thr3ads.net - Secure testing commits - [Secure-testing-commits] r9976

If this information is useful, please help other people find it:
Share via:
jmm-guest at alioth.debian.org
2008-Oct-03 19:57 UTC
[Secure-testing-commits] r9976 - / data data/CVE

Author: jmm-guest
Date: 2008-10-03 19:57:41 +0000 (Fri, 03 Oct 2008)
New Revision: 9976

Modified:
   data/CVE/list
   data/spu-candidates.txt
   tmp.txt
Log:
more SPUs
bulmages not in etch
some bugs were already archived, which initially confused me


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-10-03 19:28:48 UTC (rev 9975)
+++ data/CVE/list	2008-10-03 19:57:41 UTC (rev 9976)
@@ -1,3 +1,12 @@
+CVE-2008-XXXX [bulmages: insecure temp file]
+	- bulmages <unfixed> (low; bug #496382)
+        NOTE: Only present in example scripts
+CVE-2008-XXXX [printfilters-ppd: insecure temp file]
+	- printfilters-ppd <unfixed> (unimportant; bug #496417)
+        NOTE: Only exploitable when modifying master-filter by hand
+CVE-2008-XXXX [freevo: insecure temp file]
+	- freevo <unfixed> (unimportant; bug #496373)
+        NOTE: Only exploitable when modifying script by hand
 CVE-2008-XXXX [netmrg: insecure temp file]
 	- netmrg 0.20-2 (low; bug #496384)
         [etch] - netmrg <no-dsa> (Minor issue)
@@ -471,8 +480,10 @@
 	[etch] - jumpnbump <no-dsa> (Minor issue)
 CVE-2008-XXXX [gpsdrive: insecure temp file]
 	- gpsdrive 2.10~pre4-6.dfsg-1 (low; bug #496436)
+        [etch] - gpsdrive <no-dsa> (Minor issue)
 CVE-2008-XXXX [dist: insecure temp file]
 	- dist 1:3.5-17-2 (low; bug #496412)
+        [etch] - dist <no-dsa> (Minor issue)
 CVE-2008-XXXX [lustre: insecure temp files]
 	- lustre 1.6.5.1-1 (low; bug #496371)
 CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, and NetBSD 4.0 interprets long
...)
@@ -1578,6 +1589,7 @@
 	[etch] - xcal <no-dsa> (Minor issue)
 CVE-2008-XXXX [r-base: insecure temp file]
 	- r-base 2.7.2-1 (low; bug #496418)
+        [etch] - r-base <no-dsa> (Minor issue)
 	- r-base-core-ra 1.1.1-2 (low; bug #496363)
 	[lenny] - r-base 2.7.1-1+lenny1
 CVE-2008-3791 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop ...)

Modified: data/spu-candidates.txt
==================================================================---
data/spu-candidates.txt	2008-10-03 19:28:48 UTC (rev 9975)
+++ data/spu-candidates.txt	2008-10-03 19:57:41 UTC (rev 9976)
@@ -103,6 +103,11 @@
 
 --
 
+dist
+#496412
+
+--
+
 emacs21 (CVE-2007-6109/CVE-2008-1694)
 bug #455433, bug #476612
 notified maintainer
@@ -141,6 +146,11 @@
 
 --
 
+gpsdrive
+#496436
+
+--
+
 ipsec-tools (CVE-2008-3651)
 http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
 notified maintainer
@@ -255,6 +265,11 @@
 
 --
 
+r-base
+#496418
+
+--
+
 rccp
 #496364
 notified maintainer

Modified: tmp.txt
==================================================================--- tmp.txt
2008-10-03 19:28:48 UTC (rev 9975)
+++ tmp.txt	2008-10-03 19:57:41 UTC (rev 9976)
@@ -15,33 +15,20 @@
   a point update, oss-security should be better than a CNA pool since
   there''s a risk of collisions
 
-Packages for which Dmitry didn''t file a bug so far:
- Binary-package: datafreedom-perl (0.1.7-1)
- Binary-package: printfilters-ppd (2.13-9)
- Binary-package: initramfs-tools (0.92f)
- Binary-package: sendmail-base (8.14.3-5)
-
-
  Binary-package: lustre-tests (1.6.5-1)
- Binary-package: freevo (1.8.1-0)
  Binary-package: fml (4.0.3.dfsg-2)
  Binary-package: rkhunter (1.3.2-3)
  Binary-package: openswan (1:2.4.12+dfsg-1.1)
- Binary-package: gpsdrive-scripts (2.10~pre4-3)
  Binary-package: ibackup (2.27-4.1)
  Binary-package: rancid-util (2.3.2~a8-1)
- Binary-package: r-base-core (2.7.1-1)
- Binary-package: dpkg-cross (2.3.0)
  Binary-package: ltp-network-test (20060918-2.1)
  Binary-package: fwbuilder (2.1.19-3)
- Binary-package: dist (1:3.5-17-1)
  Binary-package: sympa (5.3.4-5)
  Binary-package: mgetty-fax (1.1.36-1.2)
  Binary-package: aegis (4.24-3)
  Binary-package: aegis-web (4.24-3)
  Binary-package: qemu (0.9.1-5)
  Binary-package: gccxml (0.9.0+cvs20080525-1)
- Binary-package: bulmages-servers (0.11.1-2)
  Binary-package: caudium (3:1.4.12-11)
 
 
@@ -78,6 +65,9 @@
  Binary-package: impose+ (0.2-11)
  Binary-package: emacspeak (26.0-3)
  Binary-package: netmrg (0.20-1)
+ Binary-package: r-base-core (2.7.1-1)
+ Binary-package: dist (1:3.5-17-1)
+ Binary-package: gpsdrive-scripts (2.10~pre4-3)
 
 Non-issues (not exploitable, only examples or very exotic use cases,
 e.g. only exploitable when debugging a certain option, not present
@@ -97,6 +87,12 @@
  Binary-package: ampache (3.4.1-1)
  Binary-package: scilab-bin (4.1.2-5)
  Binary-package: bk2site (1:1.1.9-3.1)
+ Binary-package: freevo (1.8.1-0)
+ Binary-package: dpkg-cross (2.3.0)
+ Binary-package: initramfs-tools (0.92f)
+ Binary-package: datafreedom-perl (0.1.7-1)
+ Binary-package: printfilters-ppd (2.13-9)
+ Binary-package: sendmail-base (8.14.3-5)
Secure testing commits - Oct 2008 - r9976 - / data data/CVE

[Secure-testing-commits] r9976 - / data data/CVE
