secure-testing/data/open-issues.txt

=== none

From the graphicsmagick 1.1.7-1 upload:

   * magick/constitute.c: Apply upstream fix for potential NULL pointer
     dereference in ReadImage().

Does this have a CVE name?
Does it affect imagemagick?

=== jmm

tikiwiki has been uploaded to the archive a month ago. All previous issues
in it should be reviewed, whether they're fixed and CVE/list updated
accordingly.

=== none

From the freewheeling 0.5pre4-5 upload:
 .
   * Fixes various gcc-4.0 warnings (uninitialised variables, non-void
     functions never returning, wrong printf format strings)
   * Fixed 2 buffer overflows in fweelin_core_dsp.cc

Are any of these exploitable issues?

=== none

ffmpeg creates libavcodec only statically. It should be evaluated if there's
really a compelling reason, as it requires massive recompiles for every security
update. If upstream is reluctant this could be done locally for Etch at least.

1	=== none
2
3	From the graphicsmagick 1.1.7-1 upload:
4
5	* magick/constitute.c: Apply upstream fix for potential NULL pointer
6	dereference in ReadImage().
7
8	Does this have a CVE name?
9	Does it affect imagemagick?
10
11	=== jmm
12
13	tikiwiki has been uploaded to the archive a month ago. All previous issues
14	in it should be reviewed, whether they're fixed and CVE/list updated
15	accordingly.
16
17	=== none
18
19	From the freewheeling 0.5pre4-5 upload:
20	.
21	* Fixes various gcc-4.0 warnings (uninitialised variables, non-void
22	functions never returning, wrong printf format strings)
23	* Fixed 2 buffer overflows in fweelin_core_dsp.cc
24
25	Are any of these exploitable issues?
26
27	=== none
28
29	ffmpeg creates libavcodec only statically. It should be evaluated if there's
30	really a compelling reason, as it requires massive recompiles for every security
31	update. If upstream is reluctant this could be done locally for Etch at least.
32