[Secure-testing-commits] r9930 - / data data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Wed Oct 1 21:35:40 UTC 2008


Author: jmm-guest
Date: 2008-10-01 21:35:38 +0000 (Wed, 01 Oct 2008)
New Revision: 9930

Modified:
   data/CVE/list
   data/spu-candidates.txt
   tmp.txt
Log:
more tmp triage
it seems as if Dmitry didn't file bugs for all issues in his
  MBF, the remaining ones need to be evaluated and filed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-01 21:25:38 UTC (rev 9929)
+++ data/CVE/list	2008-10-01 21:35:38 UTC (rev 9930)
@@ -1,3 +1,7 @@
+CVE-2008-XXXX [linuxtrade: insecure temp file]
+	- linuxtrade <removed> (unimportant; bug #496372)
+        NOTE: unimportant since the program is dysfunctional with the current
+        NOTE: trading website and thus not exploitable for practical purposes
 CVE-2008-XXXX [digitaldj: insecure temp file]
 	- digitaldj 0.7.5-6.1 (low; bug #496399)
 	[etch] - digitaldj <no-dsa> (Minor issue)
@@ -1387,6 +1391,7 @@
 	- ruby1.9 1.9.0.2-6 (bug #497610)
 CVE-2008-XXXX [apertium: insecure temp files]
 	- apertium 3.0.7+1-1.1 (low; bug #496395)
+        [etch] - apertium <no-dsa> (Minor issue)
 CVE-2008-XXXX [convirt: insecure temp files]
 	- convirt <unfixed> (medium; bug #496419)
 CVE-2008-XXXX [audiolink: insecure temp files]

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-10-01 21:25:38 UTC (rev 9929)
+++ data/spu-candidates.txt	2008-10-01 21:35:38 UTC (rev 9930)
@@ -5,6 +5,11 @@
 
 --
 
+apertium
+#496395
+
+--
+
 audacity (CVE-2007-6061)
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
 notified maintainer

Modified: tmp.txt
===================================================================
--- tmp.txt	2008-10-01 21:25:38 UTC (rev 9929)
+++ tmp.txt	2008-10-01 21:35:38 UTC (rev 9930)
@@ -15,6 +15,11 @@
   a point update, oss-security should be better than a CNA pool since
   there's a risk of collisions
 
+Packages for which Dmitry didn't file a bug so far:
+ Binary-package: datafreedom-perl (0.1.7-1)
+ Binary-package: printfilters-ppd (2.13-9)
+
+
  Binary-package: r-base-core-ra (1.1.1-1)
  Binary-package: rccp (0.9-2)
  Binary-package: mafft (6.240-1)
@@ -27,7 +32,6 @@
  Binary-package: dtc-common (0.29.6-1)
  Binary-package: honeyd-common (1.5c-3)
  Binary-package: lustre-tests (1.6.5-1)
- Binary-package: linuxtrade (3.65-8+b4)
  Binary-package: freevo (1.8.1-0)
  Binary-package: fml (4.0.3.dfsg-2)
  Binary-package: rkhunter (1.3.2-3)
@@ -41,14 +45,12 @@
  Binary-package: ibackup (2.27-4.1)
  Binary-package: emacspeak (26.0-3)
  Binary-package: bk2site (1:1.1.9-3.1)
- Binary-package: datafreedom-perl (0.1.7-1)
  Binary-package: emacs-jabber (0.7.91-1)
  Binary-package: lmbench (3.0-a7-1)
  Binary-package: rancid-util (2.3.2~a8-1)
  Binary-package: firehol (1.256-4)
  Binary-package: radiance (3R9+20080530-3)
  Binary-package: convirt (0.8.2-3)
- Binary-package: printfilters-ppd (2.13-9)
  Binary-package: r-base-core (2.7.1-1)
  Binary-package: xmcd (2.6-19.3)
  Binary-package: scilab-bin (4.1.2-5)
@@ -67,7 +69,6 @@
  Binary-package: mon (0.99.2-12)
  Binary-package: arb-common (0.0.20071207.1-4)
  Binary-package: qemu (0.9.1-5)
- Binary-package: apertium (3.0.7+1-1+b1)
  Binary-package: myspell-tools (1:3.1-20)
  Binary-package: gccxml (0.9.0+cvs20080525-1)
  Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4)
@@ -97,6 +98,7 @@
  Binary-package: mgt (2.31-5)
  Binary-package: sng (1.0.2-5)
  Binary-package: cdcontrol (1.90-1.1)
+ Binary-package: apertium (3.0.7+1-1+b1)
 
 
 Non-issues (not exploitable, only examples or very exotic use cases,
@@ -107,6 +109,7 @@
  Binary-package: openoffice.org-common (1:2.4.1-6)
  Binary-package: postfix (2.5.2-2)
  Binary-package: tiger (1:3.2.2-3.1)
+ Binary-package: linuxtrade (3.65-8+b4)
 
 
 




More information about the Secure-testing-commits mailing list