int conversion
980     {CAN-2003-0161}
981     - sendmail-wide 8.12.9+3.5Wbeta-1
982     [17 Apr 2003] DSA-289 rinetd - incorrect memory resizing
983     {CAN-2003-0212}
984     - rinetd 0.61-2
985     [17 Apr 2003] DSA-288 openssl - several vulnerabilities
986     {CAN-2003-0147 CAN-2003-0131}
987     - openssl 0.9.7b-1
988     - openssl096 0.9.6j-1
989     [15 Apr 2003] DSA-287 epic - buffer overflows
990     {CAN-2003-0324}
991     - epic4 1:1.1.11.20030409-1
992     [14 Apr 2003] DSA-286 gs-common - insecure temporary file
993     {CAN-2003-0207}
994     - gs-common 0.3.3.1
995     [14 Apr 2003] DSA-285 lprng - insecure temporary file
996     {CAN-2003-0136}
997     - lprng 3.8.20-4.
998     [12 Apr 2003] DSA-284 kdegraphics - insecure execution
999     {CAN-2003-0204}
1000     - kdegraphics 4:3.1.0-1
1001     [11 Apr 2003] DSA-283 xfsdump - insecure file creation
1002     {CAN-2003-0173}
1003     - xfsdump 2.2.8-1
1004     [09 Apr 2003] DSA-282 glibc - integer overflow
1005     {CAN-2003-0028}
1006     - glibc 2.3.1-16
1007     [08 Apr 2003] DSA-281 moxftp - buffer overflow
1008     {CAN-2003-0203}
1009     - moxftp 2.2-18.20
1010     [07 Apr 2003] DSA-280 samba - buffer overflow
1011     {CAN-2003-0201 CAN-2003-0196}
1012     - samba 3.0
1013     [07 Apr 2003] DSA-279 metrics - insecure temporary file creation
1014     {CAN-2003-0202}
1015     NOTE: note in unstable/testing
1016     [04 Apr 2003] DSA-278 sendmail - char-to-int conversion
1017     {CAN-2003-0161}
1018     - sendmail 8.12.9-1
1019     [03 Apr 2003] DSA-277 apcupsd - buffer overflows, format string
1020     {CAN-2003-0098 CAN-2003-0099}
1021     - apcupsd 3.8.5-1.2
1022     [03 Apr 2003] DSA-276 linux-kernel-s390 - local privilege escalation
1023     {CAN-2003-0127}
1024     NOTE: this version is not in sarge, did not check others
1025     [02 Apr 2003] DSA-275 lpr-ppd - buffer overflow
1026     {CAN-2003-0144}
1027     - lpr-ppd 1:0.72-3
1028     [28 Mar 2003] DSA-274 mutt - buffer overflow
1029     {CAN-2003-0167}
1030     - mutt 1.4.0
1031     [28 Mar 2003] DSA-273 krb4 - Cryptographic weakness
1032     {CAN-2003-0138 CAN-2003-0139}
1033     - krb4 1.2.2-1
1034     [28 Mar 2003] DSA-272 dietlibc - integer overflow
1035     {CAN-2003-0028}
1036     - dietlibc 0.22-2
1037     [27 Mar 2003] DSA-271 ecartis - unauthorized password change
1038     {CAN-2003-0162}
1039     - ecartis 1.0.0+cvs.20030321-1
1040     [27 Mar 2003] DSA-270 linux-kernel-mips - local privilege escalation
1041     {CAN-2003-0127}
1042     NOTE: not in unstable/testing, did not check other versions
1043     [26 Mar 2003] DSA-269 heimdal - Cryptographic weakness
1044     {CAN-2003-0138}
1045     - heimdal 0.5.2-1
1046     [25 Mar 2003] DSA-268 mutt - buffer overflow
1047     {CAN-2003-0140}
1048     - mutt 1.5.4-1
1049     [24 Mar 2003] DSA-267 lpr - buffer overflow
1050     {CAN-2003-0144}
1051     - lpr 1:2000.05.07-4.20
1052     [24 Mar 2003] DSA-266 krb5 - several vulnerabilities
1053     {CAN-2003-0028}
1054     - krb5 1.3.3-2
1055     NOTE: changelog does not mention this one, verified patch from
1056     NOTE: Tom Yu was applied to this version.
1057     {CAN-2003-0072}
1058     - krb5 1.2.7-3
1059     NOTE: changelog does not mention this one, verified patch from
1060     NOTE: upstream was applied to this version.
1061     {CAN-2003-0082}
1062     - krb5 1.3.3-2
1063     {CAN-2003-0138 VU#623217}
1064     - krb5 1.2.7-3
1065     {CAN-2003-0139 VU#442569}
1066     - krb5 1.2.7-3
1067     [21 Mar 2003] DSA-265 bonsai - several vulnerabilities
1068     {CAN-2003-0152 CAN-2003-0153 CAN-2003-0154 CAN-2003-0155}
1069     - bonsai 1.3+cvs20030317-1
1070     [19 Mar 2003] DSA-264 lxr - missing filename sanitizing
1071     {CAN-2003-0156}
1072     - lxr 0.3-4
1073     [17 Mar 2003] DSA-263 netpbm-free - math overflow errors
1074     {CAN-2003-0146}
1075     - netpbm-free 2:9.20-9
1076     [15 Mar 2003] DSA-262 samba - remote exploit
1077     {CAN-2003-0085 CAN-2003-0086}
1078     - samba 2.2.8
1079     [14 Mar 2003] DSA-261 tcpdump - infinite loop
1080     {CAN-2003-0093 CAN-2003-0145}
1081     NOTE: DSA reports sid was not affected, sarge has sid version
1082     [13 Mar 2003] DSA-260 file - buffer overflow
1083     {CAN-2003-0102}
1084     - file 3.40-1.1
1085     [12 Mar 2003] DSA-259 qpopper - mail user privilege escalation
1086     {CAN-2003-0143}
1087     - qpopper 4.0.4-9
1088     [10 Mar 2003] DSA-258 ethereal - format string vulnerability
1089     {CAN-2003-0081}
1090     - ethereal 0.9.9-2
1091     [04 Mar 2003] DSA-257 sendmail - remote exploit
1092     {CAN-2002-1337}
1093     - sendmail 8.12.8
1094     [28 Feb 2003] DSA-256 mhc - insecure temporary file
1095     {CAN-2003-0120}
1096     - mhc 0.25+20030224-1
1097     [27 Feb 2003] DSA-255 tcpdump - infinite loop
1098     {CAN-2003-0108 CAN-2002-0380}
1099     - tcpdump 3.7.1-1.2
1100     [27 Feb 2003] DSA-254 traceroute-nanog - buffer overflow
1101     {CAN-2002-1051 CAN-2002-1364 CAN-2002-1386 CAN-2002-1387}
1102     - traceroute-nanog 6.3.0-1
1103     [24 Feb 2003] DSA-253 openssl - information leak
1104     {CAN-2003-0078}
1105     - openssl 0.9.7a-1
1106     [21 Feb 2003] DSA-252 slocate - buffer overflow
1107     {CAN-2003-0056}
1108     - slocate 2.7-1
1109     [14 Feb 2003] DSA-251 w3m - missing HTML quoting
1110     {CAN-2002-1335 CAN-2002-1348}
1111     - w3m 0.3.2.2-1
1112     [12 Feb 2003] DSA-250 w3mmee-ssl - missing HTML quoting
1113     {CAN-2002-1335 CAN-2002-1348}
1114     NOTE: not in sid/sarge
1115     [11 Feb 2003] DSA-249 w3mmee - missing HTML quoting
1116     {CAN-2002-1335 CAN-2002-1348}
1117     - w3mmee 0.3.p24.17-3
1118     [31 Jan 2003] DSA-248 hypermail - buffer overflows
1119     {CAN-2003-0057}
1120     - hypermail 2.1.6-1
1121     [30 Jan 2003] DSA-247 courier-ssl - missing input sanitizing
1122     {CAN-2003-0040}
1123     - courier 0.40.2-3
1124     [29 Jan 2003] DSA-246 tomcat - information exposure, cross site scripting
1125     {CAN-2003-0042 CAN-2003-0043 CAN-2003-0044}
1126     NOTE: tomcat not in sid/sarge
1127     NOTE: tomcat4 not affected
1128     [28 Jan 2003] DSA-245 dhcp3 - ignored counter boundary
1129     {CAN-2003-0039}
1130     - dhcp3 1.1.2-1
1131     [27 Jan 2003] DSA-244 noffle - buffer overflows
1132     {CAN-2003-0037}
1133     - noffle 1.1.2-1
1134     [24 Jan 2003] DSA-243 kdemultimedia - several vulnerabilities
1135     {CAN-2002-1393}
1136     - kdemultimedia 4:3.1
1137     [24 Jan 2003] DSA-242 kdebase - several vulnerabilities
1138     {CAN-2002-1393}
1139     - kdebase 4:3.1
1140     [24 Jan 2003] DSA-241 kdeutils - several vulnerabilities
1141     {CAN-2002-1393}
1142     - kdeutils 4:3.1
1143     [23 Jan 2003] DSA-240 kdegames - several vulnerabilities
1144     {CAN-2002-1393}
1145     - kdegames 4:3.1
1146     [23 Jan 2003] DSA-239 kdesdk - several vulnerabilities
1147     {CAN-2002-1393}
1148     - kdesdk 4:3.1
1149     [23 Jan 2003] DSA-238 kdepim - several vulnerabilities
1150     {CAN-2002-1393}
1151     - kdepim 4:3.1
1152     [22 Jan 2003] DSA-237 kdenetwork - several vulnerabilities
1153     {CAN-2002-1393}
1154     - kdenetwork 4:3.1
1155     [22 Jan 2003] DSA-236 kdelibs - several vulnerabilities
1156     {CAN-2002-1393}
1157     - kdelibs 4:3.1
1158     [22 Jan 2003] DSA-235 kdegraphics - several vulnerabilities
1159     {CAN-2002-1393}
1160     - kdegraphics 4:3.1
1161     [22 Jan 2003] DSA-234 kdeadmin - several vulnerabilities
1162     {CAN-2002-1393}
1163     - kdeadmin 4:3.1
1164     [21 Jan 2003] DSA-233 cvs - doubly freed memory
1165     {CAN-2003-0015}
1166     - cvs 1.11.2-5.1
1167     [20 Jan 2003] DSA-232 cupsys - several vulnerabilities
1168     {CAN-2002-1366 CAN-2002-1367 CAN-2002-1368 CAN-2002-1369 CAN-2002-1371 CAN-2002-1372 CAN-2002-1383 CAN-2002-1384}
1169     - cupsys 1.1.18-1
1170     [17 Jan 2003] DSA-231 dhcp3 - stack overflows
1171     {CAN-2003-0026}
1172     - dhcp3 3.0+3.0.1rc11-1
1173     [16 Jan 2003] DSA-230 bugzilla - insecure permissions, spurious backup files
1174     NOTE: not in testing due to 3 newer security holes
1175     {CAN-2003-0012}
1176     - bugzilla 2.16.2
1177     {CAN-2003-0013}
1178     - bugzilla 2.16.2
1179     [15 Jan 2003] DSA-229 imp - SQL injection
1180     {CAN-2003-0025}
1181     NOTE: I think imp3 is ok.
1182     [14 Jan 2003] DSA-228 libmcrypt - buffer overflows and memory leak
1183     {CAN-2003-0031 CAN-2003-0032}
1184     - libmcrypt 2.5.5-1
1185     [13 Jan 2003] DSA-227 openldap2 - buffer overflows and other bugs
1186     {CAN-2002-1378 CAN-2002-1379 CAN-2002-1508}
1187     - openldap2 2.0.27-3
1188     [10 Jan 2003] DSA-226 xpdf-i - integer overflow
1189     {CAN-2002-1384}
1190     - xpdf 2.01-2
1191     [09 Jan 2003] DSA-225 tomcat4 - source disclosure
1192     {CAN-2002-1394}
1193     ! tomcat4 4.1.16-1
1194     NOTE another RC (unreproducible?) bug and missing deps (#263201)
1195     NOTE are keeping the fix out of testing
1196     NOTE this is the second unfixed security hole in tomcat4 in testing..
1197     [08 Jan 2003] DSA-224 canna - buffer overflow and more
1198     {CAN-2002-1158 CAN-2002-1159}
1199     - canna 3.6p1-1
1200     [07 Jan 2003] DSA-223 geneweb - information exposure
1201     {CAN-2002-1390}
1202     - geneweb 4.09-1
1203     [06 Jan 2003] DSA-222 xpdf - integer overflow
1204     {CAN-2002-1384}
1205     - xpdf 2.01-2
1206     [03 Jan 2003] DSA-221 mhonarc - cross site scripting
1207     {CAN-2002-1388}
1208     - mhonarc 2.5.14-1
1209     [02 Jan 2003] DSA-220 squirrelmail - cross site scripting
1210     {CAN-2002-1341}
1211     - squirrelmail 1:1.3.2-2
1212    
1213     ------- These processed by Djoumé SALVETTI <salvetti@crans.org> -----
1214    
1215     [31 Dec 2002] DSA-219 dhcpcd - remote command execution
1216     {CAN-2002-1403}
1217     - dhcpcd 1.3.22pl2-2
1218     [30 Dec 2002] DSA-218 bugzilla - cross site scripting
1219     NOTE: not in testing, fixed in unstable (bugzilla 2.16.2-1).
1220     [27 Dec 2002] DSA-217 typespeed - buffer overflow
1221     {CAN-2002-1389}
1222     - typespeed 0.4.2-2
1223     [24 Dec 2002] DSA-216 fetchmail - buffer overflow
1224     {CAN-2002-1365}
1225     - fetchmail 6.2.0-1
1226     [23 Dec 2002] DSA-215 cyrus-imapd - buffer overflow
1227     {CAN-2002-1580}
1228     - cyrus-imapd 1.5.19-9.10
1229     [20 Dec 2002] DSA-214 kdnetwork - buffer overflows
1230     {CAN-2002-1306}
1231     - kdenetwork 2.2.2-14.20
1232     NOTE: there is a typo in the DSA, the name of the package is kdenetwork.
1233     [19 Dec 2002] DSA-213 libpng - buffer overflow
1234     {CAN-2002-1363}
1235     - libpng 1.0.12-7
1236     - libpng3 1.2.5-8
1237     [17 Dec 2002] DSA-212 mysql - multiple problems
1238     {CAN-2002-1373 CAN-2002-1374 CAN-2002-1375 CAN-2002-1376}
1239     - mysql-dfsg 4.0.7.gamma-1
1240     [13 Dec 2002] DSA-211 micq - denial of service
1241     {CAN-2002-1362}
1242     NOTE: not in testing nor unstable (was fixed in 0.4.9.4-1)
1243     [13 Dec 2002] DSA-210 lynx - CRLF injection
1244     {CAN-2002-1405}
1245     - lynx 2.8.4.1b-4
1246     NOTE: lynx-ssl not in testing nor unstable.
1247     [12 Dec 2002] DSA-209 wget - directory traversal
1248     {CAN-2002-1344}
1249     - wget 1.8.2-8
1250     [12 Dec 2002] DSA-208 perl - broken safe compartment
1251     {CAN-2002-1323}
1252     - perl 5.8.0-14
1253     [11 Dec 2002] DSA-207 tetex-bin - arbitrary command execution
1254     {CAN-2002-0836}
1255     - tetex-bin 1.0.7+20021025-4
1256     [10 Dec 2002] DSA-206 tcpdump - denial of service
1257     {CAN-2002-1350}
1258     - tcpdump 3.7.2-1
1259     [10 Dec 2002] DSA-205 gtetrinet - buffer overflow
1260     - gtetrinet 0.4.4-1
1261     NOTE: no CAN not CVE for this one
1262     [05 Dec 2002] DSA-204 kdelibs - arbitrary program execution
1263     {CAN-2002-1281 CAN-2002-1282}
1264     - kdelibs 4:3.1.0-1
1265     [04 Dec 2002] DSA-203 smb2www - arbitrary command execution
1266     {CAN-2002-1342}
1267     - smb2www 980804-17
1268     [03 Dec 2002] DSA-202 im - insecure temporary files
1269     {CAN-2002-1395}
1270     - im 141-20
1271     [02 Dec 2002] DSA-201 freeswan - denial of service
1272     {CAN-2002-0666 VU#459371}
1273     - freeswan 1.99-1
1274     [22 Nov 2002] DSA-200 samba - remote exploit
1275     {CAN-2002-1318}
1276     - samba 2.99.cvs.20020713-1
1277     [19 Nov 2002] DSA-199 mhonarc - cross site scripting
1278     {CAN-2002-1307}
1279     - mhonarc 2.5.13-1
1280     [18 Nov 2002] DSA-198 nullmailer - denial of service
1281     {CAN-2002-1313}
1282     - nullmailer 1.00RC5-17
1283     [15 Nov 2002] DSA-197 courier - buffer overflow
1284     {CAN-2002-1311}
1285     - courier 0.40.0-1
1286     [14 Nov 2002] DSA-196 bind - several vulnerabilities
1287     {CAN-2002-0029 CAN-2002-1219 CAN-2002-1220 CAN-2002-1221}
1288     - bind 8.3.3-3
1289     [13 Nov 2002] DSA-195 apache-perl - several vulnerabilities
1290     {CAN-2002-0839 CAN-2002-0840 CAN-2002-0843 CAN-2001-0131 CAN-2002-1233}
1291     - apache-perl 1.3.26-1.1-1.27-3-1
1292     [12 Nov 2002] DSA-194 masqmail - buffer overflows
1293     {CAN-2002-1279}
1294     - masqmail 0.2.15-1
1295     [11 Nov 2002] DSA-193 kdenetwork - buffer overflow
1296     {CAN-2002-1247}
1297     - kdenetwok 2.2.2-14.3
1298     [08 Nov 2002] DSA-192 html2ps - arbitrary code execution
1299     {CAN-2002-1275}
1300     - html2ps 1.0b3-2
1301     [07 Nov 2002] DSA-191 squirrelmail - cross site scripting
1302     {CAN-2002-1131 CAN-2002-1132 CAN-2002-1276}
1303     - squirrelmail 1.2.8-1.1
1304     [07 Nov 2002] DSA-190 wmaker - buffer overflow
1305     {CAN-2002-1277}
1306     - wmaker 0.80.1-4
1307     [06 Nov 2002] DSA-189 luxman - local root exploit
1308     {CAN-2002-1245}
1309     - luxman 0.41-19
1310     [05 Nov 2002] DSA-188 apache-ssl - several vulnerabilities
1311     {CAN-2002-0839 CAN-2002-0840 CAN-2002-0843}
1312     - apache 1.3.27-0.1
1313     {CAN-2001-0131 CAN-2002-1233}
1314     - apache 1.3.27-1
1315     HELP: note sure about this
1316     NOTE: I have mailed maintainers
1317     {NO-CAN Several buffer overflows in ApacheBench}
1318     HELP: I don't know about this
1319     NOTE: I have mailed maintainers
1320     [04 Nov 2002] DSA-187 apache - several vulnerabilities
1321     {CAN-2002-0839 CAN-2002-0840 CAN-2002-0843}
1322     - apache 1.3.27-0.1
1323     {CAN-2001-0131 CAN-2002-1233}
1324     - apache 1.3.27-1
1325     HELP: note sure about this
1326     NOTE: I have mailed maintainers
1327     {NO-CAN Several buffer overflows in ApacheBench}
1328     HELP: I don't know about this
1329     NOTE: I have mailed maintainers
1330     [01 Nov 2002] DSA-186 log2mail - buffer overflow
1331     {CAN-2002-1251}
1332     - log2mail 0.2.6-1
1333     [31 Oct 2002] DSA-185 heimdal - buffer overflow
1334     {CAN-2002-1235}
1335     - heimdal 0.4e-22
1336     [30 Oct 2002] DSA-184 krb4 - buffer overflow
1337     {CAN-2002-1235}
1338     - krb4 1.1-11-8
1339     [29 Oct 2002] DSA-183 krb5 - buffer overflow
1340     {CAN-2002-1235}
1341     - krb5 1.2.6-2
1342     [28 Oct 2002] DSA-182 kdegraphics - buffer overflow
1343     {CAN-2002-0838}
1344     - kdegraphics 2.2.2-6.9
1345     [22 Oct 2002] DSA-181 libapache-mod-ssl - cross site scripting
1346     {CAN-2002-1157}
1347     - libapache-mod-ssl 2.8.9-2.3
1348     [21 Oct 2002] DSA-180 nis - information leak
1349     {CAN-2002-1232}
1350     - nis 3.9-6.2
1351     [18 Oct 2002] DSA-179 gnome-gv - buffer overflow
1352     {CAN-2002-0838}
1353     - gnome-gv 1.99.7-9
1354     [17 Oct 2002] DSA-178 heimdal - remote command execution
1355     {CAN-2002-1225, CAN-2002-1226}
1356     - heimdal 0.4e-21
1357     [17 Oct 2002] DSA-177 pam - serious security violation
1358     {CAN-2002-1227}
1359     - pam 0.76-6
1360     [16 Oct 2002] DSA-176 gv - buffer overflow
1361     {CAN-2002-0838}
1362     - gv 3.5.8-27
1363     [15 Oct 2002] DSA-175 syslog-ng - buffer overflow
1364     {CAN-2002-1200}
1365     - syslog-ng 1.5.21-1
1366     [14 Oct 2002] DSA-174 heartbeat - buffer overflow
1367     {CAN-2002-1215}
1368     - heartbeat 0.4.9.2-1
1369     [09 Oct 2002] DSA-173 bugzilla - privilege escalation
1370     {CAN-2002-1196}
1371     NOTE: not in testing, fixed in unstable (bugzilla 2.16.0-2.1)
1372     [08 Oct 2002] DSA-172 tkmail - insecure temporary files
1373     {CAN-2002-1193}
1374     NOTE: not in testing nor unstable (was fixed in 4.0beta9-9)
1375     [07 Oct 2002] DSA-171 fetchmail - buffer overflows
1376     {CAN-2002-1175, CAN-2002-1174}
1377     - fetchmail 6.1.0-1
1378     NOTE: fetchmail-ssl not in testing, fixed in unstable (fetchmail-ssl 6.1.0-1)
1379     [04 Oct 2002] DSA-170 tomcat4 - source code disclosure
1380     {CAN-2002-1148}
1381     ! tomcat4 4.1.12-1
1382     NOTE: only 4.0.4-4 in testing (which seems to be vulnerable)
1383     [25 Sep 2002] DSA-169 htcheck - cross site scripting
1384     {CAN-2002-1195}
1385     - htcheck 1.1-1.2
1386     [18 Sep 2002] DSA-168 php - bypassing safe_mode, CRLF injection
1387     {CAN-2002-0985 CAN-2002-0986}
1388     - php3 3.0.18-23.2
1389     - php4 4.2.3-3
1390     NOTE: php3 is not in testing, it seems to be wait for tiff and gcc transition
1391     NOTE: and is out of date on alpha and arm
1392     [16 Sep 2002] DSA-167 kdelibs - cross site scripting
1393     {CAN-2002-1151}
1394     - kdelibs 2.2.2-14
1395     NOTE: there is a typo in the DSA that mentionned Konquerer instead of kdelibs
1396     [13 Sep 2002] DSA-166 purity - buffer overflows
1397     {CAN-2002-1124}
1398     - purity 1-16
1399     [12 Sep 2002] DSA-165 postgresql - buffer overflows
1400     {CAN-2002-0972 CAN-2002-1398 CAN-2002-1400 CAN-2002-1401 CVE-2002-1402}
1401     - postgresql 7.2.2-2
1402     [10 Sep 2002] DSA-164 cacti - arbitrary code execution
1403     {CAN-2002-1477 CAN-2002-1478}
1404     - cacti 0.6.8a-2
1405     [09 Sep 2002] DSA-163 mhonarc - cross site scripting
1406     {CVE-2002-0738}
1407     - mhonarc 2.5.11-1
1408     [06 Sep 2002] DSA-162 ethereal - buffer overflow
1409     {CAN-2002-0834}
1410     - ethereal 0.9.6-1
1411     [04 Sep 2002] DSA-161 mantis - privilege escalation
1412     {CAN-2002-1115 CAN-2002-1116}
1413     - mantis 0.17.5-2
1414     [03 Sep 2002] DSA-160 scrollkeeper - insecure temporary file creation
1415     {CAN-2002-0662}
1416     - scrollkeeper 0.3.11-2
1417     [28 Aug 2002] DSA-159 python - insecure temporary files
1418     {CAN-2002-1119}
1419     - python2.1 2.1.3-6a
1420     - python2.2 2.2.1-8
1421     NOTE: python1.5 not in testing nor unstable (was fixed in 1.5.2-24)
1422     NOTE: python2.3 is not vulnerable
1423     [27 Aug 2002] DSA-158 gaim - arbitrary program execution
1424     {CVE-2002-0989}
1425     - gaim 0.59.1-2
1426     [23 Aug 2002] DSA-157 irssi-text - denial of service
1427     {CAN-2002-0983}
1428     - irssi-text 0.8.5-2
1429     [22 Aug 2002] DSA-156 epic4-script-light - arbitrary script execution
1430     {CVE-2002-0984}
1431     - epic4-script-light 2.7.30p5-2
1432     [17 Aug 2002] DSA-155 kdelibs - privacy escalation with Konqueror
1433     {CAN-2002-0970}
1434     - kdelibs 4:2.2.2-14
1435     [15 Aug 2002] DSA-154 fam - privilege escalation
1436     {CVE-2002-0875}
1437     - fam 2.6.8-1
1438     [14 Aug 2002] DSA-153 mantis - cross site code execution and privilege escalation
1439     {CAN-2002-1114 CAN-2002-1113 CAN-2002-1112 CAN-2002-1111 CAN-2002-1110}
1440     - mantis 0.17.4a-2
1441     [13 Aug 2002] DSA-152 l2tpd - missing random seed
1442     {CVE-2002-0872 CVE-2002-0873}
1443     NOTE: not in testing (was fixed in unstable 0.68-1)
1444     [13 Aug 2002] DSA-151 xinetd - pipe exposure
1445     {CVE-2002-0871}
1446     - xinetd 2.3.7-1
1447     [13 Aug 2002] DSA-150 interchange - illegal file exposition
1448     {CAN-2002-0874}
1449     - interchange 4.8.6-1
1450     [13 Aug 2002] DSA-149 glibc - integer overflow
1451     {CVE-2002-0391}
1452     - glibc 2.2.5-13
1453     [12 Aug 2002] DSA-148 hylafax - buffer overflows and format string vulnerabilities
1454     {CVE-2002-1049 CVE-2002-1050 CAN-2001-1034}
1455     - hylafax 4.1.2-2.1
1456     [08 Aug 2002] DSA-147 mailman - cross-site scripting
1457     {CAN-2002-0388 CAN-2002-0855}
1458     - mailman 2.0.12-1
1459     [08 Aug 2002] DSA-146 dietlibc - integer overflow
1460     {CVE-2002-0391}
1461     - dietlibc 0.20-0cvs20020808
1462     [07 Aug 2002] DSA-145 tinyproxy - doubly freed memory
1463     {CVE-2002-0847}
1464     - tinyproxy 1.4.3-3
1465     [06 Aug 2002] DSA-144 wwwoffle - improper input handling
1466     {CVE-2002-0818}
1467     - wwwoffle 2.7d-1
1468     [05 Aug 2002] DSA-143 krb5 - integer overflow
1469     {CVE-2002-0391}
1470     - krb5 1.2.5-2
1471     [05 Aug 2002] DSA-142 openafs - integer overflow
1472     {CVE-2002-0391}
1473     - openafs 1.2.6-1
1474     [01 Aug 2002] DSA-141 mpack - buffer overflow
1475     {CAN-2002-1425}
1476     - mpack 1.5-9
1477     [05 Aug 2002] DSA-140 libpng - buffer overflow
1478     {CAN-2002-0660 CAN-2002-0728}
1479     - libpng 1.0.12-4
1480     - libpng3 1.2.1-2
1481     [01 Aug 2002] DSA-139 super - format string vulnerability
1482     {CVE-2002-0817}
1483     - super 3.18.0-3
1484     [01 Aug 2002] DSA-138 gallery - remote exploit
1485     {CAN-2002-1412}
1486     - gallery 1.3-3
1487     [30 Jul 2002] DSA-137 mm - insecure temporary files
1488     {CVE-2002-0658}
1489     - mm 1.1.3-7
1490     [30 Jul 2002] DSA-136 openssl - multiple remote exploits
1491     {CAN-2002-0655 CAN-2002-0656 CAN-2002-0657 CAN-2002-0659}
1492     - openssl 0.9.6e-1
  ViewVC Help
Powered by ViewVC 1.1.5