jmm-guest at alioth.debian.org
2008-Oct-01 21:25 UTC
[Secure-testing-commits] r9929 - / data data/CVE
Author: jmm-guest Date: 2008-10-01 21:25:38 +0000 (Wed, 01 Oct 2008) New Revision: 9929 Modified: data/CVE/list data/spu-candidates.txt tmp.txt Log: more temp triage Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-10-01 21:14:13 UTC (rev 9928) +++ data/CVE/list 2008-10-01 21:25:38 UTC (rev 9929) @@ -607,6 +607,7 @@ NOT-FOR-US: Reciprocal Links Manager CVE-2008-4085 (Plait before 1.6 allows local users to overwrite arbitrary files via a ...) - plait 1.5.2-2 (low; bug #496381) + [etch] - plait <no-dsa> (Minor issue) CVE-2008-4084 (SQL injection vulnerability in staticpages/easyclassifields/index.php ...) NOT-FOR-US: MyioSoft EasyClassifields CVE-2008-4083 (Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in ...) @@ -1413,6 +1414,7 @@ - realtimebattle 1.0.8-8 (low; bug #496385) CVE-2008-XXXX [mgt: insecure temp file] - mgt 2.31-6 (low; bug #496434) + [etch] - mgt <no-dsa> (Minor issue) CVE-2008-XXXX [twiki: insecure temp file] - twiki 1:4.1.2-4 (low; bug #494648) CVE-2008-XXXX [mafft: insecure temp file] @@ -1425,8 +1427,10 @@ - sympa 5.3.4-5.1 (low; bug #496405; bug #494969) CVE-2008-XXXX [sng: insecure temp file] - sng 1.0.2-6 (low; bug #496407) + [etch] - sng <no-dsa> (Minor issue) CVE-2008-XXXX [aview: insecure temp file] - aview 1.3.0rc1-8.1 (low; bug #496422) + [etch] - aview <no-dsa> (Minor issue) CVE-2008-XXXX [fwbuilder: insecure temp file] - fwbuilder 2.1.19-5 (low; bug #496406) CVE-2008-XXXX [feta: insecure temp file in to-upgrade plugin] @@ -1436,6 +1440,7 @@ NOTE: Not enabled by default, needs manual modification of a script CVE-2008-XXXX [cdcontrol: insecure temp file] - cdcontrol <removed> (low; bug #496438) + [etch] - cdcontrol <no-dsa> (Minor issue) CVE-2008-XXXX [sgml2x: insecure temp file] - sgml2x 1.0.0-11.2 (low; bug #496368) CVE-2008-XXXX [dtc-common: insecure temp file] @@ -1446,6 +1451,7 @@ - xmcd 2.6-21 (low; bug #496416) CVE-2008-XXXX [xcal: insecure temp file] - xcal 4.1-19 (low; bug #496393) + [etch] - xcal <no-dsa> (Minor issue) CVE-2008-XXXX [r-base: insecure temp file] - r-base 2.7.2-1 (low; bug #496418) - r-base-core-ra 1.1.1-2 (low; bug #496363) Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2008-10-01 21:14:13 UTC (rev 9928) +++ data/spu-candidates.txt 2008-10-01 21:25:38 UTC (rev 9929) @@ -11,6 +11,11 @@ -- +aview +#496422 + +-- + beagle (CVE-2005-4791) notified maintainer @@ -45,6 +50,11 @@ -- +cdcontrol +#496438) + +-- + cdrw-taper #496380 @@ -162,6 +172,11 @@ -- +mgt +#496434) + +-- + mksh (CVE-2008-1845) notified maintainer @@ -190,6 +205,11 @@ -- +plait (CVE-2008-4085) +#496381 + +-- + python-django (CVE-2007-5712) http://media.djangoproject.com/patches/2007-10-26-security-fix/ #448838 @@ -219,6 +239,11 @@ -- +sng +#496407) + +-- + streamripper (CVE-2007-4337) notified maintainer @@ -270,6 +295,11 @@ -- +xcal +#496393 + +-- + xemacs21 (CVE-2007-6109/CVE-2008-1694) bug #457764, bug #476613 notified maintainer Modified: tmp.txt ==================================================================--- tmp.txt 2008-10-01 21:14:13 UTC (rev 9928) +++ tmp.txt 2008-10-01 21:25:38 UTC (rev 9929) @@ -34,11 +34,9 @@ Binary-package: openswan (1:2.4.12+dfsg-1.1) Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) Binary-package: aptoncd (0.1-1.1) - Binary-package: cdcontrol (1.90-1.1) Binary-package: newsgate (1.6-23) Binary-package: gpsdrive-scripts (2.10~pre4-3) Binary-package: impose+ (0.2-11) - Binary-package: mgt (2.31-5) Binary-package: audiolink (0.05-1) Binary-package: ibackup (2.27-4.1) Binary-package: emacspeak (26.0-3) @@ -48,7 +46,6 @@ Binary-package: lmbench (3.0-a7-1) Binary-package: rancid-util (2.3.2~a8-1) Binary-package: firehol (1.256-4) - Binary-package: aview (1.3.0rc1-8) Binary-package: radiance (3R9+20080530-3) Binary-package: convirt (0.8.2-3) Binary-package: printfilters-ppd (2.13-9) @@ -61,7 +58,6 @@ Binary-package: scratchbox2 (1.99.0.24-1) Binary-package: sendmail-base (8.14.3-5) Binary-package: fwbuilder (2.1.19-3) - Binary-package: sng (1.0.2-5) Binary-package: dist (1:3.5-17-1) Binary-package: sympa (5.3.4-5) Binary-package: caudium (3:1.4.12-11) @@ -72,7 +68,6 @@ Binary-package: arb-common (0.0.20071207.1-4) Binary-package: qemu (0.9.1-5) Binary-package: apertium (3.0.7+1-1+b1) - Binary-package: xcal (4.1-18.3) Binary-package: myspell-tools (1:3.1-20) Binary-package: gccxml (0.9.0+cvs20080525-1) Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4) @@ -82,7 +77,6 @@ Binary-package: realtimebattle-common (1.0.8-7) Binary-package: netmrg (0.20-1) Binary-package: bulmages-servers (0.11.1-2) - Binary-package: plait (1.5.2-1) Binary-package: konwert-filters (1.8-11.1) @@ -97,6 +91,12 @@ Binary-package: vdr-dbg (1.6.0-5) Binary-package: digitaldj (0.7.5-6+b1) Binary-package: xastir (1.9.2-1) + Binary-package: aview (1.3.0rc1-8) + Binary-package: xcal (4.1-18.3) + Binary-package: plait (1.5.2-1) + Binary-package: mgt (2.31-5) + Binary-package: sng (1.0.2-5) + Binary-package: cdcontrol (1.90-1.1) Non-issues (not exploitable, only examples or very exotic use cases,