thr3ads.net - Secure testing commits - [Secure-testing-commits] r9975

If this information is useful, please help other people find it:
Share via:
jmm-guest at alioth.debian.org
2008-Oct-03 19:28 UTC
[Secure-testing-commits] r9975 - / data data/CVE

Author: jmm-guest
Date: 2008-10-03 19:28:48 +0000 (Fri, 03 Oct 2008)
New Revision: 9975

Modified:
   data/CVE/list
   data/spu-candidates.txt
   tmp.txt
Log:
more temp triage


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-10-03 19:15:00 UTC (rev 9974)
+++ data/CVE/list	2008-10-03 19:28:48 UTC (rev 9975)
@@ -1,3 +1,9 @@
+CVE-2008-XXXX [netmrg: insecure temp file]
+	- netmrg 0.20-2 (low; bug #496384)
+        [etch] - netmrg <no-dsa> (Minor issue)
+CVE-2008-XXXX [impose+: insecure temp file]
+	- impose+ 1.8-11.2 (low; bug #496435)
+        [etch] - impose+ <no-dsa> (Minor issue)
 CVE-2008-XXXX [konwert: insecure temp file]
 	- konwert 1.8-11.2 (low; bug #496379)
         [etch] - konwert <no-dsa> (Minor issue)
@@ -457,6 +463,7 @@
 	- cman <unfixed> (bug #496410; low)
 CVE-2008-4191 (extract-table.pl in Emacspeak 26 and 28 allows local users to
...)
 	- emacspeak 28.0-2 (bug #496431; low)
+        [etch] - emacspeak <no-dsa> (Minor issue)
 CVE-2008-4190 (The IPSEC livetest tool in Openswan 2.4.4 and earlier allows
local ...)
 	- openswan 1:2.4.12+dfsg-1.3 (bug #496374; low)
 CVE-2008-XXXX [jumpnbump: insecure temp file]
@@ -1485,6 +1492,7 @@
 	NOT-FOR-US: Active PHP Bookmarks
 CVE-2008-XXXX [emacs-jabber: insecure temp files]
 	- emacs-jabber 0.7.91-2 (low; bug #496428)
+	[etch] - emacs-jabber <no-dsa> (Minor issue)
 CVE-2008-XXXX [xastir: insecure temp files]
 	- xastir 1.9.2-1.1 (low; bug #496383)
 	[etch] - xastir <no-dsa> (Minor issue)
@@ -1500,6 +1508,7 @@
 	- convirt <unfixed> (medium; bug #496419)
 CVE-2008-XXXX [audiolink: insecure temp files]
 	- audiolink 0.05-1.1 (low; bug #496433)
+        [etch] - audiolink <no-dsa> (Minor issue)
 CVE-2008-XXXX [lmbench: insecure temp files]
 	- lmbench <unfixed> (low; bug #496427)
 	[etch] - lmbench <no-dsa> (Non-free not supported)
@@ -1507,6 +1516,7 @@
 	- newsgate <removed> (low; bug #496437)
 CVE-2008-XXXX [myspell: insecure temp files]
 	- myspell 1:3.0+pre3.1-21 (low; bug #496392)
+        [etch] - myspell <no-dsa> (Minor issue)
 CVE-2008-XXXX [insecure temp file in ogle]
 	- ogle <unfixed> (unimportant; bug #496420; bug #496425)
 	NOTE: This only affects debugging scripts not present in standard path

Modified: data/spu-candidates.txt
==================================================================---
data/spu-candidates.txt	2008-10-03 19:15:00 UTC (rev 9974)
+++ data/spu-candidates.txt	2008-10-03 19:28:48 UTC (rev 9975)
@@ -23,6 +23,11 @@
 
 --
 
+audiolink 
+#496433
+
+--
+
 aview
 #496422
 notified maintainer
@@ -108,6 +113,16 @@
 
 --
 
+emacs-jabber
+#496428
+
+--
+
+emacspeak (CVE-2008-4191)
+#496431
+
+--
+
 exiv2 (CVE-2008-2696)
 bug #486328)
 http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
@@ -215,6 +230,11 @@
 #447753
 notified maintainer
 
+--
+
+myspell
+#496392
+
 ---
 
 ngircd (CVE-2008-0285)

Modified: tmp.txt
==================================================================--- tmp.txt
2008-10-03 19:15:00 UTC (rev 9974)
+++ tmp.txt	2008-10-03 19:28:48 UTC (rev 9975)
@@ -18,6 +18,8 @@
 Packages for which Dmitry didn''t file a bug so far:
  Binary-package: datafreedom-perl (0.1.7-1)
  Binary-package: printfilters-ppd (2.13-9)
+ Binary-package: initramfs-tools (0.92f)
+ Binary-package: sendmail-base (8.14.3-5)
 
 
  Binary-package: lustre-tests (1.6.5-1)
@@ -26,16 +28,11 @@
  Binary-package: rkhunter (1.3.2-3)
  Binary-package: openswan (1:2.4.12+dfsg-1.1)
  Binary-package: gpsdrive-scripts (2.10~pre4-3)
- Binary-package: impose+ (0.2-11)
- Binary-package: audiolink (0.05-1)
  Binary-package: ibackup (2.27-4.1)
- Binary-package: emacspeak (26.0-3)
- Binary-package: emacs-jabber (0.7.91-1)
  Binary-package: rancid-util (2.3.2~a8-1)
  Binary-package: r-base-core (2.7.1-1)
  Binary-package: dpkg-cross (2.3.0)
  Binary-package: ltp-network-test (20060918-2.1)
- Binary-package: sendmail-base (8.14.3-5)
  Binary-package: fwbuilder (2.1.19-3)
  Binary-package: dist (1:3.5-17-1)
  Binary-package: sympa (5.3.4-5)
@@ -43,10 +40,7 @@
  Binary-package: aegis (4.24-3)
  Binary-package: aegis-web (4.24-3)
  Binary-package: qemu (0.9.1-5)
- Binary-package: myspell-tools (1:3.1-20)
  Binary-package: gccxml (0.9.0+cvs20080525-1)
- Binary-package: initramfs-tools (0.92f)
- Binary-package: netmrg (0.20-1)
  Binary-package: bulmages-servers (0.11.1-2)
  Binary-package: caudium (3:1.4.12-11)
 
@@ -78,8 +72,13 @@
  Binary-package: crossfire-maps (1.11.0-1)
  Binary-package: sgml2x (1.0.0-11.1)
  Binary-package: xen-utils-3.2-1 (3.2.1-2)
+ Binary-package: myspell-tools (1:3.1-20)
+ Binary-package: emacs-jabber (0.7.91-1)
+ Binary-package: audiolink (0.05-1)
+ Binary-package: impose+ (0.2-11)
+ Binary-package: emacspeak (26.0-3)
+ Binary-package: netmrg (0.20-1)
 
-
 Non-issues (not exploitable, only examples or very exotic use cases,
 e.g. only exploitable when debugging a certain option, not present
 in Etch or only exploitable during package build time):
Secure testing commits - Oct 2008 - r9975 - / data data/CVE

[Secure-testing-commits] r9975 - / data data/CVE
