[Secure-testing-commits] r9959 - / data data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Thu Oct 2 16:08:55 UTC 2008 

Author: jmm-guest
Date: 2008-10-02 16:08:52 +0000 (Thu, 02 Oct 2008)
New Revision: 9959

Modified:
   data/CVE/list
   data/spu-candidates.txt
   tmp.txt
Log:
remove plait and lazarus from spu-candidates, they're not present in Etch
more temp triage
new kernel issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-02 15:02:06 UTC (rev 9958)
+++ data/CVE/list	2008-10-02 16:08:52 UTC (rev 9959)
@@ -1,3 +1,10 @@
+CVE-2008-XXXX [liquidsoap: insecure temp file]
+	- liquidsoap <unfixed> (low; bug #496360)
+CVE-2008-XXXX [openswan kernel patch: insecure temp file]
+	- linux-patch-openswan <unfixed> (unimportant; bug #496376)
+	NOTE: Only unused packaging bits
+CVE-2008-XXXX [arb: insecure temp file]
+	- arb 0.0.20071207.1-5 (low; bug #496396)
 CVE-2008-XXXX [aptoncd: insecure temp file]
 	- aptoncd 0.1-1.2 (bug #496390; low)
 CVE-2008-XXXX [dhis-server: insecure temp file]
@@ -6,6 +13,9 @@
 	- linuxtrade <removed> (unimportant; bug #496372)
 	NOTE: unimportant since the program is dysfunctional with the current
 	NOTE: trading website and thus not exploitable for practical purposes
+CVE-2008-XXXX [rccp: insecure temp file]
+	- rccp 0.9-2.1 (low; bug #496364)
+	[etch] - rccp <no-dsa> (Minor issue)
 CVE-2008-XXXX [digitaldj: insecure temp file]
 	- digitaldj 0.7.5-6.1 (low; bug #496399)
 	[etch] - digitaldj <no-dsa> (Minor issue)
@@ -622,7 +632,6 @@
 	NOT-FOR-US: Reciprocal Links Manager
 CVE-2008-4085 (Plait before 1.6 allows local users to overwrite arbitrary files via a ...)
 	- plait 1.5.2-2 (low; bug #496381)
-	[etch] - plait <no-dsa> (Minor issue)
 CVE-2008-4084 (SQL injection vulnerability in staticpages/easyclassifields/index.php ...)
 	NOT-FOR-US: MyioSoft EasyClassifields
 CVE-2008-4083 (Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in ...)
@@ -1225,8 +1234,9 @@
 	RESERVED
 CVE-2008-3833
 	RESERVED
-CVE-2008-3832
+CVE-2008-3832 [utrace local DoS]
 	RESERVED
+	- linux-2.6 <not-affected> (Fedora-specific patch)
 CVE-2008-3831
 	RESERVED
 CVE-2008-3830
@@ -1472,6 +1482,7 @@
 	- liguidsoap <unfixed> (low; bug #496360)
 CVE-2008-XXXX [xmcd: insecure temp file]
 	- xmcd 2.6-21 (low; bug #496416)
+	[etch] - xmcd <no-dsa> (Minor issue)
 CVE-2008-XXXX [xcal: insecure temp file]
 	- xcal 4.1-19 (low; bug #496393)
 	[etch] - xcal <no-dsa> (Minor issue)
@@ -1505,7 +1516,6 @@
 	[etch] - vdr <not-affected> (Vulnerable code not present)
 CVE-2008-XXXX [lazarus: insecure temp file]
 	- lazarus 0.9.24-0-11 (low; bug #496377)
-	[etch] - lazarus <no-dsa> (Minor issue)
 CVE-2008-XXXX [crossfire-maps: insecure temp file]
 	- crossfire-maps 1.11.0-2 (low)
 CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in ...)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-10-02 15:02:06 UTC (rev 9958)
+++ data/spu-candidates.txt	2008-10-02 16:08:52 UTC (rev 9959)
@@ -133,12 +133,6 @@
 
 --
 
-lazarus
-#496377
-notified maintainer
-
---
-
 libapache2-mod-perl2 (CVE-2007-1349)
 http://svn.apache.org/viewvc?view=rev&revision=521584
 #433549
@@ -224,12 +218,6 @@
 
 --
 
-plait (CVE-2008-4085)
-#496381
-notified maintainer
-
---
-
 python-django (CVE-2007-5712)
 http://media.djangoproject.com/patches/2007-10-26-security-fix/
 #448838
@@ -237,6 +225,11 @@
 
 --
 
+rccp
+#496364
+
+--
+
 realtimebattle
 #496385
 notified maintainer
@@ -302,6 +295,11 @@
 
 --
 
+xmcd
+#496416
+
+--
+
 vobcopy (CVE-2007-5718)
 bug #448319
 notified maintainer

Modified: tmp.txt
===================================================================
--- tmp.txt	2008-10-02 15:02:06 UTC (rev 9958)
+++ tmp.txt	2008-10-02 16:08:52 UTC (rev 9959)
@@ -21,11 +21,8 @@
 
 
  Binary-package: r-base-core-ra (1.1.1-1)
- Binary-package: rccp (0.9-2)
- Binary-package: mafft (6.240-1)
  Binary-package: crossfire-maps (1.11.0-1)
  Binary-package: sgml2x (1.0.0-11.1)
- Binary-package: liguidsoap (0.3.6-4)
  Binary-package: xen-utils-3.2-1 (3.2.1-2)
  Binary-package: dtc-common (0.29.6-1)
  Binary-package: lustre-tests (1.6.5-1)
@@ -33,7 +30,6 @@
  Binary-package: fml (4.0.3.dfsg-2)
  Binary-package: rkhunter (1.3.2-3)
  Binary-package: openswan (1:2.4.12+dfsg-1.1)
- Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
  Binary-package: gpsdrive-scripts (2.10~pre4-3)
  Binary-package: impose+ (0.2-11)
  Binary-package: audiolink (0.05-1)
@@ -44,22 +40,18 @@
  Binary-package: rancid-util (2.3.2~a8-1)
  Binary-package: radiance (3R9+20080530-3)
  Binary-package: r-base-core (2.7.1-1)
- Binary-package: xmcd (2.6-19.3)
  Binary-package: scilab-bin (4.1.2-5)
  Binary-package: dpkg-cross (2.3.0)
  Binary-package: ltp-network-test (20060918-2.1)
  Binary-package: cman (2.20080629-1)
- Binary-package: scratchbox2 (1.99.0.24-1)
  Binary-package: sendmail-base (8.14.3-5)
  Binary-package: fwbuilder (2.1.19-3)
  Binary-package: dist (1:3.5-17-1)
  Binary-package: sympa (5.3.4-5)
- Binary-package: caudium (3:1.4.12-11)
  Binary-package: mgetty-fax (1.1.36-1.2)
  Binary-package: aegis (4.24-3)
  Binary-package: aegis-web (4.24-3)
  Binary-package: mon (0.99.2-12)
- Binary-package: arb-common (0.0.20071207.1-4)
  Binary-package: qemu (0.9.1-5)
  Binary-package: myspell-tools (1:3.1-20)
  Binary-package: gccxml (0.9.0+cvs20080525-1)
@@ -69,6 +61,7 @@
  Binary-package: netmrg (0.20-1)
  Binary-package: bulmages-servers (0.11.1-2)
  Binary-package: konwert-filters (1.8-11.1)
+ Binary-package: caudium (3:1.4.12-11)
 
 
 DSA: (Name in brackets if someone prepares a DSA)
@@ -76,18 +69,18 @@
 
 
 SPU:
- Binary-package: lazarus-src (0.9.24-0-9)
  Binary-package: gdrae (0.1-1)
  Binary-package: cdrw-taper (0.4-2)
  Binary-package: digitaldj (0.7.5-6+b1)
  Binary-package: xastir (1.9.2-1)
  Binary-package: aview (1.3.0rc1-8)
  Binary-package: xcal (4.1-18.3)
- Binary-package: plait (1.5.2-1)
  Binary-package: mgt (2.31-5)
  Binary-package: sng (1.0.2-5)
  Binary-package: cdcontrol (1.90-1.1)
  Binary-package: apertium (3.0.7+1-1+b1)
+ Binary-package: rccp (0.9-2)
+ Binary-package: xmcd (2.6-19.3)
  Binary-package: xsabre (0.2.4b-23)
  Binary-package: realtimebattle-common (1.0.8-2)
 
@@ -101,6 +94,13 @@
  Binary-package: postfix (2.5.2-2)
  Binary-package: tiger (1:3.2.2-3.1)
  Binary-package: linuxtrade (3.65-8+b4)
+ Binary-package: arb-common (0.0.20071207.1-4)
+ Binary-package: scratchbox2 (1.99.0.24-1)
+ Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
+ Binary-package: firehol (1.256-4)
+ Binary-package: mafft (6.240-1)
+ Binary-package: liguidsoap (0.3.6-4)
+ Binary-package: ampache (3.4.1-1)

More information about the Secure-testing-commits mailing list