[Secure-testing-commits] r25333 - data/CVE org

Raphael Geissert atomo64-guest at moszumanska.debian.org
Thu Jan 23 09:59:57 UTC 2014 

Author: atomo64-guest
Date: 2014-01-23 09:59:57 +0000 (Thu, 23 Jan 2014)
New Revision: 25333

Modified:
   data/CVE/list
   org/agenda-2014.txt
Log:
A few more items for the agenda


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-01-23 09:45:21 UTC (rev 25332)
+++ data/CVE/list	2014-01-23 09:59:57 UTC (rev 25333)
@@ -10689,7 +10689,7 @@
 CVE-2013-4215 [IPXPING_COMMAND uses fixed location in /tmp]
 	RESERVED
 	- nagios-plugins <unfixed> (unimportant)
-	NOTE: vulnerable code present, but check_ipxping not build and installed
+	NOTE: vulnerable code present, but check_ipxping is neither built nor installed
 CVE-2013-4214 (rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when ...)
 	- nagios3 3.5.1-1 (low; bug #719056)
 	[wheezy] - nagios3 <no-dsa> (Minor issue)

Modified: org/agenda-2014.txt
===================================================================
--- org/agenda-2014.txt	2014-01-23 09:45:21 UTC (rev 25332)
+++ org/agenda-2014.txt	2014-01-23 09:59:57 UTC (rev 25333)
@@ -50,6 +50,13 @@
 - Support for consistency checks on source package names, e.g linux-2.6/linux
   or all of the ruby packages
 
+- Version consistency checks, like an issue being marked as fixed in x.z and
+  not affecting stable, yet stable has x.y.
+
+- Keeping information about older, archived, releases? related to the above
+  point about consistency checks on source package names: should be possible
+  to say a package was renamed from foo to bar.
+
 Infrastructure
 ==============
 
@@ -75,6 +82,10 @@
 
 - Compile a list of problemtic packages in jessie for the release team
 
+  + What to do with OpenJDK? best-effort + dropping icedtea-web?
+    Ubuntu is also questioning the support:
+    https://lists.ubuntu.com/archives/ubuntu-devel/2014-January/037991.html
+
 Distribution hardening
 ======================
 
@@ -90,6 +101,8 @@
 
   - hidepid by default
 
+  - heap protection experiment for some packages? (e.g. mcheck)
+
 - mount flags and default partitioning
 
 - default open ports
@@ -98,6 +111,8 @@
 
 - Require fs.protected_symlinks? (enabled by default in Wheezy, kfreebsd doesn't support it)
 
+- Disabling rare codecs/stuff by default.
+
 LTS
 ===

More information about the Secure-testing-commits mailing list