hi, i checked almost all DSA since woody release (DSA > 133) the resume is: on a clean exposed sarge install the vast majority of DSA is resolved, but you better not run kde, sendmail, mysql, perl (cgi), php, tomcat or imagemagick.
you'll find below the report listing security alerts affecting sarge, and the resolved ones (by new upstream release and|or new package, which went into sarge until now). the report lacks at the time about 50 DSA, where the reference to sid is "this problem will be fixed soon". in the next week i'll look deeper in their cases, for the moment i only parsed the DSA themselves. as a side note this work would be easier if the DSA would generally list "fixed by upstream version 2.2.22" this information rarely shows up on a DSA, i tend to think that such notice would improve their outstanding quality! i hope this helps for further and broader testing of sarge, i know the debian security faq concerning testing, but perhaps someone out there wants to provide an unofficial security mirror especially after kde goes in? perhaps in a month or so unresolved issues should get their bug report, what do you think? i will try to keep you informed weekly on progress, suggestions or corrections are welcome!!! a++ ma(ks|x(imilian)?) DSA affecting Sarge/Testing: [19 Sep 2003] DSA-388_kdebase - several vulnerabilities sarge 4:2.2.2-14 [17 Sep 2003] DSA-384_sendmail - buffer overflows sarge 8.12.9-5 sid fixed in version 8.12.10-1 [13 Sep 2003] DSA-381_mysql - buffer overflow sarge 4.0.13-3 upstream version until 4.0.14 vulnerable [11 Aug 2003] DSA-371_perl - cross-site scripting sarge 5.8.0-18 sid fixed in version 5.8.0-19 [08 Aug 2003] DSA-369_zblast - buffer overflow sarge 1.2pre-5 sid fixed in version 1.2.1-7 [05 Aug 2003] DSA-365_phpgroupware - several vulnerabilities bug #201980 upstream release fixes reported bugs 0.9.14.006 [01 Aug 2003] DSA-361_kdelibs,_kdelibs-crypto - several vulnerabilities sarge 4:2.2.2-13 no seperate kdelibs-crypto sid fixed in version 4:3.1.3-1 [31 Jul 2003] DSA-359_atari800 - buffer overflows sarge 1.2.2-1 bug #203707 upstream version 1.3.1-2 fixes reported bug [29 Jul 2003] DSA-354_xconq - buffer overflows sarge 7.4.1-2.1 bug #202963 still open [22 Jul 2003] DSA-352_fdclone - insecure temporary directory sarge 2.04a-1 sid fixed in version 2.04-1 [16 Jul 2003] DSA-351_php4 - cross-site scripting sarge 4:4.1.2-6 bug #200736 upstream version php4_4.3.2+rc3 fixed XSS vulnerabilities [08 Jul 2003] DSA-343_skk,_ddskk - insecure temporary file sarge skk 10.62a-6 ddskk 12.2.rel.0-2 upstream fixed in 12.1.cvs.20030622-1 [07 Jul 2003] DSA-342_mozart - unsafe mailcap configuration sarge 1.2.3.20011204-3 sid fixed in version 1.2.5.20030212-2 [08 Jul 2003] DSA-346_phpsysinfo - directory traversal sarge 2.0-3 bug #200543 still open [27 Jun 2003] DSA-331_imagemagick - insecure temporary file sarge 4:5.4.4.5-1 sid fixed in version 4:5.5.7-1 [19 May 2003] DSA-306_ircii-pana - buffer overflows, integer overflow sarge 1:1.0-0c19.20030512-1 sid fixed in version 1.0-0c19-8 [30 Apr 2003] DSA-296_kdebase - insecure execution sarge 4:2.2.2-14 [23 Apr 2003] DSA-293_kdelibs - insecure execution sarge 4:2.2.2-13 [17 Apr 2003] DSA-289_rinetd - incorrect memory resizing sarge 0.62-1 sid fixed in version 0.62-2 [12 Apr 2003] DSA-284_kdegraphics - insecure execution sarge 4:2.2.25 [28 Feb 2003] DSA-256_mhc - insecure temporary file sarge 0.25+20010625-7 sid fixed in version 0.25+20030224-1 [12 Feb 2003] DSA-250_w3mmee-ssl - missing HTML quoting sarge 0.3.p23.3-1.5 sid fixed in version 0.3.p24.17-3 [24 Jan 2003] DSA-243_kdemultimedia - several vulnerabilities sarge 4:2.2.25 [24 Jan 2003] DSA-242_kdebase - several vulnerabilities sarge 4:2.2.2-14 [24 Jan 2003] DSA-241_kdeutils - several vulnerabilities sarge 4:2.2.25 [23 Jan 2003] DSA-240_kdegames - several vulnerabilities sarge 4:2.2.2-2 [23 Jan 2003] DSA-239_kdesdk - several vulnerabilities sarge 4:2.2.25 [23 Jan 2003] DSA-238_kdepim - several vulnerabilities sarge 4:2.2.2-5 [22 Jan 2003] DSA-237_kdenetwork - several vulnerabilities sarge 4:2.2.2-14.1 [22 Jan 2003] DSA-236_kdelibs - several vulnerabilities sarge 4:2.2.2-13 [22 Jan 2003] DSA-235_kdegraphics - several vulnerabilities sarge 4:2.2.25 [22 Jan 2003] DSA-234_kdeadmin - several vulnerabilities sarge 4:2.2.25 [09 Jan 2003] DSA-225_tomcat4 - source disclosure sarge 4.0.4-4 sid fixed in version 4.1.16-1 [20 Dec 2002] DSA-214_kdnetwork - buffer overflows sarge 4:2.2.2-14.1 sid fixed 2.2.2-14.20 [11 Nov 2002] DSA-193_kdenetwork - buffer overflow sarge 4:2.2.2-14.1 sid fixed in version 2.2.2-14.3 [04 Oct 2002] DSA-170_tomcat4 - source code disclosure sarge 4.0.4-4 sid fixed in version 4.1.12-1 [18 Sep 2002] DSA-168_php - bypassing safe_mode, CRLF injection sarge 4.1.2-6 sid fixed in version 4.2.3-3 TODO: deeper look in the following security alerts mostly "this problem will be fixed soon" +.. [28 Sep 2003] DSA-391_freesweep - buffer overflow [26 Sep 2003] DSA-390_marbles - buffer overflow [18 Sep 2003] DSA-386_libmailtools-perl - input validation bug [17 Sep 2003] DSA-383_ssh-krb5 - possible remote vulnerability bug #211219 [16 Sep 2003] DSA-382_ssh - possible remote vulnerability [04 Sep 2003] DSA-377_wu-ftpd - insecure program execution [16 Aug 2003] DSA-373_autorespond - buffer overflow [08 Aug 2003] DSA-368_xpcd - buffer overflow [03 Aug 2003] DSA-363_postfix - denial of service, bounce-scanning [01 Aug 2003] DSA-360_xfstt - several vulnerabilities [31 Jul 2003] DSA-357_wu-ftpd - remote root exploit [29 Jun 2003] DSA-337_gtksee - buffer overflow sarge 0.5.2-0.1 bug #76346 closed with new upstream release but still concerns? [19 Jun 2003] DSA-328_webfs - buffer overflow [16 Jun 2003] DSA-323_noweb - insecure temporary files [16 Jun 2003] DSA-322_typespeed - buffer overflow [13 Jun 2003] DSA-321_radiusd-cistron - buffer overflow [11 Jun 2003] DSA-315_gnocatan - buffer overflows, denial of service [11 Jun 2003] DSA-314_atftp - buffer overflow [06 Jun 2003] DSA-309_eterm - buffer overflow [06 Jun 2003] DSA-308_gzip - insecure temporary files [07 May 2003] DSA-302_fuzz - privilege escalation [06 May 2003] DSA-300_balsa - buffer overflow [23 Apr 2003] DSA-294_gkrellm-newsticker - missing quoting, incomplete parser [03 Apr 2003] DSA-276_linux-kernel-s390 - local privilege escalation [13 Mar 2003] DSA-260_file - buffer overflow [12 Mar 2003] DSA-259_qpopper - mail user privilege escalation [28 Jan 2003] DSA-245_dhcp3 - ignored counter boundary [21 Jan 2003] DSA-233_cvs - doubly freed memory [16 Jan 2003] DSA-230_bugzilla - insecure permissions, spurious backup files [02 Jan 2003] DSA-220_squirrelmail - cross site scripting [30 Dec 2002] DSA-218_bugzilla - cross site scripting [19 Dec 2002] DSA-213_libpng - buffer overflow ??? sarge 1.0.15-4 libpng3 1.2.5.0-4 sid fixed in version 1.0.12-7 for libpng and in version 1.2.5-8 for libpng3 [17 Dec 2002] DSA-212_mysql - multiple problems [13 Dec 2002] DSA-210_lynx - CRLF injection [12 Dec 2002] DSA-209_wget - directory traversal [10 Dec 2002] DSA-206_tcpdump - denial of service [05 Dec 2002] DSA-204_kdelibs - arbitrary program execution [07 Nov 2002] DSA-190_wmaker - buffer overflow [05 Nov 2002] DSA-188_apache-ssl - several vulnerabilities [04 Nov 2002] DSA-187_apache - several vulnerabilities [09 Oct 2002] DSA-173_bugzilla - privilege escalation [30 Jul 2002] DSA-136_openssl - multiple remote exploits [02 Jul 2002] DSA-135_libapache-mod-ssl - buffer overflow / DoS [24 Jun 2002] DSA-134_ssh - remote exploit resolved security alerts by fixed in upstream version - named in DSA, which already went to testing/sarge: [28 Mar 2003] DSA-274_mutt - buffer overflow sarge 1.5.4-1 fixed in upstream version 1.4.0 and above [15 Mar 2003] DSA-262_samba - remote exploit sarge 3.0.0beta2+3.0.0rc4-1 fixed in upstream version 2.2.8 [04 Mar 2003] DSA-257_sendmail - remote exploit sarge 8.12.9-5 fixed in upstream release 8.12.8 [10 Dec 2002] DSA-205_gtetrinet - buffer overflow sarge 0.7.4-1 fixed in upstream version 0.4.4 [22 Nov 2002] DSA-200_samba - remote exploit sarge 3.0.0beta2+3.0.0rc4-1 fixed in upstream version 2.2.7 [12 Sep 2002] DSA-165_postgresql - buffer overflows sarge 7.3.2r1-5 fixed in the upstream release 7.2.2 [09 Sep 2002] DSA-163_mhonarc - cross site scripting sarge 2.6.8-2 fixed in upstream version 2.5.3 [06 Aug 2002] DSA-144_wwwoffle - improper input handling sarge 2.7h-3 fixed in upstream version 2.7d [01 Aug 2002] DSA-138_gallery - remote exploit sarge 1.4-3 fixed in upstream version 1.3.1 [30 Jul 2002] DSA-137_mm - insecure temporary files sarge 1.1.3-6.1 fixed in the upstream version 1.2.0 resolved security alerts by fixed sid version - named in DSA, which already went to testing/sarge: [01 Oct 2003] DSA-393_openssl - denial of service sarge 0.9.7c-1 sid fixed in version 0.9.7c-1 [29 Sep 2003] DSA-392_webfs - buffer overflows, file and directory exposure sarge 1.20 sid fixed in version 1.20 [20 Sep 2003] DSA-389_ipmasq - insecure packet filtering rules sarge 3.5.12 sid fixed in version 3.5.12 [18 Sep 2003] DSA-385_hztty - buffer overflows sarge 2.0-6 sid fixed in version 2.0-6 [12 Sep 2003] DSA-380_xfree86 - buffer overflows, denial of service sarge 4.2.1-12 sid fixed in version 4.2.1-12 [11 Sep 2003] DSA-379_sane-backends - several vulnerabilities sarge 1.0.12-5 sid fixed in version 1.0.11-1 [07 Sep 2003] DSA-378_mah-jong - buffer overflows, denial of service sarge 1.5.6-2 sid fixed in version 1.5.6-2 [04 Sep 2003] DSA-376_exim - buffer overflow sarge 3.36-8 sid fixed in version 3.36-8 [29 Aug 2003] DSA-375_node - buffer overflow, format string sarge 0.3.2-1 sid fixed in verion 0.3.2-1 [16 Aug 2003] DSA-372_netris - buffer overflow sarge 0.52-1 sid fixed in version 0.52-1 [08 Aug 2003] DSA-370_pam-pgsql - format string sarge 0.5.2-7 sid fixed in version 0.5.2-7 [08 Aug 2003] DSA-367_xtokkaetama - buffer overflow sarge 1.0b-9 sid fixed in version 1.0b-9 [05 Aug 2003] DSA-366_eroaster - insecure temporary file sarge 2.1.0.0.6-12 sid fixed in version 2.1.0.0.6-12 [04 Aug 2003] DSA-364_man-db - buffer overflows, arbitrary command execution sarge 2.4.2-2 sid fixed in version 2.4.1-13 [31 Jul 2003] DSA-358_linux-kernel-2.4.18 - several vulnerabilities sarge 2.4.20-11 sid fixed in version 2.4.20-9 [30 Jul 2003] DSA-356_xtokkaetama - buffer overflows sarge 1.0b-9 sid fixed in version 1.0b-8 [30 Jul 2003] DSA-355_gallery - cross-site scripting sarge 1.4-3 sid fixed in version 1.3.4-3 [29 Jul 2003] DSA-353_sup - insecure temporary file sarge 1.8-9 sid fixed in version 1.8-9 [15 Jul 2003] DSA-350_falconseye - buffer overflow sarge 1.9.3-12 sid fixed in version 1.9.3-9 [14 Jul 2003] DSA-349_nfs-utils - buffer overflow sarge 1.0.5-3 sid fixed in version 1:1.0.3-2 [08 Jul 2003] DSA-347_teapop - SQL injection sarge 0.3.5-2 sid fixed in version 0.3.5-2 [08 Jul 2003] DSA-345_xbl - buffer overflow sarge 1.1.2-1 sid fixed in version 1.0k-6 [08 Jul 2003] DSA-344_unzip - directory traversal sarge 5.50-3 sid fixed in version 5.50-3 [19 Jun 2003] DSA-327_xbl - buffer overflows sarge 1.1.2-1 sid fixed in version 1.0k-5 [19 Jun 2003] DSA-325_eldav - insecure temporary file sarge 0.7.2-2 sid fixed in version 0.7.2-1 [18 Jun 2003] DSA-324_ethereal - several vulnerabilities sarge 0.9.13-1 sid fixed in version 0.9.13-1 [07 Jul 2003] DSA-341_liece - insecure temporary file sarge 2.0+0.20030527cvs-2 sid fixed in version 2.0+0.20030527cvs-1 [06 Jul 2003] DSA-340_x-face-el - insecure temporary file sarge 1.3.6.24-1 sid fixed in version 1.3.6.23-1 [06 Jul 2003] DSA-339_semi - insecure temporary file sarge 1.14.5+20030813-2 sid fixed in version 1.14.5+20030609-1 [29 Jun 2003] DSA-338_proftpd - SQL injection sarge 1.2.8-14 sid fixed in version 1.2.8-8 [29 Jun 2003] DSA-336_linux-kernel-2.2.20 - several vulnerabilities sarge 2.2.25-2 sid fixed in version 2.2.25-2 [28 Jun 2003] DSA-334_xgalaga - buffer overflows sarge 2.0.34-27 sid fixed in version 2.0.34-22 [27 Jun 2003] DSA-333_acm - integer overflow sarge 5.0-14 sid fixed in version 5.0-10 [27 Jun 2003] DSA-332_linux-kernel-2.4.17 - several vulnerabilities sarge 2.4.20-11 sid fixed in version 2.4.20-8 [23 Jun 2003] DSA-330_tcptraceroute - failure to drop root privileges sarge 1.4-5 sid fixed in version 1.4-4 [20 Jun 2003] DSA-329_osh - buffer overflows osh 1.7-12 sid fixed in version 1.7-12 [13 Jun 2003] DSA-320_mikmod - buffer overflow sarge 3.1.6-7 sid fixed in version 3.1.6-6 [12 Jun 2003] DSA-319_webmin - session ID spoofing sarge 1.100a-2 sid fixed in version 1.070-1 [12 Jun 2003] DSA-318_lyskom-server - denial of service sarge 2.0.7-3 sid fixed in version 2.0.7-2 [11 Jun 2003] DSA-317_cupsys - denial of service sarge 1.1.19final-1.4 sid fixed in version 1.1.19final-1 [11 Jun 2003] DSA-316_nethack - buffer overflow, incorrect permissions sarge nethack 3.4.1-1.2 slashem 0.0.6E4F8-6 sid fixed in version 3.4.1-1.1 sid fixed in version 0.0.6E4F8-6 [11 Jun 2003] DSA-313_ethereal - buffer overflows, integer overflows sarge 0.9.13-1 sid fixed in version 0.9.12-1 [09 Jun 2003] DSA-312_kernel-patch-2.4.18-powerpc - several vulnerabilities sarge 2.4.20-4 sid fixed in version 2.4.20-2 [08 Jun 2003] DSA-311_linux-kernel-2.4.18 - several vulnerabilities sarge 2.4.20-11 sid fixed in version 2.4.20-2 [08 Jun 2003] DSA-310_xaos - improper setuid-root execution sarge 3.1r-4 sid fixed in version 3.1r-4 [27 May 2003] DSA-307_gps - multiple vulnerabilities sarge 1.1.0-1 sid fixed in version 1.1.0-1 [15 May 2003] DSA-305_sendmail - insecure temporary files sarge 8.12.9-5 sid fixed in version 8.12.9-5 [15 May 2003] DSA-304_lv - privilege escalation sarge 4.49.5-2 sid fixed in version 4.49.5-2 [15 May 2003] DSA-303_mysql - privilege escalation sarge 4.0.13-3 sid fixed in version 4.0.12-2 [07 May 2003] DSA-301_libgtop - buffer overflow sarge 1.0.13-8 sid fixed in version 1.0.13-4 [06 May 2003] DSA-299_leksbot - improper setuid-root execution sarge 1.2-7 sid fixed in version 1.2-7 [02 May 2003] DSA-298_epic4 - buffer overflows sarge 1:1.1.11.20030409-2.1 sid fixed in version 1.1.11.20030409-1 [01 May 2003] DSA-297_snort - integer overflow, buffer overflow sarge 2.0.1-3 sid fixed in version 2.0.0-1 [30 Apr 2003] DSA-295_pptpd - buffer overflow sarge 1.1.4-0.b3.2 sid fixed in version 1.1.4-0.b3.2 [22 Apr 2003] DSA-292_mime-support - insecure temporary file creation sarge 3.23-1 sid fixed in version 3.23-1 [22 Apr 2003] DSA-291_ircii - buffer overflows sarge 20030315-1 sid fixed in version 20030315-1 [17 Apr 2003] DSA-290_sendmail-wide - char-to-int conversion sarge 8.12.10+3.5Wbeta-1 sid fixed in version 8.12.10+3.5Wbeta-1 [17 Apr 2003] DSA-288_openssl - several vulnerabilities sarge 0.9.7c-1 sid fixed in version 0.9.7c-1 [15 Apr 2003] DSA-287_epic - buffer overflows sarge 3.004-20 sid fixed in version 3.004-19 [14 Apr 2003] DSA-286_gs-common - insecure temporary file sarge 0.3.3.1 sid fixed in version 0.3.3.1 [14 Apr 2003] DSA-285_lprng - insecure temporary file sarge 3.8.22-2 sid fixed in version 3.8.20-4 [11 Apr 2003] DSA-283_xfsdump - insecure file creation sarge 2.2.13-1 sid fixed in version 2.2.8-1 [09 Apr 2003] DSA-282_glibc - integer overflow sarge 2.3.2-7 sid fixed in version 2.3.1-16 [04 Apr 2003] DSA-278_sendmail - char-to-int conversion sarge 8.12.9-5 sid fixed in version 8.12.9-1 [03 Apr 2003] DSA-277_apcupsd - buffer overflows, format string sarge 3.8.5-1.3 sid fixed in version 3.8.5-1.2 [02 Apr 2003] DSA-275_lpr-ppd - buffer overflow sarge 1:0.72-3 sid fixed in version 0.72-3 [28 Mar 2003] DSA-272_dietlibc - integer overflow sarge 0.22-3cvs20030714.1 sid fixed in version 0.22-2 [27 Mar 2003] DSA-270_linux-kernel-mips - local privilege escalation sarge 2.4.19-0.020911.8 sid fixed in version 2.4.19-0.020911.6 [26 Mar 2003] DSA-269_heimdal - Cryptographic weakness sarge 0.5.2-2 sid fixed in version 0.5.2-1 [25 Mar 2003] DSA-268_mutt - buffer overflow sarge 1.5.4-1 sid fixed in version 1.5.4-1 [24 Mar 2003] DSA-267_lpr - buffer overflow sarge 1:2000.05.07-5 sid fixed in version 2000.05.07-4.20 [24 Mar 2003] DSA-266_krb5 - several vulnerabilities sarge 0.5.2-2 sid fixed in version 0.5.2-1 [21 Mar 2003] DSA-265_bonsai - several vulnerabilities sarge 1.3+cvs20030317-6 sid fixed in version 1.3+cvs20030317-1 [19 Mar 2003] DSA-264_lxr - missing filename sanitizing sarge 0.3.1-1 sid fixed in version 0.3-4 [17 Mar 2003] DSA-263_netpbm-free - math overflow errors sarge 2:9.25-5 sid fixed in version 9.20-9 [10 Mar 2003] DSA-258_ethereal - format string vulnerability sarge 0.9.13-1 sid fixed in version 0.9.9-2 [27 Feb 2003] DSA-255_tcpdump - infinite loop sarge 3.7.2-1 sid fixed in version 3.7.1-1.2 [27 Feb 2003] DSA-254_traceroute-nanog - buffer overflow sarge 6.3.9-2 sid fixed in version 6.3.0-1 [24 Feb 2003] DSA-253_openssl - information leak sarge 0.9.7c-1 sid fixed in version 0.9.7a-1 [21 Feb 2003] DSA-252_slocate - buffer overflow sarge 2.7-1 sid fixed in version 2.7-1 [14 Feb 2003] DSA-251_w3m - missing HTML quoting sarge 0.4.1-4 sid fixed in version 0.3.2.2-1 [11 Feb 2003] DSA-249_w3mmee - missing HTML quoting sarge 0.3.p24.18-3 sid fixed in version 0.3.p24.17-3 [31 Jan 2003] DSA-248_hypermail - buffer overflows sarge 2.1.7-2 sid fixed in version 2.1.6-1 [30 Jan 2003] DSA-247_courier-ssl - missing input sanitizing sarge 0.42.2-7 sid fixed in version 0.40.2-3 [29 Jan 2003] DSA-246_tomcat - information exposure, cross site scripting sarge 4.0.4-4 sid fixed in version 3.3.1a-1 [20 Jan 2003] DSA-232_cupsys - several vulnerabilities sarge 1.1.19final-1.4 sid fixed in version 1.1.18-1 [17 Jan 2003] DSA-231_dhcp3 - stack overflows sarge 3.0+3.0.1rc11-5 sid fixed in version 3.0+3.0.1rc11-1 [27 Jan 2003] DSA-244_noffle - buffer overflows sarge 1.1.5-4 sid fixed in version 1.1.2-1 [15 Jan 2003] DSA-229_imp - SQL injection sarge 3.2.2-2 sid fixed in version version 2.2.6-7 [14 Jan 2003] DSA-228_libmcrypt - buffer overflows and memory leak sarge 2.5.5-1 sid fixed in version 2.5.5-1 [13 Jan 2003] DSA-227_openldap2 - buffer overflows and other bugs sarge 2.1.22-1 sid fixed in version 2.1.22-1 [10 Jan 2003] DSA-226_xpdf-i - integer overflow sarge 2.02pl1-1 sid fixed in version 2.01-2 [08 Jan 2003] DSA-224_canna - buffer overflow and more sarge 3.6p4-1 sid fixed in version 3.6p1-1 [07 Jan 2003] DSA-223_geneweb - information exposure sarge 4.09-12 sid fixed in version 4.09-12 [06 Jan 2003] DSA-222_xpdf - integer overflow sarge 2.02pl1-1 sid fixed in version 2.01-2 [03 Jan 2003] DSA-221_mhonarc - cross site scripting sarge 2.6.8-2 sid fixed in version 2.5.14-1 [31 Dec 2002] DSA-219_dhcpcd - remote command execution sarge 1:1.3.22pl4-9 sid fixed in version 1.3.22pl2-2 [27 Dec 2002] DSA-217_typespeed - buffer overflow sarge 0.4.2-2 sid fixed in version 0.4.2-2 [24 Dec 2002] DSA-216_fetchmail - buffer overflow sarge 6.2.4-1 sid fixed in version 6.2.0-1 [23 Dec 2002] DSA-215_cyrus-imapd - buffer overflow sarge 1.5.19-13 sid fixed in version 1.5.19-9.10 [12 Dec 2002] DSA-208_perl - broken safe compartment sarge 5.8.0-18 sid fixed in version 5.8.0-14 [11 Dec 2002] DSA-207_tetex-bin - arbitrary command execution sarge 2.0.2-4.3 sid fixed in version 1.0.7+20021025-4 [04 Dec 2002] DSA-203_smb2www - arbitrary command execution sarge 980804-21 sid fixed in version 980804-17 [03 Dec 2002] DSA-202_im - insecure temporary files sarge 1:145-4 sid fixed in version 141-20 [02 Dec 2002] DSA-201_freeswan - denial of service sarge 1.96-1.2 sid fixed in version 1.99-1 [19 Nov 2002] DSA-199_mhonarc - cross site scripting sarge 2.6.8-2 sid fixed in version 2.5.13-1 [18 Nov 2002] DSA-198_nullmailer - denial of service sarge 1.00RC7-18 sid fixed in version 1.00RC5-17 [15 Nov 2002] DSA-197_courier - buffer overflow sarge 0.42.2-7 sid fixed in version 0.40.0-1 [14 Nov 2002] DSA-196_bind - several vulnerabilities sarge 1:8.4.1.0-2 sid fixed in version 8.3.3-3 [12 Nov 2002] DSA-194_masqmail - buffer overflows sarge 0.2.20-1 sid fixed in version 0.2.15-1 [08 Nov 2002] DSA-192_html2ps - arbitrary code execution sarge 1.0b3-3.1 sid fixed in version 1.0b3-2 [07 Nov 2002] DSA-191_squirrelmail - cross site scripting sarge 1:1.4.0-1 sid fixed in version 1.2.8-1.1 [06 Nov 2002] DSA-189_luxman - local root exploit sarge 0.41-19.1 sid fixed in version 0.41-19 [01 Nov 2002] DSA-186_log2mail - buffer overflow sarge 0.2.8-1.1 sid fixed in version 0.2.6-1 [31 Oct 2002] DSA-185_heimdal - buffer overflow sarge 0.5.2-2 sid fixed in version 0.4e-22 [29 Oct 2002] DSA-183_krb5 - buffer overflow sarge 1.3-2 sid fixed in version 1.1-11-8 [28 Oct 2002] DSA-182_kdegraphics - buffer overflow sarge 4:2.2.25 sid fixed in version 2.2.2-6.9 [22 Oct 2002] DSA-181_libapache-mod-ssl - cross site scripting sarge 2.8.14-3 sid fixed in version 2.8.9-2.3 [21 Oct 2002] DSA-180_nis - information leak sarge 3.9-6.3 sid fixed in version 3.9-6.2 [18 Oct 2002] DSA-179_gnome-gv - buffer overflow sarge 2.3.99-2 sid fixed in version 1.99.7-9 [17 Oct 2002] DSA-178_heimdal - remote command execution sarge 0.5.2-2 sid fixed in version 0.4e-21 [16 Oct 2002] DSA-176_gv - buffer overflow sarge 1:3.5.8-30.1 sid fixed in version 3.5.8-27 [15 Oct 2002] DSA-175_syslog-ng - buffer overflow sarge 1.6.0rc1+20030310-2 sid fixed in version 1.5.21-1 [14 Oct 2002] DSA-174_heartbeat - buffer overflow sarge 1.0.3-2 sid fixed in version 0.4.9.2-1 [07 Oct 2002] DSA-171_fetchmail - buffer overflows sarge 6.2.4-1 sid fixed in version 6.1.0-1 [25 Sep 2002] DSA-169_htcheck - cross site scripting sarge 1:1.2.1-1 sid fixed in version 1.1-1.2 [16 Sep 2002] DSA-167_kdelibs - cross site scripting sarge 4:2.2.2-14 sid fixed in version 2.2.2-14 [13 Sep 2002] DSA-166_purity - buffer overflows sarge 1-17 sid fixed in version 1-16 [10 Sep 2002] DSA-164_cacti - arbitrary code execution sarge 0.6.8a-13.1 sid fixed in version 0.6.8a-2 [06 Sep 2002] DSA-162_ethereal - buffer overflow sarge 0.9.13-1 sid fixed in version 0.9.6-1 [03 Sep 2002] DSA-160_scrollkeeper - insecure temporary file creation sarge 0.3.12-2 sid fixed in version 0.3.11-2 [28 Aug 2002] DSA-159_python - insecure temporary files sarge 2.2.3-3 sid fixed in version 2.2.1-8 [27 Aug 2002] DSA-158_gaim - arbitrary program execution sarge 1:0.64-3 sid fixed in version 0.59.1-2 [23 Aug 2002] DSA-157_irssi-text - denial of service sarge 0.8.6-4 sid fixed in version 0.8.5-2 [22 Aug 2002] DSA-156_epic4-script-light - arbitrary script execution sarge 1:2.7.30p5-3 sid fixed in version 2.7.30p5-2 [17 Aug 2002] DSA-155_kdelibs - privacy escalation with Konqueror sarge 4:2.2.2-14 sid fixed in version 2.2.2-14 [15 Aug 2002] DSA-154_fam - privilege escalation sarge 2.6.10-1.1 sid fixed in version 2.6.8-1 [13 Aug 2002] DSA-152_l2tpd - missing random seed sarge 0.69-1 sid fixed in version 0.68-1 [13 Aug 2002] DSA-151_xinetd - pipe exposure sarge 1:2.3.12-2 sid fixed in version 2.3.7-1 [13 Aug 2002] DSA-150_interchange - illegal file exposition sarge 4.8.7-1 sid fixed in version 4.8.6-1 [13 Aug 2002] DSA-149_glibc - integer overflow sarge 2.3.2-7 sid fixed in version 2.2.5-13 [12 Aug 2002] DSA-148_hylafax - buffer overflows and format string sarge 1:4.1.7-0.4 sid fixed in version 4.1.2-2.1 [08 Aug 2002] DSA-147_mailman - cross-site scripting sarge 2.1.2-7 sid fixed in version 2.0.12-1 [08 Aug 2002] DSA-146_dietlibc - integer overflow sarge 0.22-3cvs20030714.1 sid fixed in version 0.20-0cvs20020808 [07 Aug 2002] DSA-145_tinyproxy - doubly freed memory sarge 1.6.1-2 sid fixed in version 1.4.3-3 [05 Aug 2002] DSA-143_krb5 - integer overflow sarge 1.3-2 sid fixed in version 1.2.5-2 [05 Aug 2002] DSA-142_openafs - integer overflow sarge 1.2.9-2 sid fixed in version 1.2.6-1 [01 Aug 2002] DSA-141_mpack - buffer overflow sarge 1.6-1 sid fixed in version 1.5-9 [05 Aug 2002] DSA-140_libpng - buffer overflow sarge 1.2.5.0-4 lipng2 1.0.15-4 sid fixed in version 1.2.1-2, in version 1.0.12-4 of libpng2 [01 Aug 2002] DSA-139_super - format string vulnerability sarge 3.20.1-2 sid fixed in version 3.18.0-3 resolved security alerts by closed bug report (bug named in DSA): [02 Aug 2003] DSA-362_mindi - insecure temporary file sarge 0.86-1 bug #203825 upstream version 0.86-1 fixes reported bug [11 Jul 2003] DSA-348_traceroute-nanog - integer overflow, buffer overflow sarge 6.3.9-2 bug #200875 upstream version 6.3.6-3 fixed integer overflow [19 Jun 2003] DSA-326_orville-write - buffer overflows sarge 2.54-1 bug #170747 upstream version 2.54-1 fixed local buffer overflow resolved security alerts because of several different reasons: [11 Oct 2003] DSA-394_openssl095 - ASN.1 parsing vulnerability package not in testing or sid [18 Sep 2003] DSA-387_gopher - buffer overflows package removed [26 Aug 2003] DSA-374_libpam-smb - buffer overflow package removed [28 Jun 2003] DSA-335_mantis - incorrect permissions package not in sarge sid fixed in version 0.17.5-6 [08 Apr 2003] DSA-281_moxftp - buffer overflow package not in sarge sid fixed in version 2.2-18.20 [07 Apr 2003] DSA-280_samba - buffer overflow sid not affected since it contains version 3.0 [07 Apr 2003] DSA-279_metrics - insecure temporary file creation package removed [28 Mar 2003] DSA-273_krb4 - Cryptographic weakness sarge contains krb5 [27 Mar 2003] DSA-271_ecartis - unauthorized password change package not in sarge sid fixed in version 1.0.0+cvs.20030321-1 [14 Mar 2003] DSA-261_tcpdump - infinite loop sid not affected [13 Dec 2002] DSA-211_micq - denial of service package not in sarge sid fixed in version 0.4.9.4-1 [13 Nov 2002] DSA-195_apache-perl - several vulnerabilities package not in sarge sid fixed in version 1.3.26-1.1-1.27-3-1 [08 Oct 2002] DSA-172_tkmail - insecure temporary files package not in sarge sid fixed in version 4.0beta9-9 [04 Sep 2002] DSA-161_mantis - privilege escalation package not in sarge sid fixed in version 0.17.5-2 [30 Oct 2002] DSA-184_krb4 - buffer overflow sarge contains krb5 [17 Oct 2002] DSA-177_pam - serious security violation sid and testing not affected [14 Aug 2002] DSA-153_mantis - cross site code execution and privilege escalation package not in sarge sid fixed in version 0.17.4a-2
pgpMSsQUyWm8u.pgp
Description: PGP signature
