diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2023-06-07 06:50:57 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2023-06-07 06:57:01 +0200 |
| commit | 07b9cd5b5df9fb2c536d7288ae4fc051260f693e (patch) | |
| tree | e1bcda1590dccd1740e2baa1bdb575d0e9ced79e /website | |
| parent | e9b8a08a5f41859b7ca099bd5327e549703b7fca (diff) | |
Drop obsolete documentation for secure-testing project
Both http://secure-testing.debian.net/ and
http://secure-testing-master.debian.net/ are discontinued for a while
now and we are not serving the files anymore. To avoid possible
confusion, drop the entire secure-testing related documentation and
advisories.
Acked-by: Moritz Muehlenhoff <jmm@debian.org>
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
Diffstat (limited to 'website')
53 files changed, 0 insertions, 5339 deletions
diff --git a/website/DTSA/DTSA-1-1.html b/website/DTSA/DTSA-1-1.html deleted file mode 100644 index 44e2a4ea39..0000000000 --- a/website/DTSA/DTSA-1-1.html +++ /dev/null @@ -1,103 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-1-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>August 26th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:kismet'>kismet</a></dd> -<dt>Vulnerability:</dt> -<dd>various</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2626'>CVE-2005-2626</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2627'>CVE-2005-2627</a> -<br></dd> -<br><dt>More information:</dt> -<dd>Multiple security holes have been discovered in kismet: <br> - <br> -CVE-2005-2627 <br> - <br> -Multiple integer underflows in Kismet allow remote attackers to execute <br> -arbitrary code via (1) kernel headers in a pcap file or (2) data frame <br> -dissection, which leads to heap-based buffer overflows. <br> - <br> -CVE-2005-2626 <br> - <br> -Unspecified vulnerability in Kismet allows remote attackers to have an <br> -unknown impact via unprintable characters in the SSID. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 2005.08.R1-0.1etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 2005.08.R1-1</dt> -<br><dt>This upgrade is recommended if you use kismet.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install kismet</dd> -<br> - -<dt>The Debian testing security team does not track security issues for then stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, the Debian security team will make an announcement once a fix is ready.</dt> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://testing-security.debian.net/ziyi-2005-7.asc'>http://testing-security.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<dt>For further information about the Debian testing security team, please refer to <a href='http://testing-security.debian.net/'>http://testing-security.debian.net/</a></dt> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-10-1.html b/website/DTSA/DTSA-10-1.html deleted file mode 100644 index cbf4d44c27..0000000000 --- a/website/DTSA/DTSA-10-1.html +++ /dev/null @@ -1,100 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-10-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>August 29th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:pcre3'>pcre3</a></dd> -<dt>Vulnerability:</dt> -<dd>buffer overflow</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491'>CVE-2005-2491</a> -<br></dd> -<br><dt>More information:</dt> -<dd>An integer overflow in pcre_compile.c in Perl Compatible Regular Expressions <br> -(PCRE) allows attackers to execute arbitrary code via quantifier values in <br> -regular expressions, which leads to a heap-based buffer overflow. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 6.3-0.1etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 6.3-1</dt> -<br><dt>This upgrade is recommended if you use pcre3.<dt> -<br><dt>-Before installing the update, please note that you will need to restart all -daemons that link with libpcre3 for the security fix to be used. Either -reboot your machine after the upgrade, or make a list of processes that are -using libpcre3, and restart them after the upgrade. To generate the list, -run this command before you upgrade:</dt> -<dd>lsof /usr/lib/libpcre.so.3<dd> - -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install libpcre3</dd> -<br> - -<dt>The Debian testing security team does not track security issues for then stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, the Debian security team will make an announcement once a fix is ready.</dt> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://testing-security.debian.net/ziyi-2005-7.asc'>http://testing-security.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<dt>For further information about the Debian testing security team, please refer to <a href='http://testing-security.debian.net/'>http://testing-security.debian.net/</a></dt> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-11-1.html b/website/DTSA/DTSA-11-1.html deleted file mode 100644 index 5d0d3b72e0..0000000000 --- a/website/DTSA/DTSA-11-1.html +++ /dev/null @@ -1,92 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-11-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>August 29th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:maildrop'>maildrop</a></dd> -<dt>Vulnerability:</dt> -<dd>local privilege escalation</dd> -<dt>Problem-Scope:</dt> -<dd>local</dd> -<dt>Debian-specific:</dt> -<dd>Yes<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2655'>CVE-2005-2655</a> -<br></dd> -<br><dt>More information:</dt> -<dd>The lockmail binary shipped with maildrop allows for an attacker to <br> -obtain an effective gid as group "mail". Debian ships the binary with its <br> -setgid bit set, but the program does not drop privileges when run. It takes <br> -an argument that is executed, and since it does not drop privileges, an <br> -attacker can execute an arbitrary command with an effective gid of the "mail" <br> -group. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 1.5.3-1.1etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 1.5.3-2</dt> -<br><dt>This upgrade is recommended if you use maildrop.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install maildrop</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://testing-security.debian.net/ziyi-2005-7.asc'>http://testing-security.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-12-1.html b/website/DTSA/DTSA-12-1.html deleted file mode 100644 index d1431a7312..0000000000 --- a/website/DTSA/DTSA-12-1.html +++ /dev/null @@ -1,89 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-12-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>September 8th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:vim'>vim</a></dd> -<dt>Vulnerability:</dt> -<dd>modeline exploits</dd> -<dt>Problem-Scope:</dt> -<dd>local</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2368'>CVE-2005-2368</a> -<br></dd> -<br><dt>More information:</dt> -<dd>vim modelines allow files to execute arbitrary commands via shell <br> -metacharacters in the glob or expand commands of a foldexpr expression <br> -for calculating fold levels. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 1:6.3-085+0.0etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 1:6.3-085+1</dt> -<br><dt>This upgrade is recommended if you use vim.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install vim</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-13-1.html b/website/DTSA/DTSA-13-1.html deleted file mode 100644 index 45b50710ab..0000000000 --- a/website/DTSA/DTSA-13-1.html +++ /dev/null @@ -1,102 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-13-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>September 8th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:evolution'>evolution</a></dd> -<dt>Vulnerability:</dt> -<dd>format string vulnerabilities</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2549'>CVE-2005-2549</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2550'>CVE-2005-2550</a> -<br></dd> -<br><dt>More information:</dt> -<dd>Multiple vulnerabilities were discovered in evolution: <br> - <br> -CVE-2005-2549 <br> - <br> -Multiple format string vulnerabilities in Evolution allow remote attackers <br> -to cause a denial of service (crash) and possibly execute arbitrary code via <br> -(1) full vCard data, (2) contact data from remote LDAP servers, or (3) task <br> -list data from remote servers. <br> - <br> -CVE-2005-2550 <br> - <br> -Format string vulnerability in Evolution allows remote attackers to cause a <br> -denial of service (crash) and possibly execute arbitrary code via the <br> -calendar entries such as task lists, which are not properly handled when <br> -the user selects the Calendars tab. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 2.2.3-2etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 2.2.3-3</dt> -<br><dt>This upgrade is recommended if you use evolution.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install evolution</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-14-1.html b/website/DTSA/DTSA-14-1.html deleted file mode 100644 index 280d605fb6..0000000000 --- a/website/DTSA/DTSA-14-1.html +++ /dev/null @@ -1,149 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-14-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>September 13th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:mozilla'>mozilla</a></dd> -<dt>Vulnerability:</dt> -<dd>several</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0718'>CVE-2004-0718</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1937'>CVE-2005-1937</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2260'>CVE-2005-2260</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2261'>CVE-2005-2261</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2263'>CVE-2005-2263</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2265'>CVE-2005-2265</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2266'>CVE-2005-2266</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2268'>CVE-2005-2268</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2269'>CVE-2005-2269</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2270'>CVE-2005-2270</a> -<br></dd> -<br><dt>More information:</dt> -<dd>Several problems have been discovered in Mozilla. Since the usual praxis of <br> -backporting apparently does not work for this package, this update is <br> -basically version 1.7.10 with the version number rolled back, and hence still <br> -named 1.7.8. The Common Vulnerabilities and Exposures project identifies the <br> -following problems: <br> - <br> -CVE-2004-0718, CVE-2005-1937 <br> - <br> -A vulnerability has been discovered in Mozilla that allows remote <br> -attackers to inject arbitrary Javascript from one page into the <br> -frameset of another site. <br> - <br> -CVE-2005-2260 <br> - <br> -The browser user interface does not properly distinguish between <br> -user-generated events and untrusted synthetic events, which makes <br> -it easier for remote attackers to perform dangerous actions that <br> -normally could only be performed manually by the user. <br> - <br> -CVE-2005-2261 <br> - <br> -XML scripts ran even when Javascript disabled. <br> - <br> -CVE-2005-2263 <br> - <br> -It is possible for a remote attacker to execute a callback <br> -function in the context of another domain (i.e. frame). <br> - <br> -CVE-2005-2265 <br> - <br> -Missing input sanitising of InstallVersion.compareTo() can cause <br> -the application to crash. <br> - <br> -CVE-2005-2266 <br> - <br> -Remote attackers could steal sensitive information such as cookies <br> -and passwords from web sites by accessing data in alien frames. <br> - <br> -CVE-2005-2268 <br> - <br> -It is possible for a Javascript dialog box to spoof a dialog box <br> -from a trusted site and facilitates phishing attacks. <br> - <br> -CVE-2005-2269 <br> - <br> -Remote attackers could modify certain tag properties of DOM nodes <br> -that could lead to the execution of arbitrary script or code. <br> - <br> -CVE-2005-2270 <br> - <br> -The Mozilla browser family does not properly clone base objects, <br> -which allows remote attackers to execute arbitrary code. <br> - <br> -Note that this is the same update contained in DSA-810-1 for Debian stable. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 1.7.8-1sarge2</dt> -<dt>For the unstable distribution (sid) this is fixed in version 1.7.10-1</dt> -<br><dt>This upgrade is recommended if you use mozilla.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install mozilla</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-15-1.html b/website/DTSA/DTSA-15-1.html deleted file mode 100644 index e4f04b3cdf..0000000000 --- a/website/DTSA/DTSA-15-1.html +++ /dev/null @@ -1,111 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-16-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>September 10th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:php4'>php4</a></dd> -<dt>Vulnerability:</dt> -<dd>several vulnerabilities</dd> -<dt>Problem-Scope:</dt> -<dd>remote/local</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1751'>CVE-2005-1751</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1921'>CVE-2005-1921</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2498'>CVE-2005-2498</a> -<br></dd> -<br><dt>More information:</dt> -<dd>Several security related problems have been found in PHP4, the <br> -server-side, HTML-embedded scripting language. The Common <br> -Vulnerabilities and Exposures project identifies the following <br> -problems: <br> - <br> -CVE-2005-1751 <br> - <br> -Eric Romang discovered insecure temporary files in the shtool <br> -utility shipped with PHP that can exploited by a local attacker to <br> -overwrite arbitrary files. Only this vulnerability affects <br> -packages in oldstable. <br> - <br> -CVE-2005-1921 <br> - <br> -GulfTech has discovered that PEAR XML_RPC is vulnerable to a <br> -remote PHP code execution vulnerability that may allow an attacker <br> -to compromise a vulnerable server. <br> - <br> -CVE-2005-2498 <br> - <br> -Stefan Esser discovered another vulnerability in the XML-RPC <br> -libraries that allows injection of arbitrary PHP code into eval() <br> -statements. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 4.3.10-16etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 4.4.0-2</dt> -<br><dt>This upgrade is recommended if you use php4.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-16-1.html b/website/DTSA/DTSA-16-1.html deleted file mode 100644 index 28934cb1a7..0000000000 --- a/website/DTSA/DTSA-16-1.html +++ /dev/null @@ -1,320 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-16-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>September 15, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:linux-2.6'>linux-2.6</a></dd> -<dt>Vulnerability:</dt> -<dd>several holes</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2098'>CVE-2005-2098</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2099'>CVE-2005-2099</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456'>CVE-2005-2456</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2617'>CVE-2005-2617</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1913'>CVE-2005-1913</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1761'>CVE-2005-1761</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2457'>CVE-2005-2457</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458'>CVE-2005-2458</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2459'>CVE-2005-2459</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2548'>CVE-2005-2548</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2302'>CVE-2004-2302</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1765'>CVE-2005-1765</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1762'>CVE-2005-1762</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1761'>CVE-2005-1761</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2555'>CVE-2005-2555</a> -<br></dd> -<br><dt>More information:</dt> -<dd>Several security related problems have been found in version 2.6 of the <br> -linux kernel. The Common Vulnerabilities and Exposures project identifies <br> -the following problems: <br> - <br> -CVE-2004-2302 <br> - <br> - Race condition in the sysfs_read_file and sysfs_write_file functions in <br> - Linux kernel before 2.6.10 allows local users to read kernel memory and <br> - cause a denial of service (crash) via large offsets in sysfs files. <br> - <br> -CVE-2005-1761 <br> - <br> - Vulnerability in the Linux kernel allows local users to cause a <br> - denial of service (kernel crash) via ptrace. <br> - <br> -CVE-2005-1762 <br> - <br> - The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 <br> - platform allows local users to cause a denial of service (kernel crash) via <br> - a "non-canonical" address. <br> - <br> -CVE-2005-1765 <br> - <br> - syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when <br> - running in 32-bit compatibility mode, allows local users to cause a denial <br> - of service (kernel hang) via crafted arguments. <br> - <br> -CVE-2005-1913 <br> - <br> - When a non group-leader thread called exec() to execute a different program <br> - while an itimer was pending, the timer expiry would signal the old group <br> - leader task, which did not exist any more. This caused a kernel panic. <br> - <br> -CVE-2005-2098 <br> - <br> - The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before <br> - 2.6.12.5 contains an error path that does not properly release the session <br> - management semaphore, which allows local users or remote attackers to cause <br> - a denial of service (semaphore hang) via a new session keyring (1) with an <br> - empty name string, (2) with a long name string, (3) with the key quota <br> - reached, or (4) ENOMEM. <br> - <br> -CVE-2005-2099 <br> - <br> - The Linux kernel before 2.6.12.5 does not properly destroy a keyring that <br> - is not instantiated properly, which allows local users or remote attackers <br> - to cause a denial of service (kernel oops) via a keyring with a payload <br> - that is not empty, which causes the creation to fail, leading to a null <br> - dereference in the keyring destructor. <br> - <br> -CVE-2005-2456 <br> - <br> - Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c <br> - in Linux kernel 2.6 allows local users to cause a denial of service (oops <br> - or deadlock) and possibly execute arbitrary code via a p->dir value that is <br> - larger than XFRM_POLICY_OUT, which is used as an index in the <br> - sock->sk_policy array. <br> - <br> -CVE-2005-2457 <br> - <br> - The driver for compressed ISO file systems (zisofs) in the Linux kernel <br> - before 2.6.12.5 allows local users and remote attackers to cause a denial <br> - of service (kernel crash) via a crafted compressed ISO file system. <br> - <br> -CVE-2005-2458 <br> - <br> - inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows <br> - remote attackers to cause a denial of service (kernel crash) via a <br> - compressed file with "improper tables". <br> - <br> -CVE-2005-2459 <br> - <br> - The huft_build function in inflate.c in the zlib routines in the Linux <br> - kernel before 2.6.12.5 returns the wrong value, which allows remote <br> - attackers to cause a denial of service (kernel crash) via a certain <br> - compressed file that leads to a null pointer dereference, a different <br> - vulnerbility than CVE-2005-2458. <br> - <br> -CVE-2005-2548 <br> - <br> - vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a denial <br> - of service (kernel oops from null dereference) via certain UDP packets that <br> - lead to a function call with the wrong argument, as demonstrated using <br> - snmpwalk on snmpd. <br> - <br> -CVE-2005-2555 <br> - <br> - Linux kernel 2.6.x does not properly restrict socket policy access to users <br> - with the CAP_NET_ADMIN capability, which could allow local users to conduct <br> - unauthorized activities via (1) ipv4/ip_sockglue.c and (2) <br> - ipv6/ipv6_sockglue.c. <br> - <br> -CVE-2005-2617 <br> - <br> - The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 <br> - and later, on the amd64 architecture, does not check the return value of <br> - the insert_vm_struct function, which allows local users to trigger a memory <br> - leak via a 32-bit application with crafted ELF headers. <br> - <br> -In addition this update fixes some security issues that have not been <br> -assigned CVE ids: <br> - <br> - - Fix DST leak in icmp_push_reply(). Possible remote DoS? <br> - <br> - - NPTL signal delivery deadlock fix; possible local DoS. <br> - <br> - - fix a memory leak in devices seq_file implementation; local DoS. <br> - <br> - - Fix SKB leak in ip6_input_finish(); local DoS. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 2.6.12-6</dt> -<dt>For the unstable distribution (sid) this is fixed in version 2.6.12-6</dt> -</dl> -<p> -The Debian testing security team does not track security issues for the -stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, -the Debian security team will make an announcement once a fix is ready. -</p> -<p> -Your system does not need to be configured to use the Debian testing security -archive to install this update. The fixed kernel packages are available -in the regular Debian testing archive. -</p> -<p> -To install the update, first run this command as root: -</p> -<p> - apt-get update -</p> -<p> -Next, install an appropriate kernel package for your architecture and -machine. The following kernel will work for all i386 machines: -</p> -<p> - apt-get install linux-image-2.6-386 -</p> -<p> -However, you may prefer to install an optimised kernel for your machine: -</p> -<p> - apt-get install linux-image-2.6-686<br> - apt-get install linux-image-2.6-686-smp<br> - apt-get install linux-image-2.6-k7<br> - apt-get install linux-image-2.6-k7-smp<br> -</p> -<p> -For the amd64 architecture, chose one of these kernels: -</p> -<p> - apt-get install linux-image-2.6-amd64-generic<br> - apt-get install linux-image-2.6-amd64-k8<br> - apt-get install linux-image-2.6-amd64-k8-smp<br> -</p> -<p> -For the powerpc architecture, choose one of these kernels: -</p> -<p> - apt-get install linux-image-2.6-powerpc<br> - apt-get install linux-image-2.6-powerpc-smp<br> - apt-get install linux-image-2.6-powerpc64<br> -</p> -<p> -For the sparc architecture, choose one of these kernels: -</p> -<p> - apt-get install linux-image-2.6-sparc64<br> - apt-get install linux-image-2.6-sparc64-smp<br> -</p> -<p> - (Note that users of 32 bit sparc systems are no longer supported by the - 2.6 kernel.) -</p> -<p> -For the alpha architecture, choose one of these kernels: -</p> -<p> - apt-get install linux-image-2.6-alpha-generic<br> - apt-get install linux-image-2.6-alpha-smp<br> -</p> -<p> -For the ia64 architecture, choose one of these kernels: -</p> -<p> - apt-get install linux-image-2.6-itanium<br> - apt-get install linux-image-2.6-itanium-smp<br> - apt-get install linux-image-2.6-mckinley<br> - apt-get install linux-image-2.6-mckinley-smp<br> -</p> -<p> -For the hppa architecture, choose one of these kernels: -</p> -<p> - apt-get install linux-image-2.6-parisc<br> - apt-get install linux-image-2.6-parisc-smp<br> - apt-get install linux-image-2.6-parisc64<br> - apt-get install linux-image-2.6-parisc64-smp<br> -</p> -<p> -For the s390 architecture, choose one of these kernels: -</p> -<p> - apt-get install linux-image-2.6-s390<br> - apt-get install linux-image-2.6-s390x<br> -</p> -<p> -For the arm architecture, choose one of these kernels: -</p> -<p> - apt-get install linux-image-2.6-footbridge<br> - apt-get install linux-image-2.6-ixp4xx<br> - apt-get install linux-image-2.6-rpc<br> - apt-get install linux-image-2.6-s3c2410<br> -</p> -<p> -For the m68k architecture, choose one of these kernels: -</p> -<p> - apt-get install linux-image-2.6-amiga<br> - apt-get install linux-image-2.6-atari<br> - apt-get install linux-image-2.6-bvme6000<br> - apt-get install linux-image-2.6-hp<br> - apt-get install linux-image-2.6-mac<br> - apt-get install linux-image-2.6-mvme147<br> - apt-get install linux-image-2.6-mvme16x<br> - apt-get install linux-image-2.6-q40<br> - apt-get install linux-image-2.6-sun3<br> -</p> -<p> -Updated kernels are not yet available for the mips and mipsel -architectures. -</p> -<p> -Note that you may also need to upgrade third-party modules that are not -included in the kernel package. -</p> -<p> -Finally, reboot the system, taking care to boot the new 2.6.12 kernel with -your bootloader. -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-17-1.html b/website/DTSA/DTSA-17-1.html deleted file mode 100644 index e9cd482b5a..0000000000 --- a/website/DTSA/DTSA-17-1.html +++ /dev/null @@ -1,93 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-17-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>September 15th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:lm-sensors'>lm-sensors</a></dd> -<dt>Vulnerability:</dt> -<dd>insecure temporary file</dd> -<dt>Problem-Scope:</dt> -<dd>local</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2672'>CVE-2005-2672</a> -<br></dd> -<br><dt>More information:</dt> -<dd>Javier Fernández-Sanguino Peña discovered that a script included in <br> -lm-sensors, used to read temperature/voltage/fan sensors, creates a temporary <br> -file with a predictable filename, leaving it vulnerable for a symlink <br> -attack. <br> - <br> -Note that this is the same set of security fixes put into stable in <br> -DSA-814-1. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 1:2.9.1-6etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 1:2.9.1-7</dt> -<br><dt>This upgrade is recommended if you use lm-sensors.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install lm-sensors</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-19-1.html b/website/DTSA/DTSA-19-1.html deleted file mode 100644 index 1ddca9b292..0000000000 --- a/website/DTSA/DTSA-19-1.html +++ /dev/null @@ -1,98 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-19-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>September 22nd, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:clamav'>clamav</a></dd> -<dt>Vulnerability:</dt> -<dd>buffer overflow and infinate loop problems</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2919'>CVE-2005-2919</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2920'>CVE-2005-2920</a> -<br></dd> -<br><dt>More information:</dt> -<dd>Multiple security holes were found in clamav: <br> - <br> -CVE-2005-2919 <br> - <br> - A possible infinate loop has been discovered in libclamav/fsg.c <br> - <br> -CVE-2005-2920 <br> - <br> - A possible buffer overflow has been found in libclamav/upx.c <br> - <br> -Thanks to Stephen Granan <sgran@debian.org> for the updated packages <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 0.86.2-4etch2</dt> -<dt>For the unstable distribution (sid) this is fixed in version 0.87-1</dt> -<br><dt>This upgrade is recommended if you use clamav.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-2-1.html b/website/DTSA/DTSA-2-1.html deleted file mode 100644 index 9f0b119b62..0000000000 --- a/website/DTSA/DTSA-2-1.html +++ /dev/null @@ -1,117 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-2-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>August 28th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:centericq'>centericq</a></dd> -<dt>Vulnerability:</dt> -<dd>multiple vulnerabilities</dd> -<dt>Problem-Scope:</dt> -<dd>local and remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2448'>CVE-2005-2448</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2370'>CVE-2005-2370</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2369'>CVE-2005-2369</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1914'>CVE-2005-1914</a> -<br></dd> -<br><dt>More information:</dt> -<dd>centericq in testing is vulnerable to multiple security holes: <br> - <br> -CVE-2005-2448 <br> - <br> -Multiple endianness errors in libgadu, which is embedded in centericq, <br> -allow remote attackers to cause a denial of service (invalid behaviour in <br> -applications) on big-endian systems. <br> - <br> -CVE-2005-2370 <br> - <br> -Multiple memory alignment errors in libgadu, which is embedded in <br> -centericq, allows remote attackers to cause a denial of service (bus error) <br> -on certain architectures such as SPARC via an incoming message. <br> - <br> -CVE-2005-2369 <br> - <br> -Multiple integer signedness errors in libgadu, which is embedded in <br> -centericq, may allow remote attackers to cause a denial of service <br> -or execute arbitrary code. <br> - <br> -CVE-2005-1914 <br> - <br> -centericq creates temporary files with predictable file names, which <br> -allows local users to overwrite arbitrary files via a symlink attack. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 4.20.0-8etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 4.20.0-9</dt> -<br><dt>This upgrade is recommended if you use centericq.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install centericq</dd> -<br> - -<dt>The Debian testing security team does not track security issues for then stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, the Debian security team will make an announcement once a fix is ready.</dt> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://testing-security.debian.net/ziyi-2005-7.asc'>http://testing-security.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<dt>For further information about the Debian testing security team, please refer to <a href='http://testing-security.debian.net/'>http://testing-security.debian.net/</a></dt> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-20-1.html b/website/DTSA/DTSA-20-1.html deleted file mode 100644 index 63f444e706..0000000000 --- a/website/DTSA/DTSA-20-1.html +++ /dev/null @@ -1,92 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-20-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>October 13th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:mailutils'>mailutils</a></dd> -<dt>Vulnerability:</dt> -<dd>Format string vulnerability</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2878'>CVE-2005-2878</a> -<br></dd> -<br><dt>More information:</dt> -<dd>A format string vulnerability has been discovered in Mailutils. <br> - <br> -CVE-2005-2878 <br> - A format string vulnerability in search.c in the imap4d server in GNU <br> - Mailutils 0.6 allows remote authenticated users to execute arbitrary code via <br> - format string specifiers in the SEARCH command. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 1:0.6.90-2.1etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 1:0.6.90-3</dt> -<br><dt>This upgrade is recommended if you use mailutils.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-21-1.html b/website/DTSA/DTSA-21-1.html deleted file mode 100644 index cd13aafa6e..0000000000 --- a/website/DTSA/DTSA-21-1.html +++ /dev/null @@ -1,117 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-21-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>November 3rd, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:clamav'>clamav</a></dd> -<dt>Vulnerability:</dt> -<dd>Denial of service vulnerabilities and buffer overflow</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3239'>CVE-2005-3239</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3500'>CVE-2005-3500</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3501'>CVE-2005-3501</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3303'>CVE-2005-3303</a> -<br></dd> -<br><dt>More information:</dt> -<dd> <br> -Multiple security holes were found in clamav: <br> - <br> -CVE-2005-3239 <br> - <br> - The OLE2 unpacker allows remote attackers to cause a denial of service <br> - by sending a DOC file with an invalid property tree, triggering <br> - an infinite recursion. <br> - <br> -CVE-2005-3500 <br> - <br> - The tnef_attachment function in Clam AntiVirus before 0.87.1 <br> - allows remote attackers to cause a denial of service, through <br> - an infinate loop and memory exhaustion, by crafting a CAB file <br> - with a value that causes ClamAV to repeatedly scan the same block <br> - <br> -CVE-2005-3501 <br> - <br> - The cabd_find function in of the libmspack library in Clam AntiVirus <br> - before 0.87.1 allows remote attackers to cause a denial of service <br> - via a crafted CAB file that causes cabd_find to be called with a zero <br> - length. <br> - <br> -CVE-2005-3303 <br> - <br> - The FSB unpacker in Clam AntiVirus 0.80 through 0.87 allows <br> - remote attackers to cause memory corruption and execute arbitrary <br> - code via a crafted FSG 1.33 file. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 0.87.1-0etch.1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 0.87.1</dt> -<br><dt>This upgrade is recommended if you use clamav.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-22-1.html b/website/DTSA/DTSA-22-1.html deleted file mode 100644 index 169c9e407f..0000000000 --- a/website/DTSA/DTSA-22-1.html +++ /dev/null @@ -1,91 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-22-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>December 5th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:uim'>uim</a></dd> -<dt>Vulnerability:</dt> -<dd>local privilege escalation</dd> -<dt>Problem-Scope:</dt> -<dd>local</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3149'>CVE-2005-3149</a> -<br></dd> -<br><dt>More information:</dt> -<dd>CVE-2005-3149 <br> - <br> - Masanari Yamamoto discovered that incorrect use of environment <br> - variables in uim. This bug causes privilege escalation if setuid/setgid <br> - applications was linked to libuim. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 1:0.4.7-2.0etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 1:0.4.7-2</dt> -<br><dt>This upgrade is recommended if you use uim.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-23-1.html b/website/DTSA/DTSA-23-1.html deleted file mode 100644 index 420bcbf2ec..0000000000 --- a/website/DTSA/DTSA-23-1.html +++ /dev/null @@ -1,91 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-23-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>December 5th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:centericq'>centericq</a></dd> -<dt>Vulnerability:</dt> -<dd>buffer overflow</dd> -<dt>Problem-Scope:</dt> -<dd>local</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3863'>CVE-2005-3863</a> -<br></dd> -<br><dt>More information:</dt> -<dd>CVE-2005-3863 <br> - <br> - Mehdi Oudad "deepfear" and Kevin Fernandez "Siegfried" from the Zone-H <br> - Research Team discovered a buffer overflow in kkstrtext.h of the ktools <br> - library, which is included in centericq. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 4.21.0-6.0etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 4.21.0-6</dt> -<br><dt>This upgrade is recommended if you use centericq.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-24-1.html b/website/DTSA/DTSA-24-1.html deleted file mode 100644 index 5667979457..0000000000 --- a/website/DTSA/DTSA-24-1.html +++ /dev/null @@ -1,91 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-24-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>December 5th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:inkscape'>inkscape</a></dd> -<dt>Vulnerability:</dt> -<dd>buffer overflow</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3737'>CVE-2005-3737</a> -<br></dd> -<br><dt>More information:</dt> -<dd>CVE-2005-3737 <br> - <br> - Joxean Koret discovered that inkscape is vulnerable in the SVG importer <br> - (style.cpp), which might allow remote attackers to execute arbitrary code <br> - via a SVG file with long CSS style property values. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 0.43-0.0etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 0.43-1</dt> -<br><dt>This upgrade is recommended if you use inkscape.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install inkscape</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-25-1.html b/website/DTSA/DTSA-25-1.html deleted file mode 100644 index 9e96710a17..0000000000 --- a/website/DTSA/DTSA-25-1.html +++ /dev/null @@ -1,93 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-25-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>December 5th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:smb4k'>smb4k</a></dd> -<dt>Vulnerability:</dt> -<dd>access validation error</dd> -<dt>Problem-Scope:</dt> -<dd>local</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2851'>CVE-2005-2851</a> -<br></dd> -<br><dt>More information:</dt> -<dd>CVE-2005-2851 <br> - <br> - A vulnerability leading to unauthorized file access has been found. A <br> - pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a textfile <br> - will cause Smb4k to write the contents of these files to the target of the <br> - symlink, as Smb4k does not check for the existence of these files before <br> - writing to them. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 0.6.4-0.0etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 0.6.4-1</dt> -<br><dt>This upgrade is recommended if you use smb4k.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install smb4k</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-26-1.html b/website/DTSA/DTSA-26-1.html deleted file mode 100644 index 4f09401af4..0000000000 --- a/website/DTSA/DTSA-26-1.html +++ /dev/null @@ -1,91 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-26-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>December 5th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:trackballs'>trackballs</a></dd> -<dt>Vulnerability:</dt> -<dd>symlink attack</dd> -<dt>Problem-Scope:</dt> -<dd>remote/local</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -None -<br></dd> -<br><dt>More information:</dt> -<dd>Ulf Harnhammar notices that that trackballs follows symlinks when running as <br> -gid games. It writes to files such as $HOME/.trackballs/[USERNAME].gmr and <br> -$HOME/.trackballs/settings without checking if they are symlinks somewhere <br> -else. This can be abused for overwriting or creating files wherever the games <br> -group is allowed to do so. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 1.1.1-0.0etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 1.1.1-1</dt> -<br><dt>This upgrade is recommended if you use trackballs.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-27-1.html b/website/DTSA/DTSA-27-1.html deleted file mode 100644 index 83fad0e8f5..0000000000 --- a/website/DTSA/DTSA-27-1.html +++ /dev/null @@ -1,96 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-27-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>Janurary 20th, 2006</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:fuse'>fuse</a></dd> -<dt>Vulnerability:</dt> -<dd>potential data corruption when installed seduid root</dd> -<dt>Problem-Scope:</dt> -<dd>local</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3531'>CVE-2005-3531</a> -<br></dd> -<br><dt>More information:</dt> -<dd>Thomas Biege discovered that fusermount in FUSE before 2.4.1, if installed <br> -setuid root, allows local users to corrupt /etc/mtab and possibly modify mount <br> -options by performing a mount over a directory whose name contains certain <br> -special characters <br> - <br> -Successful exploitation could result in a denial of service if mount options <br> -become unusable. An attacker can also exploit this issue to add arbitrary mount <br> -points that could grant the attacker read and possibly write access to <br> -otherwise restricted or privileged mount points. Other attacks are also <br> -possible. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 2.3.0-4.2etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 2.4.1-0.1</dt> -<br><dt>This upgrade is recommended if you use fuse.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-28-1.html b/website/DTSA/DTSA-28-1.html deleted file mode 100644 index 1ef6e89f0b..0000000000 --- a/website/DTSA/DTSA-28-1.html +++ /dev/null @@ -1,140 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-28-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>January 25th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:gpdf'>gpdf</a></dd> -<dt>Vulnerability:</dt> -<dd>multiple vulnerabilities</dd> -<dt>Problem-Scope:</dt> -<dd>local/user-initiated</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2097'>CVE-2005-2097</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193'>CVE-2005-3193</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624'>CVE-2005-3624</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625'>CVE-2005-3625</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626'>CVE-2005-3626</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627'>CVE-2005-3627</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628'>CVE-2005-3628</a> -<br></dd> -<br><dt>More information:</dt> -<dd> <br> -Multiple security holes have been found in the xpdf library which gpdf embbeds: <br> - <br> -CVE-2005-2097 <br> - xpdf does not properly validate the "loca" table in PDF files, which allows <br> - local users to cause a denial of service (disk consumption and hang) via a <br> - PDF file with a "broken" loca table, which causes a large temporary file to <br> - be created when xpdf attempts to reconstruct the information. <br> - <br> -CVE-2005-3193 <br> - Heap-based buffer overflow in the JPXStream::readCodestream function in the <br> - JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows <br> - user-complicit attackers to cause a denial of service (heap corruption) and <br> - possibly execute arbitrary code via a crafted PDF file with large size values <br> - that cause insufficient memory to be allocated. <br> - <br> -CVE-2005-3624 <br> - The CCITTFaxStream::CCITTFaxStream function in Stream.cc for gpdf allows <br> - attackers to corrupt the heap via negative or large integers in a <br> - CCITTFaxDecode stream, which lead to integer overflows and integer <br> - underflows. <br> - <br> -CVE-2005-3625 <br> - Xpdf allows attackers to cause a denial of service (infinite loop) via <br> - streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode <br> - and (2) DCTDecode streams, aka "Infinite CPU spins." <br> - <br> -CVE-2005-3626 <br> - Xpdf allows attackers to cause a denial of service (crash) via a crafted <br> - FlateDecode stream that triggers a null dereference. <br> - <br> -CVE-2005-3627 <br> - Stream.cc in Xpdf allows attackers to modify memory and possibly execute <br> - arbitrary code via a DCTDecode stream with (1) a large "number of components" <br> - value that is not checked by DCTStream::readBaselineSOF or <br> - DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that <br> - is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the <br> - scanInfo.numComps value by DCTStream::readScanInfo. <br> - <br> -CVE-2005-3628 <br> - Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in <br> - Xpdf allows attackers to modify memory and possibly execute arbitrary code <br> - via unknown attack vectors. <br> - <br> -Please note, these issues have already been fixed in stable from the following <br> -security announcements: <br> -DSA-780-1, DSA-931-1, DSA-932-1, DSA-936-1, DSA-937-1, DSA-938-1, DSA-940-1, <br> -DSA-950-1 <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 2.10.0-1+etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 2.10.0-2</dt> -<br><dt>This upgrade is recommended if you use gpdf.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install gpdf</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-29-1.html b/website/DTSA/DTSA-29-1.html deleted file mode 100644 index 5592460627..0000000000 --- a/website/DTSA/DTSA-29-1.html +++ /dev/null @@ -1,94 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-29-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>June 15th, 2006</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:Blender'>Blender</a></dd> -<dt>Vulnerability:</dt> -<dd>heap-based buffer overflow</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4470'>CVE-2005-4470</a> -<br></dd> -<br><dt>More information:</dt> -<dd>A heap-based buffer overflow vulnerability was discovered by Damian Put in <br> -Blender BlenLoader 2.0 through 2.40pre which allows remote attackers to cause a <br> -denial of service (application crash) and possibly execute arbitrary code via a <br> -.blend file with a negative bhead.len value, which causes less memory to be <br> -allocated than expected, possibly due to an integer overflow. <br> - <br> -Please note, this issue has already been fixed in stable in security <br> -announcement DSA-1039-1 <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 2.37a-1.1etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 2.40-1</dt> -<br><dt>This upgrade is recommended if you use Blender.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install blender</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-3-1.html b/website/DTSA/DTSA-3-1.html deleted file mode 100644 index 0458683b6d..0000000000 --- a/website/DTSA/DTSA-3-1.html +++ /dev/null @@ -1,127 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-3-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>August 28th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:clamav'>clamav</a></dd> -<dt>Vulnerability:</dt> -<dd>denial of service and privilege escalation</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2070'>CVE-2005-2070</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1923'>CVE-2005-1923</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2056'>CVE-2005-2056</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1922'>CVE-2005-1922</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2450'>CVE-2005-2450</a> -<br></dd> -<br><dt>More information:</dt> -<dd>Multiple security holes were found in clamav: <br> - <br> -CVE-2005-2070 <br> - <br> -The ClamAV Mail fILTER (clamav-milter), when used in Sendmail using long <br> -timeouts, allows remote attackers to cause a denial of service by keeping <br> -an open connection, which prevents ClamAV from reloading. <br> - <br> -CVE-2005-1923 <br> - <br> -The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) allows remote <br> -attackers to cause a denial of service (CPU consumption by infinite loop) <br> -via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, <br> -which causes a zero-length read. <br> - <br> -CVE-2005-2056 <br> - <br> -The Quantum archive decompressor in Clam AntiVirus (ClamAV) allows remote <br> -attackers to cause a denial of service (application crash) via a crafted <br> -Quantum archive. <br> - <br> -CVE-2005-1922 <br> - <br> -The MS-Expand file handling in Clam AntiVirus (ClamAV) allows remote <br> -attackers to cause a denial of service (file descriptor and memory <br> -consumption) via a crafted file that causes repeated errors in the <br> -cli_msexpand function. <br> - <br> -CVE-2005-2450 <br> - <br> -Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file <br> -format processors in libclamav for Clam AntiVirus (ClamAV) allow remote <br> -attackers to gain privileges via a crafted e-mail message. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 0.86.2-4etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 0.86.2-1</dt> -<br><dt>This upgrade is recommended if you use clamav.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<dt>The Debian testing security team does not track security issues for then stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, the Debian security team will make an announcement once a fix is ready.</dt> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://testing-security.debian.net/ziyi-2005-7.asc'>http://testing-security.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<dt>For further information about the Debian testing security team, please refer to <a href='http://testing-security.debian.net/'>http://testing-security.debian.net/</a></dt> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-32-1.html b/website/DTSA/DTSA-32-1.html deleted file mode 100644 index 37a29575b0..0000000000 --- a/website/DTSA/DTSA-32-1.html +++ /dev/null @@ -1,90 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-32-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>February 1st, 2007</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:bcfg2'>bcfg2</a></dd> -<dt>Vulnerability:</dt> -<dd>programming error</dd> -<dt>Problem-Scope:</dt> -<dd>local</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -None so far -<br></dd> -<br><dt>More information:</dt> -<dd>Incorrect permissions for the bcfg2 configuration file could lead to password <br> -disclosure to unprivileged users. <br> - <br> -Please note that bcfg2 is not present in sarge. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 0.8.6.1-1.1etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 0.8.7.3-1</dt> -<br><dt>This upgrade is recommended if you use bcfg2.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install bcfg2</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://security.debian.org/ testing/updates main contrib non-free</dd> -<dd>deb-src http://security.debian.org/ testing/updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-33-1.html b/website/DTSA/DTSA-33-1.html deleted file mode 100644 index 90ec89490a..0000000000 --- a/website/DTSA/DTSA-33-1.html +++ /dev/null @@ -1,110 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-33-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>February 12th, 2007</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:wordpress'>wordpress</a></dd> -<dt>Vulnerability:</dt> -<dd>multiple vulnerabilities</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0262'>CVE-2007-0262</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0539'>CVE-2007-0539</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0541'>CVE-2007-0541</a> -<br></dd> -<br><dt>More information:</dt> -<dd>Various issues have been discovered in wordpress: <br> - <br> -CVE-2007-0262 <br> - wordpress does not properly verify that the m parameter value has the string <br> - data type, which allows remote attackers to obtain sensitive information via <br> - an invalid m[] parameter, as demonstrated by obtaining the path, and <br> - obtaining certain SQL information such as the table prefix. <br> - <br> -CVE-2007-0539 <br> - WordPress before 2.1 allows remote attackers to cause a denial of service <br> - (bandwidth or thread consumption) via pingback service calls with a source <br> - URI that corresponds to a large file, which triggers a long download session <br> - without a timeout constraint. <br> - <br> -CVE-2007-0541 <br> - WordPress allows remote attackers to determine the existence of arbitrary <br> - files, and possibly read portions of certain files, via pingback service <br> - calls with a source URI that corresponds to a local pathname, which triggers <br> - different fault codes for existing and non-existing files, and in certain <br> - configurations causes a brief file excerpt to be published as a blog comment. <br> - <br> -Please note that wordpress is not present in sarge. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 2.0.8-1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 2.1.0-1</dt> -<br><dt>This upgrade is recommended if you use wordpress.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install wordpress</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://security.debian.org/ testing/updates main contrib non-free</dd> -<dd>deb-src http://security.debian.org/ testing/updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-34-1.html b/website/DTSA/DTSA-34-1.html deleted file mode 100644 index 81015a6678..0000000000 --- a/website/DTSA/DTSA-34-1.html +++ /dev/null @@ -1,93 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-34-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>March 3rd, 2007</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:wordpress'>wordpress</a></dd> -<dt>Vulnerability:</dt> -<dd>cross-site scripting</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1049'>CVE-2007-1049</a> -<br></dd> -<br><dt>More information:</dt> -<dd>A Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in <br> -the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 <br> -before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary <br> -web script or HTML via the file parameter to wp-admin/templates.php, and <br> -possibly other vectors involving the action variable. <br> - <br> -Please note that wordpress is not present in sarge. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 2.0.9-1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 2.1.1-1</dt> -<br><dt>This upgrade is recommended if you use wordpress.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install wordpress</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://security.debian.org/ testing/updates main contrib non-free</dd> -<dd>deb-src http://security.debian.org/ testing/updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-35-1.html b/website/DTSA/DTSA-35-1.html deleted file mode 100644 index 11eb9fac07..0000000000 --- a/website/DTSA/DTSA-35-1.html +++ /dev/null @@ -1,86 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-35-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>May 16th, 2007</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:aircrack-ng'>aircrack-ng</a></dd> -<dt>Vulnerability:</dt> -<dd>programming error</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2057'>CVE-2007-2057</a> -<br></dd> -<br><dt>More information:</dt> -<dd>It was discovered that aircrack-ng, a WEP/WPA security analysis tool, performs <br> -insufficient validation of 802.11 authentication packets, which allows the <br> -execution of arbitrary code. <br> -</dd> -<br><dt>For the testing distribution (lenny) this is fixed in version 1:0.8-0.1lenny1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 1:0.7-3</dt> -<br><dt>This upgrade is recommended if you use aircrack-ng.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install aircrack-ng</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://security.debian.org/ testing/updates main contrib non-free</dd> -<dd>deb-src http://security.debian.org/ testing/updates main contrib non-free</dd> - -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-36-1.html b/website/DTSA/DTSA-36-1.html deleted file mode 100644 index 665df631eb..0000000000 --- a/website/DTSA/DTSA-36-1.html +++ /dev/null @@ -1,84 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-36-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>May 22th, 2007</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:mydns'>mydns</a></dd> -<dt>Vulnerability:</dt> -<dd>multiple buffer overflows</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2362'>CVE-2007-2362</a> -<br></dd> -<br><dt>More information:</dt> -<dd>Multiple buffer overflows in MyDNS allow remote attackers to cause a denial of <br> -service (daemon crash) and possibly execute arbitrary code. <br> -</dd> -<br><dt>For the testing distribution (lenny) this is fixed in version 1:1.1.0-7.1lenny1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 1:1.1.0-8</dt> -<br><dt>This upgrade is recommended if you use mydns.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://security.debian.org/ testing/updates main contrib non-free</dd> -<dd>deb-src http://security.debian.org/ testing/updates main contrib non-free</dd> -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-37-1.html b/website/DTSA/DTSA-37-1.html deleted file mode 100644 index a7d38631d4..0000000000 --- a/website/DTSA/DTSA-37-1.html +++ /dev/null @@ -1,99 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-37-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>May 22th, 2007</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:clamav'>clamav</a></dd> -<dt>Vulnerability:</dt> -<dd>several vulnerabilities</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1745'>CVE-2007-1745</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1997'>CVE-2007-1997</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2029'>CVE-2007-2029</a> -<br></dd> -<br><dt>More information:</dt> -<dd>Several remote vulnerabilities have been discovered in the Clam anti-virus <br> -toolkit. The Common Vulnerabilities and Exposures project identifies the <br> -following problems: <br> - <br> -CVE-2007-1745 <br> -It was discovered that a file descriptor leak in the CHM handler may lead to <br> -denial of service. <br> - <br> -CVE-2007-1997 <br> -It was discovered that a buffer overflow in the CAB handler may lead to the <br> -execution of arbitrary code. <br> - <br> -CVE-2007-2029 <br> -It was discovered that a file descriptor leak in the PDF handler may lead to <br> -denial of service. <br> -</dd> -<br><dt>For the testing distribution (lenny) this is fixed in version 0.90.1-3lenny2</dt> -<dt>For the unstable distribution (sid) this is fixed in version 0.90.2-1</dt> -<br><dt>This upgrade is recommended if you use clamav.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://security.debian.org/ testing/updates main contrib non-free</dd> -<dd>deb-src http://security.debian.org/ testing/updates main contrib non-free</dd> -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-38-1.html b/website/DTSA/DTSA-38-1.html deleted file mode 100644 index 46862aada0..0000000000 --- a/website/DTSA/DTSA-38-1.html +++ /dev/null @@ -1,114 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-38-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>May 26th, 2007</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:qemu'>qemu</a></dd> -<dt>Vulnerability:</dt> -<dd>several vulnerabilities</dd> -<dt>Problem-Scope:</dt> -<dd>local</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1320'>CVE-2007-1320</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1321'>CVE-2007-1321</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1322'>CVE-2007-1322</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1323'>CVE-2007-1323</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1366'>CVE-2007-1366</a> -<br></dd> -<br><dt>More information:</dt> -<dd>Several vulnerabilities have been discovered in the QEMU processor <br> -emulator, which may lead to the execution of arbitrary code or denial of <br> -service. The Common Vulnerabilities and Exposures project identifies the <br> -following problems: <br> - <br> -CVE-2007-1320 <br> - Tavis Ormandy discovered that a memory management routine of the Cirrus <br> - video driver performs insufficient bounds checking, which might <br> - allow the execution of arbitrary code through a heap overflow. <br> - <br> -CVE-2007-1321 <br> - Tavis Ormandy discovered that the NE2000 network driver and the socket <br> - code perform insufficient input validation, which might allow the <br> - execution of arbitrary code through a heap overflow. <br> - <br> -CVE-2007-1322 <br> - Tavis Ormandy discovered that the "icebp" instruction can be abused to <br> - terminate the emulation, resulting in denial of service. <br> - <br> -CVE-2007-1323 <br> - Tavis Ormandy discovered that the NE2000 network driver and the socket <br> - code perform insufficient input validation, which might allow the <br> - execution of arbitrary code through a heap overflow. <br> - <br> -CVE-2007-1366 <br> - Tavis Ormandy discovered that the "aam" instruction can be abused to <br> - crash qemu through a division by zero, resulting in denial of <br> - service. <br> -</dd> -<br><dt>For the testing distribution (lenny) this is fixed in version 0.8.2-5lenny1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 0.9.0-2</dt> -<br><dt>This upgrade is recommended if you use qemu.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://security.debian.org/ testing/updates main contrib non-free</dd> -<dd>deb-src http://security.debian.org/ testing/updates main contrib non-free</dd> -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-39-1.html b/website/DTSA/DTSA-39-1.html deleted file mode 100644 index 6d390a2e95..0000000000 --- a/website/DTSA/DTSA-39-1.html +++ /dev/null @@ -1,184 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-39-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>May 28th, 2007</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:php5'>php5</a></dd> -<dt>Vulnerability:</dt> -<dd>several vulnerabilities</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1286'>CVE-2007-1286</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1375'>CVE-2007-1375</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1376'>CVE-2007-1376</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1380'>CVE-2007-1380</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1453'>CVE-2007-1453</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1454'>CVE-2007-1454</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1521'>CVE-2007-1521</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583'>CVE-2007-1583</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1700'>CVE-2007-1700</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718'>CVE-2007-1718</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1777'>CVE-2007-1777</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1824'>CVE-2007-1824</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1887'>CVE-2007-1887</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1889'>CVE-2007-1889</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900'>CVE-2007-1900</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2509'>CVE-2007-2509</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2510'>CVE-2007-2510</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2511'>CVE-2007-2511</a> -<br></dd> -<br><dt>More information:</dt> -<dd>Several remote vulnerabilities have been discovered in PHP, a <br> -server-side, HTML-embedded scripting language, which may lead to the <br> -execution of arbitrary code. The Common Vulnerabilities and Exposures <br> -project identifies the following problems: <br> - <br> -CVE-2007-1286 <br> - Stefan Esser discovered an overflow in the object reference handling <br> - code of the unserialize() function, which allows the execution of <br> - arbitrary code if malformed input is passed from an application. <br> - <br> -CVE-2007-1375 <br> - Stefan Esser discovered that an integer overflow in the substr_compare() <br> - function allows information disclosure of heap memory. <br> - <br> -CVE-2007-1376 <br> - Stefan Esser discovered that insufficient validation of shared memory <br> - functions allows the disclosure of heap memory. <br> - <br> -CVE-2007-1380 <br> - Stefan Esser discovered that the session handler performs <br> - insufficient validation of variable name length values, which allows <br> - information disclosure through a heap information leak. <br> - <br> -CVE-2007-1453 <br> - Stefan Esser discovered that the filtering framework performs insufficient <br> - input validation, which allows the execution of arbitrary code through a <br> - buffer underflow. <br> - <br> -CVE-2007-1454 <br> - Stefan Esser discovered that the filtering framework can be bypassed <br> - with a special whitespace character. <br> - <br> -CVE-2007-1521 <br> - Stefan Esser discovered a double free vulnerability in the <br> - session_regenerate_id() function, which allows the execution of <br> - arbitrary code. <br> - <br> -CVE-2007-1583 <br> - Stefan Esser discovered that a programming error in the mb_parse_str() <br> - function allows the activation of "register_globals". <br> - <br> -CVE-2007-1700 <br> - Stefan Esser discovered that the session extension incorrectly maintains <br> - the reference count of session variables, which allows the execution of <br> - arbitrary code. <br> - <br> -CVE-2007-1718 <br> - Stefan Esser discovered that the mail() function performs <br> - insufficient validation of folded mail headers, which allows mail <br> - header injection. <br> - <br> -CVE-2007-1777 <br> - Stefan Esser discovered that the extension to handle ZIP archives <br> - performs insufficient length checks, which allows the execution of <br> - arbitrary code. <br> - <br> -CVE-2007-1824 <br> - Stefan Esser discovered an off-by-one in the filtering framework, which <br> - allows the execution of arbitrary code. <br> - <br> -CVE-2007-1887 <br> - Stefan Esser discovered that a buffer overflow in the sqlite extension <br> - allows the execution of arbitrary code. <br> - <br> -CVE-2007-1889 <br> - Stefan Esser discovered that the PHP memory manager performs an <br> - incorrect type cast, which allows the execution of arbitrary code <br> - through buffer overflows. <br> - <br> -CVE-2007-1900 <br> - Stefan Esser discovered that incorrect validation in the email filter <br> - extension allowed the injection of mail headers. <br> - <br> -CVE-2007-2509 <br> - It was discovered that missing input sanitising inside the ftp <br> - extension permits an attacker to execute arbitrary FTP commands. <br> - This requires the attacker to already have access to the FTP <br> - server. <br> - <br> -CVE-2007-2510 <br> - It was discovered that a buffer overflow in the SOAP extension permits <br> - the execution of arbitrary code. <br> - <br> -CVE-2007-2511 <br> - A buffer overflow was discovered in the user_filter_factory_create. <br> -</dd> -<br><dt>For the testing distribution (lenny) this is fixed in version 5.2.0-10+lenny1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 5.2.2-1</dt> -<br><dt>This upgrade is recommended if you use php5.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://security.debian.org/ testing/updates main contrib non-free</dd> -<dd>deb-src http://security.debian.org/ testing/updates main contrib non-free</dd> -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-4-1.html b/website/DTSA/DTSA-4-1.html deleted file mode 100644 index 1488534ab3..0000000000 --- a/website/DTSA/DTSA-4-1.html +++ /dev/null @@ -1,123 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-4-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>August 28th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:ekg'>ekg</a></dd> -<dt>Vulnerability:</dt> -<dd>multiple vulnerabilities</dd> -<dt>Problem-Scope:</dt> -<dd>local and remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1916'>CVE-2005-1916</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1851'>CVE-2005-1851</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1850'>CVE-2005-1850</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1852'>CVE-2005-1852</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2448'>CVE-2005-2448</a> -<br></dd> -<br><dt>More information:</dt> -<dd>Multiple vulnerabilities were discovered in ekg: <br> - <br> -CVE-2005-1916 <br> - <br> -Eric Romang discovered insecure temporary file creation and arbitrary <br> -command execution in a contributed script that can be exploited by a local <br> -attacker. <br> - <br> -CVE-2005-1851 <br> - <br> -Marcin Owsiany and Wojtek Kaniewski discovered potential shell command <br> -injection in a contributed script. <br> - <br> -CVE-2005-1850 <br> - <br> -Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file <br> -creation in contributed scripts. <br> - <br> -CVE-2005-1852 <br> - <br> -Multiple integer overflows in libgadu, as used in ekg, allows remote <br> -attackers to cause a denial of service (crash) and possibly execute <br> -arbitrary code via an incoming message. <br> - <br> -CVE-2005-2448 <br> - <br> -Multiple endianness errors in libgadu in ekg allow remote attackers to <br> -cause a denial of service (invalid behaviour in applications) on <br> -big-endian systems. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 1:1.5+20050808+1.6rc3-0etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 1:1.5+20050808+1.6rc3-1</dt> -<br><dt>This upgrade is recommended if you use ekg.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install libgadu3 ekg</dd> -<br> - -<dt>The Debian testing security team does not track security issues for then stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, the Debian security team will make an announcement once a fix is ready.</dt> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://testing-security.debian.net/ziyi-2005-7.asc'>http://testing-security.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<dt>For further information about the Debian testing security team, please refer to <a href='http://testing-security.debian.net/'>http://testing-security.debian.net/</a></dt> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-40-1.html b/website/DTSA/DTSA-40-1.html deleted file mode 100644 index f7354d788f..0000000000 --- a/website/DTSA/DTSA-40-1.html +++ /dev/null @@ -1,134 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-40-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>May 28th, 2007</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:php4'>php4</a></dd> -<dt>Vulnerability:</dt> -<dd>several vulnerabilities</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1286'>CVE-2007-1286</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1380'>CVE-2007-1380</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1521'>CVE-2007-1521</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583'>CVE-2007-1583</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718'>CVE-2007-1718</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1777'>CVE-2007-1777</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2509'>CVE-2007-2509</a> -<br></dd> -<br><dt>More information:</dt> -<dd>IMPORTANT NOTE: <br> - php4 will be removed from testing (lenny); thus you are strongly <br> - advised to migrate to php5. If you cannot upgrade, you should <br> - consider using the stable distribution (etch) instead. <br> - <br> -Several remote vulnerabilities have been discovered in PHP, a <br> -server-side, HTML-embedded scripting language, which may lead to the <br> -execution of arbitrary code. The Common Vulnerabilities and Exposures <br> -project identifies the following problems: <br> - <br> -CVE-2007-1286 <br> - Stefan Esser discovered an overflow in the object reference handling <br> - code of the unserialize() function, which allows the execution of <br> - arbitrary code if malformed input is passed from an application. <br> - <br> -CVE-2007-1380 <br> - Stefan Esser discovered that the session handler performs <br> - insufficient validation of variable name length values, which allows <br> - information disclosure through a heap information leak. <br> - <br> -CVE-2007-1521 <br> - Stefan Esser discovered a double free vulnerability in the <br> - session_regenerate_id() function, which allows the execution of <br> - arbitrary code. <br> - <br> -CVE-2007-1538 <br> - Stefan Esser discovered that the mb_parse_str function sets the internal <br> - register_globals flag and does not disable it in certain cases when a script <br> - terminates, which allows remote attackers to invoke available PHP scripts with <br> - register_globals functionality that is not detectable by these scripts <br> - <br> -CVE-2007-1718 <br> - Stefan Esser discovered that the mail() function performs <br> - insufficient validation of folded mail headers, which allows mail <br> - header injection. <br> - <br> -CVE-2007-1777 <br> - Stefan Esser discovered that the extension to handle ZIP archives <br> - performs insufficient length checks, which allows the execution of <br> - arbitrary code. <br> - <br> -CVE-2007-2509 <br> - It was discovered that the ftp extension of PHP, a server-side, <br> - HTML-embedded scripting language performs insufficient input sanitising, <br> - which permits an attacker to execute arbitrary FTP commands. This <br> - requires the attacker to already have access to the FTP server. <br> -</dd> -<br><dt>For the testing distribution (lenny) this is fixed in version 6:4.4.4-9+lenny1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 6:4.4.6-2</dt> -<br><dt>This upgrade is recommended if you use php4.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://security.debian.org/ testing/updates main contrib non-free</dd> -<dd>deb-src http://security.debian.org/ testing/updates main contrib non-free</dd> -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-41-1.html b/website/DTSA/DTSA-41-1.html deleted file mode 100644 index 30bcd9111b..0000000000 --- a/website/DTSA/DTSA-41-1.html +++ /dev/null @@ -1,105 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-41-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>May 31th, 2007</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:samba'>samba</a></dd> -<dt>Vulnerability:</dt> -<dd>several vulnerabilities</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444'>CVE-2007-2444</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446'>CVE-2007-2446</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447'>CVE-2007-2447</a> -<br></dd> -<br><dt>More information:</dt> -<dd>Several issues have been identified in Samba, the SMB/CIFS file- and <br> -print-server implementation for GNU/Linux. <br> - <br> -CVE-2007-2444 <br> - <br> -When translating SIDs to/from names using Samba local list of user and group <br> -accounts, a logic error in the smbd daemon's internal security stack may result <br> -in a transition to the root user id rather than the non-root user. The user is <br> -then able to temporarily issue SMB/CIFS protocol operations as the root user. <br> -This window of opportunity may allow the attacker to establish addition means <br> -of gaining root access to the server. <br> - <br> -CVE-2007-2446 <br> - <br> -Various bugs in Samba's NDR parsing can allow a user to send specially crafted <br> -MS-RPC requests that will overwrite the heap space with user defined data. <br> - <br> -CVE-2007-2447 <br> - <br> -Unescaped user input parameters are passed as arguments to /bin/sh allowing for <br> -remote command execution. <br> -</dd> -<br><dt>For the testing distribution (lenny) this is fixed in version 3.0.24-6+lenny3</dt> -<dt>For the unstable distribution (sid) this is fixed in version 3.0.25-1</dt> -<br><dt>This upgrade is strongly recommended if you use samba.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://security.debian.org/ testing/updates main contrib non-free</dd> -<dd>deb-src http://security.debian.org/ testing/updates main contrib non-free</dd> -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-5-1.html b/website/DTSA/DTSA-5-1.html deleted file mode 100644 index fa5d25b6a1..0000000000 --- a/website/DTSA/DTSA-5-1.html +++ /dev/null @@ -1,112 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-5-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>August 28th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:gaim'>gaim</a></dd> -<dt>Vulnerability:</dt> -<dd>multiple remote vulnerabilities</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2102'>CVE-2005-2102</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2370'>CVE-2005-2370</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2103'>CVE-2005-2103</a> -<br></dd> -<br><dt>More information:</dt> -<dd>Multiple security holes were found in gaim: <br> - <br> -CVE-2005-2102 <br> - <br> -The AIM/ICQ module in Gaim allows remote attackers to cause a denial of <br> -service (application crash) via a filename that contains invalid UTF-8 <br> -characters. <br> - <br> -CVE-2005-2370 <br> - <br> -Multiple memory alignment errors in libgadu, as used in gaim and other <br> -packages, allow remote attackers to cause a denial of service (bus error) <br> -on certain architectures such as SPARC via an incoming message. <br> - <br> -CVE-2005-2103 <br> - <br> -Buffer overflow in the AIM and ICQ module in Gaim allows remote attackers <br> -to cause a denial of service (application crash) and possibly execute <br> -arbitrary code via an away message with a large number of AIM substitution <br> -strings, such as %t or %n. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 1:1.4.0-5etch2</dt> -<dt>For the unstable distribution (sid) this is fixed in version 1:1.4.0-5</dt> -<br><dt>This upgrade is recommended if you use gaim.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install gaim</dd> -<br> - -<dt>The Debian testing security team does not track security issues for then stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, the Debian security team will make an announcement once a fix is ready.</dt> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://testing-security.debian.net/ziyi-2005-7.asc'>http://testing-security.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<dt>For further information about the Debian testing security team, please refer to <a href='http://testing-security.debian.net/'>http://testing-security.debian.net/</a></dt> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-54-1.html b/website/DTSA/DTSA-54-1.html deleted file mode 100644 index 48c53de074..0000000000 --- a/website/DTSA/DTSA-54-1.html +++ /dev/null @@ -1,91 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-54-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>August 22nd , 2007</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:poppler'>poppler</a></dd> -<dt>Vulnerability:</dt> -<dd>integer overflow</dd> -<dt>Problem-Scope:</dt> -<dd>local (remote)</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387'>CVE-2007-3387</a> -<br></dd> -<br><dt>More information:</dt> -<dd>It was discovered that an integer overflow in the xpdf PDF viewer may lead <br> -to the execution of arbitrary code if a malformed PDF file is opened. <br> - <br> -CVE-2007-3387 <br> - <br> -Integer overflow in the StreamPredictor::StreamPredictor function in gpdf <br> -before 2.8.2, as used in (1) poppler, (2) xpdf, (3) kpdf, (4) kdegraphics, <br> -(5) CUPS, and other products, might allow remote attackers to execute <br> -arbitrary code via a crafted PDF file. <br> -</dd> -<br><dt>For the testing distribution (lenny) this is fixed in version 0.5.4-6lenny1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 0.5.4-6.1</dt> -<br><dt>This upgrade is recommended if you use poppler.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://security.debian.org/ testing/updates main contrib non-free</dd> -<dd>deb-src http://security.debian.org/ testing/updates main contrib non-free</dd> -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-55-1.html b/website/DTSA/DTSA-55-1.html deleted file mode 100644 index cf266b7a76..0000000000 --- a/website/DTSA/DTSA-55-1.html +++ /dev/null @@ -1,92 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-55-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>September 1st , 2007</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:centerim'>centerim</a></dd> -<dt>Vulnerability:</dt> -<dd>buffer overflows</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3713'>CVE-2007-3713</a> -<br></dd> -<br><dt>More information:</dt> -<dd>It was discovered that there are multiple buffer overflows, which could lead <br> -to the execution of arbitrary code. <br> - <br> -CVE-2007-3713 <br> - <br> -Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow <br> -remote attackers to execute arbitrary code via unspecified vectors. <br> -NOTE: the provenance of this information is unknown; the details are <br> -obtained solely from third party information. NOTE: this might overlap <br> -CVE-2007-0160. <br> -</dd> -<br><dt>For the testing distribution (lenny) this is fixed in version 4.22.1-2lenny1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 4.22.1-2.1</dt> -<br><dt>This upgrade is recommended if you use centerim.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://security.debian.org/ testing/updates main contrib non-free</dd> -<dd>deb-src http://security.debian.org/ testing/updates main contrib non-free</dd> -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-56-1.html b/website/DTSA/DTSA-56-1.html deleted file mode 100644 index 6460e3e515..0000000000 --- a/website/DTSA/DTSA-56-1.html +++ /dev/null @@ -1,93 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-56-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>September 4th , 2007</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:zziplib'>zziplib</a></dd> -<dt>Vulnerability:</dt> -<dd>buffer overflow</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1614'>CVE-2007-1614</a> -<br></dd> -<br><dt>More information:</dt> -<dd>The zziplib library is prone to a stack-based buffer overflow <br> -which might allow remote attackers to execute arbitrary code <br> -or denial of service (application crash) via a long file name. <br> - <br> -CVE-2007-1614 <br> - <br> -Stack-based buffer overflow in the zzip_open_shared_io function <br> -in zzip/file.c in ZZIPlib Library before 0.13.49 allows <br> -user-assisted remote attackers to cause a denial of service <br> -(application crash) or execute arbitrary code via a long <br> -filename. <br> -</dd> -<br><dt>For the testing distribution (lenny) this is fixed in version 0.12.83-8lenny1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 0.13.49-0</dt> -<br><dt>This upgrade is recommended if you use zziplib.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://security.debian.org/ testing/updates main contrib non-free</dd> -<dd>deb-src http://security.debian.org/ testing/updates main contrib non-free</dd> -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-57-1.html b/website/DTSA/DTSA-57-1.html deleted file mode 100644 index 4bf0028d23..0000000000 --- a/website/DTSA/DTSA-57-1.html +++ /dev/null @@ -1,90 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-57-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>September 9, 2007</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:gforge'>gforge</a></dd> -<dt>Vulnerability:</dt> -<dd>sql injection</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3913'>CVE-2007-3913</a> -<br></dd> -<br><dt>More information:</dt> -<dd>The gforge collaborative development environment is prone <br> -to an SQL injection due to insufficient input sanitizing. <br> - <br> -CVE-2007-3913 <br> - <br> -SQL injection vulnerability in Gforge before 3.1 allows <br> -remote attackers to execute arbitrary SQL commands via <br> -unspecified vectors. <br> -</dd> -<br><dt>For the testing distribution (lenny) this is fixed in version 4.5.14-23lenny2</dt> -<dt>For the unstable distribution (sid) this is fixed in version 4.6.99+svn6086-1</dt> -<br><dt>This upgrade is recommended if you use gforge.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get upgrade</dd> -<br> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://security.debian.org/ testing/updates main contrib non-free</dd> -<dd>deb-src http://security.debian.org/ testing/updates main contrib non-free</dd> -<br> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-6-1.html b/website/DTSA/DTSA-6-1.html deleted file mode 100644 index 5c2e506446..0000000000 --- a/website/DTSA/DTSA-6-1.html +++ /dev/null @@ -1,109 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-6-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>August 28th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:cgiwrap'>cgiwrap</a></dd> -<dt>Vulnerability:</dt> -<dd>multiple vulnerabilities</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name='></a> -<br></dd> -<br><dt>More information:</dt> -<dd>Javier Fernández-Sanguino Peña discovered various vulnerabilities in cgiwrap: <br> - <br> -Minimum UID does not include all system users <br> - <br> -The CGIwrap program will not seteuid itself to uids below the 'minimum' uid <br> -to prevent scripts from being misused to compromise the system. However, <br> -the Debian package sets the minimum uid to 100 when it should be 1000. <br> - <br> -CGIs can be used to disclose system information <br> - <br> -The cgiwrap (and php-cgiwrap) package installs some debugging CGIs <br> -(actually symbolink links, which link to cgiwrap and are called 'cgiwrap' <br> -and 'nph-cgiwrap' or link to php-cgiwrap). These CGIs should not be <br> -installed in production environments as they disclose internal and <br> -potentially sensible information. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 3.9-3.0etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 3.9-3.1</dt> -<br><dt>This upgrade is recommended if you use cgiwrap.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dt>If you use cgiwrap:</dt> -<dd>apt-get update && apt-get install cgiwrap</dd> -<dd>If you use php-cgiwrap:<dd> -<dt>apt-get update && apt-get install php-cgiwrap</dt> - -<br> - -<dt>The Debian testing security team does not track security issues for then stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, the Debian security team will make an announcement once a fix is ready.</dt> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://testing-security.debian.net/ziyi-2005-7.asc'>http://testing-security.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<dt>For further information about the Debian testing security team, please refer to <a href='http://testing-security.debian.net/'>http://testing-security.debian.net/</a></dt> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-7-1.html b/website/DTSA/DTSA-7-1.html deleted file mode 100644 index d8aba9b365..0000000000 --- a/website/DTSA/DTSA-7-1.html +++ /dev/null @@ -1,98 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-7-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>August 28th, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:mozilla'>mozilla</a></dd> -<dt>Vulnerability:</dt> -<dd>frame injection spoofing</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0718'>CVE-2004-0718</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1937'>CVE-2005-1937</a> -<br></dd> -<br><dt>More information:</dt> -<dd>A vulnerability has been discovered in Mozilla that allows remote attackers <br> -to inject arbitrary Javascript from one page into the frameset of another <br> -site. Thunderbird is not affected by this and Galeon will be automatically <br> -fixed as it uses Mozilla components. Mozilla Firefox is vulnerable and will <br> -be covered by a separate advisory. <br> - <br> -Note that this is the same security fix put into stable in DSA-777. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 2:1.7.8-1sarge1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 2:1.7.10-1</dt> -<br><dt>This upgrade is recommended if you use mozilla.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install mozilla</dd> -<br> - -<dt>The Debian testing security team does not track security issues for then stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, the Debian security team will make an announcement once a fix is ready.</dt> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://testing-security.debian.net/ziyi-2005-7.asc'>http://testing-security.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<dt>For further information about the Debian testing security team, please refer to <a href='http://testing-security.debian.net/'>http://testing-security.debian.net/</a></dt> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-8-2.html b/website/DTSA/DTSA-8-2.html deleted file mode 100644 index c42ecb8e4b..0000000000 --- a/website/DTSA/DTSA-8-2.html +++ /dev/null @@ -1,176 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-8-2</h2> -<dl> -<dt>Date Reported:</dt> -<dd>September 1st, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:mozilla-firefox'>mozilla-firefox</a></dd> -<dt>Vulnerability:</dt> -<dd>several vulnerabilities (update)</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0718'>CVE-2004-0718</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1937'>CVE-2005-1937</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2260'>CVE-2005-2260</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2261'>CVE-2005-2261</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2262'>CVE-2005-2262</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2263'>CVE-2005-2263</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2264'>CVE-2005-2264</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2265'>CVE-2005-2265</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2266'>CVE-2005-2266</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2267'>CVE-2005-2267</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2268'>CVE-2005-2268</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2269'>CVE-2005-2269</a> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2270'>CVE-2005-2270</a> -<br></dd> -<br><dt>More information:</dt> -<dd>We experienced that the update for Mozilla Firefox from DTSA-8-1 <br> -unfortunately was a regression in several cases. Since the usual <br> -praxis of backporting apparently does not work, this update is <br> -basically version 1.0.6 with the version number rolled back, and hence <br> -still named 1.0.4-*. For completeness below is the original advisory <br> -text: <br> - <br> -Several problems were discovered in Mozilla Firefox: <br> - <br> -CVE-2004-0718 CVE-2005-1937 <br> - <br> -A vulnerability has been discovered in Mozilla Firefox that allows remote <br> -attackers to inject arbitrary Javascript from one page into the frameset of <br> -another site. <br> - <br> -CVE-2005-2260 <br> - <br> -The browser user interface does not properly distinguish between <br> -user-generated events and untrusted synthetic events, which makes it easier <br> -for remote attackers to perform dangerous actions that normally could only be <br> -performed manually by the user. <br> - <br> -CVE-2005-2261 <br> - <br> -XML scripts ran even when Javascript disabled. <br> - <br> -CVE-2005-2262 <br> - <br> -The user can be tricked to executing arbitrary JavaScript code by using a <br> -JavaScript URL as wallpaper. <br> - <br> -CVE-2005-2263 <br> - <br> -It is possible for a remote attacker to execute a callback function in the <br> -context of another domain (i.e. frame). <br> - <br> -CVE-2005-2264 <br> - <br> -By opening a malicious link in the sidebar it is possible for remote <br> -attackers to steal sensitive information. <br> - <br> -CVE-2005-2265 <br> - <br> -Missing input sanitising of InstallVersion.compareTo() can cause the <br> -application to crash. <br> - <br> -CVE-2005-2266 <br> - <br> -Remote attackers could steal sensitive information such as cookies and <br> -passwords from web sites by accessing data in alien frames. <br> - <br> -CVE-2005-2267 <br> - <br> -By using standalone applications such as Flash and QuickTime to open a <br> -javascript: URL, it is possible for a remote attacker to steal sensitive <br> -information and possibly execute arbitrary code. <br> - <br> -CVE-2005-2268 <br> - <br> -It is possible for a Javascript dialog box to spoof a dialog box from a <br> -trusted site and facilitates phishing attacks. <br> - <br> -CVE-2005-2269 <br> - <br> -Remote attackers could modify certain tag properties of DOM nodes that could <br> -lead to the execution of arbitrary script or code. <br> - <br> -CVE-2005-2270 <br> - <br> -The Mozilla browser family does not properly clone base objects, which allows <br> -remote attackers to execute arbitrary code. <br> - <br> -Note that this is the same set of security fixes put into stable in <br> -DSA-775 and DSA-779, and updated in DSA-779-2. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 1.0.4-2sarge3</dt> -<dt>For the unstable distribution (sid) this is fixed in version 1.0.6-3</dt> -<br><dt>This upgrade is recommended if you use mozilla-firefox.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install mozilla-firefox</dd> -<br> - -<dt>The Debian testing security team does not track security issues for then stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, the Debian security team will make an announcement once a fix is ready.</dt> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://testing-security.debian.net/ziyi-2005-7.asc'>http://testing-security.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<dt>For further information about the Debian testing security team, please refer to <a href='http://testing-security.debian.net/'>http://testing-security.debian.net/</a></dt> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/DTSA/DTSA-9-1.html b/website/DTSA/DTSA-9-1.html deleted file mode 100644 index 565d8b85b1..0000000000 --- a/website/DTSA/DTSA-9-1.html +++ /dev/null @@ -1,93 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Advisory</title> - <link type="text/css" rel="stylesheet" href="../style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Advisory</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<h2>DTSA-9-1</h2> -<dl> -<dt>Date Reported:</dt> -<dd>August 31st, 2005</dd> -<dt>Affected Package:</dt> -<dd><a href='http://packages.debian.org/src:bluez-utils'>bluez-utils</a></dd> -<dt>Vulnerability:</dt> -<dd>bad device name escaping</dd> -<dt>Problem-Scope:</dt> -<dd>remote</dd> -<dt>Debian-specific:</dt> -<dd>No<br></dd> -<dt>CVE:</dt> -<dd> -<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2547'>CVE-2005-2547</a> -<br></dd> -<br><dt>More information:</dt> -<dd>A bug in bluez-utils allows remote attackers to execute arbitrary commands <br> -via shell metacharacters in the Bluetooth device name when invoking the PIN <br> -helper. <br> -</dd> -<br><dt>For the testing distribution (etch) this is fixed in version 2.19-0.1etch1</dt> -<dt>For the unstable distribution (sid) this is fixed in version 2.19-1</dt> -<br><dt>This upgrade is recommended if you use bluez-utils.<dt> -<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt> - -<dd>apt-get update && apt-get install bluez-utils</dd> -<br> - -<dt>The Debian testing security team does not track security issues for then stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, the Debian security team will make an announcement once a fix is ready.</dt> - -<br> -<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> -<br> -<dd>deb http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<dd>deb-src http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd> -<br> -<dt>The archive signing key can be downloaded from<dt> -<dd><a href='http://testing-security.debian.net/ziyi-2005-7.asc'>http://testing-security.debian.net/ziyi-2005-7.asc</a><dd> - -<br> - -<dt>For further information about the Debian testing security team, please refer to <a href='http://testing-security.debian.net/'>http://testing-security.debian.net/</a></dt> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/README b/website/README deleted file mode 100644 index cc189b9802..0000000000 --- a/website/README +++ /dev/null @@ -1,3 +0,0 @@ -Note that this website is maintained in the team's subversion repository. -Any files placed here will be deleted by the next automatic checkout of the -website. diff --git a/website/footer.html b/website/footer.html deleted file mode 100644 index 973149ade0..0000000000 --- a/website/footer.html +++ /dev/null @@ -1,11 +0,0 @@ -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/header.html b/website/header.html deleted file mode 100644 index 01a647b0c3..0000000000 --- a/website/header.html +++ /dev/null @@ -1,38 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Recent Advisories</title> - <link type="text/css" rel="stylesheet" href="style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Recent Advisories</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> diff --git a/website/helping.html b/website/helping.html deleted file mode 100644 index 0f9ef314d5..0000000000 --- a/website/helping.html +++ /dev/null @@ -1,72 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Helping testing security</title> - <link type="text/css" rel="stylesheet" href="style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - - <h2>As non-Debian Developer</h2> - <p>Sure you can also help improving Debian's security in testing/unstable without being an official developer.</p> - <ul> - <li>Work on the <a href="index.html#tracker">security tracker</a>, <a href="http://alioth.debian.org/project/request.php?group_id=30437">request</a> to get added - to the secure-testing group an <a href="http://alioth.debian.org/">alioth</a> since we use subversion located on alioth to manipulate the tracker data. Make sure to read our <a href="http://anonscm.debian.org/viewvc/secure-testing/doc/narrative_introduction?view=co">narrative introduction</a> if you start with this.</li> - <li>Track bugs reported to the <a href="http://bugs.debian.org">Debian BTS</a> for security flaws and help on fixing them and getting a <a href="http://cve.mitre.org">CVE</a> - id for it if none exists yet (please <a href="index.html#contact">contact the team</a> for this). - <li>Report vulnerabilities for software Debian includes in a package to the <a href="http://bugs.debian.org">Debian BTS</a>. Please use the tag <em>security</em> and include the CVE id there is already one available.</li> - </ul> - <h2>As Debian package maintainer</h2> - <p>There are a few things to keep in mind as a maintainer to make the work of the testing-security team a bit easier.</p> - <ul> - <li>Watch out for security relevant bugs reported in your packages and react fast on them. <a href="index.html#contact">Contact</a> the team if you need assistance.</li> - <li>Make descriptive, meaningful changelog entries. This means to always include CVE ids in the package changelog for bugs that have one and to mention that this is a <em>security</em> upload.</li> - <li><a href="index.html#contact">Contact</a> the team if you fix bugs which are not reported to the BTS but have a CVE id so we can mark the version as fixed in the security tracker.</li> - <li><a href="uploading.html">Upload</a> your package to the <em>testing-security</em> repository if the migration from unstable would take too long for some reason.</li> - <li>The upload should have <em>urgency=high</em> to ensure a fast migration to testing.</li> - </ul> - - <h2>As Debian Developer</h2> - <p>As a developer you can do basically the same work as described above for non-Debian developers except a few things</p> - <ul> - <li>Help on doing <a href="http://www.debian.org/doc/developers-reference/pkgs.html#s-nmu">NMUs</a> to unstable for bugs reported to the BTS with security impact. Make it obvious that this an upload by the testing security team, use descriptive changelog entries and mention the CVE ids for the bugs your are fixing.</li> - </ul> - - -<hr><p>$Id: helping.html 6493 2007-09-04 11:06:04Z nion $</p> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> diff --git a/website/index.html b/website/index.html deleted file mode 100644 index a5849ab38b..0000000000 --- a/website/index.html +++ /dev/null @@ -1,54 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team</title> - <link type="text/css" rel="stylesheet" href="style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - - -<hr><p>$Id$</p> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - - - - - - - diff --git a/website/list.html b/website/list.html deleted file mode 100644 index 3d2023d3a8..0000000000 --- a/website/list.html +++ /dev/null @@ -1,161 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - Recent Advisories</title> - <link type="text/css" rel="stylesheet" href="style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - Recent Advisories</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - -<!-- header --> -<dl> -<dt>[August 26th, 2005] <a href='DTSA/DTSA-1-1.html'>DTSA-1-1 kismet</a></dt> -<dd>various</dd> -<dt>[August 28th, 2005] <a href='DTSA/DTSA-2-1.html'>DTSA-2-1 centericq</a></dt> -<dd>multiple vulnerabilities</dd> -<dt>[August 28th, 2005] <a href='DTSA/DTSA-3-1.html'>DTSA-3-1 clamav</a></dt> -<dd>denial of service and privilege escalation</dd> -<dt>[August 28th, 2005] <a href='DTSA/DTSA-4-1.html'>DTSA-4-1 ekg</a></dt> -<dd>multiple vulnerabilities</dd> -<dt>[August 28th, 2005] <a href='DTSA/DTSA-5-1.html'>DTSA-5-1 gaim</a></dt> -<dd>multiple remote vulnerabilities</dd> -<dt>[August 28th, 2005] <a href='DTSA/DTSA-6-1.html'>DTSA-6-1 cgiwrap</a></dt> -<dd>multiple vulnerabilities</dd> -<dt>[August 28th, 2005] <a href='DTSA/DTSA-7-1.html'>DTSA-7-1 mozilla</a></dt> -<dd>frame injection spoofing</dd> -<dt>[September 1st, 2005] <a href='DTSA/DTSA-8-2.html'>DTSA-8-2 mozilla-firefox</a></dt> -<dd>several vulnerabilities (update)</dd> -<dt>[August 31st, 2005] <a href='DTSA/DTSA-9-1.html'>DTSA-9-1 bluez-utils</a></dt> -<dd>bad device name escaping</dd> -<dt>[August 29th, 2005] <a href='DTSA/DTSA-10-1.html'>DTSA-10-1 pcre3</a></dt> -<dd>buffer overflow</dd> -<dt>[August 29th, 2005] <a href='DTSA/DTSA-11-1.html'>DTSA-11-1 maildrop</a></dt> -<dd>local privilege escalation</dd> -<dt>[September 8th, 2005] <a href='DTSA/DTSA-12-1.html'>DTSA-12-1 vim</a></dt> -<dd>modeline exploits</dd> -<dt>[September 8th, 2005] <a href='DTSA/DTSA-13-1.html'>DTSA-13-1 evolution</a></dt> -<dd>format string vulnerabilities</dd> -<dt>[September 13th, 2005] <a href='DTSA/DTSA-14-1.html'>DTSA-14-1 mozilla</a></dt> -<dd>several</dd> -<dt>[September 13th, 2005] <a href='DTSA/DTSA-15-1.html'>DTSA-15-1 php4</a></dt> -<dd>several vulnerabilities</dd> -<dt>[September 15th, 2005] <a href='DTSA/DTSA-16-1.html'>DTSA-16-1 linux-2.6</a></dt> -<dd>various</dd> -<dt>[September 15th, 2005] <a href='DTSA/DTSA-17-1.html'>DTSA-17-1 lm-sensors</a></dt> -<dd>insecure temporary file</dd> -<dt>[September 22nd, 2005] <a href='DTSA/DTSA-19-1.html'>DTSA-19-1 clamav</a></dt> -<dd>buffer overflow and infinate loop problems</dd> -<dt>[October 13th, 2005] <a href='DTSA/DTSA-20-1.html'>DTSA-20-1 mailutils</a></dt> -<dd>Format string vulnerability</dd> -<dt>[November 3rd, 2005] <a href='DTSA/DTSA-21-1.html'>DTSA-21-1 clamav</a></dt> -<dd>Denial of service vulnerabilities and buffer overflow</dd> -<dt>[December 5th, 2005] <a href='DTSA/DTSA-22-1.html'>DTSA-22-1 uim</a></dt> -<dd>local privilege escalation</dd> -<dt>[December 5th, 2005] <a href='DTSA/DTSA-23-1.html'>DTSA-23-1 centericq</a></dt> -<dd>buffer overflow</dd> -<dt>[December 5th, 2005] <a href='DTSA/DTSA-24-1.html'>DTSA-24-1 inkscape</a></dt> -<dd>buffer overflow</dd> -<dt>[December 5th, 2005] <a href='DTSA/DTSA-25-1.html'>DTSA-25-1 smb4k</a></dt> -<dd>access validation error</dd> -<dt>[December 5th, 2005] <a href='DTSA/DTSA-26-1.html'>DTSA-26-1 trackballs</a></dt> -<dd>symlink attack</dd> -<dt>[January 20th, 2006] <a href='DTSA/DTSA-27-1.html'>DTSA-27-1 fuse</a></dt> -<dd>potential data corruption when installed seduid root</dd> -<dt>[January 25th, 2005] <a href='DTSA/DTSA-28-1.html'>DTSA-28-1 gpdf</a></dt> -<dd>multiple vulnerabilities</dd> -<dt>[June 15th, 2006] <a href='DTSA/DTSA-29-1.html'>DTSA-29-1 blender</a></dt> -<dd>heap-based buffer overflow</dd> -<dt>[September 27th, 2006] <a href='DTSA/DTSA-31-1.html'>DTSA-31-1 hyperestraier</a></dt> -<dd>cross-site request forgery (CSRF) vulnerability</dd> -<dt>[February 1st, 2007] <a href='DTSA/DTSA-32-1.html'>DTSA-32-1 bcfg2</a></dt> -<dd>programming error</dd> -<dt>[February 12th, 2007] <a href='DTSA/DTSA-33-1.html'>DTSA-33-1 wordpress</a></dt> -<dd>multiple vulnerabilities</dd> -<dt>[March 3rd, 2007] <a href='DTSA/DTSA-34-1.html'>DTSA-34-1 wordpress</a></dt> -<dd>cross-site scripting</dd> -<dt>[May 22th, 2007] <a href='DTSA/DTSA-35-1.html'>DTSA-35-1 aircrack-ng</a></dt> -<dd>programming error</dd> -<dt>[May 22th, 2007] <a href='DTSA/DTSA-36-1.html'>DTSA-36-1 mydns</a></dt> -<dd>multiple buffer overflows</dd> -<dt>[May 22th, 2007] <a href='DTSA/DTSA-37-1.html'>DTSA-37-1 clamav</a></dt> -<dd>several vulnerabilities</dd> -<dt>[May 26th, 2007] <a href='DTSA/DTSA-38-1.html'>DTSA-38-1 qemu</a></dt> -<dd>several vulnerabilities</dd> -<dt>[May 28th, 2007] <a href='DTSA/DTSA-39-1.html'>DTSA-39-1 php5</a></dt> -<dd>several vulnerabilities</dd> -<dt>[May 28th, 2007] <a href='DTSA/DTSA-40-1.html'>DTSA-40-1 php4</a></dt> -<dd>several vulnerabilities</dd> -<dt>[May 31th, 2007] <a href='DTSA/DTSA-41-1.html'>DTSA-41-1 samba</a></dt> -<dd>several vulnerabilities</dd> -<dt>[July 13th, 2007] <a href='DTSA/DTSA-42-1.html'>DTSA-42-1 ipsec-tools</a></dt> -<dd>missing input sanitising</dd> -<dt>[July 24th, 2007] <a href='DTSA/DTSA-43-1.html'>DTSA-43-1 clamav</a></dt> -<dd>several vulnerabilities</dd> -<dt>[July 31st, 2007] <a href='DTSA/DTSA-44-1.html'>DTSA-44-1 pulseaudio</a></dt> -<dd>remote DoS</dd> -<dt>[July 31st, 2007] <a href='DTSA/DTSA-45-1.html'>DTSA-45-1 iceweasel</a></dt> -<dd>several vulnerabilities</dd> -<dt>[August 1st, 2007] <a href='DTSA/DTSA-46-1.html'>DTSA-46-1 icedove</a></dt> -<dd>several vulnerabilities</dd> -<dt>[August 1st, 2007] <a href='DTSA/DTSA-47-1.html'>DTSA-47-1 iceape</a></dt> -<dd>several vulnerabilities</dd> -<dt>[August 3rd, 2007] <a href='DTSA/DTSA-48-1.html'>DTSA-48-1 gnash</a></dt> -<dd>arbitrary code execution</dd> -<dt>[August 7th, 2007] <a href='DTSA/DTSA-49-1.html'>DTSA-49-1 kdegraphics</a></dt> -<dd>arbitrary code execution</dd> -<dt>[August 7th, 2007] <a href='DTSA/DTSA-50-1.html'>DTSA-50-1 koffice</a></dt> -<dd>arbitrary code execution</dd> -<dt>[August 12th, 2007] <a href='DTSA/DTSA-51-1.html'>DTSA-51-1 xulrunner</a></dt> -<dd>several vulnerabilities</dd> -<dt>[August 16th, 2007] <a href='DTSA/DTSA-52-1.html'>DTSA-52-1 iceape</a></dt> -<dd>several vulnerabilities</dd> -<dt>[August 16th, 2007] <a href='DTSA/DTSA-53-1.html'>DTSA-53-1 iceweasel</a></dt> -<dd>several vulnerabilities</dd> -<dt>[August 21th, 2007] <a href='DTSA/DTSA-54-1.html'>DTSA-54-1 poppler</a></dt> -<dd>arbitrary code execution</dd> -<dt>[August 31st, 2007] <a href='DTSA/DTSA-55-1.html'>DTSA-55-1 centerim</a></dt> -<dd>arbitrary code execution</dd> -<dt>[September 4th, 2007] <a href='DTSA/DTSA-56-1.html'>DTSA-56-1 zziplib</a></dt> -<dd>arbitrary code execution</dd> -<dt>[September 9th, 2007] <a href='DTSA/DTSA-57-1.html'>DTSA-57-1 gforge</a></dt> -<dd>sql injection</dd> -</dl> -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/pushkey.pub b/website/pushkey.pub deleted file mode 100644 index c0361cbddd..0000000000 --- a/website/pushkey.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAr2wlwfY+CzuvgaL+Yhgh8MGSzDq4K5e59bXn/1m1zEbR8lanhvn3XRvqydJWqBtF6CZx9iPMVFm1VLcR4Y2VZhfpcOTQ0eOUYucVcxwi+6Rt2OzG3SODGkFQcIGFLTsSQ8RIbX/Fl1kU9Nom2SO4rGfj6L4fAgCl5Ud4hIUxnhM= secure-testing-master push key diff --git a/website/style.css b/website/style.css deleted file mode 100644 index 6458b55581..0000000000 --- a/website/style.css +++ /dev/null @@ -1,137 +0,0 @@ -p.note { - font-family: sans-serif; - color: #900; - text-align: center; - padding: 5px; - font-size: 11px; - font-weight: normal; -} - -body { - font-family: Arial, Helvetica, sans-serif; - color: #000000; - background-color: #FFF; -} - -table.reddy -{ - color: #000; - background-color: #000; - border: 0px solid #000; - border-collapse: collapse; -} - -td.reddy { - font-family: serif; - font-size: 24px; - font-weight: normal; - background-color: #DF0451; - color: #FFFF00; - border: 0px solid #DF0451; - vertical-align: middle; - text-align: center; - padding: 0px; -} - -p.validate { - text-align: center; -} - -table -{ - font-size: 9px; - color: #000; - background-color: #000; - border: 0px solid #000; - border-collapse: separate; - border-spacing: 1px; -} - -h1 { - font-size: 30px; - text-align: center; - color: #000; -} - - -tr { - background-color: #FFF; -} - -tr.odd { - background-color: #FFFFFF; -} - -tr.even { - background-color: #e8e8e8; -} - -td.sid { - color: #000; - text-align: left; -} - -tr.experimental { - color: #cc0000; -} - -tr.unstable { - color: #345677; -} - -tr.sid_odd { - color: #000; -} - -td.exp { - color: #cc0000; - text-align: left; -} - -tr.exp_odd { - color: #900; -} - -th { - font-size: 12px; - text-align: center; - font-weight: normal; - background-color: #BDF; - border: 0px solid #000; - padding-top: 10px; - padding-bottom: 10px; - padding-left: 6px; - padding-right: 6px; -} - -td { - font-size: 11px; - border: 0px solid #000; - padding: 4px; - padding-left: 6px; - padding-right: 6px; -} - -a:link { - color: #0000FF; - text-decoration: underline; -} - -a:visited { - color: #800080; - text-decoration: underline; -} - -a:active { - color: #FF0000; - text-decoration: underline; -} - -a:hover{ - color: #0000FF; - text-decoration: underline; -} - -.footer { - font-size: 90%; -} diff --git a/website/template.html b/website/template.html deleted file mode 100644 index 9bc6d25fda..0000000000 --- a/website/template.html +++ /dev/null @@ -1,52 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Debian testing security team - TITLE</title> - <link type="text/css" rel="stylesheet" href="style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team - TITLE</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - - <!-- header --> - - <!-- content goes here --> - -<!-- footer --> -<hr> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> - diff --git a/website/uploading.html b/website/uploading.html deleted file mode 100644 index 30220eb480..0000000000 --- a/website/uploading.html +++ /dev/null @@ -1,105 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> - <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> - <title>Uploading to testing-security</title> - <link type="text/css" rel="stylesheet" href="style.css"> - <link rel="shortcut icon" href="http://www.debian.org/favicon.ico"> - </head> - <body> - <div align="center"> - <a href="http://www.debian.org/"> - - <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a> - <a href="http://www.debian.org/"> - <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a> - </div> - <br /> - <table class="reddy" width="100%"> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - - <td rowspan="2" class="reddy">Debian testing security team</td> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - </tr> - <tr> - <td class="reddy"> - <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0" - alt="" width="16" height="16"></td> - <td class="reddy"> - - <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0" - alt="" width="15" height="16"></td> - </tr> - </table> - - <p> - To upload a package to the secure-testing repository, any Debian - developer may follow this checklist: - <ol> - <h2>Preparing the package</h2> - <li><a href="index.html#contact">Contact</a> the team first to avoid duplicate work.</li> - - <li>Only upload changes that have already been made in - unstable and are blocked by reaching testing by some other - issues. This is both to keep things in sync once the - new version from unstable reaches testing, and to avoid - breaking secure-testing too badly with fixes that have not - been tested first in unstable.</li> - - <li>If the orig.tar.gz is already on security.debian.org - (either in stable-security or in testing-security) - don't include it in the upload. If in doubt, ask the team.</li> - - <li>Use a version number that is less than the version - number of the fix in unstable, but greater than the version - number of the fix in testing (including a possible +b1 for binNMUs). - For example, if the fix is in a new upstream version 1.0-1 in unstable, - upload version 1.0-1~wheezy1 to testing-security. If the current version - in testing is 1.2-3 and the fix is backported to this version, upload - version 1.2-3+wheezy1 to testing-security. Make sure - that the version you used has <strong>never</strong> - been used before in any release.</li> - - <li>Use <em>CODENAME-security</em> as the distribution in the - changelog (e.g. wheezy-security).</li> - - <li>Build the package in a testing chroot using pbuilder - so that all the dependencies are ok. <strong>Be sure to build with - the -sa switch to include source, unless the source is - already in the testing-security archive.</strong></li> - - <li>Test the package. Diff the package against the version - in testing (if backporting fixes). Use debdiff on both - source and binary packages.</li> - - <li>Sign the package. Any Debian developer in the keyring - can do so.</li> - - <li>Upload to <tt>security-master.debian.org</tt>. - <h2>Public security issues</h2> - For security issues that are already <strong>public</strong> - use the <em>security-master-unembargoed</em> dput target. - <h2>Embargoed security issues</h2> - To upload fixed packages for embargoed (non-public) security - issues use the <em>security-master</em> dput target. - </li> - </ol> - - - <p>Information about releasing the packages can be found in the - <a href="http://anonscm.debian.org/viewvc/secure-testing/doc/how-to-DTSA?view=co">howto-DTSA - file</a> in the SVN repository. - - -<hr><p>$Id: uploading.html 6493 2007-09-04 11:06:04Z nion $</p> -<a href="http://validator.w3.org/check?uri=referer"> - <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a> - <a href="http://jigsaw.w3.org/css-validator/check/referer"> - <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" - height="31" width="88"></a> - - -</body></html> diff --git a/website/ziyi-2005-7.asc b/website/ziyi-2005-7.asc deleted file mode 100644 index 876080e083..0000000000 --- a/website/ziyi-2005-7.asc +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.1 (GNU/Linux) - -mQGiBEMM7wgRBACs/rcYtu++PqBV5t6qTf9FsjJYZV4OUoQmtK849PdHUoVONh/b -yz0vmP4QPCJXraFYiiiaur8WLcOphwY3DFaz0quozxl3pZfJjN27qDdTTDUKk1Kq -zFQYTsDaXjSh0nRGW3gFmbyIqTL8sVGOAAz2KbrtLEQE11qYZjzvylEf4wCgv6ss -HgQ7AcSBjpvm72e9PvSuDhMD/1kV0Snq9ilvCv7QLHBo/JnNgiCwxh5nEnPWHYjo -SB0I99nuFMAzooAXTQhU3Hx1/sdZ3SMk1hWwZCPI0iNqESH2a3ib0YZt0DycWa3Y -KxXIJet92u3ApSMVbp6OzzL7REoNCAgg6F/lrl+lVtnHbKiKBMZlKMsp+kQLSXqr -Ki0pA/wIkkp7mJ7IiVS0fy9gueuiLqJKR6+i092J0RXsQesQX4OTC2DY3IICB22Q -HfE8WNVZ2iPuWK0ymg6GqAHplp7bfVZMzfMSTMc+hj9WnmEVRRjLH66tsq1XHGEQ -qg/mbkmeXwUwxAT1WGClcRWJqODmWE7KhkjKwGklYgzBoxwqkLRDc2VjdXJlLXRl -c3RpbmcgQXJjaGl2ZSBLZXkgMjAwNS03IDxrYXRpZUBzZWN1cmUtdGVzdGluZy5k -ZWJpYW4ubmV0PohkBBMRAgAkBQJDDO8IAhsDBQkElVcABgsJCAcDAgMVAgMDFgIB -Ah4BAheAAAoJEJRqpuGHIucecvgAoK3nnF0yEwpNeQASyerh4wxRblZzAJ9h8rEF -YldbZt/zYA53k2/y2m+s7IhMBBARAgAMBQJDD1fzBYMEku4VAAoJEJnTmaHsNqGF -YwoAn2uV3WnU5lUUFxhyGEr8NI2Ibrj9AJ43inHJsgrlmy5Ed4bsF8z15PhflrkC -DQRDDO8gEAgAm1Y/a//sVe6fEANvLc5M5pEsoRkPLNKcH1O/og2mID8/gBV99LRf -RnjcV8xhF5cWIlb4Es3KvQxmvxo6zGEfsMJWoezqH+2agIra78dfb0B1AyHuvwSR -Mc9sVy+3CuegM8bD3ss+4ta3rNLChpVrE8DxJZumecqkNSQVOkqeAOl2JIQ/xBkL -g1hjQA8bXW5AiUu4/XAQAe04w7YNfdsApeCfpKEWAtg54CD9uRbfSwnd2uYHYcos -mBMhryNrHy27RkyS0BFWaL/1gfBqua7VujcnCm6SnbhB4t3vk/AnEsPJixtW/tOC -3a3BaPqGsTq848e/PzmWY/8y9mvXwbxq5wADBQgAgNtB3u8TCN2Z4wkKrg19Lohi -vQzJCXFfRi2ZydOe9E3SbSi6ggthjvGhHv2lTHEue/4wBOta3a9pUpVdMgRFL1Uu -Jy3nPd1yPC0dOegJj+lMkeMGcdKolJUMdoA+ieZ2lwkrT1b5GdFBSRn8hsuRtZi6 -9QtzoHzDR5lg9ynwTJ+mLlO8r83HmdxbXsnmGlxyZWRoqiSIl7mRLHp2tuFw9chg -J1nqwewTmCj85Aj/YsbGmqOJcnp98Jk0GDiP/le4rktZAqG2blwVpC2DLLiQSqcY -S5jjq/iiGnYEIVG+nPa/29OuoX40zwKqBcy5I8rJZIq2hzbazsyg2Sd3vhmZuohP -BBgRAgAPBQJDDO8gAhsMBQkElVcAAAoJEJRqpuGHIuceRqUAn3Q8msRUTsp882QI -NWyy5fqTehb5AJ9+kz3xq+7ooAwkdgpNOiz7ogxpQg== -=bWpz ------END PGP PUBLIC KEY BLOCK----- |