[Secure-testing-commits] r9975 - / data data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Fri Oct 3 19:28:49 UTC 2008
Author: jmm-guest
Date: 2008-10-03 19:28:48 +0000 (Fri, 03 Oct 2008)
New Revision: 9975
Modified:
data/CVE/list
data/spu-candidates.txt
tmp.txt
Log:
more temp triage
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-03 19:15:00 UTC (rev 9974)
+++ data/CVE/list 2008-10-03 19:28:48 UTC (rev 9975)
@@ -1,3 +1,9 @@
+CVE-2008-XXXX [netmrg: insecure temp file]
+ - netmrg 0.20-2 (low; bug #496384)
+ [etch] - netmrg <no-dsa> (Minor issue)
+CVE-2008-XXXX [impose+: insecure temp file]
+ - impose+ 1.8-11.2 (low; bug #496435)
+ [etch] - impose+ <no-dsa> (Minor issue)
CVE-2008-XXXX [konwert: insecure temp file]
- konwert 1.8-11.2 (low; bug #496379)
[etch] - konwert <no-dsa> (Minor issue)
@@ -457,6 +463,7 @@
- cman <unfixed> (bug #496410; low)
CVE-2008-4191 (extract-table.pl in Emacspeak 26 and 28 allows local users to ...)
- emacspeak 28.0-2 (bug #496431; low)
+ [etch] - emacspeak <no-dsa> (Minor issue)
CVE-2008-4190 (The IPSEC livetest tool in Openswan 2.4.4 and earlier allows local ...)
- openswan 1:2.4.12+dfsg-1.3 (bug #496374; low)
CVE-2008-XXXX [jumpnbump: insecure temp file]
@@ -1485,6 +1492,7 @@
NOT-FOR-US: Active PHP Bookmarks
CVE-2008-XXXX [emacs-jabber: insecure temp files]
- emacs-jabber 0.7.91-2 (low; bug #496428)
+ [etch] - emacs-jabber <no-dsa> (Minor issue)
CVE-2008-XXXX [xastir: insecure temp files]
- xastir 1.9.2-1.1 (low; bug #496383)
[etch] - xastir <no-dsa> (Minor issue)
@@ -1500,6 +1508,7 @@
- convirt <unfixed> (medium; bug #496419)
CVE-2008-XXXX [audiolink: insecure temp files]
- audiolink 0.05-1.1 (low; bug #496433)
+ [etch] - audiolink <no-dsa> (Minor issue)
CVE-2008-XXXX [lmbench: insecure temp files]
- lmbench <unfixed> (low; bug #496427)
[etch] - lmbench <no-dsa> (Non-free not supported)
@@ -1507,6 +1516,7 @@
- newsgate <removed> (low; bug #496437)
CVE-2008-XXXX [myspell: insecure temp files]
- myspell 1:3.0+pre3.1-21 (low; bug #496392)
+ [etch] - myspell <no-dsa> (Minor issue)
CVE-2008-XXXX [insecure temp file in ogle]
- ogle <unfixed> (unimportant; bug #496420; bug #496425)
NOTE: This only affects debugging scripts not present in standard path
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2008-10-03 19:15:00 UTC (rev 9974)
+++ data/spu-candidates.txt 2008-10-03 19:28:48 UTC (rev 9975)
@@ -23,6 +23,11 @@
--
+audiolink
+#496433
+
+--
+
aview
#496422
notified maintainer
@@ -108,6 +113,16 @@
--
+emacs-jabber
+#496428
+
+--
+
+emacspeak (CVE-2008-4191)
+#496431
+
+--
+
exiv2 (CVE-2008-2696)
bug #486328)
http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
@@ -215,6 +230,11 @@
#447753
notified maintainer
+--
+
+myspell
+#496392
+
---
ngircd (CVE-2008-0285)
Modified: tmp.txt
===================================================================
--- tmp.txt 2008-10-03 19:15:00 UTC (rev 9974)
+++ tmp.txt 2008-10-03 19:28:48 UTC (rev 9975)
@@ -18,6 +18,8 @@
Packages for which Dmitry didn't file a bug so far:
Binary-package: datafreedom-perl (0.1.7-1)
Binary-package: printfilters-ppd (2.13-9)
+ Binary-package: initramfs-tools (0.92f)
+ Binary-package: sendmail-base (8.14.3-5)
Binary-package: lustre-tests (1.6.5-1)
@@ -26,16 +28,11 @@
Binary-package: rkhunter (1.3.2-3)
Binary-package: openswan (1:2.4.12+dfsg-1.1)
Binary-package: gpsdrive-scripts (2.10~pre4-3)
- Binary-package: impose+ (0.2-11)
- Binary-package: audiolink (0.05-1)
Binary-package: ibackup (2.27-4.1)
- Binary-package: emacspeak (26.0-3)
- Binary-package: emacs-jabber (0.7.91-1)
Binary-package: rancid-util (2.3.2~a8-1)
Binary-package: r-base-core (2.7.1-1)
Binary-package: dpkg-cross (2.3.0)
Binary-package: ltp-network-test (20060918-2.1)
- Binary-package: sendmail-base (8.14.3-5)
Binary-package: fwbuilder (2.1.19-3)
Binary-package: dist (1:3.5-17-1)
Binary-package: sympa (5.3.4-5)
@@ -43,10 +40,7 @@
Binary-package: aegis (4.24-3)
Binary-package: aegis-web (4.24-3)
Binary-package: qemu (0.9.1-5)
- Binary-package: myspell-tools (1:3.1-20)
Binary-package: gccxml (0.9.0+cvs20080525-1)
- Binary-package: initramfs-tools (0.92f)
- Binary-package: netmrg (0.20-1)
Binary-package: bulmages-servers (0.11.1-2)
Binary-package: caudium (3:1.4.12-11)
@@ -78,8 +72,13 @@
Binary-package: crossfire-maps (1.11.0-1)
Binary-package: sgml2x (1.0.0-11.1)
Binary-package: xen-utils-3.2-1 (3.2.1-2)
+ Binary-package: myspell-tools (1:3.1-20)
+ Binary-package: emacs-jabber (0.7.91-1)
+ Binary-package: audiolink (0.05-1)
+ Binary-package: impose+ (0.2-11)
+ Binary-package: emacspeak (26.0-3)
+ Binary-package: netmrg (0.20-1)
-
Non-issues (not exploitable, only examples or very exotic use cases,
e.g. only exploitable when debugging a certain option, not present
in Etch or only exploitable during package build time):
More information about the Secure-testing-commits
mailing list