Secure testing commits - Oct 2007 - r6953 - data/CVE

Author: jmm-guest
Date: 2007-10-14 16:30:13 +0000 (Sun, 14 Oct 2007)
New Revision: 6953

Modified:
   data/CVE/list
Log:
no-dsa for festival
pine has not been removed


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-14 13:46:56 UTC (rev 6952)
+++ data/CVE/list	2007-10-14 16:30:13 UTC (rev 6953)
@@ -3100,6 +3100,7 @@
 	NOT-FOR-US: Alisveris Sitesi Scripti
 CVE-2007-4074 (The default configuration of Centre for Speech Technology
Research ...)
 	- festival 1.4.3-21 (bug #435445; low)
+	[etch] - festival <no-dsa> (Minor issue)
 CVE-2007-4073 (Webbler CMS before 3.1.6 does not properly restrict use of
&quot;mail a ...)
 	NOT-FOR-US: Webbler CMS
 CVE-2007-4072 (Webbler CMS before 3.1.6 provides the full installation path
within ...)
@@ -50114,7 +50115,7 @@
 	NOTE: Mozilla''s a/b versions map to the Debian version.
 CVE-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53,
allows ...)
 	- uw-imap 7:2002c
-	- pine <removed>
+	TODO: check pine
 CVE-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP
...)
 	- evolution 1.3.2
 CVE-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for
vBulletin ...)

Hi,
* jmm-guest at alioth.debian.org <jmm-guest at alioth.debian.org>
[2007-10-14 18:32]:
> Author: jmm-guest
> Date: 2007-10-14 16:30:13 +0000 (Sun, 14 Oct 2007)
> New Revision: 6953
> 
> Modified:
>    data/CVE/list
> Log:
> no-dsa for festival
> pine has not been removed
> 
[...] 
>  CVE-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53,
allows ...)
>  	- uw-imap 7:2002c
> -	- pine <removed>
> +	TODO: check pine
Can someone please point me to a package of pine? I don''t 
see one and I looked at http://ftp-master.debian.org/removals.txt
which said:
[Date: Mon,  1 Apr 2002 19:12:26 -0500] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

      pine |  3.96M-5.0 | source
pine396-diffs |          5 | source, all
pine396-src |          3 | source, all
     pine4 |     4.21-1 | source
pine4-diffs |          2 | source, all
 pine4-src |          1 | source, all

Kind regards
Nico
-- 
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20071014/cbcc9a71/attachment.pgp

On Sunday 14 October 2007, Nico Golde wrote:
> > pine has not been removed
> Can someone please point me to a package of pine? I don''t
> see one and I looked at http://ftp-master.debian.org/removals.txt
> which said:
> [Date: Mon,  1 Apr 2002 19:12:26 -0500] [ftpmaster: Archive
> Administrator] Removed the following packages from stable:
pine is a bit of a special case, because debian only distributes the 
source, but no binaries except for the pine-tracker package (which 
just alerts the admin of new versions).

See

http://packages.debian.org/search?keywords=pine&searchon=sourcenames

or

rmadison pine

Cheers,
Stefan

Hi Stefan,

* Stefan Fritsch <sf at sfritsch.de> [2007-10-14
20:58]:
> On Sunday 14 October 2007, Nico Golde wrote:
> > > pine has not been removed
> > Can someone please point me to a package of pine? I don''t
> > see one and I looked at http://ftp-master.debian.org/removals.txt
> > which said:
> > [Date: Mon,  1 Apr 2002 19:12:26 -0500] [ftpmaster: Archive
> > Administrator] Removed the following packages from stable:
> 
> pine is a bit of a special case, because debian only distributes the 
> source, but no binaries except for the pine-tracker package (which 
> just alerts the admin of new versions).
Ah that explains why I missed it. Thanks, will check pine 
then.
Kind regards
Nico
-- 
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20071014/f23f2927/attachment.pgp

* Nico Golde <debian-secure-testing+ml at ngolde.de> [071014
12:08]:
> Hi Stefan,
> 
> * Stefan Fritsch <sf at sfritsch.de> [2007-10-14 20:58]:
> > On Sunday 14 October 2007, Nico Golde wrote:
> > > > pine has not been removed
> > > Can someone please point me to a package of pine? I
don''t
> > > see one and I looked at http://ftp-master.debian.org/removals.txt
> > > which said:
> > > [Date: Mon,  1 Apr 2002 19:12:26 -0500] [ftpmaster: Archive
> > > Administrator] Removed the following packages from stable:
> > 
> > pine is a bit of a special case, because debian only distributes the 
> > source, but no binaries except for the pine-tracker package (which 
> > just alerts the admin of new versions).
> 
> Ah that explains why I missed it. Thanks, will check pine 
> then.
> Kind regards
> Nico
All pine entries need to be checked against "alpine" which is a
free-software rebrand of pine that has entered the archive recently (is
in testing, not stable). I''ve contacted the maintainer to ask him to
review the current CVE entries.

Micah

Hi Micah,
* Micah Anderson <micah at riseup.net> [2007-10-14
22:34]:
> * Nico Golde <debian-secure-testing+ml at ngolde.de> [071014 12:08]:
> > > pine is a bit of a special case, because debian only distributes
the
> > > source, but no binaries except for the pine-tracker package
(which
> > > just alerts the admin of new versions).
> > 
> > Ah that explains why I missed it. Thanks, will check pine 
> > then.
> 
> All pine entries need to be checked against "alpine" which is a
> free-software rebrand of pine that has entered the archive recently (is
> in testing, not stable). I''ve contacted the maintainer to ask him
to
> review the current CVE entries.
Marked those as TODO in svn. Thanks!
Cheers
Nico
-- 
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20071014/2f6a2f0a/attachment.pgp