jmm-guest at alioth.debian.org
2008-Oct-03 18:12 UTC
[Secure-testing-commits] r9971 - / data data/CVE
Author: jmm-guest Date: 2008-10-03 18:11:57 +0000 (Fri, 03 Oct 2008) New Revision: 9971 Modified: data/CVE/list data/spu-candidates.txt tmp.txt Log: more temp triage Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-10-03 18:07:47 UTC (rev 9970) +++ data/CVE/list 2008-10-03 18:11:57 UTC (rev 9971) @@ -1,3 +1,20 @@ +CVE-2008-XXXX [konwert: insecure temp file] + - konwert 1.8-11.2 (low; bug #496379) + [etch] - konwert <no-dsa> (Minor issue) +CVE-2008-XXXX [wims: insecure temp file] + - wims <unfixed> (low; bug #496387) + [etch] - wims <no-dsa> (Minor issue) +CVE-2008-XXXX [freeradius-dialupadmin: insecure temp file] + - freeradius 2.0.4+dfsg-6 (low; bug #496430) +CVE-2008-XXXX [bk2site: insecure temp file] + - bk2site <unfixed> (unimportant; bug #496430) + NOTE: Only debug code, script needs to be edited to exploit this +CVE-2008-XXXX [cman: insecure temp file] + - redhat-cluster <unfixed> (low; bug #496410) + [etch] - redhat-cluster <no-dsa> (Minor issue) +CVE-2008-XXXX [scilab: insecure temp file] + - scilab 4.1.2-6 (low; bug #496414) + [etch] - scilab <no-dsa> (Non-free not supported) CVE-2008-4395 RESERVED CVE-2008-4394 Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2008-10-03 18:07:47 UTC (rev 9970) +++ data/spu-candidates.txt 2008-10-03 18:11:57 UTC (rev 9971) @@ -133,6 +133,11 @@ -- +konwert +#496379 + +-- + libapache2-mod-perl2 (CVE-2007-1349) http://svn.apache.org/viewvc?view=rev&revision=521584 #433549 @@ -237,6 +242,11 @@ -- +redhat-cluster +#496410 + +-- + rsync (CVE-2007-6200) #453652 notified maintainer @@ -249,6 +259,11 @@ -- +scilab +#496414 + +-- + sip-tester (CVE-2008-1959, CVE-2008-2085) #479039 notified maintainer @@ -313,6 +328,11 @@ -- +wims +#496387 + +-- + wyrd (CVE-2008-0806) bug #466382 notified maintainer Modified: tmp.txt ==================================================================--- tmp.txt 2008-10-03 18:07:47 UTC (rev 9970) +++ tmp.txt 2008-10-03 18:11:57 UTC (rev 9971) @@ -35,15 +35,11 @@ Binary-package: audiolink (0.05-1) Binary-package: ibackup (2.27-4.1) Binary-package: emacspeak (26.0-3) - Binary-package: bk2site (1:1.1.9-3.1) Binary-package: emacs-jabber (0.7.91-1) Binary-package: rancid-util (2.3.2~a8-1) - Binary-package: radiance (3R9+20080530-3) Binary-package: r-base-core (2.7.1-1) - Binary-package: scilab-bin (4.1.2-5) Binary-package: dpkg-cross (2.3.0) Binary-package: ltp-network-test (20060918-2.1) - Binary-package: cman (2.20080629-1) Binary-package: sendmail-base (8.14.3-5) Binary-package: fwbuilder (2.1.19-3) Binary-package: dist (1:3.5-17-1) @@ -51,21 +47,19 @@ Binary-package: mgetty-fax (1.1.36-1.2) Binary-package: aegis (4.24-3) Binary-package: aegis-web (4.24-3) - Binary-package: mon (0.99.2-12) Binary-package: qemu (0.9.1-5) Binary-package: myspell-tools (1:3.1-20) Binary-package: gccxml (0.9.0+cvs20080525-1) - Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4) - Binary-package: wims (3.62-13) Binary-package: initramfs-tools (0.92f) Binary-package: netmrg (0.20-1) Binary-package: bulmages-servers (0.11.1-2) - Binary-package: konwert-filters (1.8-11.1) Binary-package: caudium (3:1.4.12-11) DSA: (Name in brackets if someone prepares a DSA) Binary-package: feta (1.4.16) (jmm) + Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4) + Binary-package: mon (0.99.2-12) SPU: @@ -83,6 +77,9 @@ Binary-package: xmcd (2.6-19.3) Binary-package: xsabre (0.2.4b-23) Binary-package: realtimebattle-common (1.0.8-2) + Binary-package: cman (2.20080629-1) + Binary-package: wims (3.62-13) + Binary-package: konwert-filters (1.8-11.1) Non-issues (not exploitable, only examples or very exotic use cases, @@ -101,6 +98,8 @@ Binary-package: mafft (6.240-1) Binary-package: liguidsoap (0.3.6-4) Binary-package: ampache (3.4.1-1) + Binary-package: scilab-bin (4.1.2-5) + Binary-package: bk2site (1:1.1.9-3.1)