jmm-guest at alioth.debian.org
2008-Oct-01 21:35 UTC
[Secure-testing-commits] r9930 - / data data/CVE
Author: jmm-guest Date: 2008-10-01 21:35:38 +0000 (Wed, 01 Oct 2008) New Revision: 9930 Modified: data/CVE/list data/spu-candidates.txt tmp.txt Log: more tmp triage it seems as if Dmitry didn''t file bugs for all issues in his MBF, the remaining ones need to be evaluated and filed Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-10-01 21:25:38 UTC (rev 9929) +++ data/CVE/list 2008-10-01 21:35:38 UTC (rev 9930) @@ -1,3 +1,7 @@ +CVE-2008-XXXX [linuxtrade: insecure temp file] + - linuxtrade <removed> (unimportant; bug #496372) + NOTE: unimportant since the program is dysfunctional with the current + NOTE: trading website and thus not exploitable for practical purposes CVE-2008-XXXX [digitaldj: insecure temp file] - digitaldj 0.7.5-6.1 (low; bug #496399) [etch] - digitaldj <no-dsa> (Minor issue) @@ -1387,6 +1391,7 @@ - ruby1.9 1.9.0.2-6 (bug #497610) CVE-2008-XXXX [apertium: insecure temp files] - apertium 3.0.7+1-1.1 (low; bug #496395) + [etch] - apertium <no-dsa> (Minor issue) CVE-2008-XXXX [convirt: insecure temp files] - convirt <unfixed> (medium; bug #496419) CVE-2008-XXXX [audiolink: insecure temp files] Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2008-10-01 21:25:38 UTC (rev 9929) +++ data/spu-candidates.txt 2008-10-01 21:35:38 UTC (rev 9930) @@ -5,6 +5,11 @@ -- +apertium +#496395 + +-- + audacity (CVE-2007-6061) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283 notified maintainer Modified: tmp.txt ==================================================================--- tmp.txt 2008-10-01 21:25:38 UTC (rev 9929) +++ tmp.txt 2008-10-01 21:35:38 UTC (rev 9930) @@ -15,6 +15,11 @@ a point update, oss-security should be better than a CNA pool since there''s a risk of collisions +Packages for which Dmitry didn''t file a bug so far: + Binary-package: datafreedom-perl (0.1.7-1) + Binary-package: printfilters-ppd (2.13-9) + + Binary-package: r-base-core-ra (1.1.1-1) Binary-package: rccp (0.9-2) Binary-package: mafft (6.240-1) @@ -27,7 +32,6 @@ Binary-package: dtc-common (0.29.6-1) Binary-package: honeyd-common (1.5c-3) Binary-package: lustre-tests (1.6.5-1) - Binary-package: linuxtrade (3.65-8+b4) Binary-package: freevo (1.8.1-0) Binary-package: fml (4.0.3.dfsg-2) Binary-package: rkhunter (1.3.2-3) @@ -41,14 +45,12 @@ Binary-package: ibackup (2.27-4.1) Binary-package: emacspeak (26.0-3) Binary-package: bk2site (1:1.1.9-3.1) - Binary-package: datafreedom-perl (0.1.7-1) Binary-package: emacs-jabber (0.7.91-1) Binary-package: lmbench (3.0-a7-1) Binary-package: rancid-util (2.3.2~a8-1) Binary-package: firehol (1.256-4) Binary-package: radiance (3R9+20080530-3) Binary-package: convirt (0.8.2-3) - Binary-package: printfilters-ppd (2.13-9) Binary-package: r-base-core (2.7.1-1) Binary-package: xmcd (2.6-19.3) Binary-package: scilab-bin (4.1.2-5) @@ -67,7 +69,6 @@ Binary-package: mon (0.99.2-12) Binary-package: arb-common (0.0.20071207.1-4) Binary-package: qemu (0.9.1-5) - Binary-package: apertium (3.0.7+1-1+b1) Binary-package: myspell-tools (1:3.1-20) Binary-package: gccxml (0.9.0+cvs20080525-1) Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4) @@ -97,6 +98,7 @@ Binary-package: mgt (2.31-5) Binary-package: sng (1.0.2-5) Binary-package: cdcontrol (1.90-1.1) + Binary-package: apertium (3.0.7+1-1+b1) Non-issues (not exploitable, only examples or very exotic use cases, @@ -107,6 +109,7 @@ Binary-package: openoffice.org-common (1:2.4.1-6) Binary-package: postfix (2.5.2-2) Binary-package: tiger (1:3.2.2-3.1) + Binary-package: linuxtrade (3.65-8+b4)