thr3ads.net - Secure testing commits - [Secure-testing-commits] r9926

If this information is useful, please help other people find it:
Share via:
jmm-guest at alioth.debian.org
2008-Oct-01 20:55 UTC
[Secure-testing-commits] r9926 - /

Author: jmm-guest
Date: 2008-10-01 20:55:30 +0000 (Wed, 01 Oct 2008)
New Revision: 9926

Added:
   tmp.txt
Log:
add a new file to coordinate the temp file issue mass bug filing
for Etch, help is welcome


Added: tmp.txt
==================================================================--- tmp.txt	  
(rev 0)
+++ tmp.txt	2008-10-01 20:55:30 UTC (rev 9926)
@@ -0,0 +1,124 @@
+- Make sure the issue is tracked in the tracker
+- Criteria for potential DSA: Typically used as root, typically used
+  on multiuser system, non-fringe, real world use case (i.e no debug,
+  no examples)
+- This is the initial batch reported by Dmitry, but there might have
+  been followups? We should check this, I haven''t caught up with
+  mail backlog
+- While some issues might not warrant a DSA for Etch, we should be
+  a little more aggressive on maintainters not following up for
+  Lenny and rather go for removal in such cases
+- Since stable updates can be made by any DD we could also advertise
+  this on debian-devel to find a volunteer if the respective
+  maintainers are too busy
+- I think we only need CVE IDs for issues fixed in a DSA or through
+  a point update, oss-security should be better than a CNA pool since
+  there''s a risk of collisions
+
+ Binary-package: r-base-core-ra (1.1.1-1)
+ Binary-package: rccp (0.9-2)
+ Binary-package: mafft (6.240-1)
+ Binary-package: crossfire-maps (1.11.0-1)
+ Binary-package: sgml2x (1.0.0-11.1)
+ Binary-package: liguidsoap (0.3.6-4)
+ Binary-package: citadel-server (7.37-1)
+ Binary-package: ampache (3.4.1-1)
+ Binary-package: xen-utils-3.2-1 (3.2.1-2)
+ Binary-package: dtc-common (0.29.6-1)
+ Binary-package: honeyd-common (1.5c-3)
+ Binary-package: lustre-tests (1.6.5-1)
+ Binary-package: linuxtrade (3.65-8+b4)
+ Binary-package: freevo (1.8.1-0)
+ Binary-package: fml (4.0.3.dfsg-2)
+ Binary-package: rkhunter (1.3.2-3)
+ Binary-package: openswan (1:2.4.12+dfsg-1.1)
+ Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
+ Binary-package: aptoncd (0.1-1.1)
+ Binary-package: cdcontrol (1.90-1.1)
+ Binary-package: newsgate (1.6-23)
+ Binary-package: gpsdrive-scripts (2.10~pre4-3)
+ Binary-package: impose+ (0.2-11)
+ Binary-package: mgt (2.31-5)
+ Binary-package: audiolink (0.05-1)
+ Binary-package: ibackup (2.27-4.1)
+ Binary-package: emacspeak (26.0-3)
+ Binary-package: bk2site (1:1.1.9-3.1)
+ Binary-package: datafreedom-perl (0.1.7-1)
+ Binary-package: emacs-jabber (0.7.91-1)
+ Binary-package: lmbench (3.0-a7-1)
+ Binary-package: rancid-util (2.3.2~a8-1)
+ Binary-package: firehol (1.256-4)
+ Binary-package: aview (1.3.0rc1-8)
+ Binary-package: radiance (3R9+20080530-3)
+ Binary-package: convirt (0.8.2-3)
+ Binary-package: printfilters-ppd (2.13-9)
+ Binary-package: r-base-core (2.7.1-1)
+ Binary-package: xmcd (2.6-19.3)
+ Binary-package: scilab-bin (4.1.2-5)
+ Binary-package: dpkg-cross (2.3.0)
+ Binary-package: ltp-network-test (20060918-2.1)
+ Binary-package: cman (2.20080629-1)
+ Binary-package: scratchbox2 (1.99.0.24-1)
+ Binary-package: sendmail-base (8.14.3-5)
+ Binary-package: fwbuilder (2.1.19-3)
+ Binary-package: sng (1.0.2-5)
+ Binary-package: dist (1:3.5-17-1)
+ Binary-package: sympa (5.3.4-5)
+ Binary-package: caudium (3:1.4.12-11)
+ Binary-package: mgetty-fax (1.1.36-1.2)
+ Binary-package: aegis (4.24-3)
+ Binary-package: aegis-web (4.24-3)
+ Binary-package: mon (0.99.2-12)
+ Binary-package: arb-common (0.0.20071207.1-4)
+ Binary-package: qemu (0.9.1-5)
+ Binary-package: apertium (3.0.7+1-1+b1)
+ Binary-package: xcal (4.1-18.3)
+ Binary-package: myspell-tools (1:3.1-20)
+ Binary-package: gccxml (0.9.0+cvs20080525-1)
+ Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4)
+ Binary-package: dhis-server (5.3-1)
+ Binary-package: wims (3.62-13)
+ Binary-package: initramfs-tools (0.92f)
+ Binary-package: realtimebattle-common (1.0.8-7)
+ Binary-package: netmrg (0.20-1)
+ Binary-package: bulmages-servers (0.11.1-2)
+ Binary-package: plait (1.5.2-1)
+ Binary-package: konwert-filters (1.8-11.1)
+
+
+DSA: (Name in brackets if someone prepares a DSA)
+ Binary-package: feta (1.4.16)  (jmm)
+
+
+SPU:
+ Binary-package: lazarus-src (0.9.24-0-9)
+ Binary-package: gdrae (0.1-1)
+ Binary-package: cdrw-taper (0.4-2)
+ Binary-package: vdr-dbg (1.6.0-5)
+ Binary-package: digitaldj (0.7.5-6+b1)
+ Binary-package: xastir (1.9.2-1)
+
+
+Non-issues (not exploitable, only examples or very exotic use cases,
+e.g. only exploitable when debugging a certain option, not present
+in Etch or only exploitable during package build time):
+ Binary-package: ogle-mmx (0.9.2-5.2)
+ Binary-package: ogle (0.9.2-5.2)
+ Binary-package: openoffice.org-common (1:2.4.1-6)
+ Binary-package: postfix (2.5.2-2)
+ Binary-package: tiger (1:3.2.2-3.1)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Secure testing commits - Oct 2008 - r9926 - /

[Secure-testing-commits] r9926 - /
