jmm-guest at alioth.debian.org
2008-Oct-02 16:08 UTC
[Secure-testing-commits] r9959 - / data data/CVE
Author: jmm-guest Date: 2008-10-02 16:08:52 +0000 (Thu, 02 Oct 2008) New Revision: 9959 Modified: data/CVE/list data/spu-candidates.txt tmp.txt Log: remove plait and lazarus from spu-candidates, they''re not present in Etch more temp triage new kernel issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-10-02 15:02:06 UTC (rev 9958) +++ data/CVE/list 2008-10-02 16:08:52 UTC (rev 9959) @@ -1,3 +1,10 @@ +CVE-2008-XXXX [liquidsoap: insecure temp file] + - liquidsoap <unfixed> (low; bug #496360) +CVE-2008-XXXX [openswan kernel patch: insecure temp file] + - linux-patch-openswan <unfixed> (unimportant; bug #496376) + NOTE: Only unused packaging bits +CVE-2008-XXXX [arb: insecure temp file] + - arb 0.0.20071207.1-5 (low; bug #496396) CVE-2008-XXXX [aptoncd: insecure temp file] - aptoncd 0.1-1.2 (bug #496390; low) CVE-2008-XXXX [dhis-server: insecure temp file] @@ -6,6 +13,9 @@ - linuxtrade <removed> (unimportant; bug #496372) NOTE: unimportant since the program is dysfunctional with the current NOTE: trading website and thus not exploitable for practical purposes +CVE-2008-XXXX [rccp: insecure temp file] + - rccp 0.9-2.1 (low; bug #496364) + [etch] - rccp <no-dsa> (Minor issue) CVE-2008-XXXX [digitaldj: insecure temp file] - digitaldj 0.7.5-6.1 (low; bug #496399) [etch] - digitaldj <no-dsa> (Minor issue) @@ -622,7 +632,6 @@ NOT-FOR-US: Reciprocal Links Manager CVE-2008-4085 (Plait before 1.6 allows local users to overwrite arbitrary files via a ...) - plait 1.5.2-2 (low; bug #496381) - [etch] - plait <no-dsa> (Minor issue) CVE-2008-4084 (SQL injection vulnerability in staticpages/easyclassifields/index.php ...) NOT-FOR-US: MyioSoft EasyClassifields CVE-2008-4083 (Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in ...) @@ -1225,8 +1234,9 @@ RESERVED CVE-2008-3833 RESERVED -CVE-2008-3832 +CVE-2008-3832 [utrace local DoS] RESERVED + - linux-2.6 <not-affected> (Fedora-specific patch) CVE-2008-3831 RESERVED CVE-2008-3830 @@ -1472,6 +1482,7 @@ - liguidsoap <unfixed> (low; bug #496360) CVE-2008-XXXX [xmcd: insecure temp file] - xmcd 2.6-21 (low; bug #496416) + [etch] - xmcd <no-dsa> (Minor issue) CVE-2008-XXXX [xcal: insecure temp file] - xcal 4.1-19 (low; bug #496393) [etch] - xcal <no-dsa> (Minor issue) @@ -1505,7 +1516,6 @@ [etch] - vdr <not-affected> (Vulnerable code not present) CVE-2008-XXXX [lazarus: insecure temp file] - lazarus 0.9.24-0-11 (low; bug #496377) - [etch] - lazarus <no-dsa> (Minor issue) CVE-2008-XXXX [crossfire-maps: insecure temp file] - crossfire-maps 1.11.0-2 (low) CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in ...) Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2008-10-02 15:02:06 UTC (rev 9958) +++ data/spu-candidates.txt 2008-10-02 16:08:52 UTC (rev 9959) @@ -133,12 +133,6 @@ -- -lazarus -#496377 -notified maintainer - --- - libapache2-mod-perl2 (CVE-2007-1349) http://svn.apache.org/viewvc?view=rev&revision=521584 #433549 @@ -224,12 +218,6 @@ -- -plait (CVE-2008-4085) -#496381 -notified maintainer - --- - python-django (CVE-2007-5712) http://media.djangoproject.com/patches/2007-10-26-security-fix/ #448838 @@ -237,6 +225,11 @@ -- +rccp +#496364 + +-- + realtimebattle #496385 notified maintainer @@ -302,6 +295,11 @@ -- +xmcd +#496416 + +-- + vobcopy (CVE-2007-5718) bug #448319 notified maintainer Modified: tmp.txt ==================================================================--- tmp.txt 2008-10-02 15:02:06 UTC (rev 9958) +++ tmp.txt 2008-10-02 16:08:52 UTC (rev 9959) @@ -21,11 +21,8 @@ Binary-package: r-base-core-ra (1.1.1-1) - Binary-package: rccp (0.9-2) - Binary-package: mafft (6.240-1) Binary-package: crossfire-maps (1.11.0-1) Binary-package: sgml2x (1.0.0-11.1) - Binary-package: liguidsoap (0.3.6-4) Binary-package: xen-utils-3.2-1 (3.2.1-2) Binary-package: dtc-common (0.29.6-1) Binary-package: lustre-tests (1.6.5-1) @@ -33,7 +30,6 @@ Binary-package: fml (4.0.3.dfsg-2) Binary-package: rkhunter (1.3.2-3) Binary-package: openswan (1:2.4.12+dfsg-1.1) - Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) Binary-package: gpsdrive-scripts (2.10~pre4-3) Binary-package: impose+ (0.2-11) Binary-package: audiolink (0.05-1) @@ -44,22 +40,18 @@ Binary-package: rancid-util (2.3.2~a8-1) Binary-package: radiance (3R9+20080530-3) Binary-package: r-base-core (2.7.1-1) - Binary-package: xmcd (2.6-19.3) Binary-package: scilab-bin (4.1.2-5) Binary-package: dpkg-cross (2.3.0) Binary-package: ltp-network-test (20060918-2.1) Binary-package: cman (2.20080629-1) - Binary-package: scratchbox2 (1.99.0.24-1) Binary-package: sendmail-base (8.14.3-5) Binary-package: fwbuilder (2.1.19-3) Binary-package: dist (1:3.5-17-1) Binary-package: sympa (5.3.4-5) - Binary-package: caudium (3:1.4.12-11) Binary-package: mgetty-fax (1.1.36-1.2) Binary-package: aegis (4.24-3) Binary-package: aegis-web (4.24-3) Binary-package: mon (0.99.2-12) - Binary-package: arb-common (0.0.20071207.1-4) Binary-package: qemu (0.9.1-5) Binary-package: myspell-tools (1:3.1-20) Binary-package: gccxml (0.9.0+cvs20080525-1) @@ -69,6 +61,7 @@ Binary-package: netmrg (0.20-1) Binary-package: bulmages-servers (0.11.1-2) Binary-package: konwert-filters (1.8-11.1) + Binary-package: caudium (3:1.4.12-11) DSA: (Name in brackets if someone prepares a DSA) @@ -76,18 +69,18 @@ SPU: - Binary-package: lazarus-src (0.9.24-0-9) Binary-package: gdrae (0.1-1) Binary-package: cdrw-taper (0.4-2) Binary-package: digitaldj (0.7.5-6+b1) Binary-package: xastir (1.9.2-1) Binary-package: aview (1.3.0rc1-8) Binary-package: xcal (4.1-18.3) - Binary-package: plait (1.5.2-1) Binary-package: mgt (2.31-5) Binary-package: sng (1.0.2-5) Binary-package: cdcontrol (1.90-1.1) Binary-package: apertium (3.0.7+1-1+b1) + Binary-package: rccp (0.9-2) + Binary-package: xmcd (2.6-19.3) Binary-package: xsabre (0.2.4b-23) Binary-package: realtimebattle-common (1.0.8-2) @@ -101,6 +94,13 @@ Binary-package: postfix (2.5.2-2) Binary-package: tiger (1:3.2.2-3.1) Binary-package: linuxtrade (3.65-8+b4) + Binary-package: arb-common (0.0.20071207.1-4) + Binary-package: scratchbox2 (1.99.0.24-1) + Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) + Binary-package: firehol (1.256-4) + Binary-package: mafft (6.240-1) + Binary-package: liguidsoap (0.3.6-4) + Binary-package: ampache (3.4.1-1)