diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2008-10-01 20:55:30 +0000 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2008-10-01 20:55:30 +0000 |
| commit | a53b4d6e5df205bdde4abd6f54608c7f669cd271 (patch) | |
| tree | 6ba51dde64668b5d4afd8d8176d1ddb80b118486 /tmp.txt | |
| parent | 71ee6e953a1dc2e869c2ccf0a2f4dfbb4acaa49c (diff) | |
add a new file to coordinate the temp file issue mass bug filing
for Etch, help is welcome
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@9926 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'tmp.txt')
| -rw-r--r-- | tmp.txt | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/tmp.txt b/tmp.txt new file mode 100644 index 0000000000..947d15280f --- /dev/null +++ b/tmp.txt @@ -0,0 +1,124 @@ +- Make sure the issue is tracked in the tracker +- Criteria for potential DSA: Typically used as root, typically used + on multiuser system, non-fringe, real world use case (i.e no debug, + no examples) +- This is the initial batch reported by Dmitry, but there might have + been followups? We should check this, I haven't caught up with + mail backlog +- While some issues might not warrant a DSA for Etch, we should be + a little more aggressive on maintainters not following up for + Lenny and rather go for removal in such cases +- Since stable updates can be made by any DD we could also advertise + this on debian-devel to find a volunteer if the respective + maintainers are too busy +- I think we only need CVE IDs for issues fixed in a DSA or through + a point update, oss-security should be better than a CNA pool since + there's a risk of collisions + + Binary-package: r-base-core-ra (1.1.1-1) + Binary-package: rccp (0.9-2) + Binary-package: mafft (6.240-1) + Binary-package: crossfire-maps (1.11.0-1) + Binary-package: sgml2x (1.0.0-11.1) + Binary-package: liguidsoap (0.3.6-4) + Binary-package: citadel-server (7.37-1) + Binary-package: ampache (3.4.1-1) + Binary-package: xen-utils-3.2-1 (3.2.1-2) + Binary-package: dtc-common (0.29.6-1) + Binary-package: honeyd-common (1.5c-3) + Binary-package: lustre-tests (1.6.5-1) + Binary-package: linuxtrade (3.65-8+b4) + Binary-package: freevo (1.8.1-0) + Binary-package: fml (4.0.3.dfsg-2) + Binary-package: rkhunter (1.3.2-3) + Binary-package: openswan (1:2.4.12+dfsg-1.1) + Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) + Binary-package: aptoncd (0.1-1.1) + Binary-package: cdcontrol (1.90-1.1) + Binary-package: newsgate (1.6-23) + Binary-package: gpsdrive-scripts (2.10~pre4-3) + Binary-package: impose+ (0.2-11) + Binary-package: mgt (2.31-5) + Binary-package: audiolink (0.05-1) + Binary-package: ibackup (2.27-4.1) + Binary-package: emacspeak (26.0-3) + Binary-package: bk2site (1:1.1.9-3.1) + Binary-package: datafreedom-perl (0.1.7-1) + Binary-package: emacs-jabber (0.7.91-1) + Binary-package: lmbench (3.0-a7-1) + Binary-package: rancid-util (2.3.2~a8-1) + Binary-package: firehol (1.256-4) + Binary-package: aview (1.3.0rc1-8) + Binary-package: radiance (3R9+20080530-3) + Binary-package: convirt (0.8.2-3) + Binary-package: printfilters-ppd (2.13-9) + Binary-package: r-base-core (2.7.1-1) + Binary-package: xmcd (2.6-19.3) + Binary-package: scilab-bin (4.1.2-5) + Binary-package: dpkg-cross (2.3.0) + Binary-package: ltp-network-test (20060918-2.1) + Binary-package: cman (2.20080629-1) + Binary-package: scratchbox2 (1.99.0.24-1) + Binary-package: sendmail-base (8.14.3-5) + Binary-package: fwbuilder (2.1.19-3) + Binary-package: sng (1.0.2-5) + Binary-package: dist (1:3.5-17-1) + Binary-package: sympa (5.3.4-5) + Binary-package: caudium (3:1.4.12-11) + Binary-package: mgetty-fax (1.1.36-1.2) + Binary-package: aegis (4.24-3) + Binary-package: aegis-web (4.24-3) + Binary-package: mon (0.99.2-12) + Binary-package: arb-common (0.0.20071207.1-4) + Binary-package: qemu (0.9.1-5) + Binary-package: apertium (3.0.7+1-1+b1) + Binary-package: xcal (4.1-18.3) + Binary-package: myspell-tools (1:3.1-20) + Binary-package: gccxml (0.9.0+cvs20080525-1) + Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4) + Binary-package: dhis-server (5.3-1) + Binary-package: wims (3.62-13) + Binary-package: initramfs-tools (0.92f) + Binary-package: realtimebattle-common (1.0.8-7) + Binary-package: netmrg (0.20-1) + Binary-package: bulmages-servers (0.11.1-2) + Binary-package: plait (1.5.2-1) + Binary-package: konwert-filters (1.8-11.1) + + +DSA: (Name in brackets if someone prepares a DSA) + Binary-package: feta (1.4.16) (jmm) + + +SPU: + Binary-package: lazarus-src (0.9.24-0-9) + Binary-package: gdrae (0.1-1) + Binary-package: cdrw-taper (0.4-2) + Binary-package: vdr-dbg (1.6.0-5) + Binary-package: digitaldj (0.7.5-6+b1) + Binary-package: xastir (1.9.2-1) + + +Non-issues (not exploitable, only examples or very exotic use cases, +e.g. only exploitable when debugging a certain option, not present +in Etch or only exploitable during package build time): + Binary-package: ogle-mmx (0.9.2-5.2) + Binary-package: ogle (0.9.2-5.2) + Binary-package: openoffice.org-common (1:2.4.1-6) + Binary-package: postfix (2.5.2-2) + Binary-package: tiger (1:3.2.2-3.1) + + + + + + + + + + + + + + + |