[Secure-testing-commits] r9976 - / data data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Fri Oct 3 19:57:43 UTC 2008
Author: jmm-guest
Date: 2008-10-03 19:57:41 +0000 (Fri, 03 Oct 2008)
New Revision: 9976
Modified:
data/CVE/list
data/spu-candidates.txt
tmp.txt
Log:
more SPUs
bulmages not in etch
some bugs were already archived, which initially confused me
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-03 19:28:48 UTC (rev 9975)
+++ data/CVE/list 2008-10-03 19:57:41 UTC (rev 9976)
@@ -1,3 +1,12 @@
+CVE-2008-XXXX [bulmages: insecure temp file]
+ - bulmages <unfixed> (low; bug #496382)
+ NOTE: Only present in example scripts
+CVE-2008-XXXX [printfilters-ppd: insecure temp file]
+ - printfilters-ppd <unfixed> (unimportant; bug #496417)
+ NOTE: Only exploitable when modifying master-filter by hand
+CVE-2008-XXXX [freevo: insecure temp file]
+ - freevo <unfixed> (unimportant; bug #496373)
+ NOTE: Only exploitable when modifying script by hand
CVE-2008-XXXX [netmrg: insecure temp file]
- netmrg 0.20-2 (low; bug #496384)
[etch] - netmrg <no-dsa> (Minor issue)
@@ -471,8 +480,10 @@
[etch] - jumpnbump <no-dsa> (Minor issue)
CVE-2008-XXXX [gpsdrive: insecure temp file]
- gpsdrive 2.10~pre4-6.dfsg-1 (low; bug #496436)
+ [etch] - gpsdrive <no-dsa> (Minor issue)
CVE-2008-XXXX [dist: insecure temp file]
- dist 1:3.5-17-2 (low; bug #496412)
+ [etch] - dist <no-dsa> (Minor issue)
CVE-2008-XXXX [lustre: insecure temp files]
- lustre 1.6.5.1-1 (low; bug #496371)
CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, and NetBSD 4.0 interprets long ...)
@@ -1578,6 +1589,7 @@
[etch] - xcal <no-dsa> (Minor issue)
CVE-2008-XXXX [r-base: insecure temp file]
- r-base 2.7.2-1 (low; bug #496418)
+ [etch] - r-base <no-dsa> (Minor issue)
- r-base-core-ra 1.1.1-2 (low; bug #496363)
[lenny] - r-base 2.7.1-1+lenny1
CVE-2008-3791 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop ...)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2008-10-03 19:28:48 UTC (rev 9975)
+++ data/spu-candidates.txt 2008-10-03 19:57:41 UTC (rev 9976)
@@ -103,6 +103,11 @@
--
+dist
+#496412
+
+--
+
emacs21 (CVE-2007-6109/CVE-2008-1694)
bug #455433, bug #476612
notified maintainer
@@ -141,6 +146,11 @@
--
+gpsdrive
+#496436
+
+--
+
ipsec-tools (CVE-2008-3651)
http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
notified maintainer
@@ -255,6 +265,11 @@
--
+r-base
+#496418
+
+--
+
rccp
#496364
notified maintainer
Modified: tmp.txt
===================================================================
--- tmp.txt 2008-10-03 19:28:48 UTC (rev 9975)
+++ tmp.txt 2008-10-03 19:57:41 UTC (rev 9976)
@@ -15,33 +15,20 @@
a point update, oss-security should be better than a CNA pool since
there's a risk of collisions
-Packages for which Dmitry didn't file a bug so far:
- Binary-package: datafreedom-perl (0.1.7-1)
- Binary-package: printfilters-ppd (2.13-9)
- Binary-package: initramfs-tools (0.92f)
- Binary-package: sendmail-base (8.14.3-5)
-
-
Binary-package: lustre-tests (1.6.5-1)
- Binary-package: freevo (1.8.1-0)
Binary-package: fml (4.0.3.dfsg-2)
Binary-package: rkhunter (1.3.2-3)
Binary-package: openswan (1:2.4.12+dfsg-1.1)
- Binary-package: gpsdrive-scripts (2.10~pre4-3)
Binary-package: ibackup (2.27-4.1)
Binary-package: rancid-util (2.3.2~a8-1)
- Binary-package: r-base-core (2.7.1-1)
- Binary-package: dpkg-cross (2.3.0)
Binary-package: ltp-network-test (20060918-2.1)
Binary-package: fwbuilder (2.1.19-3)
- Binary-package: dist (1:3.5-17-1)
Binary-package: sympa (5.3.4-5)
Binary-package: mgetty-fax (1.1.36-1.2)
Binary-package: aegis (4.24-3)
Binary-package: aegis-web (4.24-3)
Binary-package: qemu (0.9.1-5)
Binary-package: gccxml (0.9.0+cvs20080525-1)
- Binary-package: bulmages-servers (0.11.1-2)
Binary-package: caudium (3:1.4.12-11)
@@ -78,6 +65,9 @@
Binary-package: impose+ (0.2-11)
Binary-package: emacspeak (26.0-3)
Binary-package: netmrg (0.20-1)
+ Binary-package: r-base-core (2.7.1-1)
+ Binary-package: dist (1:3.5-17-1)
+ Binary-package: gpsdrive-scripts (2.10~pre4-3)
Non-issues (not exploitable, only examples or very exotic use cases,
e.g. only exploitable when debugging a certain option, not present
@@ -97,6 +87,12 @@
Binary-package: ampache (3.4.1-1)
Binary-package: scilab-bin (4.1.2-5)
Binary-package: bk2site (1:1.1.9-3.1)
+ Binary-package: freevo (1.8.1-0)
+ Binary-package: dpkg-cross (2.3.0)
+ Binary-package: initramfs-tools (0.92f)
+ Binary-package: datafreedom-perl (0.1.7-1)
+ Binary-package: printfilters-ppd (2.13-9)
+ Binary-package: sendmail-base (8.14.3-5)
More information about the Secure-testing-commits
mailing list