some cleanup, removing etch (and older or unmaintained) stuff

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@15401 e39458fd-73e7-0310-bf30-c45bca0a0e42

4 files changed, 3 insertions, 1021 deletions

diff --git a/data/open-issues.txt b/data/open-issues.txt
deleted file mode 100644
index 9e7b5cff04..0000000000
--- a/data/open-issues.txt
+++ /dev/null
@@ -1,32 +0,0 @@
-=== none
-
-From the graphicsmagick 1.1.7-1 upload:
-
-   * magick/constitute.c: Apply upstream fix for potential NULL pointer
-     dereference in ReadImage().
-
-Does this have a CVE name?
-Does it affect imagemagick?
-
-=== jmm
-
-tikiwiki has been uploaded to the archive a month ago. All previous issues
-in it should be reviewed, whether they're fixed and CVE/list updated
-accordingly.
-
-=== none
-
-From the freewheeling 0.5pre4-5 upload:
- .
-   * Fixes various gcc-4.0 warnings (uninitialised variables, non-void
-     functions never returning, wrong printf format strings)
-   * Fixed 2 buffer overflows in fweelin_core_dsp.cc
-
-Are any of these exploitable issues?
-
-=== none
-
-ffmpeg creates libavcodec only statically. It should be evaluated if there's
-really a compelling reason, as it requires massive recompiles for every security
-update. If upstream is reluctant this could be done locally for Etch at least.
-
diff --git a/data/ospu-candidates.txt b/data/ospu-candidates.txt
index b0f5b4bd74..a5a58cb93a 100644
--- a/data/ospu-candidates.txt
+++ b/data/ospu-candidates.txt
@@ -2,967 +2,3 @@ This file records minor security issues, which do not warrant a DSA,
 but which could be fixed in a oldstable point update if people feel like
 it. If someone wants to address these, please add a note about it
 and get in contact with debian-release@lists.debian.org
-
---
-
-acidbase (CVE-2007-5578)
-notified maintainer
-
---
-
-aegis (CVE-2008-4938)
-#496400
-notified maintainer
-
---
-
-apertium (CVE-2008-4939)
-#496395
-notified maintainer
-
---
-
-asterisk (CVE-2009-0041)
-#513413
-notified maintainer
-
-CVE-2008-3903
-#522528
-notified maintainer
-
---
-
-audacity (CVE-2007-6061)
-http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
-notified maintainer
-
---
-
-auctex (no CVE)
-#506961
-notified maintainer
-
---
-
-audiolink (CVE-2008-4942)
-#496433
-notified maintainer
-
---
-
-avahi (CVE-2009-0758)
-#517683
-notified maintainer
-
---
-
-aview (CVE-2008-4935)
-#496422
-notified maintainer
-
---
-
-backuppc (CVE-2009-3369)
-#542218
-notified maintainer
-
---
-
-beagle (CVE-2005-4791)
-notified maintainer
-
---
-
-blam (CVE-2005-4791)
-notified maintainer
-
---
-
-bluez-libs/bluez-utils (CVE-2008-2374)
-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
-notified maintainer
-
---
-
-boost (CVE-2008-0172/CVE-2008-0171)
-#461236
-notified maintainer
-
---
-
-bugzilla (CVE-2008-2103)
-#480190
-notified maintainer
-
-CVE-2008-4437
-#502019
-notified maintainer
-
-bugzilla (CVE-2009-0481 to CVE-2009-0485)
-notified maintainer
-
---
-
-burn: (no CVE yet)
-#542329
-notified maintainer through bug report
-
---
-
-byacc (CVE-2008-3196)
-#491182
-notified maintainer
-
---
-
-bzip2 (CVE-2008-1372)
-#471670
-Maintainer has been notified
-
---
-
-cdcontrol
-#496438
-notified maintainer
-
---
-
-cdrw-taper (CVE-2008-4945)
-#496380 
-notified maintainer
-
---
-
-cecilia (CVE-2008-1832)
-#476321
-notified maintainer
-
---
-
-chillispot
-#500181
-notified maintainer
-
---
-
-comix (CVE-2008-1568)
-#462840
-notified maintainer
-
---
-
-cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
-#528434
-notified maintainer
-
---
-
-cupsys (CVE-2008-5377)
-notified maintainer
-
---
-
-cyrus-sasl2 (no CVE)
-#465561
-notified maintainer
-
---
-
-devil (CVE-2009-3994)
-#560080
-notified maintainer
-
---
-
-dia (CVE-2008-5984)
-#504251
-notified maintainer
-
---
-
-digitaldj (CVE-2008-4948)
-#496399
-notified maintainer
-
---
-
-dopewars (CVE-2009-3591)
-#550913
-notified maintainer
-
---
-
-dstat (CVE-2009-3894)
-http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
-notified maintainer
-
-dstat (CVE-2009-4081)
-#559667
-notified maintainer
-
---
-
-ed (CVE-2008-3916)
-Fix from 0.7-2
-notified maintainer
-
---
-
-emacs21 (CVE-2007-6109/CVE-2008-1694)
-bug #455433, bug #476612
-notified maintainer
-
-emacs21 (CVE-2008-2142)
-bug #480877
-notified maintainer
-
---
-
-emacs-jabber (CVE-2008-4952)
-#496428
-notified maintainer
-
---
-
-emacspeak (CVE-2008-4191)
-#496431
-notified maintainer
-
---
-
-epiphany-browser (CVE-2008-5985)
-#504363
-notified maintainer
-
---
-
-evolution (CVE-2008-1108, CVE-2008-1109)
-#484639
-notified maintainer
-
-evolution (no CVE)
-#484639
-notified maintainer
-
-evolution (CVE-2009-1631)
-#526409
-notified maintainer through initial bugreport
-
---
-
-exiv2 (CVE-2008-2696)
-bug #486328
-http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
-notified maintainer
-
---
-
-flac123 (CVE-2007-3507)
-notified maintainer
-
---
-
-fml (CVE-2008-4954)
-#496370
-notified maintainer
-
---
-
-freeradius (CVE-2008-4474)
-#496489
-notified maintainer
-
---
-
-fwbuilder (CVE-2008-4956)
-#496406
-notified maintainer
-
---
-
-gedit (CVE-2009-0314)
-#513513
-notified maintainer
-
---
-
-gdrae
-#496378
-notified maintainer
-
---
-
-glib2.0 (CVE-2009-3289)
-https://bugzilla.gnome.org/show_bug.cgi?id=593406
-notified maintainer
-
---
-
-gmanedit (CVE-2008-3971)
-#497835
-notified maintainer
-
---
-
-gnutls13 (CVE-2009-1417)
-#531614
-notified maintainer
-
---
-
-gpsdrive (CVE-2008-5704, CVE-2008-5703, CVE-2008-5380)
-#496436, #508597, #508595
-notified maintainer
-
---
-
-gri (no CVE)
-fixed in gri 2.12.18-1:
-"Improve security when creating temporary files."
-notified maintainer
-
---
-
-hplip (CVE-2008-2940/CVE-2008-2941)
-#499842
-notified maintainer
-
---
-
-htmldoc (CVE-2009-3050)
-#537637
-notified maintainer through initial bugreport
-
---
-
-hypre (CVE-2009-3736)
-#559834
-notified maintainer
-
---
-
-ipsec-tools (CVE-2008-3651)
-http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
-notified maintainer
-
-ipsec-tools (CVE-2008-3652)
-#501026
-https://bugzilla.redhat.com/show_bug.cgi?id=456660
-notified maintainer
-
---
-
-kaya (CVE-2008-6428)
-notified maintainer
-
---
-
-konwert (CVE-2008-4964)
-#496379
-notified maintainer
-
---
-
-lcms (CVE-2009-0793)
-notified maintainer through initial bugreport
-
---
-
-libapache2-mod-perl2 (CVE-2007-1349)
-http://svn.apache.org/viewvc?view=rev&revision=521584
-#433549
-notified maintainer
-
---
-
-libpam-ssh (CVE-2007-0844)
-#410236
-notified maintainer
-
---
-
-libsamplerate (CVE-2008-5008)
-https://bugzilla.redhat.com/attachment.cgi?id=323069
-notified maintainer
-
---
-libsndfile
-potential dos via crafted input
-#530831
-
---
-
-libpam-ssh (CVE-2009-1273)
-#535877
-maintainer notified through initial bug report
-
---
-
-libpng (CVE-2008-1382)
-#476669
-notified maintainer
-
-libpng (CVE-2009-2042)
-#533676
-notified maintainer
-
---
-
-libvorbis (CVE-2008-2009)
-notified maintainer and release team
-
---
-
-liferea (CVE-2005-4791)
-notified maintainer
-
---
-
-lighttpd (CVE-2007-3948)
-#434888
-Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
-http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
-http://trac.lighttpd.net/trac/ticket/1216
-notified maintainer
-
---
-
-links2 (CVE-2008-3329)
-bug #492744
-notified maintainer
-
---
-
-linux-ftpd (CVE-2008-4247)
-#500278
-notified maintainer
-
---
-
-linux-ftpd-ssl (CVE-2007-6263)
-#454733
-notified maintainer
-
---
-
-mailscanner (CVE-2008-5312, CVE-2008-5313)
-#506353
-notified maintainer
-
---
-
-mecab (CVE-2007-3231)
-#429174
-notified maintainer
-
---
-
-mercurial (CVE-2008-4297)
-#500781
-notified maintainer
-
---
-
-mgetty (CVE-2008-4936)
-#496403
-notified maintainer
-
---
-
-mgt
-#496434
-notified maintainer
-
---
-
-memcached (CVE-2009-1255)
-bug #527330
-notified maintainer
-
---
-
-mimedecode
-potential dos/crash due to invalid input
-#530430
-orphaned
-
---
-
-mksh (CVE-2008-1845)
-notified maintainer
-
---
-
-mldonkey (CVE-2007-4100)
-#435439
-notified maintainer
-
---
-
-mnogosearch (CVE-2007-5588)
-#447753
-notified maintainer
-
---
-
-motion (CVE-2008-2654)
-#484572
-notified maintainer
-
---
-
-mpg123 (CVE-2009-1301)
-notified maintainer
-
---
-
-multi-gnome-terminal (CVE-2008-5143)
-notified maintainer
-
---
-
-myspell
-#496392
-notified maintainer
-
---
-
-neon (CVE-2009-2474)
-#542926 
-notified maintainer
-
---
-
-neon26 (CVE-2009-2474)
-#542926
-notified maintainer
-
---
-
-net-snmp (CVE-2008-6123)
-Noah will see to it.
-
---
-
-network-manager (CVE-2009-4144)
-#560067
-notified maintainer through initial bugreport
-
-CVE-2009-4145
-#563371
-notified maintainer through initial bugreport
-
---
-
-nfs-utils (CVE-2008-4552)
-notified maintainer
-
---
-
-ngircd (CVE-2008-0285)
-notified maintainer
-
---
-
-ntop (CVE-2009-2732)
-#543312
-notified maintainer through initial bugreport
-
---
-
-nvi
-#496462
-notified maintainer
-
---
-
-openldap
-#253838
-notified maintainer
-
---
-
-overkill (no CVE yet)
-#549310
-
---
-
-owl (CVE-2009-0363)
-#515118
-notified maintainer
-
---
-
-p3nfs (CVE-2008-5154)
-bug #506270
-notified maintainer
-
---
-
-pam (CVE-2009-0579)
-#514437
-asked maintainer in mail
-
---
-
-paramiko (CVE-2008-0299)
-#460706
-notified maintainer
-
---
-
-planet (CVE-2009-2937)
-bug #546178
-notified maintainer through initial bugreport
-
---
-
-postfix (CVE-2009-2939)
-notified maintainer
-
-postfix (CVE-2008-2937)
-notified maintainer
-
---
-
-pptp-linux (no CVE)
-#523476
-Ola will prepare a fix in a point update
-
---
-
-puppet (CVE-2009-3564)
-#551073
-notified maintainer in initial bug report
-
---
-
-python-4suite (CVE-2009-3560, CVE-2009-3720)
-#560914
-notified maintainer
-
---
-
-python2.4 (CVE-2008-4864, CVE-2008-5031)
-#504620
-notified maintainer
-
-python2.5 (CVE-2008-4864, CVE-2008-5031)
-#504619
-notified maintainer
-
---
-
-r-base (CVE-2008-3931)
-#496418
-notified maintainer
-
---
-
-rails (CVE-2009-3086)
-bug #545063
-notified maintainer
-
---
-
-rancid (CVE-2008-4979)
-#496426
-notified maintainer
-
---
-
-rccp (CVE-2008-4980)
-#496364
-notified maintainer
-
---
-
-realtimebattle (CVE-2008-4981)
-#496385
-notified maintainer
-
---
-
-redhat-cluster (CVE-2008-4192, CVE-2008-4579, CVE-2008-4580)
-#496410
-notified maintainer
-
---
-
-rkhunter (CVE-2008-4982)
-#496375
-notified maintainer
-
---
-
-rsync (CVE-2007-6200)
-#453652
-notified maintainer
-
---
-
-sabre (CVE-2008-4406, CVE-2008-4407)
-#433996
-notified maintainer
-
---
-
-scilab (CVE-2008-4983)
-#496414
-notified maintainer
-
---
-
-sgml2x (CVE-2008-6397)
-#496368
-notified maintainer
-
---
-
-sip-tester (CVE-2008-1959, CVE-2008-2085)
-#479039
-notified maintainer
-
---
-
-slocate (CVE-2007-0227)
-#411937
-notified maintainer
-
---
-
-smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
-notified maintainer
-
---
-
-sng
-#496407
-notified maintainer
-
---
-
-squid (CVE-2009-0801)
-#521053
-
---
-
-squid3 (CVE-2009-0801)
-#521052
-
---
-
-ssmtp (CVE-2008-3962)
-#498366
-notified maintainer
-
---
-
-sylpheed (CVE-2007-2958)
-#441854
-http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
-notified maintainer
-
---
-
-sympa (CVE-2008-4476)
-#496405; bug #494969
-notified maintainer
-
---
-
-tau (CVE-2008-5157)
-#506348
-notified maintainer
-
---
-
-tcl8.3/tcl8.4 (CVE-2007-4772)
-notified maintainer
-
-tcl8.3/tcl8.4 (CVE-2007-6067)
-notified maintainer
-
---
-
-tetex-bin (CVE-2009-1284)
-#520920
-https://bugzilla.redhat.com/show_bug.cgi?id=492136
-
---
-
-texlive-bin (CVE-2007-5935 CVE-2007-5936 CVE-2007-5937)
-notified maintainer
-
---
-
-tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
-#465643
-notified maintainer
-
---
-
-tomboy (CVE-2005-4790)
-notified maintainer
-
---
-
-tqsllib 2.0-8 (CVE-2009-0124)
-#511509
-notified maintainer
-
---
-
-trac (CVE-2008-5646 CVE-2008-5647)
-#509342, #505197
-notified maintainer
-
---
-
-trickle (CVE-2009-0415)
-#513456
-notified maintainer
-
---
-
-udev
-#462655
-notified maintainer
-
---
-
-unp (CVE-2007-6610)
-#448437
-notified maintainer
-
---
-
-vobcopy (CVE-2007-5718)
-bug #448319
-notified maintainer
-
---
-
-wdiff [insecure tempfile in wdiff]
-bug #425254
-notified maintainer
-
---
-
-wims (CVE-2008-4986)
-#496387
-notified maintainer
-
---
-
-wyrd (CVE-2008-0806)
-bug #466382
-notified maintainer
-
---
-
-xastir (CVE-2008-4987)
-#496383
-notified maintainer
-
---
-
-xcal (CVE-2008-4988)
-#496393
-notified maintainer
-
---
-
-xcftools (CVE-2009-2175)
-#533361
-orphaned
-Jan Hauke Rahm will prepare a package for stable and oldstable (#533361)
-
---
-
-xchat (CVE-2009-0315)
-#513509
-notified maintainer
-
---
-
-xemacs21 (CVE-2007-6109/CVE-2008-1694)
-bug #457764, bug #476613
-notified maintainer
-
-xemacs21 (CVE-2008-2142)
-bug #480877
-notified maintainer
-
-xemacs21 (CVE-2009-2688)
-#540470
-Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
-notified maintainer
-
---
-
-xen-3 (CVE-2008-4993)
-#496367
-notified maintainer
-
---
-
-xerces-c2 (CVE-2009-1885)
-#541986
-notified maintainer
-
---
-
-xerces27 (CVE-2009-1885)
-notified maintainer
-
---
-
-xfce4 (CVE-2007-6351 CVE-2007-6352)
-notified maintainer
-
---
-
-xfig
-25_mkstemp added in 1:3.2.5.a-1
-notified maintainer
-
-
-CVE-2009-4228/CVE-2009-4227
-#559274)
-https://bugzilla.redhat.com/show_bug.cgi?id=543905
-
---
-
-xmcd (CVE-2008-4994)
-#496416
-notified maintainer
-
---
-
-xmp (CVE-2007-6731, CVE-2007-6732)
-#546730
-
---
-
-xscreensaver (no CVE)
-#539699
-notified maintainer
-
---
-
-zabbix (CVE-2008-1353)
-bug #471678
-notified maintainer
-
---
-
-zope-cmfplone (CVE-2008-1394)
-notified maintainer
-
---
-
-zsh (CVE-2007-6209)
-bug #454073)
-notified maintainer
-
diff --git a/data/package-tags b/data/package-tags
index a8df02fca4..f89051f82f 100644
--- a/data/package-tags
+++ b/data/package-tags
@@ -1,32 +1,22 @@
 # In this file we keep the debtags for packages in "main"
 # where special conditions apply
 
-[etch] kfreebsd-5 <unsupported> (FreeBSD not yet supported)
 [lenny] kfreebsd-6 <unsupported> (FreeBSD not yet supported)
 [lenny] kfreebsd-7 <unsupported> (FreeBSD not yet supported)
 
-[etch] iceweasel <unsupported> (Support was dropped for oldstable)
-[etch] xulrunner <unsupported> (Support was dropped for oldstable)
-[etch] icedove <unsupported> (Support was dropped for oldstable)
-
-[etch] sql-ledger <limited-support> (Only supported behind an authenticated HTTP zone)
 [lenny] sql-ledger <limited-support> (Only supported behind an authenticated HTTP zone)
 [squeeze] sql-ledger <limited-support> (Only supported behind an authenticated HTTP zone)
 
-[etch] php5 <limited-support> (See README.Debian.security for the PHP security policy)
-[etch] php4 <limited-support> (See README.Debian.security for the PHP security policy)
 [lenny] php5 <limited-support> (See README.Debian.security for the PHP security policy)
-[etch] adns <limited-support> (Stub resolver that should only be used with trusted recursors)
+[squeeze] php5 <limited-support> (See README.Debian.security for the PHP security policy)
+
 [lenny] adns <limited-support> (Stub resolver that should only be used with trusted recursors)
 
-[etch] ltp <limited-support> (Testsuite, only supported on non-production non-multiuser systems)
 [lenny] ltp <limited-support> (Testsuite, only supported on non-production non-multiuser systems)
+[squeeze] ltp <limited-support> (Testsuite, only supported on non-production non-multiuser systems)
 
 [sid] vmware-package <unsupported> (Only a build script for native upstream tarballs, not supported)
 
-[etch] rails <unsupported> (Unusable, should be removed)
-
-[etch] clamav <unsupported> (No signature updates anymore, should be taken from volatile)
 [lenny] clamav <unsupported> (No signature updates anymore, should be taken from volatile)
 
 [sid] kompozer <unsupported> (vulnerable to all xulrunner issues, but intended use is not for untrusted or networked sources)
@@ -35,13 +25,9 @@
 [lenny] ocsinventory-server <limited-support> (Only supported behind an authenticated HTTP zone)
 [squeeze] ocsinventory-server <limited-support> (Only supported behind an authenticated HTTP zone)
 
-[etch] asterisk <unsupported> (Support was dropped for oldstable)
-
-[etch] wireshark <limited-support> (Not suitable for network monitoring / intrusion detection, DoS issues fixed with low priority through point updates)
 [lenny] wireshark <limited-support> (Not suitable for network monitoring / intrusion detection, DoS issues fixed with low priority through point updates)
 [squeeze] wireshark <limited-support> (Not suitable for network monitoring / intrusion detection, DoS issues fixed with low priority through point updates)
 
-[etch] acidbase <limited-support> (Only supported behind an authenticated HTTP zone for trusted users)
 [lenny] acidbase <limited-support> (Only supported behind an authenticated HTTP zone for trusted users)
 [squeeze] acidbase <limited-support> (Only supported behind an authenticated HTTP zone for trusted users)
 
diff --git a/data/resources b/data/resources
deleted file mode 100644
index 9c8c537596..0000000000
--- a/data/resources
+++ /dev/null
@@ -1,8 +0,0 @@
-Full CVE lists:
-http://cve.mitre.org/data/downloads/
-
-CVEs that do not affect sarge (maintained by regular security team):
-http://www.debian.org/security/nonvulns-sarge
-
-Ultra Monkey kernel security database:
-http://www.ultramonkey.org/bugs/cve/