secure-testing/data/ospu-candidates.txt

This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a oldstable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

acidbase (CVE-2007-5578)
notified maintainer

--

aegis (CVE-2008-4938)
#496400
notified maintainer

--

apertium (CVE-2008-4939)
#496395
notified maintainer

--

asterisk (CVE-2009-0041)
#513413
notified maintainer

CVE-2008-3903
#522528
notified maintainer

--

audacity (CVE-2007-6061)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
notified maintainer

--

auctex (no CVE)
#506961
notified maintainer

--

audiolink (CVE-2008-4942)
#496433
notified maintainer

--

avahi (CVE-2009-0758)
#517683
notified maintainer

--

aview (CVE-2008-4935)
#496422
notified maintainer

--

beagle (CVE-2005-4791)
notified maintainer

--

blam (CVE-2005-4791)
notified maintainer

--

bluez-libs/bluez-utils (CVE-2008-2374)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
notified maintainer

--

boost (CVE-2008-0172/CVE-2008-0171)
#461236
notified maintainer

--

bugzilla (CVE-2008-2103)
#480190
notified maintainer

CVE-2008-4437
#502019
notified maintainer

bugzilla (CVE-2009-0481 to CVE-2009-0485)
notified maintainer

--

burn: (no CVE yet)
#542329
notified maintainer through bug report

--

byacc (CVE-2008-3196)
#491182
notified maintainer

--

bzip2 (CVE-2008-1372)
#471670
Maintainer has been notified

--

cdcontrol
#496438
notified maintainer

--

cdrw-taper (CVE-2008-4945)
#496380 
notified maintainer

--

cecilia (CVE-2008-1832)
#476321
notified maintainer

--

chillispot
#500181
notified maintainer

--

comix (CVE-2008-1568)
#462840
notified maintainer

--

cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
#528434
notified maintainer

--

cupsys (CVE-2008-5377)
notified maintainer

--

cyrus-sasl2 (no CVE)
#465561
notified maintainer

--

dia (CVE-2008-5984)
#504251
notified maintainer

--

digitaldj (CVE-2008-4948)
#496399
notified maintainer

--

ed (CVE-2008-3916)
Fix from 0.7-2
notified maintainer

--

emacs21 (CVE-2007-6109/CVE-2008-1694)
bug #455433, bug #476612
notified maintainer

emacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

emacs-jabber (CVE-2008-4952)
#496428
notified maintainer

--

emacspeak (CVE-2008-4191)
#496431
notified maintainer

--

epiphany-browser (CVE-2008-5985)
#504363
notified maintainer

--

evolution (CVE-2008-1108, CVE-2008-1109)
#484639
notified maintainer

evolution (no CVE)
#484639
notified maintainer

evolution (CVE-2009-1631)
#526409
notified maintainer through initial bugreport

--

exiv2 (CVE-2008-2696)
bug #486328
http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
notified maintainer

--

flac123 (CVE-2007-3507)
notified maintainer

--

fml (CVE-2008-4954)
#496370
notified maintainer

--

freeradius (CVE-2008-4474)
#496489
notified maintainer

--

fwbuilder (CVE-2008-4956)
#496406
notified maintainer

--

gedit (CVE-2009-0314)
#513513
notified maintainer

--

gdrae
#496378
notified maintainer

--

gmanedit (CVE-2008-3971)
#497835
notified maintainer

--

gnutls13 (CVE-2009-1417)
#531614
notified maintainer

--

gpsdrive (CVE-2008-5704, CVE-2008-5703, CVE-2008-5380)
#496436, #508597, #508595
notified maintainer

--

hplip (CVE-2008-2940/CVE-2008-2941)
#499842
notified maintainer

--

ipsec-tools (CVE-2008-3651)
http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
notified maintainer

ipsec-tools (CVE-2008-3652)
#501026
https://bugzilla.redhat.com/show_bug.cgi?id=456660
notified maintainer

--

kaya (CVE-2008-6428)
notified maintainer

--

konwert (CVE-2008-4964)
#496379
notified maintainer

--

lcms (CVE-2009-0793)
notified maintainer through initial bugreport

--

libapache2-mod-perl2 (CVE-2007-1349)
http://svn.apache.org/viewvc?view=rev&revision=521584
#433549
notified maintainer

--

libpam-ssh (CVE-2007-0844)
#410236
notified maintainer

--

libsamplerate (CVE-2008-5008)
https://bugzilla.redhat.com/attachment.cgi?id=323069
notified maintainer

--
libsndfile
potential dos via crafted input
#530831

--

libpam-ssh (CVE-2009-1273)
#535877
maintainer notified through initial bug report

--

libpng (CVE-2008-1382)
#476669
notified maintainer

libpng (CVE-2009-2042)
#533676
notified maintainer

--

libvorbis (CVE-2008-2009)
notified maintainer and release team

--

liferea (CVE-2005-4791)
notified maintainer

--

lighttpd (CVE-2007-3948)
#434888
Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
http://trac.lighttpd.net/trac/ticket/1216
notified maintainer

--

links2 (CVE-2008-3329)
bug #492744
notified maintainer

--

linux-ftpd (CVE-2008-4247)
#500278
notified maintainer

--

linux-ftpd-ssl (CVE-2007-6263)
#454733
notified maintainer

--

mailscanner (CVE-2008-5312, CVE-2008-5313)
#506353
notified maintainer

--

mecab (CVE-2007-3231)
#429174
notified maintainer

--

mercurial (CVE-2008-4297)
#500781
notified maintainer

--

mgetty (CVE-2008-4936)
#496403
notified maintainer

--

mgt
#496434
notified maintainer

--

memcached (CVE-2009-1255)
bug #527330
notified maintainer

--

mimedecode
potential dos/crash due to invalid input
#530430
orphaned

--

mksh (CVE-2008-1845)
notified maintainer

--

mldonkey (CVE-2007-4100)
#435439
notified maintainer

--

mnogosearch (CVE-2007-5588)
#447753
notified maintainer

--

motion (CVE-2008-2654)
#484572
notified maintainer

--

mpg123 (CVE-2009-1301)
notified maintainer

--

multi-gnome-terminal (CVE-2008-5143)
notified maintainer

--

myspell
#496392
notified maintainer

--

net-snmp (CVE-2008-6123)
Noah will see to it.

--

nfs-utils (CVE-2008-4552)
notified maintainer

--

ngircd (CVE-2008-0285)
notified maintainer

--

ntop (CVE-2009-2732)
#543312

--

nvi
#496462
notified maintainer

--

openldap
#253838
notified maintainer

--

p3nfs (CVE-2008-5154)
bug #506270
notified maintainer

--

pam (CVE-2009-0579)
#514437
asked maintainer in mail

--

paramiko (CVE-2008-0299)
#460706
notified maintainer

--

pptp-linux (no CVE)
#523476
Ola will prepare a fix in a point update

--

python2.4 (CVE-2008-4864, CVE-2008-5031)
#504620
notified maintainer

python2.5 (CVE-2008-4864, CVE-2008-5031)
#504619
notified maintainer

--

r-base (CVE-2008-3931)
#496418
notified maintainer

--

rancid (CVE-2008-4979)
#496426
notified maintainer

--

rccp (CVE-2008-4980)
#496364
notified maintainer

--

realtimebattle (CVE-2008-4981)
#496385
notified maintainer

--

redhat-cluster (CVE-2008-4192, CVE-2008-4579, CVE-2008-4580)
#496410
notified maintainer

--

rkhunter (CVE-2008-4982)
#496375
notified maintainer

--

rsync (CVE-2007-6200)
#453652
notified maintainer

--

sabre (CVE-2008-4406, CVE-2008-4407)
#433996
notified maintainer

--

scilab (CVE-2008-4983)
#496414
notified maintainer

--

sgml2x (CVE-2008-6397)
#496368
notified maintainer

--

sip-tester (CVE-2008-1959, CVE-2008-2085)
#479039
notified maintainer

--

slocate (CVE-2007-0227)
#411937
notified maintainer

--

smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
notified maintainer

--

sng
#496407
notified maintainer

--

squid (CVE-2009-0801)
#521053

--

squid3 (CVE-2009-0801)
#521052

--

ssmtp (CVE-2008-3962)
#498366
notified maintainer

--

sylpheed (CVE-2007-2958)
#441854
http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
notified maintainer

--

sympa (CVE-2008-4476)
#496405; bug #494969
notified maintainer

--

tau (CVE-2008-5157)
#506348
notified maintainer

--

tcl8.3/tcl8.4 (CVE-2007-4772)
notified maintainer

tcl8.3/tcl8.4 (CVE-2007-6067)
notified maintainer

--

tetex-bin (CVE-2009-1284)
#520920
https://bugzilla.redhat.com/show_bug.cgi?id=492136

--

texlive-bin (CVE-2007-5935 CVE-2007-5936 CVE-2007-5937)
notified maintainer

--

tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
#465643
notified maintainer

--

tomboy (CVE-2005-4790)
notified maintainer

--

tqsllib 2.0-8 (CVE-2009-0124)
#511509
notified maintainer

--

trac (CVE-2008-5646 CVE-2008-5647)
#509342, #505197
notified maintainer

--

trickle (CVE-2009-0415)
#513456
notified maintainer

--

udev
#462655
notified maintainer

--

unp (CVE-2007-6610)
#448437
notified maintainer

--

vobcopy (CVE-2007-5718)
bug #448319
notified maintainer

--

wdiff [insecure tempfile in wdiff]
bug #425254
notified maintainer

--

wims (CVE-2008-4986)
#496387
notified maintainer

--

wyrd (CVE-2008-0806)
bug #466382
notified maintainer

--

xastir (CVE-2008-4987)
#496383
notified maintainer

--

xcal (CVE-2008-4988)
#496393
notified maintainer

--

xcftools (CVE-2009-2175)
#533361
orphaned
Jan Hauke Rahm will prepare a package for stable and oldstable (#533361)

--

xchat (CVE-2009-0315)
#513509
notified maintainer

--

xemacs21 (CVE-2007-6109/CVE-2008-1694)
bug #457764, bug #476613
notified maintainer

xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer

xemacs21 (CVE-2009-2688)
#540470
Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
notified maintainer

--

xen-3 (CVE-2008-4993)
#496367
notified maintainer

--

xfce4 (CVE-2007-6351 CVE-2007-6352)
notified maintainer

--

xfig
25_mkstemp added in 1:3.2.5.a-1
notified maintainer

--

xmcd (CVE-2008-4994)
#496416
notified maintainer

--

xscreensaver (no CVE)
#539699

--

zabbix (CVE-2008-1353)
bug #471678
notified maintainer

--

zope-cmfplone (CVE-2008-1394)
notified maintainer

--

zsh (CVE-2007-6209)
bug #454073)
notified maintainer

1	jmm-guest	11386	This file records minor security issues, which do not warrant a DSA,
2			but which could be fixed in a oldstable point update if people feel like
3			it. If someone wants to address these, please add a note about it
4			and get in contact with debian-release@lists.debian.org
5
6			--
7
8			acidbase (CVE-2007-5578)
9			notified maintainer
10
11			--
12
13			aegis (CVE-2008-4938)
14			#496400
15			notified maintainer
16
17			--
18
19			apertium (CVE-2008-4939)
20			#496395
21			notified maintainer
22
23			--
24
25			asterisk (CVE-2009-0041)
26			#513413
27	derevko-guest	12038	notified maintainer
28	jmm-guest	11386
29	jmm-guest	11956	CVE-2008-3903
30			#522528
31	derevko-guest	12038	notified maintainer
32	jmm-guest	11956
33	jmm-guest	11386	--
34
35			audacity (CVE-2007-6061)
36			http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
37			notified maintainer
38
39			--
40
41			auctex (no CVE)
42			#506961
43			notified maintainer
44
45			--
46
47			audiolink (CVE-2008-4942)
48			#496433
49			notified maintainer
50
51			--
52
53	jmm-guest	11559	avahi (CVE-2009-0758)
54			#517683
55	derevko-guest	12047	notified maintainer
56	jmm-guest	11559
57			--
58
59	jmm-guest	11386	aview (CVE-2008-4935)
60			#496422
61			notified maintainer
62
63			--
64
65			beagle (CVE-2005-4791)
66			notified maintainer
67
68			--
69
70			blam (CVE-2005-4791)
71			notified maintainer
72
73			--
74
75			bluez-libs/bluez-utils (CVE-2008-2374)
76			https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
77			notified maintainer
78
79			--
80
81			boost (CVE-2008-0172/CVE-2008-0171)
82			#461236
83			notified maintainer
84
85			--
86
87			bugzilla (CVE-2008-2103)
88			#480190
89			notified maintainer
90
91			CVE-2008-4437
92			#502019
93			notified maintainer
94
95	jmm-guest	11507	bugzilla (CVE-2009-0481 to CVE-2009-0485)
96	derevko-guest	12292	notified maintainer
97	jmm-guest	11507
98	jmm-guest	11386	--
99
100	jmm-guest	12653	burn: (no CVE yet)
101			#542329
102			notified maintainer through bug report
103
104			--
105
106	jmm-guest	11386	byacc (CVE-2008-3196)
107			#491182
108			notified maintainer
109
110			--
111
112			bzip2 (CVE-2008-1372)
113			#471670
114			Maintainer has been notified
115
116			--
117
118			cdcontrol
119			#496438
120			notified maintainer
121
122			--
123
124			cdrw-taper (CVE-2008-4945)
125			#496380
126			notified maintainer
127
128			--
129
130			cecilia (CVE-2008-1832)
131			#476321
132			notified maintainer
133
134			--
135
136			chillispot
137			#500181
138			notified maintainer
139
140			--
141	jmm-guest	11911
142	jmm-guest	11386	comix (CVE-2008-1568)
143			#462840
144			notified maintainer
145
146			--
147
148	jmm-guest	11911	cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
149			#528434
150	derevko-guest	12038	notified maintainer
151	jmm-guest	11911
152			--
153
154	jmm-guest	11850	cupsys (CVE-2008-5377)
155	derevko-guest	12047	notified maintainer
156	white	11705
157			--
158
159	jmm-guest	11386	cyrus-sasl2 (no CVE)
160			#465561
161			notified maintainer
162
163			--
164
165			dia (CVE-2008-5984)
166			#504251
167			notified maintainer
168
169			--
170
171			digitaldj (CVE-2008-4948)
172			#496399
173			notified maintainer
174
175			--
176
177			ed (CVE-2008-3916)
178			Fix from 0.7-2
179			notified maintainer
180
181			--
182
183			emacs21 (CVE-2007-6109/CVE-2008-1694)
184			bug #455433, bug #476612
185			notified maintainer
186
187			emacs21 (CVE-2008-2142)
188			bug #480877
189			notified maintainer
190
191			--
192
193			emacs-jabber (CVE-2008-4952)
194			#496428
195			notified maintainer
196
197			--
198
199			emacspeak (CVE-2008-4191)
200			#496431
201			notified maintainer
202
203			--
204
205			epiphany-browser (CVE-2008-5985)
206			#504363
207			notified maintainer
208
209			--
210
211			evolution (CVE-2008-1108, CVE-2008-1109)
212			#484639
213			notified maintainer
214
215			evolution (no CVE)
216			#484639
217			notified maintainer
218
219	white	12460	evolution (CVE-2009-1631)
220			#526409
221	derevko-guest	12477	notified maintainer through initial bugreport
222	white	12460
223	jmm-guest	11386	--
224
225			exiv2 (CVE-2008-2696)
226			bug #486328
227			http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
228			notified maintainer
229
230			--
231
232			flac123 (CVE-2007-3507)
233			notified maintainer
234
235			--
236
237			fml (CVE-2008-4954)
238			#496370
239			notified maintainer
240
241			--
242
243			freeradius (CVE-2008-4474)
244			#496489
245			notified maintainer
246
247			--
248
249			fwbuilder (CVE-2008-4956)
250			#496406
251			notified maintainer
252
253			--
254
255			gedit (CVE-2009-0314)
256			#513513
257			notified maintainer
258
259			--
260
261			gdrae
262			#496378
263			notified maintainer
264
265			--
266
267			gmanedit (CVE-2008-3971)
268			#497835
269			notified maintainer
270
271			--
272
273	jmm-guest	12020	gnutls13 (CVE-2009-1417)
274			#531614
275	derevko-guest	12038	notified maintainer
276	jmm-guest	12020
277			--
278
279	jmm-guest	11386	gpsdrive (CVE-2008-5704, CVE-2008-5703, CVE-2008-5380)
280			#496436, #508597, #508595
281			notified maintainer
282
283			--
284
285			hplip (CVE-2008-2940/CVE-2008-2941)
286			#499842
287			notified maintainer
288
289			--
290
291			ipsec-tools (CVE-2008-3651)
292			http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
293			notified maintainer
294
295			ipsec-tools (CVE-2008-3652)
296			#501026
297			https://bugzilla.redhat.com/show_bug.cgi?id=456660
298			notified maintainer
299
300			--
301
302	jmm-guest	11404	kaya (CVE-2008-6428)
303	derevko-guest	12057	notified maintainer
304	jmm-guest	11404
305			--
306
307	jmm-guest	11386	konwert (CVE-2008-4964)
308			#496379
309			notified maintainer
310
311			--
312
313	jmm-guest	11981	lcms (CVE-2009-0793)
314			notified maintainer through initial bugreport
315
316			--
317
318	jmm-guest	11386	libapache2-mod-perl2 (CVE-2007-1349)
319			http://svn.apache.org/viewvc?view=rev&revision=521584
320			#433549
321			notified maintainer
322
323			--
324
325			libpam-ssh (CVE-2007-0844)
326			#410236
327			notified maintainer
328
329			--
330
331			libsamplerate (CVE-2008-5008)
332			https://bugzilla.redhat.com/attachment.cgi?id=323069
333			notified maintainer
334
335			--
336	derevko-guest	12292	libsndfile
337			potential dos via crafted input
338			#530831
339	jmm-guest	11386
340	derevko-guest	12292	--
341
342	jmm-guest	12626	libpam-ssh (CVE-2009-1273)
343			#535877
344			maintainer notified through initial bug report
345
346			--
347
348	jmm-guest	11386	libpng (CVE-2008-1382)
349			#476669
350			notified maintainer
351
352	derevko-guest	12292	libpng (CVE-2009-2042)
353			#533676
354			notified maintainer
355
356	jmm-guest	11386	--
357
358	gilbert-guest	11775	libvorbis (CVE-2008-2009)
359			notified maintainer and release team
360
361			--
362
363	jmm-guest	11386	liferea (CVE-2005-4791)
364			notified maintainer
365
366			--
367
368			lighttpd (CVE-2007-3948)
369			#434888
370			Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
371			http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
372			http://trac.lighttpd.net/trac/ticket/1216
373			notified maintainer
374
375			--
376
377			links2 (CVE-2008-3329)
378			bug #492744
379			notified maintainer
380
381			--
382
383			linux-ftpd (CVE-2008-4247)
384			#500278
385			notified maintainer
386
387			--
388
389			linux-ftpd-ssl (CVE-2007-6263)
390			#454733
391			notified maintainer
392
393			--
394
395			mailscanner (CVE-2008-5312, CVE-2008-5313)
396			#506353
397			notified maintainer
398
399			--
400
401			mecab (CVE-2007-3231)
402			#429174
403			notified maintainer
404
405			--
406
407			mercurial (CVE-2008-4297)
408			#500781
409			notified maintainer
410
411			--
412
413			mgetty (CVE-2008-4936)
414			#496403
415			notified maintainer
416
417			--
418
419			mgt
420			#496434
421			notified maintainer
422
423			--
424
425	derevko-guest	12387	memcached (CVE-2009-1255)
426			bug #527330
427			notified maintainer
428
429			--
430
431	derevko-guest	12292	mimedecode
432			potential dos/crash due to invalid input
433			#530430
434	derevko-guest	12630	orphaned
435	derevko-guest	12292
436			--
437
438	jmm-guest	11386	mksh (CVE-2008-1845)
439			notified maintainer
440
441			--
442
443			mldonkey (CVE-2007-4100)
444			#435439
445			notified maintainer
446
447			--
448
449			mnogosearch (CVE-2007-5588)
450			#447753
451			notified maintainer
452
453			--
454
455			motion (CVE-2008-2654)
456			#484572
457			notified maintainer
458
459			--
460
461	jmm-guest	11704	mpg123 (CVE-2009-1301)
462	derevko-guest	12057	notified maintainer
463	jmm-guest	11704
464			--
465
466	jmm-guest	11386	multi-gnome-terminal (CVE-2008-5143)
467			notified maintainer
468
469			--
470
471			myspell
472			#496392
473			notified maintainer
474
475			--
476
477			net-snmp (CVE-2008-6123)
478			Noah will see to it.
479
480			--
481
482			nfs-utils (CVE-2008-4552)
483			notified maintainer
484
485			--
486
487			ngircd (CVE-2008-0285)
488			notified maintainer
489
490			--
491
492	jmm-guest	12711	ntop (CVE-2009-2732)
493			#543312
494
495			--
496
497	jmm-guest	11386	nvi
498			#496462
499			notified maintainer
500
501			--
502
503	jmm-guest	11490	openldap
504			#253838
505	derevko-guest	12047	notified maintainer
506	jmm-guest	11490
507			--
508
509	jmm-guest	11386	p3nfs (CVE-2008-5154)
510			bug #506270
511			notified maintainer
512
513			--
514
515	gilbert-guest	11732	pam (CVE-2009-0579)
516			#514437
517			asked maintainer in mail
518
519			--
520
521	jmm-guest	11386	paramiko (CVE-2008-0299)
522			#460706
523			notified maintainer
524
525			--
526
527	jmm-guest	11712	pptp-linux (no CVE)
528			#523476
529	jmm-guest	11758	Ola will prepare a fix in a point update
530	jmm-guest	11712
531			--
532
533	jmm-guest	11386	python2.4 (CVE-2008-4864, CVE-2008-5031)
534			#504620
535	derevko-guest	12057	notified maintainer
536	jmm-guest	11386
537			python2.5 (CVE-2008-4864, CVE-2008-5031)
538			#504619
539	derevko-guest	12057	notified maintainer
540	jmm-guest	11386
541			--
542
543			r-base (CVE-2008-3931)
544			#496418
545			notified maintainer
546
547			--
548
549			rancid (CVE-2008-4979)
550			#496426
551			notified maintainer
552
553			--
554
555			rccp (CVE-2008-4980)
556			#496364
557			notified maintainer
558
559			--
560
561			realtimebattle (CVE-2008-4981)
562			#496385
563			notified maintainer
564
565			--
566
567			redhat-cluster (CVE-2008-4192, CVE-2008-4579, CVE-2008-4580)
568			#496410
569			notified maintainer
570
571			--
572
573			rkhunter (CVE-2008-4982)
574			#496375
575			notified maintainer
576
577			--
578
579			rsync (CVE-2007-6200)
580			#453652
581			notified maintainer
582
583			--
584
585			sabre (CVE-2008-4406, CVE-2008-4407)
586			#433996
587			notified maintainer
588
589			--
590
591			scilab (CVE-2008-4983)
592			#496414
593			notified maintainer
594
595			--
596
597			sgml2x (CVE-2008-6397)
598			#496368
599			notified maintainer
600
601			--
602
603			sip-tester (CVE-2008-1959, CVE-2008-2085)
604			#479039
605			notified maintainer
606
607			--
608
609			slocate (CVE-2007-0227)
610			#411937
611			notified maintainer
612
613			--
614
615			smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
616			notified maintainer
617
618			--
619
620			sng
621			#496407
622			notified maintainer
623
624			--
625
626	derevko-guest	12445	squid (CVE-2009-0801)
627			#521053
628
629			--
630
631			squid3 (CVE-2009-0801)
632			#521052
633
634			--
635
636	jmm-guest	11386	ssmtp (CVE-2008-3962)
637			#498366
638			notified maintainer
639
640			--
641
642			sylpheed (CVE-2007-2958)
643			#441854
644			http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
645			notified maintainer
646
647			--
648
649			sympa (CVE-2008-4476)
650			#496405; bug #494969
651			notified maintainer
652
653			--
654
655			tau (CVE-2008-5157)
656			#506348
657			notified maintainer
658
659			--
660
661			tcl8.3/tcl8.4 (CVE-2007-4772)
662			notified maintainer
663
664			tcl8.3/tcl8.4 (CVE-2007-6067)
665	derevko-guest	12057	notified maintainer
666	jmm-guest	11386
667			--
668
669	jmm-guest	11704	tetex-bin (CVE-2009-1284)
670			#520920
671			https://bugzilla.redhat.com/show_bug.cgi?id=492136
672
673			--
674
675	jmm-guest	11386	texlive-bin (CVE-2007-5935 CVE-2007-5936 CVE-2007-5937)
676			notified maintainer
677
678			--
679
680			tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
681			#465643
682			notified maintainer
683
684			--
685
686			tomboy (CVE-2005-4790)
687			notified maintainer
688
689			--
690
691			tqsllib 2.0-8 (CVE-2009-0124)
692			#511509
693			notified maintainer
694
695			--
696
697	white	11764	trac (CVE-2008-5646 CVE-2008-5647)
698			#509342, #505197
699	derevko-guest	12057	notified maintainer
700	white	11764
701			--
702
703	jmm-guest	11386	trickle (CVE-2009-0415)
704			#513456
705			notified maintainer
706
707			--
708
709	gilbert-guest	12260	udev
710			#462655
711			notified maintainer
712
713			--
714
715	jmm-guest	11386	unp (CVE-2007-6610)
716			#448437
717			notified maintainer
718
719			--
720
721			vobcopy (CVE-2007-5718)
722			bug #448319
723			notified maintainer
724
725			--
726
727			wdiff [insecure tempfile in wdiff]
728			bug #425254
729			notified maintainer
730
731			--
732
733			wims (CVE-2008-4986)
734			#496387
735			notified maintainer
736
737			--
738
739			wyrd (CVE-2008-0806)
740			bug #466382
741			notified maintainer
742
743			--
744
745			xastir (CVE-2008-4987)
746			#496383
747			notified maintainer
748
749			--
750
751			xcal (CVE-2008-4988)
752			#496393
753			notified maintainer
754
755			--
756
757	derevko-guest	12292	xcftools (CVE-2009-2175)
758			#533361
759			orphaned
760			Jan Hauke Rahm will prepare a package for stable and oldstable (#533361)
761
762			--
763
764	jmm-guest	11386	xchat (CVE-2009-0315)
765			#513509
766			notified maintainer
767
768			--
769
770			xemacs21 (CVE-2007-6109/CVE-2008-1694)
771			bug #457764, bug #476613
772			notified maintainer
773
774			xemacs21 (CVE-2008-2142)
775			bug #480877
776			notified maintainer
777
778	jmm-guest	12626	xemacs21 (CVE-2009-2688)
779			#540470
780			Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
781	derevko-guest	12630	notified maintainer
782	jmm-guest	12626
783	jmm-guest	11386	--
784
785			xen-3 (CVE-2008-4993)
786			#496367
787			notified maintainer
788
789			--
790
791			xfce4 (CVE-2007-6351 CVE-2007-6352)
792			notified maintainer
793
794			--
795
796	jmm-guest	11553	xfig
797	derevko-guest	12057	25_mkstemp added in 1:3.2.5.a-1
798			notified maintainer
799	jmm-guest	11553
800			--
801
802	derevko-guest	12292	xmcd (CVE-2008-4994)
803			#496416
804			notified maintainer
805
806			--
807
808	jmm-guest	12626	xscreensaver (no CVE)
809			#539699
810
811			--
812
813	jmm-guest	11386	zabbix (CVE-2008-1353)
814			bug #471678
815			notified maintainer
816
817			--
818
819			zope-cmfplone (CVE-2008-1394)
820			notified maintainer
821
822			--
823
824			zsh (CVE-2007-6209)
825			bug #454073)
826			notified maintainer
827