[Openvas-commits] r2359 - in trunk/openvas-plugins: . extra/lsc_generator extra/lsc_generator/common extra/lsc_generator/parser extra/lsc_generator/report extra/lsc_generator/test extra/lsc_generator/test/unit_test extra/lsc_generator/test/unit_test/work extra/lsc_generator/test/unit_test/work/input extra/lsc_generator/test/unit_test/work/input/Nasl extra/lsc_generator/test/unit_test/work/input/advisories
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Mon Feb 2 12:45:19 CET 2009
Author: chandra
Date: 2009-02-02 12:45:16 +0100 (Mon, 02 Feb 2009)
New Revision: 2359
Added:
trunk/openvas-plugins/extra/lsc_generator/lsc_unit_test.py
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/__init__.py
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_generate_script.py
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_lscgenerator.py
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_mantisreporter.py
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_record_id.py
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_sanity_test.py
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_suse.py
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_utils.py
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/2008_34_firefox.html
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Nasl/
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Nasl/gb_suse_2008_034.nasl
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Nasl/pkg-lib-rpm.inc
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Nasl/revisions-lib.inc
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Suse.template
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/advisories.html
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/advisories/
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/advisories/2008_34_firefox.html
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/firefox.html
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/id_file.pickle
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/id_file1.pickle
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/lsc1.conf
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/temp.txt
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/test.txt
trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/output/
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/extra/lsc_generator/LSCGenerator.py
trunk/openvas-plugins/extra/lsc_generator/README
trunk/openvas-plugins/extra/lsc_generator/common/generate_script.py
trunk/openvas-plugins/extra/lsc_generator/common/record_id.py
trunk/openvas-plugins/extra/lsc_generator/common/utils.py
trunk/openvas-plugins/extra/lsc_generator/lsc.conf
trunk/openvas-plugins/extra/lsc_generator/parser/suse.py
trunk/openvas-plugins/extra/lsc_generator/report/mantisreporter.py
trunk/openvas-plugins/extra/lsc_generator/test/sanity_test.py
Log:
Integration of mantis report feature, unit testing modules, bug fixes and enhancements
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/ChangeLog 2009-02-02 11:45:16 UTC (rev 2359)
@@ -1,4 +1,47 @@
2009-02-02 Chandrashekhar B <bchandra at secpod.com>
+ * extra/lsc_generator/LSCGenerator.py,
+ extra/lsc_generator/test/sanity_test.py,
+ extra/lsc_generator/common/record_id.py,
+ extra/lsc_generator/common/generate_script.py,
+ extra/lsc_generator/common/utils.py,
+ extra/lsc_generator/report/mantisreporter.py,
+ extra/lsc_generator/parser/suse.py,
+ extra/lsc_generator/README,
+ extra/lsc_generator/lsc.conf:
+ Added Mantis integration support, bug fixes and enhancements
+
+ * extra/lsc_generator/test/unit_test,
+ extra/lsc_generator/test/unit_test/test_record_id.py,
+ extra/lsc_generator/test/unit_test/work,
+ extra/lsc_generator/test/unit_test/work/input,
+ extra/lsc_generator/test/unit_test/work/input/id_file.pickle,
+ extra/lsc_generator/test/unit_test/work/input/id_file1.pickle,
+ extra/lsc_generator/test/unit_test/work/input/temp.txt,
+ extra/lsc_generator/test/unit_test/work/input/2008_34_firefox.html,
+ extra/lsc_generator/test/unit_test/work/input/firefox.html,
+ extra/lsc_generator/test/unit_test/work/input/lsc1.conf,
+ extra/lsc_generator/test/unit_test/work/input/advisories,
+ extra/lsc_generator/test/unit_test/work/input/advisories/2008_34_firefox.html,
+ extra/lsc_generator/test/unit_test/work/input/Suse.template,
+ extra/lsc_generator/test/unit_test/work/input/advisories.html,
+ extra/lsc_generator/test/unit_test/work/input/Nasl,
+ extra/lsc_generator/test/unit_test/work/input/Nasl/gb_suse_2008_034.nasl,
+ extra/lsc_generator/test/unit_test/work/input/Nasl/pkg-lib-rpm.inc,
+ extra/lsc_generator/test/unit_test/work/input/Nasl/revisions-lib.inc,
+ extra/lsc_generator/test/unit_test/work/input/test.txt,
+ extra/lsc_generator/test/unit_test/work/output,
+ extra/lsc_generator/test/unit_test/test_generate_script.py,
+ extra/lsc_generator/test/unit_test/test_mantisreporter.py,
+ extra/lsc_generator/test/unit_test/test_suse.py,
+ extra/lsc_generator/test/unit_test/test_utils.py,
+ extra/lsc_generator/test/unit_test/__init__.py,
+ extra/lsc_generator/test/unit_test/test_sanity_test.py,
+ extra/lsc_generator/test/unit_test/test_lscgenerator.py,
+ extra/lsc_generator/lsc_unit_test.py:
+ LSC Generator unit test modules
+
+
+2009-02-02 Chandrashekhar B <bchandra at secpod.com>
* scripts/secpod_mw6_barcode_bof_vuln.nasl,
scripts/secpod_tvp_bof_vuln.nasl,
scripts/secpod_tvp_detect.nasl,
Modified: trunk/openvas-plugins/extra/lsc_generator/LSCGenerator.py
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/LSCGenerator.py 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/LSCGenerator.py 2009-02-02 11:45:16 UTC (rev 2359)
@@ -63,13 +63,14 @@
""" Initialize configuration reader """
self.cwd = os.getcwd()
+ self.mantis_obj = None
self.config = ConfigParser.ConfigParser()
if(debug):
print "Current Working Dir : ", self.cwd
def setUp(self, path):
- """ Create intitial required setup"""
+ """ Create initial required setup"""
self._createDir(path)
self.idfile_path = path + 'IdCache/'
@@ -94,65 +95,136 @@
os.mkdir(path)
- def sanityTestSetUp(self, build_path, debug):
+ def _readConfAndGetBuildPath(self, debug=0):
+ """ Read the build path from config file """
try:
- ## get plugin path
+ ## Reading from Configuration file
+ ConfigFile = os.path.join(self.cwd, config_file)
+ if debug:
+ print 'Config file path : ', ConfigFile
+
+ config_open = open(ConfigFile, 'r+')
+ self.config.readfp(config_open)
+
+ ## Read and Set build path
+ build_path = ''
+ build_path = self.config.get('common', 'build_path').strip()
+ if not build_path:
+ build_path = self.cwd
+
+ if not build_path.endswith('/'):
+ build_path = build_path + '/'
+
+ return build_path
+
+ except Exception , msg:
+ print "Exception in : LSCGenerator -> "+ \
+ "_readConfAndGetBuildPath() method"
+ print "Error in reading build path...", msg
+ sys.exit(msg)
+
+
+ def _sanityTestSetUp(self, sanity_test_obj, debug=0):
+ """ Read and set required attributes for Sanity test"""
+ try:
+
+ build_path = self._readConfAndGetBuildPath(debug)
+ ## Create Required Dir
self._createDir(build_path + 'sanity_test')
self._createDir(build_path + 'sanity_test/plugins/')
+
+ ## Read Sanity test config paths
openvas_plugin_path = self.config.get('test', \
'openvas_plugin_path').strip()
openvas_bin_path = self.config.get('test', \
'openvas_bin_path').strip()
+
+ if not (openvas_plugin_path or openvas_bin_path):
+ print "test section Config Values are missing."
+
+ os_list = self._object_map.keys()
+
+ ## Set Attributes
+ setattr(sanity_test_obj, 'cwd', self.cwd)
+ setattr(sanity_test_obj, 'build_path', build_path)
+ setattr(sanity_test_obj, 'os_list', os_list)
+ setattr(sanity_test_obj, 'openvas_plugin_path',openvas_plugin_path)
+ setattr(sanity_test_obj, 'openvas_bin_path', openvas_bin_path)
+
+ except Exception, msg:
+ print "Exception in : LSCGenerator -> _sanityTestSetUp() method"
rm_cmd = 'rm -rf ' + build_path + 'sanity_test'
+ commands.getoutput(rm_cmd)
+ sys.exit(msg)
+
+
+ def _performSanityTest(self, sanity_test_obj, debug=0):
+ """ Perform Sanity Test, by compiling the scripts """
+ try:
+ build_path = self._readConfAndGetBuildPath(debug)
if debug:
print "####################################################################"
print "Performing sanity test..."
- if openvas_plugin_path and openvas_bin_path:
- ## check for script errors, by compileing them
- msg = sanity_test.compileScripts(self.cwd, build_path, \
- self._object_map.keys(), openvas_plugin_path, \
- openvas_bin_path, debug)
- if msg:
- print msg
- else:
- print "test section Config Values are missing."
+ ## check for script errors, by compileing them
+ msg = sanity_test_obj.compileScripts(debug)
+ if msg:
+ print msg
if debug:
print "Sanity test complete."
print "####################################################################"
+ ## Remove command
+ rm_cmd = 'rm -rf ' + build_path + 'sanity_test'
+
##Clean Up
commands.getoutput(rm_cmd)
except Exception, msg:
- print "Exception in : LSCGenerator -> sanityTestSetUp() method"
+ print "Exception in : LSCGenerator -> _performSanityTest() method"
+ rm_cmd = 'rm -rf ' + build_path + 'sanity_test'
commands.getoutput(rm_cmd)
sys.exit(msg)
+ def _mantisReportSetUp(self, debug=0):
+ """ Read and Set Attributes for Creating Mantis Report. """
+ try:
+ if debug:
+ print "Getting mantis config vaule..."
+
+ conf_sec = 'mantis'
+ host = self.config.get(conf_sec, 'db_host').strip()
+ db_name = self.config.get(conf_sec, 'dbname').strip()
+ mysql_passwd = self.config.get(conf_sec, 'mysql_passwd').strip()
+ project_name = self.config.get(conf_sec, 'project_name').strip()
+ mysql_user_name = self.config.get(conf_sec, 'mysql_user').strip()
+ mantis_user_name = self.config.get(conf_sec, 'mantis_user').strip()
+
+ if debug:
+ print "Setting mantis attributes for mantis task creation..."
+
+ setattr(self.mantis_obj, 'host', host)
+ setattr(self.mantis_obj, 'db_name', db_name)
+ setattr(self.mantis_obj, 'mysql_passwd', mysql_passwd)
+ setattr(self.mantis_obj, 'project_name', project_name)
+ setattr(self.mantis_obj, 'mysql_user_name', mysql_user_name)
+ setattr(self.mantis_obj, 'mantis_user_name', mantis_user_name)
+
+ except Exception, msg:
+ print "Exception in : LSCGenerator -> _mantisReportSetUp() method"
+ sys.exit(msg)
+
+
def execute(self, debug=0):
""" Based on the 'generate' config value, generate() is invoked
with the right parser object.
"""
try:
- ## Reading from Configuration file
- ConfigFile = os.path.join(self.cwd, config_file)
- if debug:
- print 'Config file path : ', ConfigFile
+ ## Get Build Path
+ build_path = self._readConfAndGetBuildPath(debug)
- config_open = open(ConfigFile, 'r+')
- self.config.readfp(config_open)
-
- ## Get the list of Operating Systems for which LSC have to
- ## be developed
- build_path = self.config.get('common', 'build_path').strip()
- if not build_path:
- build_path = self.cwd
-
- if not build_path.endswith('/'):
- build_path = build_path + '/'
-
if debug:
print "Everyting will be generated in the Path : ", build_path
@@ -171,11 +243,25 @@
return 0
genList = genList.split(',')
+ ## Create Mantis task, If enabled
+ mantis_enabled = self.config.get('mantis', \
+ 'generate_mantis_report').strip()
+ mantis_enabled = mantis_enabled.strip().title()
+
except Exception, msg:
print 'Config ERROR: (%s), Check %s Conf file' %(msg, config_file)
sys.exit(msg)
try:
+ ## Create mantis task, If mantis_enabled is Yes
+ if mantis_enabled == 'Yes':
+ ## Create Object of MantisReporter
+ from report import mantisreporter
+ self.mantis_obj = mantisreporter.MantisReporter()
+
+ ## Read conf and set the variables for future use.
+ self._mantisReportSetUp(debug)
+
## Invoke the generate(), passing the parser object
for parser_ref in genList:
if not parser_ref:
@@ -211,7 +297,9 @@
sanity = 'No'
if sanity.title() == 'Yes':
- self.sanityTestSetUp(build_path, debug)
+ sanity_test_obj = sanity_test.SanityTest()
+ self._sanityTestSetUp(sanity_test_obj, debug)
+ self._performSanityTest(sanity_test_obj, debug)
except Exception, msg:
print "Exception in : LSCGenerator -> execute() method"
@@ -269,17 +357,18 @@
## Retrieve HTML, if not present in cache
if debug:
print "#######################################################################"
- print "Fetching HTML advisories"
+ print "Fetching HTML advisories"
parse.fetchHTML(year, debug)
-
+
if debug:
print "Advisory fetching complete"
- print "#######################################################################"
+ print "#######################################################################"
for cache_file in os.listdir(html_cache):
if debug:
print "#####################################################################"
- print "Parsing the cached file and generating the check for " + cache_file
+ print "Parsing the cached file and generating the check"+\
+ " for " + cache_file
link_id = cache_file.split('.')[0]
## Get New script ID
@@ -304,9 +393,9 @@
%(new_id, 'gb_'+ link_id + '.nasl')
## Generate the final code
+ reference = main_url + cache_file
final_template = generator.generateCode(read_template, \
- str(new_id), main_url + cache_file,\
- debug)
+ str(new_id), reference, debug)
## If Packages(self.parse.Packages) is empty
if not final_template:
continue
@@ -320,11 +409,59 @@
## Record the New Script ID
RecordID.recordID(new_id, link_id, debug)
-
+
if debug:
print "Generated the check " + file_name
print "#############################################################"
+ ## Create mantis task
+ if self.mantis_obj:
+ ## Create Mantis Task, If it's not created earlier.
+ pic_file_name = self.cwd + "/report/mantis_id.pickle"
+ file_id_dict = utils.loadPickle(pic_file_name, debug)
+ if file_id_dict:
+ if file_id_dict.has_key(file_name):
+ if debug:
+ print "Mantis Task is already created : ", \
+ file_name
+ print "#############################################################"
+ continue
+ else:
+ file_id_dict = {}
+
+ if debug:
+ print "Creating the Mantis Task " + file_name
+ print "#############################################################"
+
+ if parse.CVEs:
+ cves = "\n CVES Are : %s \n" % parse.CVEs
+ else:
+ cves = "\n CVES Not Present \n"
+
+ script_id = ' Script ID : %s \n' % new_id
+ script_name = ' Script Name : %s \n' % file_name
+ script_advid = ' Advisories ID : %s \n' % parse.AdvID
+ script_ref = ' Reference : %s \n' % reference
+
+ aditional_info = script_id + script_name + script_advid + \
+ cves + script_ref
+ description = parse.Description.strip()
+ summary = parse.Name
+
+ ## Set the attributes for mantis task creation
+ setattr(self.mantis_obj, 'summary', summary)
+ setattr(self.mantis_obj, 'description', description)
+ setattr(self.mantis_obj, 'aditional_info', aditional_info)
+
+ ## Create mantis task.
+ mantis_id = self.mantis_obj.execute(debug)
+ if mantis_id:
+ file_id_dict[file_name] = mantis_id
+ utils.dumpPickle(file_id_dict, pic_file_name)
+ else:
+ if debug:
+ print "Mantis Task is not created for : ",file_name
+
## Dump the recorded ID's to serialized cache
RecordID.recordFinal(debug)
@@ -343,7 +480,10 @@
print "\nSpecify --help, to get help"
print "Specify --verbose, to run in debug mode."
+ print "Specify --sanity, to perform only sanity test."
+ print "Specify --sanity --verbose, to perform only sanity test in debug mode."
+
def commonMsg():
print "#############################################################################"
print "You are Running LSC Generator Framework."
@@ -351,26 +491,39 @@
print "For ex: SUSE Security Advisory, Fedora Security Advisory etc"
print "#############################################################################"
-try:
+
+if __name__ == '__main__':
try:
- import getopt
- opts,args = getopt.getopt(sys.argv[1:], '', \
- ['verbose', 'help'])
- except getopt.error, msg:
- print 'Valid options are : (--help and --verbose)'
- sys.exit('Exiting')
-
- for opt,arg in opts:
- if opt == '--help':
- helpMsg()
+ try:
+ import getopt
+ opts,args = getopt.getopt(sys.argv[1:], '', \
+ ['verbose', 'help', 'sanity'])
+ except getopt.error, msg:
+ print 'Valid options are : (--help , --verbose and --sanity)'
sys.exit('Exiting')
- if opt == '--verbose':
- debug = 1
- commonMsg()
- print "Running in verbose mode ..."
- lsc_Obj = LSCGenerator(debug)
- lsc_Obj.execute(debug)
+ sanity_only = False
+ for opt,arg in opts:
+ if opt == '--help':
+ helpMsg()
+ sys.exit('Exiting...')
+ if opt == '--verbose':
+ debug = 1
+ commonMsg()
+ print "Running in verbose mode ..."
+ if opt == '--sanity':
+ sanity_only = True
-except Exception, msg:
- print "Message :", msg
+ lsc_Obj = LSCGenerator(debug)
+ ## Perform only sanity test
+ if sanity_only:
+ print "#################################################################"
+ print "Preparing to perform sanity test..."
+ sanity_test_obj = sanity_test.SanityTest()
+ lsc_Obj._sanityTestSetUp(sanity_test_obj, debug)
+ lsc_Obj._performSanityTest(sanity_test_obj, debug)
+ else:
+ lsc_Obj.execute(debug)
+
+ except Exception, msg:
+ print "Message :", msg
Modified: trunk/openvas-plugins/extra/lsc_generator/README
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/README 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/README 2009-02-02 11:45:16 UTC (rev 2359)
@@ -1,6 +1,12 @@
The Local Security Check Automation Framework is a tool to generate NVT's
-based on the advisories published by *nix Operating System vendors.
+based on the advisories published by *nix Operating System vendors. The
+following features are currently supported,
+- Auto generation of NASL scripts based on vendor advisories
+- Integration into Mantis bug tracker to report all the generated scripts
+ for further QA processes.
+- Sanity testing of the generated NASL scripts
+
Currently it supports NVT generation for,
- All flavours of SUSE
@@ -19,6 +25,7 @@
| |-- record_id.py - Script ID management
| `-- utils.py - utility functions
|-- lsc.conf - Configuration file
+|-- lsc_unit_test.py - Unit Test runner
|-- parser
| |-- __init__.py
| `-- suse.py - SUSE advisory parser
@@ -30,12 +37,38 @@
`-- test - Unit and sanity testing
|-- __init__.py
`-- sanity_test.py - Sanity test module
+ `-- unit_test - Unit test modules
+ |-- __init__.py
+ |-- test_generate_script.py
+ |-- test_lscgenerator.py
+ |-- test_mantisreporter.py
+ |-- test_record_id.py
+ |-- test_sanity_test.py
+ |-- test_suse.py
+ |-- test_utils.py
+ `-- work - Workspace for unit test
+ |-- input
+ `-- output
+############################################################################
+ Dependencies
+############################################################################
+1. MySQLdb (Optional) - Interface for Python and MySQL. This is being used for
+ integrating into Mantis Bug Tracker to report all the generated scripts as
+ tasks in Mantis. It can be downloaded from,
+ http://sourceforge.net/projects/mysql-python
+ Follow the instructions as in the package to install.
+
+2. PyUnit (Optional) - Perform Unit Testing. It can be downloaded from,
+ http://sourceforge.net/projects/pyunit/
+ Follow the instructions as in the package to install.
+
#############################################################################
How to run?
#############################################################################
+LSCGenerator:
1. Update lsc.conf. Refer to the inline documentation for lsc.conf
2. chmod +x ./LSCGenerator.py
(only once to make the script executable)
@@ -43,7 +76,15 @@
(it may take a long time, please add paramter --verbose to watch progress)
The NVT's will be generated and saved to the specified folder in under
build_dir in lsc.conf
+4. Additionally,
+ - ./LSCGenerator --help provides necessary help to run the tool
+ - ./LSCGenerator --sanity performs sanity test only
+ - ./LSCGenerator --verbose runs in Debug mode
+Unit Test:
+1. chmod +x lsc_unit_test.py
+ (only once to make the script executable)
+2. Run ./lsc_unit_test
##############################################################################
How to implement a new parser?
@@ -73,4 +114,15 @@
- Some SUSE advisories require login credentials, those aren't considered for
generation
+##############################################################################
+ Revision Log
+##############################################################################
+Revision 1.0:
+- LSC Generator framework with parser for OpenSUSE
+Revision 1.1:
+- Parser for all versions of SUSE including SUSE Enterprise
+- Integration with Mantis for task management purpose
+- Sanity testing of the generated NASL plugins
+- Unit test modules
+- Bug fixes and enhancements
Modified: trunk/openvas-plugins/extra/lsc_generator/common/generate_script.py
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/common/generate_script.py 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/common/generate_script.py 2009-02-02 11:45:16 UTC (rev 2359)
@@ -61,32 +61,6 @@
return(if_close)
- def _getRPMVer(self, rpm):
- rel = ''
- flag = 0
-
- rpm = rpm[::-1]
- for i in rpm:
- if i == '-' or i == '_':
- rel = rel + i
- if flag:
- break
- flag = 1
- continue
- if i == '.':
- rel = rel + i
- continue
- if i.isdigit():
- rel = rel + i
- else:
- break
-
- rpm = ''
- if rel:
- rpm = rel[::-1].lstrip('_').lstrip('-')
-
- return rpm
-
def generateRPMCheck(self, parse, platform, debug = 0):
"""
Generates RPM verifying code
@@ -99,12 +73,13 @@
print "Generating RPM Code..."
for rpm in parse.Packages[platform]:
- release = self._getRPMVer(rpm)
+ release = re.findall("(?<=-|_)\d+\.\d+.*", rpm)
if not release:
if debug:
print "Didn't find version information for RPM: ", rpm
continue
+ release = release[0]
package = rpm.replace(release, '')
package = package.rstrip('-').rstrip('_')
@@ -147,14 +122,21 @@
}
- def _truncateDescription(self, description):
+ def _truncateDescription(self, debug=0):
"""
Truncate the description, if it's too long and append message
"""
- if len(description) > 2816:
- description = description[0:2304]
+ full_desc = self.parse.Description + self.parse.Impact + \
+ self.parse.Platforms + self.parse.Product
+ if len(full_desc) > 2848:
+ trun_len = len(self.parse.Description) - (len(full_desc) - 2660)
+ description = self.parse.Description[0:trun_len]
description += " ... \n\n Description truncated, for more " +\
"information please check the Reference URL"
+ if debug:
+ print "Description Truncated..."
+ else:
+ description = self.parse.Description
return description
@@ -217,7 +199,7 @@
template = string.replace(template, i, "")
## Truncating description, if it's too long.
- description = self._truncateDescription(self.parse.Description)
+ description = self._truncateDescription(debug)
## Replace all "__" Veriables in the template with the parsed content
Modified: trunk/openvas-plugins/extra/lsc_generator/common/record_id.py
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/common/record_id.py 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/common/record_id.py 2009-02-02 11:45:16 UTC (rev 2359)
@@ -26,6 +26,7 @@
import sys
import pickle
+import utils
## Read, write pickle object file and Get, Set the Script ID
@@ -51,21 +52,26 @@
try:
## Read and validate pickle object file
- self.pickle_id_dict = self.pickleLoad(self.id_file, debug)
+ self.pickle_id_dict = utils.loadPickle(self.id_file, debug)
- except Exception:
- ## Regenerate proper pickle object file, if it deleted or altered
- if debug:
- print "\t IDFile and scripts are getting regenerated ...\n"
+ if not self.pickle_id_dict:
+ self.pickle_id_dict = {}
+ ## Regenerate proper pickle object file, if it deleted or altered
+ if debug:
+ print "\t IDFile and scripts are getting regenerated ...\n"
- file_handle = open(self.id_file, 'w+')
- self.pickle_id_dict['startID'] = int(self.start_id) - 1
- file_handle.close()
+ file_handle = open(self.id_file, 'w+')
+ self.pickle_id_dict['startID'] = int(self.start_id) - 1
+ file_handle.close()
- if(debug):
- print 'ID Dictonary Contains : ', self.pickle_id_dict
+ if(debug):
+ print 'ID Dictonary Contains : ', self.pickle_id_dict
+ except Exception, msg:
+ print "Exception in : idrecorder -> __init__() method"
+ sys.exit(msg)
+
def recordFinal(self, debug=0):
"""
Write pickle object to file
@@ -73,19 +79,9 @@
if debug:
print "Caching the Script ID's to file..."
- pickle.dump(self.pickle_id_dict, open(self.id_file,'w'))
+ utils.dumpPickle(self.pickle_id_dict, self.id_file, debug)
- def pickleLoad(self, id_file, debug=0):
- """
- Load pickle object from file
- """
-
- if debug:
- print "Reading Object from a file (UnPickling)"
- return pickle.load(open(id_file, 'r'))
-
-
def recordID(self, new_id, link_id, debug=0):
"""
Record script id, given the newid and linkid
Modified: trunk/openvas-plugins/extra/lsc_generator/common/utils.py
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/common/utils.py 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/common/utils.py 2009-02-02 11:45:16 UTC (rev 2359)
@@ -27,6 +27,7 @@
import os
import sys
import urllib
+import pickle
def readFile(filename, debug=0, lines=0):
@@ -143,13 +144,13 @@
i = i.replace(j, '')
striped_list.append(i)
elif type(strip_val) == str:
- for j in strip_list:
- striped_list.append(j.strip(strip_val))
+ for i in strip_list:
+ striped_list.append(i.replace(strip_val, ''))
return striped_list
-def getHTMLCon(url):
+def getHTMLCon(url, debug=0):
"""
Returns Contents, Given URL
"""
@@ -162,3 +163,26 @@
return data
+def loadPickle(file_name, debug=0):
+ """
+ Load pickle file, given path
+ """
+ if not file_name:
+ return None
+ try:
+ return pickle.load(open(file_name, 'r'))
+ except Exception, msg:
+ return None
+
+
+def dumpPickle(data, file_name, debug=0):
+ """
+ Dump object into the file
+ """
+ try:
+ pickle.dump(data, open(file_name, 'w'))
+ return True
+ except Exception, msg:
+ return False
+
+
Modified: trunk/openvas-plugins/extra/lsc_generator/lsc.conf
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/lsc.conf 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/lsc.conf 2009-02-02 11:45:16 UTC (rev 2359)
@@ -4,7 +4,7 @@
# Authors:
# Veerendra GG <veerendragg at secpod.com>
#
-# Revision 1.0
+# Revision 1.1
# Date: 2009/01/15
#
# Copyright:
@@ -26,32 +26,46 @@
##### Documentation #####
-
+#
+#
+# [mantis] - Mantis Reporting
+# generate_mantis_report = Yes or No. The generated scripts will be reported
+# in Mantis if Yes.
+#
+# db_host = The IP Address of the MySQL DB
+#
+# mysql_user = MySQL User with write permission to Mantis DB
+#
+# mysql_passwd = Password
+#
+# mantis_user = Mantis reporter User ID. This is only for reporting purpose
+# and no login is performed.
+#
+# project_name = Mantis Project Name
+#
+# dbname = Mantis DB Name
+#
+#
# [common]
# generate: List of Operating Systems for which local security checks to be
-# developed,
-# Example: SUSE,Fedora,Debian,Gentoo
-
-# [common]
+# developed, Example: SUSE,Fedora,Debian,Gentoo
+#
# build_path: Path where idfile, directory, htmlcache will be built.
# If it's empty, it builds in current directory.
-
-# idfile: Path where all the Script ID's that are used will be cached.
-# directory: Path where generated NVT's will be saved.
-# htmlcache: Path where the HTML advisories downloaded are cached.
-
+#
+#
# [test]
# sanity_test: Yes, Local Security Checks will be tested for
# compilation errors i.e openvas-nasl -pLX gb_2008_001.nasl
-
-# [test]
+#
# openvas_plugin_path: OpenVAS Plugins path, to copy necessary
# files for compilation e.g: /usr/local/lib/openvas/plugins
-
-# [test]
+#
# openvas_bin_path: OpenVAS bin path
# eg: /usr/local/bin/openvas-nasl
-
+#
+#
+# Individual OS section
# startid: Starting ID for Script ID (script_id() in NVT's). Do not
# assign already used Script ID.
@@ -65,6 +79,16 @@
# Directory.
+[mantis]
+generate_mantis_report = Yes
+db_host = 172.17.1.109
+mysql_user = test
+mysql_passwd = test
+mantis_user = administrator
+project_name = LSC
+dbname = mantis
+
+
[common]
generate = Suse ,
build_path = ./build
Added: trunk/openvas-plugins/extra/lsc_generator/lsc_unit_test.py
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/lsc_unit_test.py 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/lsc_unit_test.py 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,26 @@
+#!/usr/bin/python
+
+
+import unittest
+from test.unit_test import *
+
+## Create Test Suite
+suse_test_suite = unittest.makeSuite(test_suse.SuseParserTestCase ,'test')
+utils_test_suite = unittest.makeSuite(test_utils.UtilsTestCase ,'test')
+id_record_test_suite = unittest.makeSuite(test_record_id.IDRecorderTestCase ,'test')
+sanity_test_suite = unittest.makeSuite(test_sanity_test.SanityTestCase ,'test')
+generate_test_suite = unittest.makeSuite(test_generate_script.GenerateScriptTestCase ,'test')
+mantisreporter_test_suite = unittest.makeSuite(test_mantisreporter.MantisReporterTestCase ,'test')
+lsc_test_suite = unittest.makeSuite(test_lscgenerator.LSCGeneratorTestCase ,'test')
+
+
+## Incert into Test Suite into Test Suite List
+test_suite_list = [suse_test_suite, utils_test_suite, id_record_test_suite,
+ sanity_test_suite, generate_test_suite, mantisreporter_test_suite,
+ lsc_test_suite]
+
+runner = unittest.TextTestRunner()
+
+## Test all Test Suite
+for test_suite in test_suite_list:
+ runner.run(test_suite)
Property changes on: trunk/openvas-plugins/extra/lsc_generator/lsc_unit_test.py
___________________________________________________________________
Name: svn:executable
+ *
Modified: trunk/openvas-plugins/extra/lsc_generator/parser/suse.py
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/parser/suse.py 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/parser/suse.py 2009-02-02 11:45:16 UTC (rev 2359)
@@ -36,27 +36,33 @@
## Supported SUSE OSes for parsing. The value is as used in gather-package-list.nasl
## to set "ssh/login/release"
os_map = {
+
'openSUSE 10.1' : 'openSUSE10.1',
'openSUSE 10.2' : 'openSUSE10.2',
'openSUSE 10.3' : 'openSUSE10.3',
'openSUSE 11.0' : 'openSUSE11.0',
'openSUSE 11.1' : 'openSUSE11.1',
- 'SUSE Linux Enterprise Desktop 10 SP1' : 'SLESDk10SP1',
- 'SUSE Linux Enterprise Desktop 10 SP2' : 'SLESDk10SP2',
- 'SuSE Linux Enterprise Server 8' : 'SLESSr8',
+
'SUSE SLES 9' : 'SLES9',
+ 'SUSE SLED 10': 'SLED10',
+ 'SUSE SLES 10' : 'SLES10',
+ 'SUSE LINUX 10.1' : 'SL10.1',
+ 'Novell Linux POS 9' : 'NLPOS9',
+ 'SLE SDK 10 SP1' : 'SLESDK10SP1',
+ 'SLE SDK 10 SP2' : 'SLESDK10SP2',
+ 'SUSE SLE 10 DEBUGINFO':'SLEDe10',
+ 'Novell Linux Desktop 9' : 'NLDk9',
+ 'Novell Linux Desktop 9 SDK' : 'NLDk9SDK',
+
'Open Enterprise Server' : 'OES',
+ 'SuSE Linux Enterprise Server 8' : 'SLESSr8',
'SUSE Linux Enterprise Server 10 SP1' : 'LES10SP1',
'SUSE Linux Enterprise Server 10 SP2' : 'LES10SP2',
- 'Novell Linux Desktop 9' : 'NLDk9',
- 'Novell Linux POS 9' : 'NLPOS9',
- 'SLE SDK 10 SP1' : 'SLESDK10SP1',
- 'SLE SDK 10 SP2' : 'SLESDK10SP2',
+ 'SUSE Linux Enterprise Desktop 10 SP1' : 'SLESDk10SP1',
+ 'SUSE Linux Enterprise Desktop 10 SP2' : 'SLESDk10SP2',
'SUSE Linux Enterprise 10 SP2 DEBUGINFO' : 'SLEDe10SP2',
+ 'SUSE Linux Enterprise Server RT Solution 10' : 'SLESRTSol10',
- 'SUSE Linux Enterprise Server RT Solution 10' : 'SLESRTSol10',
- 'SUSE LINUX 10.1' : 'SL10.1',
- 'Novell Linux Desktop 9 SDK' : 'NLDk9SDK',
}
## Strips these from strip list
Modified: trunk/openvas-plugins/extra/lsc_generator/report/mantisreporter.py
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/report/mantisreporter.py 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/report/mantisreporter.py 2009-02-02 11:45:16 UTC (rev 2359)
@@ -5,9 +5,10 @@
# Veerendra GG <veerendragg at secpod.com>
#
# Revision 1.0
+# Date Written: 01/23/2009
#
# Copyright:
-# Copyright (c) 2008 SecPod , http://www.secpod.org
+# Copyright (c) 2009 SecPod , http://www.secpod.org
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
@@ -23,15 +24,177 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+import sys
+import MySQLdb
-## This is a dummy module
-
class MantisReporter:
-"""
-Report the generated NVT as a task in Mantis
-"""
+ """
+ Report the generated NVT as a task in Mantis
+ """
- return None
+ def __init__(self):
+ self.host = ''
+ self.db_name = ''
+ self.mysql_passwd = ''
+ self.mysql_user_name = ''
+ self.mantis_user_name = ''
+ self.summary = ''
+ self.description = ''
+ self.project_name = ''
+ self.aditional_info = ''
+ self.conn = None
+ self.cursor = None
+ self.category = 'new'
+ self.steps_to_reproduce = ""
+ # status constant values = '10:new, 20:feedback, 30:acknowledged,
+ # 40:confirmed, 50:assigned, 80:resolved,
+ # 90:closed'
+ self.status = 30
+
+ # severity constant values = '10:none, 20:low, 30:medium, 40:high,
+ # 50:critical'
+ self.severity = 50
+
+
+ def _closeDbConn(self, debug=0):
+ """ Closing database connection
+ """
+ if self.cursor:
+ if debug:
+ print "Closing Cursor..."
+ self.cursor.close()
+ self.cursor = None
+
+ if self.conn:
+ if debug:
+ print "Closing Connection..."
+ self.conn.close()
+ self.conn = None
+
+
+ def _openDbConn(self, debug=0):
+ """ Establish a mysql database connection
+ """
+
+ if not self.host:
+ self.host = 'localhost'
+
+ if not (self.mysql_user_name and self.mysql_passwd and self.db_name):
+ print "Required vaules are missing, to connect to database"
+ sys.exit(0)
+
+ if not self.conn:
+ try:
+ print "Creting Database connection"
+ self.conn = MySQLdb.connect(host = self.host, user=self.mysql_user_name,
+ passwd=self.mysql_passwd, db=self.db_name)
+
+ self.cursor = self.conn.cursor ()
+ except Exception, msg:
+ print "Failed to connect database"
+ sys.exit(msg)
+
+
+ def exec_query(self, query, only_execute=True, debug=0):
+ """ Execute query, if only_execute=False,
+ else execute query and fetchall()
+ """
+ if not self.conn:
+ # Open DB Conn
+ self._openDbConn(debug)
+
+ if debug:
+ print "executing query : \n(%s)" %(query)
+
+ ## Execute query
+ value = self.cursor.execute(query)
+ if not value:
+ return False
+ elif only_execute:
+ return value
+
+ if debug:
+ print "Fetching data..."
+
+ value = self.cursor.fetchall()
+
+ return value
+
+
+ def createMantisTask(self, debug=0):
+ """ Creates a mantis task in developemnt complete state
+ """
+ ## Insert description and additional info
+ query_string = "insert into mantis_bug_text_table (description, steps_to_reproduce, additional_information) values ('%s', '%s', '%s')" % (self.description.replace("'", "&qt"), self.steps_to_reproduce, self.aditional_info.replace("'", "&qt").replace('"', '&qt').replace("NULL", ""))
+
+ bug_text_id = self.exec_query(query_string, debug=debug)
+
+ bug_text_id = int(self.conn.insert_id())
+ if debug:
+ print "Generated Bug ID : ", bug_text_id
+
+ if not bug_text_id:
+ print "ERROR: bug_text_id is not found"
+ return False
+
+ ## Get user_id from mantis_user_table
+ only_execute = False
+ query_string = "select id from mantis_user_table where username='%s'" % self.mantis_user_name
+ user_id = self.exec_query(query_string, only_execute, debug)
+ if user_id:
+ user_id = user_id[0][0]
+ else:
+ print "ERROR: user_id is not found"
+ return False
+
+ ## Get project_id & category value from mantis_project_table
+ query_string = "select id from mantis_project_table where name='%s'" % self.project_name
+ project_id = self.exec_query(query_string, only_execute, debug)
+ if project_id:
+ project_id = project_id[0][0]
+ else:
+ print "ERROR: project_id are not found"
+ return False
+
+ import time
+ (year, month, date, hour, min, sec, a, b, c ) = time.localtime()
+ date_time = str(year) + "-" + str(month) + "-" + str(date) + " " + str(hour)+ ":" + str(min) + ":" + str(sec)
+ date_submitted = date_time
+ last_updated = date_time
+
+ ## Execute complete query
+ comp_query = "insert into %s (project_id, reporter_id, status, category, bug_text_id, summary, severity, date_submitted, last_updated) values (%s, %s, %s, '%s', %s, '%s', %s, '%s', '%s')" % ('mantis_bug_table', project_id, user_id, self.status, self.category, bug_text_id, self.summary, self.severity, date_submitted, last_updated)
+ if self.exec_query(comp_query, debug=debug):
+ return bug_text_id
+ else:
+ print "ERROR: Failed to insert a record"
+
+ return False
+
+
+ def execute(self, debug=0):
+ """ Creates database connection and creates mantis task
+ """
+ try:
+ mantis_id = self.createMantisTask(debug)
+
+ if mantis_id:
+ self.conn.commit()
+
+ self._closeDbConn(debug)
+
+ if mantis_id:
+ if debug:
+ print "Successfully created with mantis task ID : ", mantis_id
+ return mantis_id
+ else:
+ return False
+
+ except Exception, msg:
+ self._closeDbConn(debug)
+ print "Exception, while creating mantis task..."
+ sys.exit(msg)
+
Modified: trunk/openvas-plugins/extra/lsc_generator/test/sanity_test.py
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/sanity_test.py 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/sanity_test.py 2009-02-02 11:45:16 UTC (rev 2359)
@@ -30,60 +30,64 @@
import commands
-def compileScripts(cwd, build_path, os_list, openvas_plugin_path, \
- openvas_bin_path, debug=0):
- """ Copies required files and Compiles Local Security Checks
- generated by Local Security Check Generator
- """
- try:
- print "Compiling Local Security Check..."
- ## Path where all required files will be copied.
- test_dir = build_path + 'sanity_test/plugins/'
- if debug:
- print "(%s), where required file will be copied : " %(test_dir)
+class SanityTest:
- if not openvas_plugin_path.endswith('/'):
- openvas_plugin_path = openvas_plugin_path + '/'
- ## Required inc file
- req_files = [openvas_plugin_path + 'revisions-lib.inc',
- openvas_plugin_path + 'pkg-lib-rpm.inc']
+ def compileScripts(self, debug=0):
+ """ Copies required files and Compiles Local Security Checks
+ generated by Local Security Check Generator
+ """
+ try:
+ print "Compiling Local Security Check..."
+ ## Path where all required files will be copied.
+ test_dir = self.build_path + 'sanity_test/plugins/'
+ if debug:
+ print "(%s), where required file will be copied : " %(test_dir)
- for i in os_list:
- req_files.append(build_path + i.title() + '/*.nasl')
+ if not self.openvas_plugin_path.endswith('/'):
+ openvas_plugin_path = self.openvas_plugin_path + '/'
+ else:
+ openvas_plugin_path = self.openvas_plugin_path
- if debug:
- print "Copying all required files..."
+ ## Required inc file
+ req_files = [openvas_plugin_path + 'revisions-lib.inc',
+ openvas_plugin_path + 'pkg-lib-rpm.inc']
- ## Copy all files
- for file in req_files:
- cmd = 'cp ' + file + " " + test_dir
- err_msg = commands.getoutput(cmd)
- if err_msg:
- return err_msg
+ for i in self.os_list:
+ req_files.append(self.build_path + i.title() + '/*.nasl')
- try:
- os.chdir(test_dir)
- except Exception, msg:
- print "(%s) Path does not exists" %(test_dir)
- return msg
+ if debug:
+ print "Copying all required files..."
- if debug:
- print "Compiling Local Security Checks..."
+ ## Copy all files
+ for file in req_files:
+ cmd = 'cp ' + file + " " + test_dir
+ err_msg = commands.getoutput(cmd)
+ if err_msg:
+ return err_msg
- ## Compile all NASL scripts
- cmd = openvas_bin_path + ' -pLX ' + 'gb_*.nasl'
- err_msg = commands.getoutput(cmd)
- if err_msg:
- os.chdir(cwd)
- return err_msg
+ try:
+ os.chdir(test_dir)
+ except Exception, msg:
+ print "(%s) Path does not exists" %(test_dir)
+ return msg
- print "Successfully compiled Local Security Check..."
+ if debug:
+ print "Compiling Local Security Checks..."
- os.chdir(cwd)
- return None
+ ## Compile all NASL scripts
+ cmd = self.openvas_bin_path + ' -pLX ' + 'gb_*.nasl'
+ err_msg = commands.getoutput(cmd)
+ if err_msg:
+ os.chdir(self.cwd)
+ return err_msg
- except Exception, msg:
- print 'Exception in : test -> compile -> compileScripts() method'
- sys.exit(msg)
+ print "Successfully compiled Local Security Check..."
+
+ os.chdir(self.cwd)
+ return None
+ except Exception, msg:
+ print 'Exception in : test -> compile -> compileScripts() method'
+ sys.exit(msg)
+
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/__init__.py
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/__init__.py 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/__init__.py 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,7 @@
+import test_suse
+import test_utils
+import test_record_id
+import test_sanity_test
+import test_lscgenerator
+import test_mantisreporter
+import test_generate_script
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_generate_script.py
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_generate_script.py 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_generate_script.py 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,106 @@
+##############################################################################
+# Local Security Check Automation Framework
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Revision 1.0
+# Date: 2009/01/30
+#
+# Copyright:
+# Copyright (c) 2009 SecPod , http://www.secpod.org
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+import unittest
+from common import generate_script
+
+class GenerateScriptTestCase(unittest.TestCase):
+
+ ## Initial Set UP
+ generate_obj = generate_script.GenerateCode()
+ gen_nvt_obj = generate_script.GenerateNVTLocal()
+
+ ptr = open('./test/unit_test/work/input/2008_34_firefox.html', 'r')
+ desc = ptr.read()
+ ptr.close
+ import re
+ desc = re.findall('(?s)1\) Problem Description and Brief Discussion(.*)2\) Solution', desc)[0]
+
+ def test_generateReleaseCheck(self):
+ print "\nTesting Generate Script Test Suite ..."
+ req_out_put = '\nif(release == "openSUSE10.2")\n{\n'
+
+ release = 'openSUSE10.2'
+ out_put = self.generate_obj.generateReleaseCheck(release)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_generateClose(self):
+ req_out_put = '\n exit(0);\n}\n'
+
+ out_put = self.generate_obj.generateClose()
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_generateRPMCheck(self):
+ req_out_put = '\n if(isrpmvuln(pkg:"pcre-devel", rpm:"pcre-devel~6.4~14.12", rls:"SLE SDK 10 SP1"))\n {\n security_hole(0);\n exit(0);\n }\n\n if(isrpmvuln(pkg:"pcre", rpm:"pcre~6.4~14.12", rls:"SLE SDK 10 SP1"))\n {\n security_hole(0);\n exit(0);\n }\n'
+
+ Packages = {'SLE SDK 10 SP1' : ['pcre-devel-6.4-14.12','pcre-6.4-14.12'] }
+ platform = 'SLE SDK 10 SP1'
+ setattr(generate_script.GenerateCode, 'Packages', Packages)
+ out_put = self.generate_obj.generateRPMCheck(self.generate_obj, platform)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_truncateDescription(self):
+ req_out_put = '\n\n Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs\n including following security bugs.\n\n <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798">CVE-2008-2798</a> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799">CVE-2008-2799</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-21.html">MFSA 2008-21</a>:\n Mozilla developers identified and fixed several stability bugs in the\n browser engine used in Firefox and other Mozilla-based products. Some\n of these crashes showed evidence of memory corruption under certain\n circumstances and we presume that with enough effort at least some\n of these could be exploited to run arbitrary code.\n\n <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2800">CVE-2008-2800</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-22.html">MFSA 2008-22</a>:\n Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities\n which allow scripts from one document to be executed in the context\n of a different document. These vulnerabilities could be used by an\n attacker to violate the same-origin policy and perform an XSS attack.\n\n <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2801">CVE-2008-2801</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-23.html">MFSA 2008-23</a>:\n Security researcher Collin Jackson reported a series of vulnerabilities\n which allow JavaScript to be injected into signed JARs and executed\n under the context of the JAR\'s signer. This could allow an attacker\n to run JavaScript in a victim\'s browser with the privileges of a\n different website, provided the attacker possesses a JAR signed by\n the other website.\n\n <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802">CVE-2008-2802</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-24.html">MFSA 2008-24</a>:\n Mozilla contributor moz_bug_r_a4 reported a vulnerability that\n allowed non-privileged XUL documents to load chrome scripts from\n the fastload file. This could allow an attacker to run arbitrary\n JavaScript code with chrome privileges.\n\n <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803">CVE-2008-2803</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-25.html">MFSA 2008-25</a>:\n Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows\n arbitrary JavaScript to be executed with chrome privileges. The\n privilege escalation was possible because JavaScript loaded via\n mozIJSSubScriptLoader.loadSubScript() was no ... \n\n Description truncated, for more information please check the Reference URL'
+
+ setattr(generate_script.GenerateNVTLocal, 'parse', self.gen_nvt_obj)
+ setattr(generate_script.GenerateNVTLocal, 'Description', self.desc)
+ setattr(generate_script.GenerateNVTLocal, 'Impact', 'My Unit Test Impact')
+ setattr(generate_script.GenerateNVTLocal, 'Platforms', 'SLE SDK 10 SP1')
+ setattr(generate_script.GenerateNVTLocal, 'Product', 'Fire Fox')
+ out_put = self.gen_nvt_obj._truncateDescription(self.desc)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_generateCode(self):
+ req_out_put = '###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for Fire Fox CVE-10101\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_id(10000);\n script_version("$Revision: 1.0 $");\n script_xref(name: "S", value: "U");\n script_cve_id("CVE-10101");\n script_name(english: "SuSE Update for Fire Fox CVE-10101");\n desc["english"] = "\n\n Vulnerability Insight:\n\n\n Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs\n including following security bugs.\n\n <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798">CVE-2008-2798</a> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799">CVE-2008-2799</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-21.html">MFSA 2008-21</a>:\n Mozilla developers identified and fixed several stability bugs in the\n browser engine used in Firefox and other Mozilla-based products. Some\n of these crashes showed evidence of memory corruption under certain\n circumstances and we presume that with enough effort at least some\n of these could be exploited to run arbitrary code.\n\n <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2800">CVE-2008-2800</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-22.html">MFSA 2008-22</a>:\n Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities\n which allow scripts from one document to be executed in the context\n of a different document. These vulnerabilities could be used by an\n attacker to violate the same-origin policy and perform an XSS attack.\n\n <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2801">CVE-2008-2801</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-23.html">MFSA 2008-23</a>:\n Security researcher Collin Jackson reported a series of vulnerabilities\n which allow JavaScript to be injected into signed JARs and executed\n under the context of the JAR\'s signer. This could allow an attacker\n to run JavaScript in a victim\'s browser with the privileges of a\n different website, provided the attacker possesses a JAR signed by\n the other website.\n\n <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802">CVE-2008-2802</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-24.html">MFSA 2008-24</a>:\n Mozilla contributor moz_bug_r_a4 reported a vulnerability that\n allowed non-privileged XUL documents to load chrome scripts from\n the fastload file. This could allow an attacker to run arbitrary\n JavaScript code with chrome privileges.\n\n <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803">CVE-2008-2803</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-25.html">MFSA 2008-25</a>:\n Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows\n arbitrary JavaScript to be executed with chrome privileges. The\n privilege escalation was possible because JavaScript loaded via\n mozIJSSubScriptLoader.loadSubScript() was no ... \n\n Description truncated, for more information please check the Reference URL\n\n Impact:\n My Unit Test Impact\n\n Affected Software/OS:\n Fire Fox on SLE SDK 10 SP1\n\n Fix: Please Install the Updated Packages.\n\n References:\n http://www.novell.com/linux/security/advisories/2008_34_firefox.html\n\n Risk factor: High";\n\n script_description(english:desc["english"]);\n script_summary(english:"Check for the Version of My Unit Test Summary");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:"Copyright (C) 2009 Intevation GmbH");\n script_family(english:"SuSE Local Security Checks");\n script_dependencies("gather-package-list.nasl");\n script_require_keys("ssh/login/release");\n exit(0);\n}\n\n\ninclude("pkg-lib-rpm.inc");\ninclude("revisions-lib.inc");\n\nrelease = get_kb_item("ssh/login/release");\n\nif(release == NULL){\n exit(0);\n}\n\nif(release == "SLE SDK 10 SP1")\n{\n\n if(isrpmvuln(pkg:"pcre-devel", rpm:"pcre-devel~6.4~14.12", rls:"SLE SDK 10 SP1"))\n {\n security_hole(0);\n exit(0);\n }\n\n if(isrpmvuln(pkg:"pcre", rpm:"pcre~6.4~14.12", rls:"SLE SDK 10 SP1"))\n {\n security_hole(0);\n exit(0);\n }\n\n exit(0);\n}'
+
+ ptr = open('./test/unit_test/work/input/Suse.template', 'r')
+ template = ptr.read()
+ ptr.close()
+ script_id = '10000'
+ reference = 'http://www.novell.com/linux/security/advisories/2008_34_firefox.html'
+
+ Packages = {'SLE SDK 10 SP1' : ['pcre-devel-6.4-14.12','pcre-6.4-14.12'] }
+ platform = 'SLE SDK 10 SP1'
+ setattr(generate_script.GenerateNVTLocal, 'parse', self.gen_nvt_obj)
+ setattr(generate_script.GenerateNVTLocal, 'Packages', Packages)
+ setattr(generate_script.GenerateNVTLocal, 'Description', self.desc)
+ setattr(generate_script.GenerateNVTLocal, 'CVEs', 'CVE-10101')
+ setattr(generate_script.GenerateNVTLocal, 'Impact', 'My Unit Test Impact')
+ setattr(generate_script.GenerateNVTLocal, 'Platforms', 'SLE SDK 10 SP1')
+ setattr(generate_script.GenerateNVTLocal, 'Product', 'Fire Fox')
+ setattr(generate_script.GenerateNVTLocal, 'Name', 'Fire Fox CVE-10101')
+ setattr(generate_script.GenerateNVTLocal, 'XREF', 'SUSE-SA-2008-034')
+ setattr(generate_script.GenerateNVTLocal, 'Summary', 'My Unit Test Summary')
+ out_put = self.gen_nvt_obj.generateCode(template, script_id, reference)
+ self.assertEquals(out_put, req_out_put)
+
+
+if __name__ == '__main__':
+ unittest.main()
Property changes on: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_generate_script.py
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_lscgenerator.py
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_lscgenerator.py 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_lscgenerator.py 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,140 @@
+##############################################################################
+# Local Security Check Automation Framework
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Revision 1.0
+# Date: 2009/01/30
+#
+# Copyright:
+# Copyright (c) 2009 SecPod , http://www.secpod.org
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+import unittest
+import LSCGenerator
+import commands
+import os
+
+
+class LSCGeneratorTestCase(unittest.TestCase):
+
+ ## Initial Set UP
+ lsc_gen_obj = LSCGenerator.LSCGenerator()
+ cwd = os.getcwd()
+
+ def test_setUp1(self):
+ print "\nTesting LSCGenerator Test Suite ..."
+ req_out_put = None
+
+ build_path = './test/unit_test/work/output/'
+ out_put = self.lsc_gen_obj.setUp(build_path)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_setUp2(self):
+ req_out_put = None
+
+ build_path = './test/unit_test/work/output/'
+ out_put = self.lsc_gen_obj.setUp(build_path)
+ self.assertEquals(out_put, req_out_put)
+
+ import commands
+ commands.getoutput('rm -rf ' + build_path + 'IdCache')
+ commands.getoutput('rm -rf ' + build_path + 'HtmlCache')
+
+
+ def test_createDir1(self):
+ req_out_put = None
+
+ build_path = './test/unit_test/work/output/'
+ out_put = self.lsc_gen_obj._createDir(build_path)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_createDir2(self):
+ req_out_put = None
+
+ build_path = './test/unit_test/work/output/tmp'
+ out_put = self.lsc_gen_obj._createDir(build_path)
+ self.assertEquals(out_put, req_out_put)
+ commands.getoutput('rm -rf ' + './test/unit_test/work/output/tmp')
+
+
+ def test_readConfAndGetBuildPath(self):
+ req_out_put = './unit_test_build/'
+
+ path = './test/unit_test/work/input/'
+ conf_file = 'lsc1.conf'
+ setattr(self.lsc_gen_obj, 'cwd', path)
+ setattr(LSCGenerator, 'config_file', conf_file)
+ out_put = self.lsc_gen_obj._readConfAndGetBuildPath()
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_sanityTestSetUp(self):
+ req_out_put = None
+
+ path = './unit_test_build'
+ if not os.path.exists(path):
+ os.mkdir(path)
+
+ from test import sanity_test
+ sanity_test_obj = sanity_test.SanityTest()
+
+ conf_file = 'lsc1.conf'
+ path = './test/unit_test/work/input/'
+ setattr(self.lsc_gen_obj, 'cwd', path)
+ setattr(LSCGenerator, 'config_file', conf_file)
+ out_put = self.lsc_gen_obj._sanityTestSetUp(sanity_test_obj)
+ self.assertEquals(out_put, req_out_put)
+
+ commands.getoutput('rm -rf ' + './unit_test_build')
+
+
+ def test_mantisReportSetUp(self):
+ req_out_put = None
+
+ path = './test/unit_test/work/input/'
+ conf_file = 'lsc1.conf'
+ setattr(self.lsc_gen_obj, 'cwd', path)
+ setattr(LSCGenerator, 'config_file', conf_file)
+ self.lsc_gen_obj._readConfAndGetBuildPath()
+
+ from test import sanity_test
+ sanity_test_obj = sanity_test.SanityTest()
+ setattr(self.lsc_gen_obj, 'mantis_obj', sanity_test)
+ out_put = self.lsc_gen_obj._mantisReportSetUp()
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_helpMsg(self):
+ req_out_put = None
+
+ out_put = LSCGenerator.helpMsg()
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_commonMsg(self):
+ req_out_put = None
+
+ out_put = LSCGenerator.commonMsg()
+ self.assertEquals(out_put, req_out_put)
+
+
+
+if __name__ == '__main__':
+ unittest.main()
Property changes on: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_lscgenerator.py
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_mantisreporter.py
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_mantisreporter.py 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_mantisreporter.py 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,142 @@
+##############################################################################
+# Local Security Check Automation Framework
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Revision 1.0
+# Date: 2009/01/30
+#
+# Copyright:
+# Copyright (c) 2009 SecPod , http://www.secpod.org
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+import unittest
+from report import mantisreporter
+
+
+class MantisReporterTestCase(unittest.TestCase):
+
+ ## Initial Set UP
+ mantis_rep_obj = mantisreporter.MantisReporter()
+
+ def setUp(self):
+ setattr(self.mantis_rep_obj, 'host', '172.17.1.109')
+ setattr(self.mantis_rep_obj, 'db_name', 'mantis')
+ setattr(self.mantis_rep_obj, 'mysql_passwd', 'test')
+ setattr(self.mantis_rep_obj, 'project_name', 'unit_test')
+ setattr(self.mantis_rep_obj, 'mantis_user_name', 'unit_test')
+ setattr(self.mantis_rep_obj, 'mysql_user_name', 'test')
+
+ setattr(self.mantis_rep_obj, 'summary', 'Unit Test Summay')
+ setattr(self.mantis_rep_obj, 'description', 'Unit Test Description')
+ setattr(self.mantis_rep_obj, 'aditional_info', 'Unit Test Additional Info')
+
+
+ def test_closeDbConn(self):
+ print "\nTesting Mantis Reporter Test Suite ..."
+ req_out_put = None
+
+ self.mantis_rep_obj._openDbConn()
+ out_put = self.mantis_rep_obj._closeDbConn()
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_openDbConn_succ(self):
+ req_out_put = None
+
+ out_put = self.mantis_rep_obj._openDbConn()
+ self.mantis_rep_obj._closeDbConn()
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_openDbConn_fail(self):
+ req_out_put = 'Exception'
+ setattr(self.mantis_rep_obj, 'mysql_user_name', '')
+ setattr(self.mantis_rep_obj, 'mysql_passwd', '')
+ setattr(self.mantis_rep_obj, 'db_name', '')
+
+ try:
+ out_put = self.mantis_rep_obj._openDbConn()
+ except Exception, msg:
+ out_put = "Exception"
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_exec_query1(self):
+ req_out_put = ()
+
+ out_put = self.mantis_rep_obj._openDbConn()
+ steps_to_reproduce = ''
+ description = 'Unit Test Desc'
+ aditional_info = 'Unit Test Add-Info'
+
+ query_string = "insert into mantis_bug_text_table (description, steps_to_reproduce, additional_information) values ('%s', '%s', '%s')" % (description.replace("'", "&qt"), steps_to_reproduce, aditional_info.replace("'", "&qt").replace('"', '&qt').replace("NULL", ""))
+
+ out_put = self.mantis_rep_obj.exec_query(query_string)
+ self.mantis_rep_obj._closeDbConn()
+ self.assertNotEquals(out_put, req_out_put)
+
+
+ def test_exec_query2(self):
+ req_out_put = ()
+
+ out_put = self.mantis_rep_obj._openDbConn()
+ steps_to_reproduce = ''
+ description = 'Unit Test Desc'
+ aditional_info = 'Unit Test Add-Info'
+
+ mantis_user_name = 'unit_test'
+ only_execute = False
+ query_string = "select id from mantis_user_table where username='%s'" % mantis_user_name
+ out_put = self.mantis_rep_obj.exec_query(query_string, only_execute)
+ self.mantis_rep_obj._closeDbConn()
+ self.assertNotEquals(out_put, req_out_put)
+
+ def test_createMantisTask1(self):
+ req_out_put = False
+
+ out_put = self.mantis_rep_obj.createMantisTask()
+ self.mantis_rep_obj._closeDbConn()
+ self.assertNotEquals(out_put, req_out_put)
+
+
+ def test_createMantisTask2(self):
+ req_out_put = False
+
+ setattr(self.mantis_rep_obj, 'project_name', 'unit_test12')
+ out_put = self.mantis_rep_obj.createMantisTask()
+ self.mantis_rep_obj._closeDbConn()
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_execute1(self):
+ req_out_put = False
+
+ setattr(self.mantis_rep_obj, 'project_name', 'unit_test12')
+ out_put = self.mantis_rep_obj.execute()
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_execute2(self):
+ req_out_put = False
+
+ out_put = self.mantis_rep_obj.execute()
+ self.assertNotEquals(out_put, req_out_put)
+
+
+if __name__ == '__main__':
+ unittest.main()
Property changes on: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_mantisreporter.py
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_record_id.py
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_record_id.py 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_record_id.py 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,72 @@
+##############################################################################
+# Local Security Check Automation Framework
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Revision 1.0
+# Date: 2009/01/30
+#
+# Copyright:
+# Copyright (c) 2009 SecPod , http://www.secpod.org
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+import unittest
+from common import record_id
+
+
+class IDRecorderTestCase(unittest.TestCase):
+
+ ## Initial Set UP
+ setattr(record_id.IDRecorder, 'id_file', './test/unit_test/work/input/id_file.pickle')
+ setattr(record_id.IDRecorder, 'start_id', '1000')
+ recorder_obj = record_id.IDRecorder()
+ recorder_obj.recordFinal()
+
+
+ def test_recordFinal(self):
+ print "\nTesting ID Recorder Test Suite ..."
+ req_out_put = None
+ id_dict = {'firefox_34':1000, 'kernel_49':1001}
+ setattr(record_id.IDRecorder, 'pickle_id_dict', id_dict)
+ out_put = self.recorder_obj.recordFinal()
+ self.assertEquals(out_put, req_out_put)
+
+ def test_recordID(self):
+ req_out_put = None
+ new_id = 1010
+ link_id = 'opera_01'
+
+ out_put = self.recorder_obj.recordID(new_id, link_id)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_getID(self):
+ req_out_put = 1002
+ link_id = 'cups_039'
+
+ out_put = self.recorder_obj.getID(link_id)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def setUp(self):
+ id_dict = {'firefox_34':1000, 'kernel_49':1001}
+ setattr(record_id.IDRecorder, 'pickle_id_dict', id_dict)
+ out_put = self.recorder_obj.recordFinal()
+
+
+if __name__ == '__main__':
+ unittest.main()
Property changes on: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_record_id.py
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_sanity_test.py
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_sanity_test.py 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_sanity_test.py 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,92 @@
+##############################################################################
+# Local Security Check Automation Framework
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Revision 1.0
+# Date: 2009/01/30
+#
+# Copyright:
+# Copyright (c) 2009 SecPod , http://www.secpod.org
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+import os
+import commands
+import unittest
+from test import sanity_test
+
+
+class SanityTestCase(unittest.TestCase):
+ sanity_test_obj = sanity_test.SanityTest()
+
+ def test_compileScripts1(self):
+ print "\nTesting Sanity Test Suite ..."
+ req_out_put = None
+
+ cwd = os.getcwd()
+ build_path = './test/unit_test/work/input/'
+ os.mkdir( build_path + 'sanity_test/')
+ os.mkdir( build_path + 'sanity_test/plugins/')
+
+ os_list = ['Nasl']
+ openvas_plugin_path = './test/unit_test/work/input/Nasl'
+
+ openvas_bin_path = commands.getoutput('locate -ir bin/openvas-nasl$')
+
+ setattr(self.sanity_test_obj, 'cwd', cwd)
+ setattr(self.sanity_test_obj, 'build_path', build_path)
+ setattr(self.sanity_test_obj, 'os_list', os_list)
+ setattr(self.sanity_test_obj, 'openvas_plugin_path', openvas_plugin_path)
+ setattr(self.sanity_test_obj, 'openvas_bin_path', openvas_bin_path)
+
+ out_put = self.sanity_test_obj.compileScripts()
+ commands.getoutput('rm -rf ' + build_path + 'sanity_test')
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_compileScripts2(self):
+ req_out_put = None
+
+ cwd = os.getcwd()
+ build_path = './test/unit_test/work/input/'
+ os.mkdir( build_path + 'sanity_test/')
+ os.mkdir( build_path + 'sanity_test/plugins/')
+
+ os_list = ['Nasl']
+ openvas_plugin_path = './test/unit_test/work/input/Nasl'
+ openvas_bin_path = commands.getoutput('locate -ir bin/openvas-nasl$')
+
+ build_path1 = build_path + '/abc'
+
+ setattr(self.sanity_test_obj, 'cwd', cwd)
+ setattr(self.sanity_test_obj, 'build_path', build_path1)
+ setattr(self.sanity_test_obj, 'os_list', os_list)
+ setattr(self.sanity_test_obj, 'openvas_plugin_path', openvas_plugin_path)
+ setattr(self.sanity_test_obj, 'openvas_bin_path', openvas_bin_path)
+
+ out_put = self.sanity_test_obj.compileScripts()
+ commands.getoutput('rm -rf ' + build_path + 'sanity_test')
+ self.assertNotEquals(out_put, req_out_put)
+
+
+ def tearDown(self):
+ build_path = './test/unit_test/work/input/'
+ commands.getoutput('rm -rf ' + build_path + 'sanity_test')
+
+
+if __name__ == '__main__':
+ unittest.main()
Property changes on: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_sanity_test.py
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_suse.py
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_suse.py 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_suse.py 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,137 @@
+##############################################################################
+# Local Security Check Automation Framework
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Revision 1.0
+# Date: 2009/01/30
+#
+# Copyright:
+# Copyright (c) 2009 SecPod , http://www.secpod.org
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+import unittest
+from parser import suse
+
+class SuseParserTestCase(unittest.TestCase):
+
+ ## Initial Setup
+ suse_parser_obj = suse.Parser()
+ ptr = open('./test/unit_test/work/input/2008_34_firefox.html', 'r')
+ lines = ptr.readlines()
+ ptr.close
+
+ Html_content = "".join(lines)
+ setattr(suse_parser_obj, 'Html_content', Html_content)
+
+
+ def test_getCVE(self):
+ print "\nTesting Suse Parser Test Suite ..."
+ req_out_put = 'CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811'
+
+ out_put = self.suse_parser_obj.getCVE()
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_fetchHTML(self):
+ req_out_put = None
+
+ html_cache = './test/unit_test/work/output/'
+ year = '2008'
+ main_url = r'./test/unit_test/work/input/advisories/'
+ setattr(self.suse_parser_obj, 'html_cache', html_cache)
+ setattr(self.suse_parser_obj, 'main_url', main_url)
+ out_put = self.suse_parser_obj.fetchHTML(year)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_getAdvID(self):
+ req_out_put = 'SUSE-SA:2008:034'
+
+ out_put = self.suse_parser_obj.getAdvID()
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_getAffectedPackage(self):
+ req_out_put = 'MozillaFirefox'
+
+ out_put = self.suse_parser_obj.getAffectedPackage()
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_getImpact(self):
+ req_out_put = 'remote code execution'
+
+ out_put = self.suse_parser_obj.getImpact()
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_getDescription(self):
+ req_out_put = "\n Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs\n including following security bugs.\n\n MFSA 2008-21:\n Mozilla developers identified and fixed several stability bugs in the\n browser engine used in Firefox and other Mozilla-based products. Some\n of these crashes showed evidence of memory corruption under certain\n circumstances and we presume that with enough effort at least some\n of these could be exploited to run arbitrary code.\n\n MFSA 2008-22:\n Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities\n which allow scripts from one document to be executed in the context\n of a different document. These vulnerabilities could be used by an\n attacker to violate the same-origin policy and perform an XSS attack.\n\n MFSA 2008-23:\n Security researcher Collin Jackson reported a series of vulnerabilities\n which allow JavaScript to be injected into signed JARs and executed\n under the context of the JAR's signer. This could allow an attacker\n to run JavaScript in a victim's browser with the privileges of a\n different website, provided the attacker possesses a JAR signed by\n the other website.\n\n MFSA 2008-24:\n Mozilla contributor moz_bug_r_a4 reported a vulnerability that\n allowed non-privileged XUL documents to load chrome scripts from\n the fastload file. This could allow an attacker to run arbitrary\n JavaScript code with chrome privileges.\n\n MFSA 2008-25:\n Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows\n arbitrary JavaScript to be executed with chrome privileges. The\n privilege escalation was possible because JavaScript loaded via\n mozIJSSubScriptLoader.loadSubScript() was not using XPCNativeWrappers\n when accessing content. This could allow an attacker to overwrite\n trusted objects with arbitrary code which would be executed with\n chrome privileges when the trusted objects were called by the browser.\n\n MFSA 2008-27:\n Opera developer Claudio Santambrogio reported a vulnerability which\n allows malicious content to force the browser into uploading local\n files to the remote server. This could be used by an attacker to\n steal arbitrary files from a victim's computer.\n\n MFSA 2008-28:\n Security researcher Gregory Fleischer reported a vulnerability\n in the way Mozilla indicates the origin of a document to the Java\n plugin. This vulnerability could allow a malicious Java applet to\n bypass the same-origin policy and create arbitrary socket connections\n to other domains.\n\n MFSA 2008-29:\n Mozilla developer Daniel Glazman demonstrated that an improperly\n encoded .properties file in an add-on can result in uninitialized\n memory being used. This could potentially result in small chunks of\n data from other programs being exposed in the browser.\n\n MFSA 2008-30:\n Mozilla contributor Masahiro Yamada reported that file URLs in\n directory listings were not being HTML escaped properly when the\n filenames contained particular characters. This resulted in files\n from directory listings being opened in unintended ways or files not\n being able to be opened by the browser altogether.\n\n MFSA 2008-31:\n Mozilla developer John G. Myers reported a weakness in the trust\n model used by Mozilla regarding alternate names on self-signed\n certificates. A user could be prompted to accept a self-signed\n certificate from a website which includes alt-name entries. If\n the user accepted the certificate, they would also extend trust to\n any alternate domains listed in the certificate, despite not being\n prompted about the additional domains. This technique could be used\n by an attacker to impersonate another server.\n\n MFSA 2008-32:\n Mozilla community member Geoff reported a vulnerability in the way\n Mozilla opens URL files sent directly to the browser. He demonstrated\n that such files were opened with local file privileges, giving the\n remote content access to read from the local filesystem. If a user\n opened a bookmark to a malicious page in this manner, the page could\n potentially read from other local files on the user's computer.\n\n MFSA 2008-33:\n Security research firm Astabis, via the iSIGHT Partners GVP Program,\n reported a vulnerability in Mozilla's block reflow code. This\n vulnerability could be used by an attacker to crash the browser and\n run arbitrary code on the victim's computer."
+
+ out_put = self.suse_parser_obj.getDescription()
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_getAffectedProduct(self):
+ req_out_put = ['openSUSE 10.2', 'openSUSE 10.3']
+
+ out_put = self.suse_parser_obj.getAffectedProduct()
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_getOsLinkDict(self):
+ req_out_put = {'openSUSE 10.2': ['update/10.2/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm">ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm', 'update/10.2/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm">ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm'], 'openSUSE 10.3': ['update/10.3/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm">http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm', 'update/10.3/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm">http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm']}
+
+ prod_list = ['openSUSE 10.2', 'openSUSE 10.3']
+ out_put = self.suse_parser_obj._getOsLinkDict(prod_list)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_getRPMDict(self):
+ req_out_put = {'openSUSE10.3': ['MozillaFirefox-2.0.0.15-0.1', 'MozillaFirefox-translations-2.0.0.15-0.1'], 'openSUSE10.2': ['MozillaFirefox-2.0.0.15-0.1', 'MozillaFirefox-translations-2.0.0.15-0.1']}
+
+ prod_key_dict = {'openSUSE 10.2': ['update/10.2/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm">ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm', 'update/10.2/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm">ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm'], 'openSUSE 10.3': ['update/10.3/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm">http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm', 'update/10.3/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm">http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm']}
+ out_put = self.suse_parser_obj._getRPMDict(prod_key_dict)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_cacheRPM(self):
+ req_out_put = {'update/10.3/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm">http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm': ['MozillaFirefox-2.0.0.15-0.1.i586.rpm'], 'update/10.2/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm">ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm': ['MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm'], 'update/10.3/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm">http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm': ['MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm'], 'update/10.2/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm">ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm': ['MozillaFirefox-2.0.0.15-0.1.i586.rpm']}
+
+ prod_key_dict = {'openSUSE 10.2': ['update/10.2/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm">ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm', 'update/10.2/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm">ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm'], 'openSUSE 10.3': ['update/10.3/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm">http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm', 'update/10.3/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm">http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm']}
+ out_put = self.suse_parser_obj._cacheRPM(prod_key_dict)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_getRPM(self):
+ req_out_put = {'openSUSE10.3': ['MozillaFirefox-2.0.0.15-0.1', 'MozillaFirefox-translations-2.0.0.15-0.1'], 'openSUSE10.2': ['MozillaFirefox-2.0.0.15-0.1', 'MozillaFirefox-translations-2.0.0.15-0.1']}
+
+ prod_list = ['openSUSE 10.2', 'openSUSE 10.3']
+ out_put = self.suse_parser_obj.getRPM(prod_list)
+
+
+ def test_parser(self):
+ req_out_put = True
+
+ prod_list = ['openSUSE 10.2', 'openSUSE 10.3']
+ out_put = self.suse_parser_obj.parser(self.Html_content)
+
+
+if __name__ == '__main__':
+ unittest.main()
+
Property changes on: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_suse.py
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_utils.py
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_utils.py 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_utils.py 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,133 @@
+##############################################################################
+# Local Security Check Automation Framework
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Revision 1.0
+# Date: 2009/01/30
+#
+# Copyright:
+# Copyright (c) 2009 SecPod , http://www.secpod.org
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+import unittest
+from common import utils
+
+
+class UtilsTestCase(unittest.TestCase):
+
+ import os
+ cwd = os.getcwd() + '/test/unit_test'
+
+ def test_removeDups(self):
+ print "\nTesting Utils Test Suite ..."
+ req_out_put = ['123', '234', '345', 'CVE-7788', 'CVE-1234']
+
+ input_list = ['123', '234', '345', '123', '345', 'CVE-7788', 'CVE-1234', 'CVE-7788']
+ out_put = utils.removeDups(input_list)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_getHTMLCon(self):
+ req_out_put = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\n<html><head><title>Security Announcement</title></head><body><pre>\nDate: Fri, 11 Jul 2008 13:26:28 +0200\nFrom: Marcus Meissner <meissner at suse.de>\nTo: opensuse-security-announce at opensuse.org\nSubject: [security-announce] SUSE Security Announcement: Mozilla Firefox (SUSE-SA:2008:034)\n\n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n______________________________________________________________________________\n\n SUSE Security Announcement\n\n Package: MozillaFirefox\n Announcement ID: SUSE-SA:2008:034\n Date: Fri, 11 Jul 2008 10:00:00 +0000\n Affected Products: openSUSE 10.2\n openSUSE 10.3\n Vulnerability Type: remote code execution\n Severity (1-10): 8\n SUSE Default Package: yes\n\n Content of This Advisory:\n 1) Security Vulnerability Resolved:\n Mozilla Firefox 2.0.0.15 security update\n Problem Description\n 2) Solution or Work-Around\n 3) Special Instructions and Notes\n 4) Package Location and Checksums\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n See SUSE Security Summary Report.\n 6) Authenticity Verification and Additional Information\n\n</pre></body></html>\n'
+
+ url = self.cwd + '/work/input/firefox.html'
+ out_put = utils.getHTMLCon(url)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_fetchFiles(self):
+ req_out_put = self.cwd + '/work/output/2008_34_firefox.html'
+
+ save_path = self.cwd + '/work/output/'
+ get_path = self.cwd + '/work/input/advisories/2008_34_firefox.html'
+
+ out_put = utils.fetchFiles(get_path, save_path)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_readFile_str(self):
+ req_out_put = 'This is sample text message.\nThis text message is used for unitest.\n\nIt is new paragraph.\nEnd of sample message\n\n\n'
+
+ file_path = self.cwd + '/work/input/test.txt'
+ out_put = utils.readFile(file_path)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_readFile_list(self):
+ req_out_put = ['This is sample text message.\n', 'This text message is used for unitest.\n', '\n', 'It is new paragraph.\n', 'End of sample message\n', '\n', '\n']
+
+ file_path = self.cwd + '/work/input/test.txt'
+ out_put = utils.readFile(file_path, lines=1)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_writeFile(self):
+ req_out_put = None
+
+ data = 'Unit Testing for WriteFile'
+ file_path = self.cwd + '/work/input/temp.txt'
+ out_put = utils.writeFile(file_path, data)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_stringFormat(self):
+ req_out_put = 'This is sample text message.\nThis text message is used for unitest.\n\nIt is new paragraph.\nEnd of sample message\n\n\n'
+
+ file_path = self.cwd + '/work/input/test.txt'
+ out_put = utils.stringFormat(file_path)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_stripIt_list(self):
+ req_out_put = ['mozilla', 'real_player', 'firefox.calender', 'firefox']
+
+ list_ = ['mozilla.x86.rpm', 'real_player.x64.rpm', 'firefox.calender.x86.ppc', 'firefox']
+ strip_val = ['.x86.rpm', '.x64.rpm', '.x86.ppc', 'abc.rpm']
+ out_put = utils.stripIt(list_, strip_val)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_stripIt_str(self):
+ req_out_put = ['mozilla', 'real_player.x64.rpm', 'firefox.calender', 'firefox']
+
+ list_ = ['mozilla.x86.rpm', 'real_player.x64.rpm', 'firefox.calender.x86.rpm', 'firefox']
+ strip_val = '.x86.rpm'
+ out_put = utils.stripIt(list_, strip_val)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_loadPickle(self):
+ req_out_put = {'firefox_34':1000, 'kernel_49':1001}
+
+ dict_ = {'firefox_34':1000, 'kernel_49':1001}
+ file_path = self.cwd + '/work/input/id_file.pickle'
+ out_put = utils.loadPickle(file_path)
+ self.assertEquals(out_put, req_out_put)
+
+
+ def test_dumpPickle(self):
+ req_out_put = True
+
+ dict_ = {'firefox_34':1000, 'kernel_49':1001}
+ file_path = self.cwd + '/work/input/id_file1.pickle'
+ out_put = utils.dumpPickle(dict_, file_path)
+ self.assertEquals(out_put, req_out_put)
+
+
+if __name__ == '__main__':
+ unittest.main()
Property changes on: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_utils.py
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/2008_34_firefox.html
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/2008_34_firefox.html 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/2008_34_firefox.html 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,424 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html><head><title>Security Announcement</title></head><body><pre>
+Date: Fri, 11 Jul 2008 13:26:28 +0200
+From: Marcus Meissner <meissner at suse.de>
+To: opensuse-security-announce at opensuse.org
+Subject: [security-announce] SUSE Security Announcement: Mozilla Firefox (SUSE-SA:2008:034)
+
+
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+______________________________________________________________________________
+
+ SUSE Security Announcement
+
+ Package: MozillaFirefox
+ Announcement ID: SUSE-SA:2008:034
+ Date: Fri, 11 Jul 2008 10:00:00 +0000
+ Affected Products: openSUSE 10.2
+ openSUSE 10.3
+ Vulnerability Type: remote code execution
+ Severity (1-10): 8
+ SUSE Default Package: yes
+ Cross-References: <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798">CVE-2008-2798</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799">CVE-2008-2799</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2800">CVE-2008-2800</a>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2801">CVE-2008-2801</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802">CVE-2008-2802</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803">CVE-2008-2803</a>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2805">CVE-2008-2805</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2806">CVE-2008-2806</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2807">CVE-2008-2807</a>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2808">CVE-2008-2808</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2809">CVE-2008-2809</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2810">CVE-2008-2810</a>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811">CVE-2008-2811</a>, <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-21.html">MFSA 2008-21</a>, <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-22.html">MFSA 2008-22</a>
+ <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-23.html">MFSA 2008-23</a>, <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-24.html">MFSA 2008-24</a>, <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-25.html">MFSA 2008-25</a>
+ <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-27.html">MFSA 2008-27</a>, <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-28.html">MFSA 2008-28</a>, <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-29.html">MFSA 2008-29</a>
+ <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-30.html">MFSA 2008-30</a>, <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-31.html">MFSA 2008-31</a>, <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-32.html">MFSA 2008-32</a>
+ <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-33.html">MFSA 2008-33</a>
+
+ Content of This Advisory:
+ 1) Security Vulnerability Resolved:
+ Mozilla Firefox 2.0.0.15 security update
+ Problem Description
+ 2) Solution or Work-Around
+ 3) Special Instructions and Notes
+ 4) Package Location and Checksums
+ 5) Pending Vulnerabilities, Solutions, and Work-Arounds:
+ See SUSE Security Summary Report.
+ 6) Authenticity Verification and Additional Information
+
+______________________________________________________________________________
+
+1) Problem Description and Brief Discussion
+
+ Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs
+ including following security bugs.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798">CVE-2008-2798</a> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799">CVE-2008-2799</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-21.html">MFSA 2008-21</a>:
+ Mozilla developers identified and fixed several stability bugs in the
+ browser engine used in Firefox and other Mozilla-based products. Some
+ of these crashes showed evidence of memory corruption under certain
+ circumstances and we presume that with enough effort at least some
+ of these could be exploited to run arbitrary code.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2800">CVE-2008-2800</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-22.html">MFSA 2008-22</a>:
+ Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities
+ which allow scripts from one document to be executed in the context
+ of a different document. These vulnerabilities could be used by an
+ attacker to violate the same-origin policy and perform an XSS attack.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2801">CVE-2008-2801</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-23.html">MFSA 2008-23</a>:
+ Security researcher Collin Jackson reported a series of vulnerabilities
+ which allow JavaScript to be injected into signed JARs and executed
+ under the context of the JAR's signer. This could allow an attacker
+ to run JavaScript in a victim's browser with the privileges of a
+ different website, provided the attacker possesses a JAR signed by
+ the other website.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802">CVE-2008-2802</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-24.html">MFSA 2008-24</a>:
+ Mozilla contributor moz_bug_r_a4 reported a vulnerability that
+ allowed non-privileged XUL documents to load chrome scripts from
+ the fastload file. This could allow an attacker to run arbitrary
+ JavaScript code with chrome privileges.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803">CVE-2008-2803</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-25.html">MFSA 2008-25</a>:
+ Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows
+ arbitrary JavaScript to be executed with chrome privileges. The
+ privilege escalation was possible because JavaScript loaded via
+ mozIJSSubScriptLoader.loadSubScript() was not using XPCNativeWrappers
+ when accessing content. This could allow an attacker to overwrite
+ trusted objects with arbitrary code which would be executed with
+ chrome privileges when the trusted objects were called by the browser.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2805">CVE-2008-2805</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-27.html">MFSA 2008-27</a>:
+ Opera developer Claudio Santambrogio reported a vulnerability which
+ allows malicious content to force the browser into uploading local
+ files to the remote server. This could be used by an attacker to
+ steal arbitrary files from a victim's computer.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2806">CVE-2008-2806</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-28.html">MFSA 2008-28</a>:
+ Security researcher Gregory Fleischer reported a vulnerability
+ in the way Mozilla indicates the origin of a document to the Java
+ plugin. This vulnerability could allow a malicious Java applet to
+ bypass the same-origin policy and create arbitrary socket connections
+ to other domains.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2807">CVE-2008-2807</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-29.html">MFSA 2008-29</a>:
+ Mozilla developer Daniel Glazman demonstrated that an improperly
+ encoded .properties file in an add-on can result in uninitialized
+ memory being used. This could potentially result in small chunks of
+ data from other programs being exposed in the browser.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2808">CVE-2008-2808</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-30.html">MFSA 2008-30</a>:
+ Mozilla contributor Masahiro Yamada reported that file URLs in
+ directory listings were not being HTML escaped properly when the
+ filenames contained particular characters. This resulted in files
+ from directory listings being opened in unintended ways or files not
+ being able to be opened by the browser altogether.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2809">CVE-2008-2809</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-31.html">MFSA 2008-31</a>:
+ Mozilla developer John G. Myers reported a weakness in the trust
+ model used by Mozilla regarding alternate names on self-signed
+ certificates. A user could be prompted to accept a self-signed
+ certificate from a website which includes alt-name entries. If
+ the user accepted the certificate, they would also extend trust to
+ any alternate domains listed in the certificate, despite not being
+ prompted about the additional domains. This technique could be used
+ by an attacker to impersonate another server.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2810">CVE-2008-2810</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-32.html">MFSA 2008-32</a>:
+ Mozilla community member Geoff reported a vulnerability in the way
+ Mozilla opens URL files sent directly to the browser. He demonstrated
+ that such files were opened with local file privileges, giving the
+ remote content access to read from the local filesystem. If a user
+ opened a bookmark to a malicious page in this manner, the page could
+ potentially read from other local files on the user's computer.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811">CVE-2008-2811</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-33.html">MFSA 2008-33</a>:
+ Security research firm Astabis, via the iSIGHT Partners GVP Program,
+ reported a vulnerability in Mozilla's block reflow code. This
+ vulnerability could be used by an attacker to crash the browser and
+ run arbitrary code on the victim's computer.
+
+2) Solution or Work-Around
+
+ There is no known workaround, please install the update packages.
+
+3) Special Instructions and Notes
+
+ Please close and restart all running instances of Firefox after the update.
+
+4) Package Location and Checksums
+
+ The preferred method for installing security updates is to use the YaST
+ Online Update (YOU) tool. YOU detects which updates are required and
+ automatically performs the necessary steps to verify and install them.
+ Alternatively, download the update packages for your distribution manually
+ and verify their integrity by the methods listed in Section 6 of this
+ announcement. Then install the packages using the command
+
+ rpm -Fhv <file.rpm>
+
+ to apply the update, replacing <file.rpm> with the filename of the
+ downloaded RPM package.
+
+
+ x86 Platform:
+
+ openSUSE 10.3:
+ <a href="http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm">http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm</a>
+ <a href="http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm">http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm</a>
+
+ openSUSE 10.2:
+ <a href="ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm">ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm</a>
+ <a href="ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm">ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm</a>
+
+ Sources:
+
+ openSUSE 10.3:
+ <a href="http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/MozillaFirefox-2.0.0.15-0.1.src.rpm">http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/MozillaFirefox-2.0.0.15-0.1.src.rpm</a>
+
+ openSUSE 10.2:
+ <a href="ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/MozillaFirefox-2.0.0.15-0.1.src.rpm">ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/MozillaFirefox-2.0.0.15-0.1.src.rpm</a>
+
+ Our maintenance customers are notified individually. The packages are
+ offered for installation from the maintenance web:
+
+ SUSE Linux Enterprise Server 10 SP1
+ SUSE Linux Enterprise Server 10 SP2
+ SUSE Linux Enterprise 10 SP2 DEBUGINFO
+ SUSE Linux Enterprise Desktop 10 SP1
+ SUSE Linux Enterprise Desktop 10 SP2
+ <a href="http://support.novell.com/techcenter/psdb/0fea55c59743d1e08b7b9ed24c7034fd.html">http://support.novell.com/techcenter/psdb/0fea55c59743d1e08b7b9ed24c7034fd.html</a>
+
+ New download.novell.com references:
+
+ Security update for MozillaFirefox (ia64)
+ SUSE Linux Enterprise Server 10 SP1
+ <a href="http://download.novell.com/Download?buildid=CVuQok2_ca8~">http://download.novell.com/Download?buildid=CVuQok2_ca8~</a>
+
+ Security update for MozillaFirefox (s390x)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=kSaWRPtTvpI~">http://download.novell.com/Download?buildid=kSaWRPtTvpI~</a>
+
+ Security update for MozillaFirefox (ppc)
+ SUSE Linux Enterprise Server 10 SP1
+ <a href="http://download.novell.com/Download?buildid=gBTkPviDogc~">http://download.novell.com/Download?buildid=gBTkPviDogc~</a>
+
+ Security update for MozillaFirefox (s390x)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=ON73zs89fJ4~">http://download.novell.com/Download?buildid=ON73zs89fJ4~</a>
+
+ Security update for MozillaFirefox (x86)
+ SUSE Linux Enterprise Desktop 10 SP2
+ <a href="http://download.novell.com/Download?buildid=E4jtdJoGlDQ~">http://download.novell.com/Download?buildid=E4jtdJoGlDQ~</a>
+
+ Security update for MozillaFirefox (x86-64)
+ SUSE Linux Enterprise Desktop 10 SP2
+ <a href="http://download.novell.com/Download?buildid=Na0vK5lQlOM~">http://download.novell.com/Download?buildid=Na0vK5lQlOM~</a>
+
+ Security update for MozillaFirefox (x86)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=CUUO_aCsdMU~">http://download.novell.com/Download?buildid=CUUO_aCsdMU~</a>
+
+ Security update for MozillaFirefox (ppc)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=vXPKUCTzdi0~">http://download.novell.com/Download?buildid=vXPKUCTzdi0~</a>
+
+ Security update for MozillaFirefox (x86-64)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=zei6Hn4O6rQ~">http://download.novell.com/Download?buildid=zei6Hn4O6rQ~</a>
+
+ Security update for MozillaFirefox (x86-64)
+ SUSE Linux Enterprise Server 10 SP1
+ <a href="http://download.novell.com/Download?buildid=sVDMHHBpzl0~">http://download.novell.com/Download?buildid=sVDMHHBpzl0~</a>
+
+ Security update for MozillaFirefox (ppc)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=1X60FN2DSGs~">http://download.novell.com/Download?buildid=1X60FN2DSGs~</a>
+
+ Security update for MozillaFirefox (x86)
+ SUSE Linux Enterprise Desktop 10 SP1
+ <a href="http://download.novell.com/Download?buildid=RSBMUOv_HPM~">http://download.novell.com/Download?buildid=RSBMUOv_HPM~</a>
+
+ Security update for MozillaFirefox (ia64)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=HqzYlbrdyk8~">http://download.novell.com/Download?buildid=HqzYlbrdyk8~</a>
+
+ Security update for MozillaFirefox (x86)
+ SUSE Linux Enterprise Server 10 SP1
+ <a href="http://download.novell.com/Download?buildid=1hzQTKfbJ2I~">http://download.novell.com/Download?buildid=1hzQTKfbJ2I~</a>
+
+ Security update for MozillaFirefox (x86)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=VgoVF4vEHkI~">http://download.novell.com/Download?buildid=VgoVF4vEHkI~</a>
+
+ Security update for MozillaFirefox (s390x)
+ SUSE Linux Enterprise Server 10 SP1
+ <a href="http://download.novell.com/Download?buildid=DcGiWrDCGt8~">http://download.novell.com/Download?buildid=DcGiWrDCGt8~</a>
+
+ Security update for MozillaFirefox (ia64)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=R2FzGF6uSA8~">http://download.novell.com/Download?buildid=R2FzGF6uSA8~</a>
+
+ Security update for MozillaFirefox (x86-64)
+ SUSE Linux Enterprise Desktop 10 SP1
+ <a href="http://download.novell.com/Download?buildid=Vi4hjt2ZJSE~">http://download.novell.com/Download?buildid=Vi4hjt2ZJSE~</a>
+______________________________________________________________________________
+
+5) Pending Vulnerabilities, Solutions, and Work-Arounds:
+
+ See SUSE Security Summary Report.
+______________________________________________________________________________
+
+6) Authenticity Verification and Additional Information
+
+ - Announcement authenticity verification:
+
+ SUSE security announcements are published via mailing lists and on Web
+ sites. The authenticity and integrity of a SUSE security announcement is
+ guaranteed by a cryptographic signature in each announcement. All SUSE
+ security announcements are published with a valid signature.
+
+ To verify the signature of the announcement, save it as text into a file
+ and run the command
+
+ gpg --verify <file>
+
+ replacing <file> with the name of the file where you saved the
+ announcement. The output for a valid signature looks like:
+
+ gpg: Signature made <DATE> using RSA key ID 3D25D3D9
+ gpg: Good signature from "SuSE Security Team <security at suse.de>"
+
+ where <DATE> is replaced by the date the document was signed.
+
+ If the security team's key is not contained in your key ring, you can
+ import it from the first installation CD. To import the key, use the
+ command
+
+ gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
+
+ - Package authenticity verification:
+
+ SUSE update packages are available on many mirror FTP servers all over the
+ world. While this service is considered valuable and important to the free
+ and open source software community, the authenticity and the integrity of
+ a package needs to be verified to ensure that it has not been tampered
+ with.
+
+ The internal rpm package signatures provide an easy way to verify the
+ authenticity of an RPM package. Use the command
+
+ rpm -v --checksig <file.rpm>
+
+ to verify the signature of the package, replacing <file.rpm> with the
+ filename of the RPM package downloaded. The package is unmodified if it
+ contains a valid signature from build at suse.de with the key ID 9C800ACA.
+
+ This key is automatically imported into the RPM database (on
+ RPMv4-based distributions) and the gpg key ring of 'root' during
+ installation. You can also find it on the first installation CD and at
+ the end of this announcement.
+
+ - SUSE runs two security mailing lists to which any interested party may
+ subscribe:
+
+ opensuse-security at opensuse.org
+ - General Linux and SUSE security discussion.
+ All SUSE security announcements are sent to this list.
+ To subscribe, send an e-mail to
+ <opensuse-security+subscribe at opensuse.org>.
+
+ opensuse-security-announce at opensuse.org
+ - SUSE's announce-only mailing list.
+ Only SUSE's security announcements are sent to this list.
+ To subscribe, send an e-mail to
+ <opensuse-security-announce+subscribe at opensuse.org>.
+
+ =====================================================================
+ SUSE's security contact is <security at suse.com> or <security at suse.de>.
+ The <security at suse.de> public key is listed below.
+ =====================================================================
+______________________________________________________________________________
+
+ The information in this advisory may be distributed or reproduced,
+ provided that the advisory is not modified in any way. In particular, the
+ clear text signature should show proof of the authenticity of the text.
+
+ SUSE Linux Products GmbH provides no warranties of any kind whatsoever
+ with respect to the information contained in this security advisory.
+
+Type Bits/KeyID Date User ID
+pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security at suse.de>
+pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build at suse.de>
+
+- -----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.2 (GNU/Linux)
+
+mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
+BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
+JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
+1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
+P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
+cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
+VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
+yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
+tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
+xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
+Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
+choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
+BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
+v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
+x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
+Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
+MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
+saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
+L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
+F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
+FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
+tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
+Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
+AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
+3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
+YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
++Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
+8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
+8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
+cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
+ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
+UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
+AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
+KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
+BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
+nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
+KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
+yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
+B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
+wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
+UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
+5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
+D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
+zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
+9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
+a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
+CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
+271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
+t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
+B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
+rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
+IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
+rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
+RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
+g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
+CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
+=ypVs
+- -----END PGP PUBLIC KEY BLOCK-----
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.4-svn0 (GNU/Linux)
+
+iQEVAwUBSHdDUXey5gA9JdPZAQIl5Af/f5YEl0I3gngnEJUOtm0Tdb/e6eirRTqg
+FGFafWiDGRMrDLko6hR2b2fr9yx/467kqxPBw8s78Q7x/arL5UA2mR/mfYRnq/t+
+DNO5vlYTvtb2/+CvGu0ED4OWpaWjx08MJ/xIY/2xG0YpXC8Dxm4fWLCHax8E7Cmc
+++JJPeCWuvlB6EPkD2c0Ca6fzsDQ0WlrtZFsgV4hj1pq3BoE//kssiUpP90xnbTD
+37d2zfiAVCXxgSDK34oVElkeqQw5FEmTFdUIO7x02TobMolBAnB/5YW/3uRhyqld
+G7Aj9dYrmfuwp45ISrGiLOfoZaH//at2Dt/FqxU28/m6P+6RM/kN0A==
+=GZpf
+-----END PGP SIGNATURE-----
+</pre></body></html>
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Nasl/gb_suse_2008_034.nasl
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Nasl/gb_suse_2008_034.nasl 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Nasl/gb_suse_2008_034.nasl 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,156 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# SuSE Update for MozillaFirefox SUSE-SA:2008:034
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(850001);
+ script_version("$Revision: 1.0 $");
+ script_xref(name: "SUSE-SA", value: "2008-034");
+ script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811");
+ script_name(english: "SuSE Update for MozillaFirefox SUSE-SA:2008:034");
+ desc["english"] = "
+
+ Vulnerability Insight:
+
+ Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs
+ including following security bugs.
+
+ MFSA 2008-21:
+ Mozilla developers identified and fixed several stability bugs in the
+ browser engine used in Firefox and other Mozilla-based products. Some
+ of these crashes showed evidence of memory corruption under certain
+ circumstances and we presume that with enough effort at least some
+ of these could be exploited to run arbitrary code.
+
+ MFSA 2008-22:
+ Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities
+ which allow scripts from one document to be executed in the context
+ of a different document. These vulnerabilities could be used by an
+ attacker to violate the same-origin policy and perform an XSS attack.
+
+ MFSA 2008-23:
+ Security researcher Collin Jackson reported a series of vulnerabilities
+ which allow JavaScript to be injected into signed JARs and executed
+ under the context of the JAR's signer. This could allow an attacker
+ to run JavaScript in a victim's browser with the privileges of a
+ different website, provided the attacker possesses a JAR signed by
+ the other website.
+
+ MFSA 2008-24:
+ Mozilla contributor moz_bug_r_a4 reported a vulnerability that
+ allowed non-privileged XUL documents to load chrome scripts from
+ the fastload file. This could allow an attacker to run arbitrary
+ JavaScript code with chrome privileges.
+
+ MFSA 2008-25:
+ Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows
+ arbitrary JavaScript to be executed with chrome privileges. The
+ privilege escalation was possible because JavaScript loaded via
+ mozIJSSubScriptLoader.loadSubScript() was not using XPCNativeWrappers
+ when accessing content. This could allow an attacker to overwrite
+ trusted objects with arbitrary code which would be executed with
+ chrome privileges when the trusted objects were called by the browser.
+
+ MFSA 2008-27:
+ Opera developer Claudio Santambrogio reported a vulnerability which
+ allows malicious content to force the browser into uploading local
+ files to the remote server. This could be used by an attacker to
+ steal arbitrary files from a victim's computer.
+
+ MFSA 2008-28:
+ Security researcher Gregory Fleischer reported a vulnerability
+ in the way Mozilla indicates the origi ...
+
+ Description truncated, for more information please check the Reference URL
+
+ Impact:
+ remote code execution
+
+ Affected Software/OS:
+ MozillaFirefox on openSUSE 10.2, openSUSE 10.3
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://www.novell.com/linux/security/advisories/2008_34_firefox.html
+
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the Version of MozillaFirefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "openSUSE10.3")
+{
+
+ if(isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~2.0.0.15~0.1", rls:"openSUSE10.3"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"MozillaFirefox-translations", rpm:"MozillaFirefox-translations~2.0.0.15~0.1", rls:"openSUSE10.3"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
+
+
+if(release == "openSUSE10.2")
+{
+
+ if(isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~2.0.0.15~0.1", rls:"openSUSE10.2"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"MozillaFirefox-translations", rpm:"MozillaFirefox-translations~2.0.0.15~0.1", rls:"openSUSE10.2"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
\ No newline at end of file
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Nasl/pkg-lib-rpm.inc
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Nasl/pkg-lib-rpm.inc 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Nasl/pkg-lib-rpm.inc 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,56 @@
+#
+# This script was written by Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License Version 2
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#
+# rpmcheck is intended to provide a quick way to verify that
+# a given rpm, if it is installed, is up to date. The function
+# isrpmvuln returns 0 if it is not installed or is installed
+# but up to date, and returns 1 if it is installed and vulnerable
+
+
+# Example call: isrpmvuln(pkg:"gnutls-utils", rpm:"gnutls-utils~1.4.1~3", rls:"FC6")
+
+function isrpmvuln(pkg, rpm, rls) {
+ # Check that we have the data for this release.
+ kbrls = get_kb_item("ssh/login/release");
+ if(kbrls!=rls) {
+ return(0);
+ }
+ rpms = get_kb_item("ssh/login/rpms");
+ if(!rpms) return(0);
+
+ # Must include in the package search leading \n or ; to prevent
+ # overly permissive search (e.g. search for 'ash' must not match 'bash')
+
+ pat = string("[\n;](", pkg, "~[^;]+);");
+# pat = string(pkg, "~([^;]+);");
+ matches = eregmatch(pattern:pat, string:rpms);
+ if(isnull(matches)) {
+ return(0);
+ }
+#security_note(0, data: "Comparing " + matches[1] + " against " + rpm);
+ rc = revcomp(a:matches[1], b:rpm);
+ if(rc<0) {
+ norm_pkg = "";
+ foreach comp (split(matches[1], sep: "~", keep:0)) {
+ norm_pkg = string(norm_pkg,"-",comp);
+ }
+ norm_pkg = substr(norm_pkg, 1);
+# security_note(0, data: "Package " + pkg + " version " +
+# norm_pkg + " is installed which is known to be vulnerable.");
+ return(1);
+ }
+ return(0);
+}
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Nasl/revisions-lib.inc
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Nasl/revisions-lib.inc 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Nasl/revisions-lib.inc 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,137 @@
+# OpenVAS Vulnerability Test include file
+# $Id$
+# Description: Revision string comparison helper function
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License Version 2
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#
+
+# Include that can be used to compare two software package version
+# strings. Version string comparison operates on a slightly
+# different set or ordering rules: Instead of comparing character
+# by character exclusively throughout the whole string, we instead
+# compare character by character until we run into a numeric, at
+# which point we extract the entire numeric, and do a numeric
+# comparison. That allows things like v10.1 to be greather than
+# v9, whereas any other string comparison would result in v9
+# being larger, because '9' is larger than '1'. Typical strcmp
+# return values (0=; -1<; 1>;)
+
+function isdigit(a) {
+ if(ord(a)>=ord('0') && ord(a)<=ord('9')) {
+ return(1);
+ }
+ return(0);
+}
+
+function revcomp(a, b) {
+ local_var done, rc, work_a, work_b, lena, lenb;
+ local_var i, subm_a, subm_b, sub_a, sub_b;
+ if(a == b) {
+ return(0);
+ }
+ done = 0;
+ work_a = a;
+ work_b = b;
+ rc = 0;
+ while(!done) {
+ lena = strlen(work_a);
+ lenb = strlen(work_b);
+ if(lena==0) {
+ if(lenb>0) {
+ rc = -1;
+ break;
+ }
+ if(lenb==0) {
+ break;
+ }
+ }
+ for(i=0; i<lena; i++) {
+ if(i>=lenb) {
+ done = 1;
+ rc = 1;
+ break;
+ }
+ if(isdigit(a:work_a[i]) && isdigit(a:work_b[i])) {
+ subm_a=eregmatch(pattern:"([0-9]+)",string:substr(work_a,i));
+ subm_b=eregmatch(pattern:"([0-9]+)",string:substr(work_b,i));
+ sub_a = subm_a[1];
+ sub_b = subm_b[1];
+ work_a = substr(work_a, i+strlen(sub_a));
+ work_b = substr(work_b, i+strlen(sub_b));
+ if(int(sub_a)>int(sub_b)) {
+ done = 1;
+ rc = 1;
+ break;
+ }
+ if(int(sub_a)<int(sub_b)) {
+ done = 1;
+ rc = -1;
+ break;
+ }
+ if(int(sub_a)==int(sub_b)) {
+ # If we have an emptry string here, we're done.
+ if(strlen(work_a)==0 || strlen(work_b)==0) {
+ if(strlen(work_a)==0) {
+ if(strlen(work_b)==0) {
+ done = 1;
+ break;
+ } else {
+ done = 1;
+ rc = -1;
+ break;
+ }
+ } else {
+ done = 1;
+ rc = 1;
+ break;
+ }
+ }
+ if(work_a[0]=='.' && work_b[0]!='.') {
+ done = 1;
+ rc = 1;
+ break;
+ }
+ if(work_a[0]!='.' && work_b[0]=='.') {
+ done = 1;
+ rc = -1;
+ break;
+ }
+ # Both must be dots. Allow the check to proceed normally.
+ break;
+ }
+ }
+ if(ord(work_a[i])<ord(work_b[i])) {
+ done = 1;
+ rc = -1;
+ break;
+ }
+ if(ord(work_a[i])>ord(work_b[i])) {
+ done = 1;
+ rc = 1;
+ break;
+ }
+ if(i==lena-1 && lenb>lena) {
+ done = 1;
+ rc = -1;
+ break;
+ }
+ }
+ }
+ return(rc);
+}
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Suse.template
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Suse.template 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Suse.template 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,75 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# SuSE Update for __SCRIPT_NAME__
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(__SCRIPT_ID__);
+ script_version("$Revision: 1.0 $");
+ script_xref(name: "__XREF_NAME__", value: "__XREF_VALUE__");
+ script_cve_id("__CVEIDS__");
+ script_name(english: "SuSE Update for __SCRIPT_NAME__");
+ desc["english"] = "
+
+ Vulnerability Insight:
+__SCRIPT_DESC__
+
+ Impact:
+ __SCRIPT_IMPACT__
+
+ Affected Software/OS:
+ __SCRIPT_PROD__ on __SCRIPT_PLAT__
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ __SCRIPT_REF__
+
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the Version of __SCRIPT_PKG__");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"SuSE Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+___IF_RELEASE_OPEN___
+
+___IS_RPM_VULN___
+
+___IF_RELEASE_CLOSE___
Property changes on: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/Suse.template
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/advisories/2008_34_firefox.html
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/advisories/2008_34_firefox.html 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/advisories/2008_34_firefox.html 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,424 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html><head><title>Security Announcement</title></head><body><pre>
+Date: Fri, 11 Jul 2008 13:26:28 +0200
+From: Marcus Meissner <meissner at suse.de>
+To: opensuse-security-announce at opensuse.org
+Subject: [security-announce] SUSE Security Announcement: Mozilla Firefox (SUSE-SA:2008:034)
+
+
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+______________________________________________________________________________
+
+ SUSE Security Announcement
+
+ Package: MozillaFirefox
+ Announcement ID: SUSE-SA:2008:034
+ Date: Fri, 11 Jul 2008 10:00:00 +0000
+ Affected Products: openSUSE 10.2
+ openSUSE 10.3
+ Vulnerability Type: remote code execution
+ Severity (1-10): 8
+ SUSE Default Package: yes
+ Cross-References: <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798">CVE-2008-2798</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799">CVE-2008-2799</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2800">CVE-2008-2800</a>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2801">CVE-2008-2801</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802">CVE-2008-2802</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803">CVE-2008-2803</a>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2805">CVE-2008-2805</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2806">CVE-2008-2806</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2807">CVE-2008-2807</a>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2808">CVE-2008-2808</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2809">CVE-2008-2809</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2810">CVE-2008-2810</a>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811">CVE-2008-2811</a>, <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-21.html">MFSA 2008-21</a>, <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-22.html">MFSA 2008-22</a>
+ <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-23.html">MFSA 2008-23</a>, <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-24.html">MFSA 2008-24</a>, <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-25.html">MFSA 2008-25</a>
+ <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-27.html">MFSA 2008-27</a>, <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-28.html">MFSA 2008-28</a>, <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-29.html">MFSA 2008-29</a>
+ <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-30.html">MFSA 2008-30</a>, <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-31.html">MFSA 2008-31</a>, <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-32.html">MFSA 2008-32</a>
+ <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-33.html">MFSA 2008-33</a>
+
+ Content of This Advisory:
+ 1) Security Vulnerability Resolved:
+ Mozilla Firefox 2.0.0.15 security update
+ Problem Description
+ 2) Solution or Work-Around
+ 3) Special Instructions and Notes
+ 4) Package Location and Checksums
+ 5) Pending Vulnerabilities, Solutions, and Work-Arounds:
+ See SUSE Security Summary Report.
+ 6) Authenticity Verification and Additional Information
+
+______________________________________________________________________________
+
+1) Problem Description and Brief Discussion
+
+ Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs
+ including following security bugs.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798">CVE-2008-2798</a> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799">CVE-2008-2799</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-21.html">MFSA 2008-21</a>:
+ Mozilla developers identified and fixed several stability bugs in the
+ browser engine used in Firefox and other Mozilla-based products. Some
+ of these crashes showed evidence of memory corruption under certain
+ circumstances and we presume that with enough effort at least some
+ of these could be exploited to run arbitrary code.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2800">CVE-2008-2800</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-22.html">MFSA 2008-22</a>:
+ Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities
+ which allow scripts from one document to be executed in the context
+ of a different document. These vulnerabilities could be used by an
+ attacker to violate the same-origin policy and perform an XSS attack.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2801">CVE-2008-2801</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-23.html">MFSA 2008-23</a>:
+ Security researcher Collin Jackson reported a series of vulnerabilities
+ which allow JavaScript to be injected into signed JARs and executed
+ under the context of the JAR's signer. This could allow an attacker
+ to run JavaScript in a victim's browser with the privileges of a
+ different website, provided the attacker possesses a JAR signed by
+ the other website.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802">CVE-2008-2802</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-24.html">MFSA 2008-24</a>:
+ Mozilla contributor moz_bug_r_a4 reported a vulnerability that
+ allowed non-privileged XUL documents to load chrome scripts from
+ the fastload file. This could allow an attacker to run arbitrary
+ JavaScript code with chrome privileges.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803">CVE-2008-2803</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-25.html">MFSA 2008-25</a>:
+ Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows
+ arbitrary JavaScript to be executed with chrome privileges. The
+ privilege escalation was possible because JavaScript loaded via
+ mozIJSSubScriptLoader.loadSubScript() was not using XPCNativeWrappers
+ when accessing content. This could allow an attacker to overwrite
+ trusted objects with arbitrary code which would be executed with
+ chrome privileges when the trusted objects were called by the browser.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2805">CVE-2008-2805</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-27.html">MFSA 2008-27</a>:
+ Opera developer Claudio Santambrogio reported a vulnerability which
+ allows malicious content to force the browser into uploading local
+ files to the remote server. This could be used by an attacker to
+ steal arbitrary files from a victim's computer.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2806">CVE-2008-2806</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-28.html">MFSA 2008-28</a>:
+ Security researcher Gregory Fleischer reported a vulnerability
+ in the way Mozilla indicates the origin of a document to the Java
+ plugin. This vulnerability could allow a malicious Java applet to
+ bypass the same-origin policy and create arbitrary socket connections
+ to other domains.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2807">CVE-2008-2807</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-29.html">MFSA 2008-29</a>:
+ Mozilla developer Daniel Glazman demonstrated that an improperly
+ encoded .properties file in an add-on can result in uninitialized
+ memory being used. This could potentially result in small chunks of
+ data from other programs being exposed in the browser.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2808">CVE-2008-2808</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-30.html">MFSA 2008-30</a>:
+ Mozilla contributor Masahiro Yamada reported that file URLs in
+ directory listings were not being HTML escaped properly when the
+ filenames contained particular characters. This resulted in files
+ from directory listings being opened in unintended ways or files not
+ being able to be opened by the browser altogether.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2809">CVE-2008-2809</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-31.html">MFSA 2008-31</a>:
+ Mozilla developer John G. Myers reported a weakness in the trust
+ model used by Mozilla regarding alternate names on self-signed
+ certificates. A user could be prompted to accept a self-signed
+ certificate from a website which includes alt-name entries. If
+ the user accepted the certificate, they would also extend trust to
+ any alternate domains listed in the certificate, despite not being
+ prompted about the additional domains. This technique could be used
+ by an attacker to impersonate another server.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2810">CVE-2008-2810</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-32.html">MFSA 2008-32</a>:
+ Mozilla community member Geoff reported a vulnerability in the way
+ Mozilla opens URL files sent directly to the browser. He demonstrated
+ that such files were opened with local file privileges, giving the
+ remote content access to read from the local filesystem. If a user
+ opened a bookmark to a malicious page in this manner, the page could
+ potentially read from other local files on the user's computer.
+
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811">CVE-2008-2811</a> <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-33.html">MFSA 2008-33</a>:
+ Security research firm Astabis, via the iSIGHT Partners GVP Program,
+ reported a vulnerability in Mozilla's block reflow code. This
+ vulnerability could be used by an attacker to crash the browser and
+ run arbitrary code on the victim's computer.
+
+2) Solution or Work-Around
+
+ There is no known workaround, please install the update packages.
+
+3) Special Instructions and Notes
+
+ Please close and restart all running instances of Firefox after the update.
+
+4) Package Location and Checksums
+
+ The preferred method for installing security updates is to use the YaST
+ Online Update (YOU) tool. YOU detects which updates are required and
+ automatically performs the necessary steps to verify and install them.
+ Alternatively, download the update packages for your distribution manually
+ and verify their integrity by the methods listed in Section 6 of this
+ announcement. Then install the packages using the command
+
+ rpm -Fhv <file.rpm>
+
+ to apply the update, replacing <file.rpm> with the filename of the
+ downloaded RPM package.
+
+
+ x86 Platform:
+
+ openSUSE 10.3:
+ <a href="http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm">http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm</a>
+ <a href="http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm">http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm</a>
+
+ openSUSE 10.2:
+ <a href="ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm">ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-2.0.0.15-0.1.i586.rpm</a>
+ <a href="ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm">ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-translations-2.0.0.15-0.1.i586.rpm</a>
+
+ Sources:
+
+ openSUSE 10.3:
+ <a href="http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/MozillaFirefox-2.0.0.15-0.1.src.rpm">http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/MozillaFirefox-2.0.0.15-0.1.src.rpm</a>
+
+ openSUSE 10.2:
+ <a href="ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/MozillaFirefox-2.0.0.15-0.1.src.rpm">ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/MozillaFirefox-2.0.0.15-0.1.src.rpm</a>
+
+ Our maintenance customers are notified individually. The packages are
+ offered for installation from the maintenance web:
+
+ SUSE Linux Enterprise Server 10 SP1
+ SUSE Linux Enterprise Server 10 SP2
+ SUSE Linux Enterprise 10 SP2 DEBUGINFO
+ SUSE Linux Enterprise Desktop 10 SP1
+ SUSE Linux Enterprise Desktop 10 SP2
+ <a href="http://support.novell.com/techcenter/psdb/0fea55c59743d1e08b7b9ed24c7034fd.html">http://support.novell.com/techcenter/psdb/0fea55c59743d1e08b7b9ed24c7034fd.html</a>
+
+ New download.novell.com references:
+
+ Security update for MozillaFirefox (ia64)
+ SUSE Linux Enterprise Server 10 SP1
+ <a href="http://download.novell.com/Download?buildid=CVuQok2_ca8~">http://download.novell.com/Download?buildid=CVuQok2_ca8~</a>
+
+ Security update for MozillaFirefox (s390x)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=kSaWRPtTvpI~">http://download.novell.com/Download?buildid=kSaWRPtTvpI~</a>
+
+ Security update for MozillaFirefox (ppc)
+ SUSE Linux Enterprise Server 10 SP1
+ <a href="http://download.novell.com/Download?buildid=gBTkPviDogc~">http://download.novell.com/Download?buildid=gBTkPviDogc~</a>
+
+ Security update for MozillaFirefox (s390x)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=ON73zs89fJ4~">http://download.novell.com/Download?buildid=ON73zs89fJ4~</a>
+
+ Security update for MozillaFirefox (x86)
+ SUSE Linux Enterprise Desktop 10 SP2
+ <a href="http://download.novell.com/Download?buildid=E4jtdJoGlDQ~">http://download.novell.com/Download?buildid=E4jtdJoGlDQ~</a>
+
+ Security update for MozillaFirefox (x86-64)
+ SUSE Linux Enterprise Desktop 10 SP2
+ <a href="http://download.novell.com/Download?buildid=Na0vK5lQlOM~">http://download.novell.com/Download?buildid=Na0vK5lQlOM~</a>
+
+ Security update for MozillaFirefox (x86)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=CUUO_aCsdMU~">http://download.novell.com/Download?buildid=CUUO_aCsdMU~</a>
+
+ Security update for MozillaFirefox (ppc)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=vXPKUCTzdi0~">http://download.novell.com/Download?buildid=vXPKUCTzdi0~</a>
+
+ Security update for MozillaFirefox (x86-64)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=zei6Hn4O6rQ~">http://download.novell.com/Download?buildid=zei6Hn4O6rQ~</a>
+
+ Security update for MozillaFirefox (x86-64)
+ SUSE Linux Enterprise Server 10 SP1
+ <a href="http://download.novell.com/Download?buildid=sVDMHHBpzl0~">http://download.novell.com/Download?buildid=sVDMHHBpzl0~</a>
+
+ Security update for MozillaFirefox (ppc)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=1X60FN2DSGs~">http://download.novell.com/Download?buildid=1X60FN2DSGs~</a>
+
+ Security update for MozillaFirefox (x86)
+ SUSE Linux Enterprise Desktop 10 SP1
+ <a href="http://download.novell.com/Download?buildid=RSBMUOv_HPM~">http://download.novell.com/Download?buildid=RSBMUOv_HPM~</a>
+
+ Security update for MozillaFirefox (ia64)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=HqzYlbrdyk8~">http://download.novell.com/Download?buildid=HqzYlbrdyk8~</a>
+
+ Security update for MozillaFirefox (x86)
+ SUSE Linux Enterprise Server 10 SP1
+ <a href="http://download.novell.com/Download?buildid=1hzQTKfbJ2I~">http://download.novell.com/Download?buildid=1hzQTKfbJ2I~</a>
+
+ Security update for MozillaFirefox (x86)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=VgoVF4vEHkI~">http://download.novell.com/Download?buildid=VgoVF4vEHkI~</a>
+
+ Security update for MozillaFirefox (s390x)
+ SUSE Linux Enterprise Server 10 SP1
+ <a href="http://download.novell.com/Download?buildid=DcGiWrDCGt8~">http://download.novell.com/Download?buildid=DcGiWrDCGt8~</a>
+
+ Security update for MozillaFirefox (ia64)
+ SUSE Linux Enterprise Server 10 SP2
+ <a href="http://download.novell.com/Download?buildid=R2FzGF6uSA8~">http://download.novell.com/Download?buildid=R2FzGF6uSA8~</a>
+
+ Security update for MozillaFirefox (x86-64)
+ SUSE Linux Enterprise Desktop 10 SP1
+ <a href="http://download.novell.com/Download?buildid=Vi4hjt2ZJSE~">http://download.novell.com/Download?buildid=Vi4hjt2ZJSE~</a>
+______________________________________________________________________________
+
+5) Pending Vulnerabilities, Solutions, and Work-Arounds:
+
+ See SUSE Security Summary Report.
+______________________________________________________________________________
+
+6) Authenticity Verification and Additional Information
+
+ - Announcement authenticity verification:
+
+ SUSE security announcements are published via mailing lists and on Web
+ sites. The authenticity and integrity of a SUSE security announcement is
+ guaranteed by a cryptographic signature in each announcement. All SUSE
+ security announcements are published with a valid signature.
+
+ To verify the signature of the announcement, save it as text into a file
+ and run the command
+
+ gpg --verify <file>
+
+ replacing <file> with the name of the file where you saved the
+ announcement. The output for a valid signature looks like:
+
+ gpg: Signature made <DATE> using RSA key ID 3D25D3D9
+ gpg: Good signature from "SuSE Security Team <security at suse.de>"
+
+ where <DATE> is replaced by the date the document was signed.
+
+ If the security team's key is not contained in your key ring, you can
+ import it from the first installation CD. To import the key, use the
+ command
+
+ gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
+
+ - Package authenticity verification:
+
+ SUSE update packages are available on many mirror FTP servers all over the
+ world. While this service is considered valuable and important to the free
+ and open source software community, the authenticity and the integrity of
+ a package needs to be verified to ensure that it has not been tampered
+ with.
+
+ The internal rpm package signatures provide an easy way to verify the
+ authenticity of an RPM package. Use the command
+
+ rpm -v --checksig <file.rpm>
+
+ to verify the signature of the package, replacing <file.rpm> with the
+ filename of the RPM package downloaded. The package is unmodified if it
+ contains a valid signature from build at suse.de with the key ID 9C800ACA.
+
+ This key is automatically imported into the RPM database (on
+ RPMv4-based distributions) and the gpg key ring of 'root' during
+ installation. You can also find it on the first installation CD and at
+ the end of this announcement.
+
+ - SUSE runs two security mailing lists to which any interested party may
+ subscribe:
+
+ opensuse-security at opensuse.org
+ - General Linux and SUSE security discussion.
+ All SUSE security announcements are sent to this list.
+ To subscribe, send an e-mail to
+ <opensuse-security+subscribe at opensuse.org>.
+
+ opensuse-security-announce at opensuse.org
+ - SUSE's announce-only mailing list.
+ Only SUSE's security announcements are sent to this list.
+ To subscribe, send an e-mail to
+ <opensuse-security-announce+subscribe at opensuse.org>.
+
+ =====================================================================
+ SUSE's security contact is <security at suse.com> or <security at suse.de>.
+ The <security at suse.de> public key is listed below.
+ =====================================================================
+______________________________________________________________________________
+
+ The information in this advisory may be distributed or reproduced,
+ provided that the advisory is not modified in any way. In particular, the
+ clear text signature should show proof of the authenticity of the text.
+
+ SUSE Linux Products GmbH provides no warranties of any kind whatsoever
+ with respect to the information contained in this security advisory.
+
+Type Bits/KeyID Date User ID
+pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security at suse.de>
+pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build at suse.de>
+
+- -----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.2 (GNU/Linux)
+
+mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
+BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
+JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
+1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
+P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
+cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
+VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
+yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
+tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
+xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
+Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
+choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
+BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
+v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
+x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
+Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
+MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
+saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
+L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
+F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
+FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
+tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
+Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
+AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
+3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
+YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
++Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
+8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
+8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
+cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
+ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
+UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
+AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
+KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
+BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
+nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
+KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
+yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
+B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
+wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
+UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
+5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
+D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
+zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
+9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
+a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
+CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
+271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
+t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
+B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
+rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
+IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
+rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
+RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
+g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
+CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
+=ypVs
+- -----END PGP PUBLIC KEY BLOCK-----
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.4-svn0 (GNU/Linux)
+
+iQEVAwUBSHdDUXey5gA9JdPZAQIl5Af/f5YEl0I3gngnEJUOtm0Tdb/e6eirRTqg
+FGFafWiDGRMrDLko6hR2b2fr9yx/467kqxPBw8s78Q7x/arL5UA2mR/mfYRnq/t+
+DNO5vlYTvtb2/+CvGu0ED4OWpaWjx08MJ/xIY/2xG0YpXC8Dxm4fWLCHax8E7Cmc
+++JJPeCWuvlB6EPkD2c0Ca6fzsDQ0WlrtZFsgV4hj1pq3BoE//kssiUpP90xnbTD
+37d2zfiAVCXxgSDK34oVElkeqQw5FEmTFdUIO7x02TobMolBAnB/5YW/3uRhyqld
+G7Aj9dYrmfuwp45ISrGiLOfoZaH//at2Dt/FqxU28/m6P+6RM/kN0A==
+=GZpf
+-----END PGP SIGNATURE-----
+</pre></body></html>
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/advisories.html
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/advisories.html 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/advisories.html 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,533 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html><head><title>Linux Security Advisories</title><meta name="Robots" content="INDEX, FOLLOW" /><meta http-equiv="Content-Language" content="en" /><meta http-equiv="Content-Type" content="text/html; CHARSET=utf-8" /><meta name="ada" content="no" /><meta name="keywords" content="security, linux security, SUSE security, security announcements, security advisories" /><meta name="description" content="SUSE security advisories" /><meta name="author" content="Marcus Meissner" /><meta name="Create-Date" content="27 May 2004" /><meta name="Content-Date" content="20 Jan 2009" /><script type="text/javascript" src="/common/inc/hdr_script_2008.js"></script><style type="text/css">
+ @import url(/common/inc/css/tier4_2008.css);
+</style><style type="text/css">
+.date { vertical-align:top; white-space:nowrap; }
+</style></head><body><script type="text/javascript" src="/common/inc/eluminate.js"></script><script type="text/javascript" src="/common/inc/cmdatatagutils.js"></script><script type="text/javascript" src="/common/inc/metrics.js"></script><div id="hdr">
+ <p id="hdr_home"><a href="/" accesskey="2"><img src="/common/img/novell_logo_redonblack.png" width="113" height="41" alt="Novell Home" title="Novell Home" /></a></p>
+ <ul id="hdr_lnks">
+ <li id="hdr_lnks_skip"><a href="#top" accesskey="1">Skip to Content</a></li>
+ <li id="hdr_lnks_menu"><a href="/menu.php" accesskey="3">+ Menu</a></li>
+ </ul>
+ <div id="n_menu">
+ <div id="n_menu_content">
+ <div id="n_menu_tools">
+ <form id="hdr-srch-frm" method="get" action="http://search.novell.com/qfsearch/SearchServlet">
+ <p>
+ <input type="hidden" name="bbshow" value="true" />
+ <input type="hidden" name="bbindex" value="" />
+ <input type="hidden" name="theme" value="" />
+ <input type="hidden" name="encoding" value="UTF-8" />
+ <input type="hidden" name="retencoding" value="UTF-8" />
+ <input type="hidden" name="lang" value="" />
+ <input type="hidden" name="country" value="" />
+ <input type="hidden" name="noredirect" value="" />
+ <input type="hidden" name="collection" value="" />
+ <input type="text" name="query" size="20" id="hdr-srch-input" value="Search" onfocus="if(this.value == nhdr_search) this.value = '';" /><input type="image" src="/common/img/buttons/btn_srch.png" name="hdrsrchsubmit" id="hdr-srch-btn" value="Search" />
+ </p>
+ </form>
+ </div>
+ </div>
+ </div>
+</div><script type="text/javascript" src="/common/inc/hdr_2008.js"></script><div id="tier4">
+ <a name="top"></a>
+ <div id="contentcontainer">
+ <div id="content">
+ <div id="contenthead">
+
+ <h1>Linux</h1>
+
+ <h2>Security Advisories</h2>
+
+ </div>
+ <div id="mainbody">
+
+ <p style="float:right"><a href="/linux/security/suse_security.xml"><img src="/img/xml.gif" width="36" height="14" alt="XML" style="border:0;" /></a></p>
+
+ <h3>2009</h3>
+ <ul class="links">
+ <li><a href="/linux/security/advisories/2009_06_openssl.html" onclick="openExternal(this.href); return false;"><strong>23 Jan 2009</strong> openSSL certificate checking problem</a></li>
+ <li><a href="/linux/security/advisories/2009_05_bind.html" onclick="openExternal(this.href); return false;"><strong>22 Jan 2009</strong> bind DNSSEC signature checking problem</a></li>
+ <li><a href="/linux/security/advisories/2009_04_kernel.html" onclick="openExternal(this.href); return false;"><strong>21 Jan 2009</strong> Linux kernel security problems</a></li>
+ <li><a href="/linux/security/advisories/2009_2_sr.html" onclick="openExternal(this.href); return false;"><strong>20 Jan 2009</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2009_03_kernel.html" onclick="openExternal(this.href); return false;"><strong>20 Jan 2009</strong> Linux kernel security problem</a></li>
+ <li><a href="/linux/security/advisories/2009_02_mozilla.html" onclick="openExternal(this.href); return false;"><strong>14 Jan 2009</strong> Mozilla browser security problems</a></li>
+ <li><a href="/linux/security/advisories/2009_1_sr.html" onclick="openExternal(this.href); return false;"><strong>12 Jan 2009</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2009_01_java.html" onclick="openExternal(this.href); return false;"><strong>09 Jan 2009</strong> Sun Java security problems</a></li>
+ </ul>
+
+ <h3>2008</h3>
+ <ul class="links">
+
+ <li><a href="/linux/security/advisories/2008_34_firefox.html" onclick="openExternal(this.href); return false;"><strong>11 July 2008</strong> Mozilla Firefox 2.0.0.15 release</a></li>
+
+ <h3>2007</h3>
+ <ul class="links">
+ <li><a href="/linux/security/advisories/2007_69_flashplayer.html" onclick="openExternal(this.href); return false;"><strong>21 Dec 2007</strong> flash-player security update</a></li>
+ <li><a href="/linux/security/advisories/2007_68_samba.html" onclick="openExternal(this.href); return false;"><strong>12 Dec 2007</strong> samba security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_67_openoffice.html" onclick="openExternal(this.href); return false;"><strong>11 Dec 2007</strong> OpenOffice_org security update</a></li>
+ <li><a href="/linux/security/advisories/2007_25_sr.html" onclick="openExternal(this.href); return false;"><strong>05 Dec 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_65_samba.html" onclick="openExternal(this.href); return false;"><strong>05 Dec 2007</strong> samba security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_66_firefox.html" onclick="openExternal(this.href); return false;"><strong>05 Dec 2007</strong> Mozilla Firefox security update</a></li>
+ <li><a href="/linux/security/advisories/2007_64_kernel.html" onclick="openExternal(this.href); return false;"><strong>04 Dec 2007</strong> Linux kernel security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_63_kernel.html" onclick="openExternal(this.href); return false;"><strong>03 Dec 2007</strong> Linux kernel security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_62_pcre.html" onclick="openExternal(this.href); return false;"><strong>23 Nov 2007</strong> pcre security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_24_sr.html" onclick="openExternal(this.href); return false;"><strong>22 Nov 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_61_apache2.html" onclick="openExternal(this.href); return false;"><strong>19 Nov 2007</strong> Apache2 security issues</a></li>
+ <li><a href="/linux/security/advisories/2007_60_pdf.html" onclick="openExternal(this.href); return false;"><strong>14 Nov 2007</strong> XPDF security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_59_kernel.html" onclick="openExternal(this.href); return false;"><strong>09 Nov 2007</strong> Linux kernel securty problems</a></li>
+ <li><a href="/linux/security/advisories/2007_58_cups.html" onclick="openExternal(this.href); return false;"><strong>31 Oct 2007</strong> cups IPP remote buffer overflow</a></li>
+ <li><a href="/linux/security/advisories/2007_23_sr.html" onclick="openExternal(this.href); return false;"><strong>31 Oct 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_22_sr.html" onclick="openExternal(this.href); return false;"><strong>26 Oct 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_57_mozilla.html" onclick="openExternal(this.href); return false;"><strong>25 Oct 2007</strong> Mozilla Security Update</a></li>
+ <li><a href="/linux/security/advisories/2007_21_sr.html" onclick="openExternal(this.href); return false;"><strong>19 Oct 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_56_ibmjava.html" onclick="openExternal(this.href); return false;"><strong>18 Oct 2007</strong> IBM Java Security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_55_java.html" onclick="openExternal(this.href); return false;"><strong>17 Oct 2007</strong> Sun Java security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_53_kernel.html" onclick="openExternal(this.href); return false;"><strong>12 Oct 2007</strong> Linux kernel privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2007_20_sr.html" onclick="openExternal(this.href); return false;"><strong>12 Oct 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_54_xorg.html" onclick="openExternal(this.href); return false;"><strong>12 Oct 2007</strong> Xorg security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_19_sr.html" onclick="openExternal(this.href); return false;"><strong>27 Sep 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_52_ooo.html" onclick="openExternal(this.href); return false;"><strong>21 Sep 2007</strong> OpenOffice_org TIFF problem</a></li>
+ <li><a href="/linux/security/advisories/2007_51_kernel.html" onclick="openExternal(this.href); return false;"><strong>06 Sep 2007</strong> Linux kernel security update</a></li>
+ <li><a href="/linux/security/advisories/2007_18_sr.html" onclick="openExternal(this.href); return false;"><strong>31 Aug 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_50_opera.html" onclick="openExternal(this.href); return false;"><strong>30 Aug 2007</strong> Opera 9.23 security release</a></li>
+ <li><a href="/linux/security/advisories/2007_17_sr.html" onclick="openExternal(this.href); return false;"><strong>17 Aug 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_16_sr.html" onclick="openExternal(this.href); return false;"><strong>10 Aug 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_15_sr.html" onclick="openExternal(this.href); return false;"><strong>03 Aug 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_49_mozilla.html" onclick="openExternal(this.href); return false;"><strong>02 Aug 2007</strong> Mozilla security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_47_bind.html" onclick="openExternal(this.href); return false;"><strong>01 Aug 2007</strong> bind DNS cache poisoning problem</a></li>
+ <li><a href="/linux/security/advisories/2007_48_qt3.html" onclick="openExternal(this.href); return false;"><strong>01 Aug 2007</strong> qt3 format string problems</a></li>
+ <li><a href="/linux/security/advisories/2007_14_sr.html" onclick="openExternal(this.href); return false;"><strong>20 Jul 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_46_flashplayer.html" onclick="openExternal(this.href); return false;"><strong>19 Jul 2007</strong> flash-player security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_45_java.html" onclick="openExternal(this.href); return false;"><strong>18 Jul 2007</strong> IBM and Sun Java security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_43_kernel.html" onclick="openExternal(this.href); return false;"><strong>09 Jul 2007</strong> Linux kernel update</a></li>
+ <li><a href="/linux/security/advisories/2007_42_evolution.html" onclick="openExternal(this.href); return false;"><strong>05 Jul 2007</strong> evolution remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2007_41_freetype2.html" onclick="openExternal(this.href); return false;"><strong>04 Jul 2007</strong> freetype2 security problem</a></li>
+ <li><a href="/linux/security/advisories/2007_40_file.html" onclick="openExternal(this.href); return false;"><strong>04 Jul 2007</strong> file integer overflow</a></li>
+ <li><a href="/linux/security/advisories/2007_38_krb5.html" onclick="openExternal(this.href); return false;"><strong>03 Jul 2007</strong> krb5 security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_39_libexif.html" onclick="openExternal(this.href); return false;"><strong>03 Jul 2007</strong> libexif security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_37_openoffice.html" onclick="openExternal(this.href); return false;"><strong>28 Jun 2007</strong> OpenOffice_org RTF import problem</a></li>
+ <li><a href="/linux/security/advisories/2007_36_mozilla.html" onclick="openExternal(this.href); return false;"><strong>27 Jun 2007</strong> Mozilla security updates</a></li>
+ <li><a href="/linux/security/advisories/2007_13_sr.html" onclick="openExternal(this.href); return false;"><strong>22 Jun 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_35_kernel.html" onclick="openExternal(this.href); return false;"><strong>14 Jun 2007</strong> Linux kernel security update</a></li>
+ <li><a href="/linux/security/advisories/2007_34_asterisk.html" onclick="openExternal(this.href); return false;"><strong>06 Jun 2007</strong> Asterisk security update</a></li>
+ <li><a href="/linux/security/advisories/2007_33_clamav.html" onclick="openExternal(this.href); return false;"><strong>06 Jun 2007</strong> clamav 0.90.3 update</a></li>
+ <li><a href="/linux/security/advisories/2007_12_sr.html" onclick="openExternal(this.href); return false;"><strong>25 May 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_32_php.html" onclick="openExternal(this.href); return false;"><strong>23 May 2007</strong> PHP security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_31_samba.html" onclick="openExternal(this.href); return false;"><strong>22 May 2007</strong> Samba Security Problems</a></li>
+ <li><a href="/linux/security/advisories/2007_11_sr.html" onclick="openExternal(this.href); return false;"><strong>16 May 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_10_sr.html" onclick="openExternal(this.href); return false;"><strong>11 May 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_30_kernel.html" onclick="openExternal(this.href); return false;"><strong>10 May 2007</strong> Linux kernel security update</a></li>
+ <li><a href="/linux/security/advisories/2007_26_clamav.html" onclick="openExternal(this.href); return false;"><strong>20 Apr 2007</strong> clamav 0.90.2 security update</a></li>
+ <li><a href="/linux/security/advisories/2007_27_x.html" onclick="openExternal(this.href); return false;"><strong>20 Apr 2007</strong> XFree86,Xorg security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_007_suse.html" onclick="openExternal(this.href); return false;"><strong>20 Apr 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_6_sr.html" onclick="openExternal(this.href); return false;"><strong>13 Apr 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_25_krb5.html" onclick="openExternal(this.href); return false;"><strong>05 Apr 2007</strong> krb5 security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_5_sr.html" onclick="openExternal(this.href); return false;"><strong>30 Mar 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_24_gpg.html" onclick="openExternal(this.href); return false;"><strong>30 Mar 2007</strong> gpg signature bypassing</a></li>
+ <li><a href="/linux/security/advisories/2007_23_openoffice.html" onclick="openExternal(this.href); return false;"><strong>21 Mar 2007</strong> OpenOffice_org security update</a></li>
+ <li><a href="/linux/security/advisories/2007_22_mozilla.html" onclick="openExternal(this.href); return false;"><strong>20 Mar 2007</strong> Mozilla security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_4_sr.html" onclick="openExternal(this.href); return false;"><strong>16 Mar 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_21_kernel.html" onclick="openExternal(this.href); return false;"><strong>16 Mar 2007</strong> Linux kernel security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_20_php.html" onclick="openExternal(this.href); return false;"><strong>15 Mar 2007</strong> PHP security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_19_firefox.html" onclick="openExternal(this.href); return false;"><strong>06 Mar 2007</strong> MozillaFirefox security update 1.5.0.10/2.0.0.2</a></li>
+ <li><a href="/linux/security/advisories/2007_18_kernel.html" onclick="openExternal(this.href); return false;"><strong>27 Feb 2007</strong> Linux kernel security update</a></li>
+ <li><a href="/linux/security/advisories/2007_17_clamav.html" onclick="openExternal(this.href); return false;"><strong>23 Feb 2007</strong> clamav 0.90 update</a></li>
+ <li><a href="/linux/security/advisories/2007_3_sr.html" onclick="openExternal(this.href); return false;"><strong> 16 Feb 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_16_samba.html" onclick="openExternal(this.href); return false;"><strong> 15 Feb 2007</strong> samba remote denial of service</a></li>
+ <li><a href="/linux/security/advisories/2007_15_apparmor.html" onclick="openExternal(this.href); return false;"><strong> 15 Feb 2007</strong> AppArmor profile syntax additions</a></li>
+ <li><a href="/linux/security/advisories/2007_14_bind.html" onclick="openExternal(this.href); return false;"><strong> 30 Jan 2007</strong> bind remote denial of service problem</a></li>
+ <li><a href="/linux/security/advisories/2007_02_sr.html" onclick="openExternal(this.href); return false;"><strong> 26 Jan 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_13_xine.html" onclick="openExternal(this.href); return false;"><strong> 22 Jan 2007</strong> xine format string problems</a></li>
+ <li><a href="/linux/security/advisories/2007_12_squid.html" onclick="openExternal(this.href); return false;"><strong> 23 Jan 2007</strong> squid remote denial of service</a></li>
+ <li><a href="/linux/security/advisories/2007_11_acroread.html" onclick="openExternal(this.href); return false;"><strong> 22 Jan 2007</strong> Acrobat Reader 7.0.9 update</a></li>
+ <li><a href="/linux/security/advisories/2007_01_sr.html" onclick="openExternal(this.href); return false;"><strong> 19 Jan 2007</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2007_10_ibmjava.html" onclick="openExternal(this.href); return false;"><strong> 18 Jan 2007</strong> IBMJava security update</a></li>
+ <li><a href="/linux/security/advisories/2007_09_opera.html" onclick="openExternal(this.href); return false;"><strong> 15 Jan 2007</strong> opera 9.10 security upgrade</a></li>
+ <li><a href="/linux/security/advisories/2007_08_x.html" onclick="openExternal(this.href); return false;"><strong> 12 Jan 2007</strong> XFree86/Xorg security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_07_cacti.html" onclick="openExternal(this.href); return false;"><strong> 12 Jan 2007</strong> cacti command injection</a></li>
+ <li><a href="/linux/security/advisories/2007_06_mozilla.html" onclick="openExternal(this.href); return false;"><strong> 12 Jan 2007</strong> mozilla security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_05_w3m.html" onclick="openExternal(this.href); return false;"><strong> 10 Jan 2007</strong> w3m format string problem</a></li>
+ <li><a href="/linux/security/advisories/2007_04_krb5.html" onclick="openExternal(this.href); return false;"><strong> 10 Jan 2007</strong> krb5 security problems</a></li>
+ <li><a href="/linux/security/advisories/2007_03_java.html" onclick="openExternal(this.href); return false;"><strong> 09 Jan 2007</strong> Sun Java security update</a></li>
+ <li><a href="/linux/security/advisories/2007_02_mono.html" onclick="openExternal(this.href); return false;"><strong> 04 Jan 2007</strong> mono-web ASP.net sourcecode disclosure</a></li>
+ <li><a href="/linux/security/advisories/2007_01_openoffice.html" onclick="openExternal(this.href); return false;"><strong> 04 Jan 2007</strong> OpenOffice_org WMF buffer overflows</a></li>
+ </ul>
+
+ <h3>2006</h3>
+ <ul class="links">
+ <li><a href="/linux/security/advisories/2006_80_mozilla.html" onclick="openExternal(this.href); return false;"><strong> 29 Dec 2006</strong> Mozilla Firefox,Thunderbird security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_79_kernel.html" onclick="openExternal(this.href); return false;"><strong> 21 Dec 2006</strong> Linux kernel security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_29_sr.html" onclick="openExternal(this.href); return false;"><strong> 19 Dec 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_78_clamav.html" onclick="openExternal(this.href); return false;"><strong> 18 Dec 2006</strong> clamav security update</a></li>
+ <li><a href="/linux/security/advisories/2006_77_flashplayer.html" onclick="openExternal(this.href); return false;"><strong> 14 Dec 2006</strong> flash-player CRLF injection</a></li>
+ <li><a href="/linux/security/advisories/2006_76_libgsf.html" onclick="openExternal(this.href); return false;"><strong> 14 Dec 2006</strong> libgsf buffer overflows</a></li>
+ <li><a href="/linux/security/advisories/2006_74_madwifi.html" onclick="openExternal(this.href); return false;"><strong> 13 Dec 2006</strong> gpg stack corruption problem</a></li>
+ <li><a href="/linux/security/advisories/2006_74_madwifi.html" onclick="openExternal(this.href); return false;"><strong> 11 Dec 2006</strong> madwifi remote root exploit</a></li>
+ <li><a href="/linux/security/advisories/2006_28_sr.html" onclick="openExternal(this.href); return false;"><strong>08 Dec 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_73_mono.html" onclick="openExternal(this.href); return false;"><strong>01 Dec 2006</strong> mono tmpfile race problem</a></li>
+ <li><a href="/linux/security/advisories/2006_71_phpmyadmin.html" onclick="openExternal(this.href); return false;"><strong>24 Nov 2006</strong> phpMyAdmin security upgrade to 2.9.1.1</a></li>
+ <li><a href="/linux/security/advisories/2006_72_openldap2.html" onclick="openExternal(this.href); return false;"><strong>24 Nov 2006</strong> openldap2 denial of service problem</a></li>
+ <li><a href="/linux/security/advisories/2006_27_sr.html" onclick="openExternal(this.href); return false;"><strong>24 Nov 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_26_sr.html" onclick="openExternal(this.href); return false;"><strong>17 Nov 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_68_mozilla.html" onclick="openExternal(this.href); return false;"><strong>16 Nov 2006</strong> Mozilla Firefox 1.5.0.8 release</a></li>
+ <li><a href="/linux/security/advisories/2006_69_asterisk.html" onclick="openExternal(this.href); return false;"><strong>16 Nov 2006</strong> asterisk remote denial of service problem</a></li>
+ <li><a href="/linux/security/advisories/2006_70_pdns.html" onclick="openExternal(this.href); return false;"><strong>16 Nov 2006</strong> pdns remote denial of service problem</a></li>
+ <li><a href="/linux/security/advisories/2006_67_php.html" onclick="openExternal(this.href); return false;"><strong>15 Nov 2006</strong> php security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_66_imagemagick.html" onclick="openExternal(this.href); return false;"><strong>14 Nov 2006</strong> ImageMagick security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_65_ethereal.html" onclick="openExternal(this.href); return false;"><strong>14 Nov 2006</strong> ethereal security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_64_kernel.html" onclick="openExternal(this.href); return false;"><strong>10 Nov 2006</strong> Linux kernel 2.4 security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_25_sr.html" onclick="openExternal(this.href); return false;"><strong>27 Oct 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_63_qt.html" onclick="openExternal(this.href); return false;"><strong>25 Oct 2006</strong> Qt image handliung security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_62_openssh.html" onclick="openExternal(this.href); return false;"><strong>20 Oct 2006</strong> openssh security update</a></li>
+ <li><a href="/linux/security/advisories/2006_61_opera.html" onclick="openExternal(this.href); return false;"><strong>19 Oct 2006</strong> opera security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_60_clamav.html" onclick="openExternal(this.href); return false;"><strong>18 Oct 2006</strong> clamav security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_59_php.html" onclick="openExternal(this.href); return false;"><strong>09 Oct 2006</strong> PHP security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_24_sr.html" onclick="openExternal(this.href); return false;"><strong>06 Oct 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_58_openssl.html" onclick="openExternal(this.href); return false;"><strong>28 Sep 2006</strong> openssl security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_57_kernel.html" onclick="openExternal(this.href); return false;"><strong>28 Sep 2006</strong> Linux kernel security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_23_sr.html" onclick="openExternal(this.href); return false;"><strong>27 Sep 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_56_gzip.html" onclick="openExternal(this.href); return false;"><strong>26 Sep 2006</strong> gzip security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_55_ssl.html" onclick="openExternal(this.href); return false;"><strong>22 Sep 2006</strong> PKCS RSA signature forgery</a></li>
+ <li><a href="/linux/security/advisories/2006_54_mozilla.html" onclick="openExternal(this.href); return false;"><strong>22 Sep 2006</strong> Mozilla Firefox security update</a></li>
+ <li><a href="/linux/security/advisories/2006_53_flashplayer.html" onclick="openExternal(this.href); return false;"><strong>21 Sep 2006</strong> flash-player security problem</a></li>
+ <li><a href="/linux/security/advisories/2006_52_php.html" onclick="openExternal(this.href); return false;"><strong>21 Sep 2006</strong> php4,php5 security update</a></li>
+ <li><a href="/linux/security/advisories/2006_51_apache.html" onclick="openExternal(this.href); return false;"><strong>08 Sep 2006</strong> Apache2 SSLVerifyClient problems</a></li>
+ <li><a href="/linux/security/advisories/2006_50_imagemagick.html" onclick="openExternal(this.href); return false;"><strong>08 Sep 2006</strong> ImageMagick security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_22_sr.html" onclick="openExternal(this.href); return false;"><strong>08 Sep 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_21_sr.html" onclick="openExternal(this.href); return false;"><strong>01 Sep 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_49_kernel.html" onclick="openExternal(this.href); return false;"><strong>18 Aug 2006</strong> kernel security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_48_seamonkey.html" onclick="openExternal(this.href); return false;"><strong>16 Aug 2006</strong> Mozilla Firefox, Thunderbird and Seamonkey security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_20_sr.html" onclick="openExternal(this.href); return false;"><strong>14 Aug 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_47_kernel.html" onclick="openExternal(this.href); return false;"><strong>11 Aug 2006</strong> kernel security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_19_sr.html" onclick="openExternal(this.href); return false;"><strong>09 Aug 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_46_clamav.html" onclick="openExternal(this.href); return false;"><strong>09 Aug 2006</strong> clamav security problem</a></li>
+ <li><a href="/linux/security/advisories/2006_45_freetype2.html" onclick="openExternal(this.href); return false;"><strong>01 Aug 2006</strong> Freetype2 various security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_44_libtiff.html" onclick="openExternal(this.href); return false;"><strong>01 Aug 2006</strong> Libtiff integer overflows</a></li>
+ <li><a href="/linux/security/advisories/2006_43_apache.html" onclick="openExternal(this.href); return false;"><strong>28 July 2006</strong> Apache,Apache2 mod_rewrite security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_18_sr.html" onclick="openExternal(this.href); return false;"><strong>28 July 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_42_kernel.html" onclick="openExternal(this.href); return false;"><strong>26 July 2006</strong> kernel local privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2006_17_sr.html" onclick="openExternal(this.href); return false;"><strong>21 July 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_16_sr.html" onclick="openExternal(this.href); return false;"><strong>14 July 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_41_acroread.html" onclick="openExternal(this.href); return false;"><strong>04 July 2006</strong> acroread various security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_38_opera.html" onclick="openExternal(this.href); return false;"><strong>03 July 2006</strong> Opera 9.0 security update</a></li>
+ <li><a href="/linux/security/advisories/2006_39_kdm.html" onclick="openExternal(this.href); return false;"><strong>03 July 2006</strong> KDM information disclosure</a></li>
+ <li><a href="/linux/security/advisories/2006_40_openoffice.html" onclick="openExternal(this.href); return false;"><strong>03 July 2006</strong> OpenOffice_org security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_38_security.html" onclick="openExternal(this.href); return false;"><strong>30 June 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_37.freetype.html" onclick="openExternal(this.href); return false;"><strong>27 June 2006</strong> freetype integer overflow problems</a></li>
+ <li><a href="/linux/security/advisories/2006_35_mozilla.html" onclick="openExternal(this.href); return false;"><strong>23 June 2006</strong> Mozilla browser security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_36_mysql.html" onclick="openExternal(this.href); return false;"><strong>23 June 2006</strong> mysql remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2006_34_php4.html" onclick="openExternal(this.href); return false;"><strong>22 June 2006</strong> php4 bugfix update</a></li>
+ <li><a href="/linux/security/advisories/2006_14_sr.html" onclick="openExternal(this.href); return false;"><strong>20 June 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_33_awstats.html" onclick="openExternal(this.href); return false;"><strong>20 June 2006</strong> awstats remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2006_31_php.html" onclick="openExternal(this.href); return false;"><strong>14 June 2006</strong> php4,php5 security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_32_sendmail.html" onclick="openExternal(this.href); return false;"><strong>14 June 2006</strong> sendmail remote denial of service</a></li>
+ <li><a href="/linux/security/advisories/2006_pkupd.html" onclick="openExternal(this.href); return false;"><strong>12 June 2006</strong> SUSE Linux 10.1 Package Management Update</a></li>
+ <li><a href="/linux/security/advisories/2006_13_sr.html" onclick="openExternal(this.href); return false;"><strong>09 June 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_30_postgresql.html" onclick="openExternal(this.href); return false;"><strong>09 June 2006</strong> PostgreSQL SQL injection attacks</a></li>
+ <li><a href="/linux/security/advisories/2006-06-02.html" onclick="openExternal(this.href); return false;"><strong>02 June 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006-05-33.html" onclick="openExternal(this.href); return false;"><strong>31 May 2006</strong> rug/rcd security problems</a></li>
+ <li><a href="/linux/security/advisories/2006-05-32.html" onclick="openExternal(this.href); return false;"><strong>31 May 2006</strong> cron local privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2006-05-31.html" onclick="openExternal(this.href); return false;"><strong>31 May 2006</strong> various kernel security problems</a></li>
+ <li><a href="/linux/security/advisories/2006-05-30.html" onclick="openExternal(this.href); return false;"><strong>30 May 2006</strong> foomatic-filters shellcode injection</a></li>
+ <li><a href="/linux/security/advisories/2006_05_19.html" onclick="openExternal(this.href); return false;"><strong>19 May 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/12_may_06.html" onclick="openExternal(this.href); return false;"><strong>12 May 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_05_05.html" onclick="openExternal(this.href); return false;"><strong>05 May 2006</strong> cyrus-sasl-digestmd5 denial of service attack</a></li>
+ <li><a href="/linux/security/advisories/05-05-2006.html" onclick="openExternal(this.href); return false;"><strong>05 May 2006</strong> various php security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_05_03.html" onclick="openExternal(this.href); return false;"><strong>03 May 2006</strong> xorg-x11-server buffer overflow</a></li>
+ <li><a href="/linux/security/advisories/2006_04_28.html" onclick="openExternal(this.href); return false;"><strong>28 Apr 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_04_25.html" onclick="openExternal(this.href); return false;"><strong>25 Apr 2006</strong> MozillaThunderbird various problems</a></li>
+ <li><a href="/linux/security/advisories/2006_04_20.html" onclick="openExternal(this.href); return false;"><strong>20 Apr 2006</strong> Mozilla Firefox and Mozilla suite various security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_20_clamav.html" onclick="openExternal(this.href); return false;"><strong>11 Apr 2006</strong> clamav various problems</a></li>
+ <li><a href="/linux/security/advisories/2006_08_sr.html" onclick="openExternal(this.href); return false;"><strong>07 Apr 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_07_sr.html" onclick="openExternal(this.href); return false;"><strong>31 Mar 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_19_freeradius.html" onclick="openExternal(this.href); return false;"><strong>28 Mar 2006</strong> freeradius authentication bypass</a></li>
+ <li><a href="/linux/security/advisories/2006_06_sr.html" onclick="openExternal(this.href); return false;"><strong>24 Mar 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_18_realplayer.html" onclick="openExternal(this.href); return false;"><strong>23 Mar 2006</strong> RealPlayer security problems</a></li>
+ <li><a href="/linux/security/advisories/2006_17_sendmail.html" onclick="openExternal(this.href); return false;"><strong>22 Mar 2006</strong> sendmail remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2006_16_xorgx11server.html" onclick="openExternal(this.href); return false;"><strong>21 Mar 2006</strong> xorg-x11-server local privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2006_15_flashplayer.html" onclick="openExternal(this.href); return false;"><strong>21 Mar 2006</strong> flash-player remote buffer overflow</a></li>
+ <li><a href="/linux/security/advisories/2006_14_gpg.html" onclick="openExternal(this.href); return false;"><strong>10 Mar 2006</strong> gpg signature checking problems</a></li>
+ <li><a href="/linux/security/advisories/2006_05_sr.html" onclick="openExternal(this.href); return false;"><strong>03 Mar 2006</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2006_13_gpg.html" onclick="openExternal(this.href); return false;"><strong>01 Mar 2006</strong> gpg / liby2util signature checking problems</a></li>
+ <li><a href="/linux/security/advisories/2006_11_heimdal.html" onclick="openExternal(this.href); return false;"><strong>24 Feb 2006</strong> heimdal remote denial of service</a></li>
+ <li><a href="/linux/security/advisories/2006_04_sr.html" onclick="openExternal(this.href); return false;"><strong>24 Feb 2006</strong> SUSE Security Summary Report </a></li>
+ <li><a href="/linux/security/advisories/2006_10_casa.html" onclick="openExternal(this.href); return false;"><strong>22 Feb 2006</strong> CASA remote code execution </a></li>
+ <li><a href="/linux/security/advisories/2006_09_gpg.html" onclick="openExternal(this.href); return false;"><strong>20 Feb 2006</strong> gpg/liby2util incorrect gpg signature checking </a></li>
+ <li><a href="/linux/security/advisories/2006_08_openssh.html" onclick="openExternal(this.href); return false;"><strong>14 Feb 2006</strong> openssh scponly privilege escalation </a></li>
+ <li><a href="/linux/security/advisories/2006_07_binutils.html" onclick="openExternal(this.href); return false;"><strong>10 Feb 2006</strong> binutils local privilege escalation </a></li>
+ <li><a href="/linux/security/advisories/2006_06_kernel.html" onclick="openExternal(this.href); return false;"><strong>09 Feb 2006</strong> kernel remote denial of service attack </a></li>
+ <li><a href="/linux/security/advisories/2006_03_sr.html" onclick="openExternal(this.href); return false;"><strong>03 Feb 2006</strong> SUSE Security Summary Report </a></li>
+ <li><a href="/linux/security/advisories/2006_05_nfsserver.html" onclick="openExternal(this.href); return false;"><strong>26 Jan 2006</strong> nfs-server/rpc.mountd remote code execution </a></li>
+ <li><a href="/linux/security/advisories/2006_04_phpmyadmin.html" onclick="openExternal(this.href); return false;"><strong>26 Jan 2006</strong> phpMyAdmin various problems </a></li>
+ <li><a href="/linux/security/advisories/2006_02_sr.html" onclick="openExternal(this.href); return false;"><strong>20 Jan 2006</strong> SUSE Security Summary Report </a></li>
+ <li><a href="/linux/security/advisories/2006_03_kdelibs3.html" onclick="openExternal(this.href); return false;"><strong>20 Jan 2006</strong> kdelibs3/javascript buffer overflow </a></li>
+ <li><a href="/linux/security/advisories/2006_02_novellnrm.html" onclick="openExternal(this.href); return false;"><strong>13 Jan 2006</strong> Novell Remote Manager heap overflow </a></li>
+ <li><a href="/linux/security/advisories/2006_01_sr.html" onclick="openExternal(this.href); return false;"><strong>13 Jan 2006</strong> SUSE Security Summary Report </a></li>
+ </ul>
+
+ <h3>2005</h3>
+ <ul class="links">
+ <li><a href="/linux/security/advisories/2006_01_xpdf.html" onclick="openExternal(this.href); return false;"><strong>11 Jan 2005</strong> xpdf various security problems</a></li>
+ <li><a href="/linux/security/advisories/2005_71_perl.html" onclick="openExternal(this.href); return false;"><strong>20 Dec 2005</strong> perl integer overflows</a></li>
+ <li><a href="/linux/security/advisories/2005_70_ipsec.html" onclick="openExternal(this.href); return false;"><strong>20 Dec 2005</strong> freeswan,openswan,ipsec-tools denial of service </a></li>
+ <li><a href="/linux/security/advisories/2005_30_sr.html" onclick="openExternal(this.href); return false;"><strong>16 Dec 2005</strong> SUSE Security Summary Report </a></li>
+ <li><a href="/linux/security/advisories/2005_68_kernel.html" onclick="openExternal(this.href); return false;"><strong>14 Dec 2005</strong> Linux kernel: various security problems </a></li>
+ <li><a href="/linux/security/advisories/2005_14_sa.html" onclick="openExternal(this.href); return false;"><strong>14 Dec 2005</strong> php4,php5: various security problems </a></li>
+ <li><a href="/linux/security/advisories/2005_29_sr.html" onclick="openExternal(this.href); return false;"><strong>09 Dec 2005</strong> SUSE Security Summary Report </a></li>
+ <li><a href="/linux/security/advisories/2005_67_kernel.html" onclick="openExternal(this.href); return false;"><strong>06 Dec 2005</strong> SUSE Linux 10.0 Kernel: various security problems </a></li>
+ <li><a href="/linux/security/advisories/2005_28_sr.html" onclick="openExternal(this.href); return false;"><strong>02 Dec 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_27_sr.html" onclick="openExternal(this.href); return false;"><strong>18 Nov 2005</strong> SUSE Security Summary Report </a></li>
+ <li><a href="/linux/security/advisories/2005_66_phpmyadmin.html" onclick="openExternal(this.href); return false;"><strong>18 Nov 2005</strong> phpMyAdmin remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_65_gtk2.html" onclick="openExternal(this.href); return false;"><strong>16 Nov 2005</strong> gtk2, gdk-pixbuf: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_26_sr.html" onclick="openExternal(this.href); return false;"><strong>11 Nov 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_25_sr.html" onclick="openExternal(this.href); return false;"><strong>04 Nov 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_64_pwdutils.html" onclick="openExternal(this.href); return false;"><strong>04 Nov 2005</strong> pwdutils, shadow: local privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2005_63_wget_curl.html" onclick="openExternal(this.href); return false;"><strong>24 Oct 2005</strong> wget, curl: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_62_permissions.html" onclick="openExternal(this.href); return false;"><strong>24 Oct 2005</strong> permissions: information disclosure</a></li>
+ <li><a href="/linux/security/advisories/2005_24_sr.html" onclick="openExternal(this.href); return false;"><strong>21 Oct 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_61_openssl.html" onclick="openExternal(this.href); return false;"><strong>19 Oct 2005</strong> openssl: protocol downgrade attack</a></li>
+ <li><a href="/linux/security/advisories/2005_60_OpenWBEM.html" onclick="openExternal(this.href); return false;"><strong>17 Oct 2005</strong> OpenWBEM: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_23_sr.html" onclick="openExternal(this.href); return false;"><strong>14 Oct 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_59_RealPlayer.html" onclick="openExternal(this.href); return false;"><strong>10 Oct 2005</strong> RealPlayer: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_22_sr.html" onclick="openExternal(this.href); return false;"><strong>07 Oct 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_21_sr.html" onclick="openExternal(this.href); return false;"><strong>30 Sep 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_58_mozilla.html" onclick="openExternal(this.href); return false;"><strong>30 Sep 2005</strong> mozilla,MozillaFirefox: remote command execution</a></li>
+ <li><a href="/linux/security/advisories/2005_57_opera.html" onclick="openExternal(this.href); return false;"><strong>26 Sep 2005</strong> opera: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_56_xserver.html" onclick="openExternal(this.href); return false;"><strong>26 Sep 2005</strong> XFree86-server,xorg-x11-server: remote command execution</a></li>
+ <li><a href="/linux/security/advisories/2005_55_clamav.html" onclick="openExternal(this.href); return false;"><strong>26 Sep 2005</strong> clamav: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_54_evolution.html" onclick="openExternal(this.href); return false;"><strong>16 Sep 2005</strong> evolution: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_53_squid.html" onclick="openExternal(this.href); return false;"><strong>16 Sep 2005</strong> squid: remote denial of service</a></li>
+ <li><a href="/linux/security/advisories/2005_20_sr.html" onclick="openExternal(this.href); return false;"><strong>12 Sep 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_52_apache2.html" onclick="openExternal(this.href); return false;"><strong>12 Sep 2005</strong> apache2: local command execution, authentication bypass, memory consumption</a></li>
+ <li><a href="/linux/security/advisories/2005_51_php.html" onclick="openExternal(this.href); return false;"><strong>05 Sep 2005</strong> php4, php5: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_50_kernel.html" onclick="openExternal(this.href); return false;"><strong>01 Sep 2005</strong> kernel: denial of service, local privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2005_49_php.html" onclick="openExternal(this.href); return false;"><strong>30 Aug 2005</strong> php4, php5: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_48_pcre.html" onclick="openExternal(this.href); return false;"><strong>30 Aug 2005</strong> pcre: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_47_acroread.html" onclick="openExternal(this.href); return false;"><strong>22 Aug 2005</strong> acroread: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_19_sr.html" onclick="openExternal(this.href); return false;"><strong>19 Aug 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_46_apache.html" onclick="openExternal(this.href); return false;"><strong>15 Aug 2005</strong> apache, apache2: authentication bypass</a></li>
+ <li><a href="/linux/security/advisories/2005_45_mozilla.html" onclick="openExternal(this.href); return false;"><strong>11 Aug 2005</strong> mozilla, MozillaFirefox, epiphany, galeon: information leak</a></li>
+ <li><a href="/linux/security/advisories/2005_44_kernel.html" onclick="openExternal(this.href); return false;"><strong>04 Aug 2005</strong> kernel: local privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2005_43_zlib.html" onclick="openExternal(this.href); return false;"><strong>28 Jul 2005</strong> zlib: denial of service</a></li>
+ <li><a href="/linux/security/advisories/2005_18_sr.html" onclick="openExternal(this.href); return false;"><strong>28 Jul 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_42_acroread.html" onclick="openExternal(this.href); return false;"><strong>14 Jul 2005</strong> Acrobat Reader 5: buffer overflow</a></li>
+ <li><a href="/linux/security/advisories/2005_17_sr.html" onclick="openExternal(this.href); return false;"><strong>13 Jul 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_41_php_pear.html" onclick="openExternal(this.href); return false;"><strong>07 Jul 2005</strong> php/pear XML::RPC: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_40_heimdal.html" onclick="openExternal(this.href); return false;"><strong>06 Jul 2005</strong> heimdal: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_39_zlib.html" onclick="openExternal(this.href); return false;"><strong>06 Jul 2005</strong> zlib: remote denial of service</a></li>
+ <li><a href="/linux/security/advisories/2005_38_clamav.html" onclick="openExternal(this.href); return false;"><strong>29 Jun 2005</strong> clamav: multiple security and other bugfixes</a></li>
+ <li><a href="/linux/security/advisories/2005_37_real_player.html" onclick="openExternal(this.href); return false;"><strong>27 Jun 2005</strong> RealPlayer remote buffer overflow</a></li>
+ <li><a href="/linux/security/advisories/2005_36_sudo.html" onclick="openExternal(this.href); return false;"><strong>24 Jun 2005</strong> sudo: race condition, arbitrary code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_35_razor_agents.html" onclick="openExternal(this.href); return false;"><strong>23 Jun 2005</strong> razor-agents: denial of service attack</a></li>
+ <li><a href="/linux/security/advisories/2005_34_opera.html" onclick="openExternal(this.href); return false;"><strong>22 Jun 2005</strong> opera: various problems</a></li>
+ <li><a href="/linux/security/advisories/2005_33_spamassassin.html" onclick="openExternal(this.href); return false;"><strong>22 Jun 2005</strong> spamassassin: remote denial of service</a></li>
+ <li><a href="/linux/security/advisories/2005_32_java2.html" onclick="openExternal(this.href); return false;"><strong>22 Jun 2005</strong> SUN Java security problems</a></li>
+ <li><a href="/linux/security/advisories/2005_16_sr.html" onclick="openExternal(this.href); return false;"><strong>17 Jun 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_31_opera.html" onclick="openExternal(this.href); return false;"><strong>15 Jun 2005</strong> Opera: various problems</a></li>
+ <li><a href="/linux/security/advisories/2005_15_sr.html" onclick="openExternal(this.href); return false;"><strong>10 Jun 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_30_mozilla_firefox.html" onclick="openExternal(this.href); return false;"><strong>09 Jun 2005</strong> Mozilla Firefox: various problems</a></li>
+ <li><a href="/linux/security/advisories/2005_29_kernel.html" onclick="openExternal(this.href); return false;"><strong>09 Jun 2005</strong> kernel: several security problems</a></li>
+ <li><a href="/linux/security/advisories/2005_14_sr.html" onclick="openExternal(this.href); return false;"><strong>07 Jun 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_13_sr.html" onclick="openExternal(this.href); return false;"><strong>18 May 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_12_sr.html" onclick="openExternal(this.href); return false;"><strong>29 Apr 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_28_mozilla_firefox.html" onclick="openExternal(this.href); return false;"><strong>27 Apr 2005</strong> Mozilla Firefox: various security problems</a></li>
+ <li><a href="/linux/security/advisories/2005_27_postgresql.html" onclick="openExternal(this.href); return false;"><strong>20 Apr 2005</strong> PostgreSQL: buffer overflow problems</a></li>
+ <li><a href="/linux/security/advisories/2005_26_realplayer.html" onclick="openExternal(this.href); return false;"><strong>20 Apr 2005</strong> RealPlayer: buffer overflow in RAM file handling</a></li>
+ <li><a href="/linux/security/advisories/2005_25_openoffice_org.html" onclick="openExternal(this.href); return false;"><strong>19 Apr 2005</strong> OpenOffice_org: heap overflow problem</a></li>
+ <li><a href="/linux/security/advisories/2005_24_cvs.html" onclick="openExternal(this.href); return false;"><strong>18 Apr 2005</strong> cvs: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_11_sr.html" onclick="openExternal(this.href); return false;"><strong>15 Apr 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_23_php.html" onclick="openExternal(this.href); return false;"><strong>15 Apr 2005</strong> php4, php5: remote denial of service</a></li>
+ <li><a href="/linux/security/advisories/2005_22_kdelibs3.html" onclick="openExternal(this.href); return false;"><strong>11 Apr 2005</strong> kdelibs3: various KDE security problems</a></li>
+ <li><a href="/linux/security/advisories/2005_10_sr.html" onclick="openExternal(this.href); return false;"><strong>08 Apr 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_21_kernel.html" onclick="openExternal(this.href); return false;"><strong>04 Apr 2005</strong> kernel: local privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2005_20_ipsec_tools.html" onclick="openExternal(this.href); return false;"><strong>31 Mar 2005</strong> ipsec-tools: remote denial of service</a></li>
+ <li><a href="/linux/security/advisories/2005_09_sr.html" onclick="openExternal(this.href); return false;"><strong>29 Mar 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_19_mysql.html" onclick="openExternal(this.href); return false;"><strong>24 Mar 2005</strong> MySQL: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_18_kernel.html" onclick="openExternal(this.href); return false;"><strong>24 Mar 2005</strong> kernel: remote denial of service</a></li>
+ <li><a href="/linux/security/advisories/2005_17_imagemagick.html" onclick="openExternal(this.href); return false;"><strong>23 Mar 2005</strong> ImageMagick: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_08_sr.html" onclick="openExternal(this.href); return false;"><strong>18 Mar 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_16_mozilla_firefox.html" onclick="openExternal(this.href); return false;"><strong>16 Mar 2005</strong> Mozilla Firefox: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_15_openslp.html" onclick="openExternal(this.href); return false;"><strong>14 Mar 2005</strong> openslp: remote command execution</a></li>
+ <li><a href="/linux/security/advisories/2005_14_realplayer.html" onclick="openExternal(this.href); return false;"><strong>09 Mar 2005</strong> RealPlayer: remote buffer overflow</a></li>
+ <li><a href="/linux/security/advisories/2005_07_sr.html" onclick="openExternal(this.href); return false;"><strong>04 Mar 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_13_cyrus_sasl.html" onclick="openExternal(this.href); return false;"><strong>03 Mar 2005</strong> cyrus-sasl: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_12_imap.html" onclick="openExternal(this.href); return false;"><strong>01 Mar 2005</strong> imap: remote authentication bypass</a></li>
+ <li><a href="/linux/security/advisories/2005_11_curl.html" onclick="openExternal(this.href); return false;"><strong>28 Feb 2005</strong> curl: buffer overflow in NTLM authentication</a></li>
+ <li><a href="/linux/security/advisories/2005_06_sr.html" onclick="openExternal(this.href); return false;"><strong>25 Feb 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_10_kernel.html" onclick="openExternal(this.href); return false;"><strong>25 Feb 2005</strong> kernel: nvidia bugfix update</a></li>
+ <li><a href="/linux/security/advisories/2005_09_cyrus_imapd.html" onclick="openExternal(this.href); return false;"><strong>24 Feb 2005</strong> cyrus-imapd: buffer overflows</a></li>
+ <li><a href="/linux/security/advisories/2005_08_squid.html" onclick="openExternal(this.href); return false;"><strong>22 Feb 2005</strong> squid: remote denial of service</a></li>
+ <li><a href="/linux/security/advisories/2005_05_sr.html" onclick="openExternal(this.href); return false;"><strong>18 Feb 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_07_mailman.html" onclick="openExternal(this.href); return false;"><strong>14 Feb 2005</strong> mailman: remote file disclosure</a></li>
+ <li><a href="/linux/security/advisories/2005_04_sr.html" onclick="openExternal(this.href); return false;"><strong>11 Feb 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_06_squid.html" onclick="openExternal(this.href); return false;"><strong>10 Feb 2005</strong> squid: remote command execution</a></li>
+ <li><a href="/linux/security/advisories/2005_05_kernel.html" onclick="openExternal(this.href); return false;"><strong>04 Feb 2005</strong> kernel bugfixes and SP1 merge</a></li>
+ <li><a href="/linux/security/advisories/2005_03_sr.html" onclick="openExternal(this.href); return false;"><strong>04 Feb 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_02_sr.html" onclick="openExternal(this.href); return false;"><strong>26 Jan 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_04_realplayer8.html" onclick="openExternal(this.href); return false;"><strong>24 Jan 2005</strong> realplayer 8: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_03_kernel.html" onclick="openExternal(this.href); return false;"><strong>21 Jan 2005</strong> kernel: local privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2005_02_php4_mod_php4.html" onclick="openExternal(this.href); return false;"><strong>17 Jan 2005</strong> php4/mod_php4: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2005_01_sr.html" onclick="openExternal(this.href); return false;"><strong>12 Jan 2005</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2005_01_libtiff_tiff.html" onclick="openExternal(this.href); return false;"><strong>10 Jan 2005</strong> libtiff/tiff: remote system compromise</a></li>
+ </ul>
+
+ <h3>2004</h3>
+ <ul class="links">
+ <li><a href="/linux/security/advisories/2004_45_samba.html" onclick="openExternal(this.href); return false;"><strong>22 Dec 2004</strong> samba: remote privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2004_44_kernel.html" onclick="openExternal(this.href); return false;"><strong>22 Dec 2004</strong> kernel: various kernel problems</a></li>
+ <li><a href="/linux/security/advisories/2004_05_sr.html" onclick="openExternal(this.href); return false;"><strong>21 Dec 2004</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2004_04_sr.html" onclick="openExternal(this.href); return false;"><strong>16 Dec 2004</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2004_03_sr.html" onclick="openExternal(this.href); return false;"><strong>07 Dec 2004</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2004_43_cyrus_imapd.html" onclick="openExternal(this.href); return false;"><strong>03 Dec 2004</strong> cyrus_imapd: remote command execution</a></li>
+ <li><a href="/linux/security/advisories/2004_42_kernel.html" onclick="openExternal(this.href); return false;"><strong>01 Dec 2004</strong> kernel: local and remote denial of service</a></li>
+ <li><a href="/linux/security/advisories/2004_02_sr.html" onclick="openExternal(this.href); return false;"><strong>30 Nov 2004</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2004_01_sr.html" onclick="openExternal(this.href); return false;"><strong>24 Nov 2004</strong> SUSE Security Summary Report</a></li>
+ <li><a href="/linux/security/advisories/2004_41_xshared_XFree86_libs_xorg_x11_libs.html" onclick="openExternal(this.href); return false;"><strong>17 Nov 2004</strong> xshared, XFree86-libs, xorg-x11-libs: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2004_40_samba.html" onclick="openExternal(this.href); return false;"><strong>15 Nov 2004</strong> samba: remote denial of service</a></li>
+ <li><a href="/linux/security/advisories/2004_39_pdftools_cups.html" onclick="openExternal(this.href); return false;"><strong>26 Oct 2004</strong> xpdf, gpdf, kdegraphics3-pdf, pdftohtml, cups: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2004_38_libtiff.html" onclick="openExternal(this.href); return false;"><strong>22 Oct 2004</strong> libtiff: local privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2004_37_kernel.html" onclick="openExternal(this.href); return false;"><strong>21 Oct 2004</strong> kernel: remote denial of service</a></li>
+ <li><a href="/linux/security/advisories/2004_36_mozilla.html" onclick="openExternal(this.href); return false;"><strong>06 Oct 2004</strong> mozilla: various vulnerabilities</a></li>
+ <li><a href="/linux/security/advisories/2004_35_samba.html" onclick="openExternal(this.href); return false;"><strong>05 Oct 2004</strong> samba: remote file disclosure</a></li>
+ <li><a href="/linux/security/advisories/2004_34_xfree86_libs_xshared.html" onclick="openExternal(this.href); return false;"><strong>17 Sep 2004</strong> XFree86-libs, xshared: remote command execution</a></li>
+ <li><a href="/linux/security/advisories/2004_33_gtk2_gdk_pixbuf.html" onclick="openExternal(this.href); return false;"><strong>17 Sep 2004</strong> gtk2, gdk-pixbuf: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2004_31_cups.html" onclick="openExternal(this.href); return false;"><strong>15 Sep 2004</strong> cups: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2004_32_apache2.html" onclick="openExternal(this.href); return false;"><strong>15 Sep 2004</strong> apache2: remote denial-of-service</a></li>
+ <li><a href="/linux/security/advisories/2004_30_apache2.html" onclick="openExternal(this.href); return false;"><strong>06 Sep 2004</strong> apache2: remote DoS condition</a></li>
+ <li><a href="/linux/security/advisories/2004_29_zlib.html" onclick="openExternal(this.href); return false;"><strong>03 Sep 2004</strong> zlib: denial of service</a></li>
+ <li><a href="/linux/security/advisories/2004_28_kernel.html" onclick="openExternal(this.href); return false;"><strong>01 Sep 2004</strong> kernel: remote denial-of-service</a></li>
+ <li><a href="/linux/security/advisories/2004_27_qt3.html" onclick="openExternal(this.href); return false;"><strong>19 Aug 2004</strong> qt3: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2004_26_rsync.html" onclick="openExternal(this.href); return false;"><strong>16 Aug 2004</strong> rsync: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2004_25_gaim.html" onclick="openExternal(this.href); return false;"><strong>12 Aug 2004</strong> gaim: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2004_24_kernel.html" onclick="openExternal(this.href); return false;"><strong>09 Aug 2004</strong> kernel: local privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2004_23_libpng.html" onclick="openExternal(this.href); return false;"><strong>04 Aug 2004</strong> libpng: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2004_22_samba.html" onclick="openExternal(this.href); return false;"><strong>23 Jul 2004</strong> samba: remote root compromise</a></li>
+ <li><a href="/linux/security/advisories/2004_21_php4.html" onclick="openExternal(this.href); return false;"><strong>16 Jul 2004</strong> php4 / mod_php4: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2004_20_kernel.html" onclick="openExternal(this.href); return false;"><strong>02 Jul 2004</strong> kernel: local privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2004_19_dhcp_server.html" onclick="openExternal(this.href); return false;"><strong>23 Jun 2004</strong> dhcp-server: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2004_18_subversion.html" onclick="openExternal(this.href); return false;"><strong>17 Jun 2004</strong> subversion: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2004_17_kernel.html" onclick="openExternal(this.href); return false;"><strong>16 Jun 2004</strong> Linux Kernel: local denial-of-service attack</a></li>
+ <li><a href="/linux/security/advisories/2004_16_squid.html" onclick="openExternal(this.href); return false;"><strong>09 Jun 2004</strong> squid: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2004_15_cvs.html" onclick="openExternal(this.href); return false;"><strong>09 Jun 2004</strong> cvs: remote command execution</a></li>
+ <li><a href="/linux/security/advisories/2004_14_kdelibs.html" onclick="openExternal(this.href); return false;"><strong>26 May 2004</strong> kdelibs: remote file creation</a></li>
+ <li><a href="/linux/security/advisories/2004_13_cvs.html" onclick="openExternal(this.href); return false;"><strong>19 May 2004</strong> cvs: remote command execution</a></li>
+ <li><a href="/linux/security/advisories/2004_12_mc.html" onclick="openExternal(this.href); return false;"><strong>14 May 2004</strong> mc: local privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2004_11_live_cd_91.html" onclick="openExternal(this.href); return false;"><strong>06 May 2004</strong> Live CD 9.1: remote root access</a></li>
+ <li><a href="/linux/security/advisories/2004_10_kernel.html" onclick="openExternal(this.href); return false;"><strong>04 May 2004</strong> Linux Kernel: privilege escalation, local DoS</a></li>
+ <li><a href="/linux/security/advisories/2004_09_kernel.html" onclick="openExternal(this.href); return false;"><strong>14 Apr 2004</strong> Linux Kernel: local privilege escalation / information leakage</a></li>
+ <li><a href="/linux/security/advisories/2004_08_cvs.html" onclick="openExternal(this.href); return false;"><strong>14 Apr 2004</strong> cvs: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2004_07_openssl.html" onclick="openExternal(this.href); return false;"><strong>17 Mar 2004</strong> openssl: remote denial-of-service</a></li>
+ <li><a href="/linux/security/advisories/2004_06_xf86.html" onclick="openExternal(this.href); return false;"><strong>23 Feb 2004</strong> xf86/XFree86: local privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2004_05_linux_kernel.html" onclick="openExternal(this.href); return false;"><strong>18 Feb 2004</strong> Linux Kernel: local privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2004_04_gaim.html" onclick="openExternal(this.href); return false;"><strong>29 Jan 2004</strong> gaim: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2004_03_linux_kernel.html" onclick="openExternal(this.href); return false;"><strong>15 Jan 2004</strong> Linux Kernel (x86_64, AMD64): local system compromise</a></li>
+ <li><a href="/linux/security/advisories/2004_02_tcpdump.html" onclick="openExternal(this.href); return false;"><strong>14 Jan 2004</strong> tcpdump: remote DoS</a></li>
+ <li><a href="/linux/security/advisories/2004_01_linux_kernel.html" onclick="openExternal(this.href); return false;"><strong>05 Jan 2004</strong> Linux Kernel: local system compromise</a></li>
+ </ul>
+
+ <h3>2003</h3>
+ <ul class="links">
+ <li><a href="/linux/security/advisories/2003_051_lftp.html" onclick="openExternal(this.href); return false;"><strong>15 Dec 2003</strong> lftp: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2003_049_kernel.html" onclick="openExternal(this.href); return false;"><strong>04 Dec 2003</strong> Kernel brk() vulnerability: local root exploit</a></li>
+ <li><a href="/linux/security/advisories/2003_50_rsync.html" onclick="openExternal(this.href); return false;"><strong>04 Dec 2003</strong> rsync: remote compromise</a></li>
+ <li><a href="/linux/security/advisories/2003_048_gpg.html" onclick="openExternal(this.href); return false;"><strong>03 Dec 2003</strong> gpg: cryptographic compromise, remote cmd execution</a></li>
+ <li><a href="/linux/security/advisories/2003_47_bind8.html" onclick="openExternal(this.href); return false;"><strong>28 Nov 2003</strong> bind8: cache poisoning/denial-of-service</a></li>
+ <li><a href="/linux/security/advisories/2003_046_sane.html" onclick="openExternal(this.href); return false;"><strong>18 Nov 2003</strong> sane: remote denial-of-service</a></li>
+ <li><a href="/linux/security/advisories/2003_045_hylafax.html" onclick="openExternal(this.href); return false;"><strong>10 Nov 2003</strong> hylafax: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2003_044_thttpd.html" onclick="openExternal(this.href); return false;"><strong>31 Oct 2003</strong> thttpd: remote privilege escalation/information leak</a></li>
+ <li><a href="/linux/security/advisories/2003_043_openssl.html" onclick="openExternal(this.href); return false;"><strong>01 Oct 2003</strong> openssl: remote denial-of-service</a></li>
+ <li><a href="/linux/security/advisories/2003_042_mysql.html" onclick="openExternal(this.href); return false;"><strong>01 Oct 2003</strong> mysql: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2003_041_lsh.html" onclick="openExternal(this.href); return false;"><strong>01 Oct 2003</strong> lsh: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2003_040_sendmail.html" onclick="openExternal(this.href); return false;"><strong>20 Sep 2003</strong> sendmail, sendmail-tls: local/remote privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2003_039_openssh.html" onclick="openExternal(this.href); return false;"><strong>18 Sep 2003</strong> openssh (second release): potential remote privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2003_038_openssh.html" onclick="openExternal(this.href); return false;"><strong>16 Sep 2003</strong> openssh: potential remote privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2003_037_pine.html" onclick="openExternal(this.href); return false;"><strong>11 Sep 2003</strong> pine: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2003_036_pam_smb.html" onclick="openExternal(this.href); return false;"><strong>03 Sep 2003</strong> pam_smb: remote privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2003_035_sendmail.html" onclick="openExternal(this.href); return false;"><strong>26 Aug 2003</strong> sendmail: remote denial-of-service</a></li>
+ <li><a href="/linux/security/advisories/2003_034_kernel.html" onclick="openExternal(this.href); return false;"><strong>12 Aug 2003</strong> kernel: local privilege escalation, remote Denial of Service (DoS)</a></li>
+ <li><a href="/linux/security/advisories/2003_033_postfix.html" onclick="openExternal(this.href); return false;"><strong>04 Aug 2003</strong> postfix: remote Denial of Service (DoS) attack</a></li>
+ <li><a href="/linux/security/advisories/2003_032_wuftpd.html" onclick="openExternal(this.href); return false;"><strong>31 Jul 2003</strong> wuftpd: remote buffer overflow</a></li>
+ <li><a href="/linux/security/advisories/2003_031_nfs_utils.html" onclick="openExternal(this.href); return false;"><strong>15 Jul 2003</strong> nfs-utils: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2003_030_radiusd_cistron.html" onclick="openExternal(this.href); return false;"><strong>16 Jun 2003</strong> radiusd-cistron: possible remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2003_029.html" onclick="openExternal(this.href); return false;"><strong>06 Jun 2003</strong> pptpd: remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2003_028.html" onclick="openExternal(this.href); return false;"><strong>06 Jun 2003</strong> cups: remote Denial of Service</a></li>
+ <li><a href="/linux/security/advisories/2003_027_glibc.html" onclick="openExternal(this.href); return false;"><strong>27 May 2003</strong> glibc: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2003_026_kde.html" onclick="openExternal(this.href); return false;"><strong>24 Apr 2003</strong> KDE: various security vulnerabilities</a></li>
+ <li><a href="/linux/security/advisories/2003_025_samba.html" onclick="openExternal(this.href); return false;"><strong>08 Apr 2003</strong> samba: remote root access</a></li>
+ <li><a href="/linux/security/advisories/2003_024_openssl.html" onclick="openExternal(this.href); return false;"><strong>04 Apr 2003</strong> openssl: remote private-key retrieval</a></li>
+ <li><a href="/linux/security/advisories/2003_023_sendmail.html" onclick="openExternal(this.href); return false;"><strong>01 Apr 2003</strong> sendmail: local/remote privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2003_022_apcupsd.html" onclick="openExternal(this.href); return false;"><strong>26 Mar 2003</strong> apcupsd: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2003_21_kernel.html" onclick="openExternal(this.href); return false;"><strong>25 Mar 2003</strong> kernel: local privilege escalation (ptrace/modprobe bug)</a></li>
+ <li><a href="/linux/security/advisories/2003_020_mutt.html" onclick="openExternal(this.href); return false;"><strong>24 Mar 2003</strong> mutt: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2003_019_ethereal.html" onclick="openExternal(this.href); return false;"><strong>21 Mar 2003</strong> ethereal: local privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2003_017_file.html" onclick="openExternal(this.href); return false;"><strong>21 Mar 2003</strong> file: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2003_018_qpopper.html" onclick="openExternal(this.href); return false;"><strong>21 Mar 2003</strong> qpopper: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2003_016_samba.html" onclick="openExternal(this.href); return false;"><strong>19 Mar 2003</strong> samba: remote command execution</a></li>
+ <li><a href="/linux/security/advisories/2003_015_tcpdump.html" onclick="openExternal(this.href); return false;"><strong>13 Mar 2003</strong> tcpdump: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2003_014_lprold.html" onclick="openExternal(this.href); return false;"><strong>13 Mar 2003</strong> lprold: local privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2003_13_sendmail.html" onclick="openExternal(this.href); return false;"><strong>04 Mar 2003</strong> sendmail, sendmail-tls: local privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2003_12_hypermail.html" onclick="openExternal(this.href); return false;"><strong>27 Feb 2003</strong> hypermail: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2003_011_openssl.html" onclick="openExternal(this.href); return false;"><strong>26 Feb 2003</strong> openssl: remote attack on encryption</a></li>
+ <li><a href="/linux/security/advisories/2003_010_libmcrypt.html" onclick="openExternal(this.href); return false;"><strong>26 Feb 2003</strong> libmcrypt: local privilege escalation, remote denial-of-service</a></li>
+ <li><a href="/linux/security/advisories/2003_009_mod_php4.html" onclick="openExternal(this.href); return false;"><strong>18 Feb 2003</strong> mod_php4: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2003_008_imp.html" onclick="openExternal(this.href); return false;"><strong>18 Feb 2003</strong> imp: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2003_007_cvs.html" onclick="openExternal(this.href); return false;"><strong>22 Jan 2003</strong> cvs: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2003_005_susehelp.html" onclick="openExternal(this.href); return false;"><strong>20 Jan 2003</strong> susehelp: remote command execution</a></li>
+ <li><a href="/linux/security/advisories/2003_006_dhcp.html" onclick="openExternal(this.href); return false;"><strong>20 Jan 2003</strong> dhcp: remote system compromise</a></li>
+ <li><a href="/linux/security/advisories/2003_004_libpng.html" onclick="openExternal(this.href); return false;"><strong>14 Jan 2003</strong> libpng: possible remote compromise</a></li>
+ <li><a href="/linux/security/advisories/2003_003_mysql.html" onclick="openExternal(this.href); return false;"><strong>02 Jan 2003</strong> mysql: remote command execution</a></li>
+ <li><a href="/linux/security/advisories/2003_002_cups.html" onclick="openExternal(this.href); return false;"><strong>02 Jan 2003</strong> cups: local and remote privilege escalation</a></li>
+ <li><a href="/linux/security/advisories/2003_001_fetchmail.html" onclick="openExternal(this.href); return false;"><strong>02 Jan 2003</strong> fetchmail: remote compromise</a></li>
+ </ul>
+
+ <h3>2002</h3>
+ <ul class="links">
+ <li><a href="/linux/security/advisories/2002_048_cyrus_imapd.html" onclick="openExternal(this.href); return false;"><strong>20 Dec 2002</strong> cyrus-imapd: remote command execution</a></li>
+ <li><a href="/linux/security/advisories/2002_047_openldap2.html" onclick="openExternal(this.href); return false;"><strong>06 Dec 2002</strong> OpenLDAP2: remote command execution</a></li>
+ <li><a href="/linux/security/advisories/2002_046_pine.html" onclick="openExternal(this.href); return false;"><strong>25 Nov 2002</strong> pine: remote denial-of-service</a></li>
+ <li><a href="/linux/security/advisories/2002_045_samba.html" onclick="openExternal(this.href); return false;"><strong>20 Nov 2002</strong> samba: possible remote code execution</a></li>
+ <li><a href="/linux/security/advisories/2002_004_bind8.html" onclick="openExternal(this.href); return false;"><strong>14 Nov 2002</strong> bind8: remote command execution</a></li>
+ <li><a href="/linux/security/advisories/2002_042_kdenetwork.html" onclick="openExternal(this.href); return false;"><strong>12 Nov 2002</strong> kdenetwork: remote command execution</a></li>
+ </ul>
+
+ </div>
+ </div>
+ </div>
+ <div id="subnav">
+ <script type="text/javascript">
+//<![CDATA[
+ document.write('<scr' + 'ipt type="text/javascript" src="/inc/nav/os.js"><\/scr' + 'ipt>');
+//]]>
+</script>
+
+ <div id="subnav-contact">
+ <script type="text/javascript" src="/common/inc/contact.js"></script>
+
+ </div>
+ </div>
+</div><div id="ftr">
+ <div id="ftr_tagline">
+ <p><a href="/company/strategy.html" onclick="return openTagLinePopup(this.href);">Novell<span class="reg">®</span> Making IT Work As One<span class="trade">™</span></a></p>
+ </div>
+ <div id="ftr_container">
+ <ul id="ftr_nav">
+ <li id="ftr_careers"><a href="http://www.novell.com/company/careers/index.html">Careers</a></li>
+ <li id="ftr_contact"><a href="http://www.novell.com/company/contacts-offices/">Contact Us</a></li>
+ <li id="ftr_fb"><a href="http://www.novell.com/inc/feedback/feedback.jsp">Feedback</a></li>
+ <li id="ftr_privacy"><a href="http://www.novell.com/company/legal/">Legal</a></li>
+
+
+ </ul>
+
+ <p id="ftr_copy">© 2009 Novell, Inc. All Rights Reserved.</p>
+
+ <div id="ftr_code">
+ <script type="text/javascript" src="/common/inc/ftr_2008.js"></script>
+ <script type="text/javascript" src="/common/inc/superstats.js"></script>
+ <noscript>
+ <div id="ftr_omniture"><img src="http://novellcom.112.2O7.net/b/ss/novellcom/1/G.6--NS/0" height="1" width="1" alt="" /></div>
+ </noscript>
+ </div>
+ </div>
+</div></body></html>
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/firefox.html
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/firefox.html 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/firefox.html 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,36 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html><head><title>Security Announcement</title></head><body><pre>
+Date: Fri, 11 Jul 2008 13:26:28 +0200
+From: Marcus Meissner <meissner at suse.de>
+To: opensuse-security-announce at opensuse.org
+Subject: [security-announce] SUSE Security Announcement: Mozilla Firefox (SUSE-SA:2008:034)
+
+
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+______________________________________________________________________________
+
+ SUSE Security Announcement
+
+ Package: MozillaFirefox
+ Announcement ID: SUSE-SA:2008:034
+ Date: Fri, 11 Jul 2008 10:00:00 +0000
+ Affected Products: openSUSE 10.2
+ openSUSE 10.3
+ Vulnerability Type: remote code execution
+ Severity (1-10): 8
+ SUSE Default Package: yes
+
+ Content of This Advisory:
+ 1) Security Vulnerability Resolved:
+ Mozilla Firefox 2.0.0.15 security update
+ Problem Description
+ 2) Solution or Work-Around
+ 3) Special Instructions and Notes
+ 4) Package Location and Checksums
+ 5) Pending Vulnerabilities, Solutions, and Work-Arounds:
+ See SUSE Security Summary Report.
+ 6) Authenticity Verification and Additional Information
+
+</pre></body></html>
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/id_file.pickle
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/id_file.pickle 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/id_file.pickle 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,8 @@
+(dp0
+S'firefox_34'
+p1
+I1000
+sS'kernel_49'
+p2
+I1001
+s.
\ No newline at end of file
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/id_file1.pickle
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/id_file1.pickle 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/id_file1.pickle 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,8 @@
+(dp0
+S'firefox_34'
+p1
+I1000
+sS'kernel_49'
+p2
+I1001
+s.
\ No newline at end of file
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/lsc1.conf
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/lsc1.conf 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/lsc1.conf 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,125 @@
+###############################################################################
+# Local Security Check Automation Framework
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Revision 1.1
+# Date: 2009/01/15
+#
+# Copyright:
+# Copyright (c) 2009 SecPod , http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+
+##### Documentation #####
+#
+#
+# [mantis] - Mantis Reporting
+# generate_mantis_report = Yes or No. The generated scripts will be reported
+# in Mantis if Yes.
+#
+# db_host = The IP Address of the MySQL DB
+#
+# mysql_user = MySQL User with write permission to Mantis DB
+#
+# mysql_passwd = Password
+#
+# mantis_user = Mantis reporter User ID. This is only for reporting purpose
+# and no login is performed.
+#
+# project_name = Mantis Project Name
+#
+# dbname = Mantis DB Name
+#
+#
+# [common]
+# generate: List of Operating Systems for which local security checks to be
+# developed, Example: SUSE,Fedora,Debian,Gentoo
+#
+# build_path: Path where idfile, directory, htmlcache will be built.
+# If it's empty, it builds in current directory.
+#
+#
+# [test]
+# sanity_test: Yes, Local Security Checks will be tested for
+# compilation errors i.e openvas-nasl -pLX gb_2008_001.nasl
+#
+# openvas_plugin_path: OpenVAS Plugins path, to copy necessary
+# files for compilation e.g: /usr/local/lib/openvas/plugins
+#
+# openvas_bin_path: OpenVAS bin path
+# eg: /usr/local/bin/openvas-nasl
+#
+#
+# Individual OS section
+# startid: Starting ID for Script ID (script_id() in NVT's). Do not
+# assign already used Script ID.
+
+# mainurl: The root URL where the advisories are published.
+
+# year: The year for which NVT's have to be developed. Month is applicable
+# sometimes, depending on the vendor advisory.
+
+# template: Path of the template file where the NVT skeleton code
+# is available. The path given will be appended to the Current Working
+# Directory.
+
+
+[mantis]
+generate_mantis_report = Yes
+db_host = 172.17.1.107
+mysql_user = test
+mysql_passwd = test
+mantis_user = administrator
+project_name = Python
+dbname = mantis
+
+
+[common]
+generate = Suse ,
+build_path = ./unit_test_build
+
+
+[test]
+sanity_test = Yes
+openvas_plugin_path = /usr/local/lib/openvas/plugins
+openvas_bin_path = /usr/local/bin/openvas-nasl
+
+
+# Fedora Core Section
+[FC]
+
+startid = 850000
+
+mainurl = https://www.redhat.com/archives/fedora-package-announce/
+
+year = 2008-December
+
+template = /templates/Fedora.template
+
+
+# SUSE section
+[SUSE]
+
+startid = 850000
+
+mainurl = http://www.novell.com/linux/security/advisories/
+
+year = 2008
+
+template = /templates/Suse.template
+
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/temp.txt
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/temp.txt 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/temp.txt 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1 @@
+Unit Testing for WriteFile
\ No newline at end of file
Added: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/test.txt
===================================================================
--- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/test.txt 2009-02-02 10:11:49 UTC (rev 2358)
+++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/test.txt 2009-02-02 11:45:16 UTC (rev 2359)
@@ -0,0 +1,7 @@
+This is sample text message.
+This text message is used for unitest.
+
+It is new paragraph.
+End of sample message
+
+
Property changes on: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/work/input/test.txt
___________________________________________________________________
Name: svn:executable
+ *
More information about the Openvas-commits
mailing list