/[secure-testing]/data/ospu-candidates.txt

Diff of /data/ospu-candidates.txt

Parent Directory | Revision Log | View Patch Patch

-revision 12571 by derevko-guest,
Tue Aug 11 20:45:32 2009 UTC
+revision 14420 by jmm-guest,
Tue Apr  6 21:52:24 2010 UTC
 Line 3 
 but which could be fixed in a stable poi
  it. If someone wants to address these, please add a note about it
  and get in contact with debian-release@lists.debian.org
+ --
+ acidbase (CVE-2009-4590, CVE-2009-4591, CVE-2009-4592)
+ notified maintainer
+ --
+ acl (CVE-2009-4411)
+ #499076
+ notified maintainer
  --
  asterisk (CVE-2009-0041)
  #513413
  notified maintainer
- CVE-2008-3903
+ asterisk (CVE-2008-3903)
  #522528
  notified maintainer
-Line 21 
 notified maintainer
+Line 33 
 notified maintainer
  --
+ babel (CVE-2009-3736)
+ #559843
+ notified maintainer
+ --
  bugzilla (CVE-2009-0481 to CVE-2009-0485)
  notified maintainer
  --
+ buildbot (CVE-2009-2959, CVE-2009-2967)
+ #543822
+ notified maintainer
+ --
  compiz-fusion-plugins-main (CVE-2008-6514)
  notified maintainer
  --
+ cpio (CVE-2010-0624)
+ notified maintainer
+ --
  cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
  #528434
  notified maintainer
  --
+ cups (CVE-2009-3553)
+ #557740
+ maintainer notified in initial bug report
+ Initial patch was incomplete;
+ cups (CVE-2010-0302)
+ #572940
+ notified maintainer
+ --
+ devil (CVE-2009-3994)
+ #560080
+ notified maintainer
+ --
+ dopewars (CVE-2009-3591)
+ #550913
+ notified maintainer
+ --
+ dstat (CVE-2009-3894)
+ http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
+ notified maintainer
+ dstat (CVE-2009-4081)
+ #559667
+ notified maintainer
+ --
  evolution (CVE-2009-1631)
  #526409
  notified maintainer through initial bugreport
  --
- firebird2.0 (CVE-2009-2620)
+ fcron (CVE-2010-0791)
- #539477
+ #572587
+ notified maintainer through initial bugreport
+ --
+ libgnucrypto-java (CVE-2008-5659)
+ #559789
+ removed
  --
-Line 54 
 notified maintainer
+Line 123 
 notified maintainer
  --
+ gri (no CVE)
+ fixed in gri 2.12.18-1:
+ "Improve security when creating temporary files."
+ notified maintainer
+ --
+ gupnp (CVE-2009-2174)
+ #534594
+ notified maintainer
+ --
+ htmldoc (CVE-2009-3050)
+ #537637
+ notified maintainer through initial bugreport
+ --
+ hypre (CVE-2009-3736)
+ #559834
+ notified maintainer
+ --
+ iceweasel (CVE-2009-0777)
+ #576466
+ notified maintainer
+ --
+ kde4libs (CVE-2009-2702)
+ #546218
+ notified maintainer
+ kde4libs (CVE-2009-0689)
+ notified maintainer
+ --
  kfreebsd-6
  [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
  http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
-Line 87 
 notified maintainer through initial bugr
+Line 196 
 notified maintainer through initial bugr
  --
+ libesmtp (CVE-2010-1192)
+ #572960
+ --
+ libpam-ssh (CVE-2009-1273)
+ #535877
+ maintainer notified through initial bug report, said he would work on an update
+ --
  libpng (CVE-2009-2042)
  #533676
  notified maintainer
+ CVE-2010-0205
+ #572308
  --
  libsndfile
  potential dos via crafted input
  #530831
+ notified maintainer
  --
-Line 104 
 notified maintainer and release team
+Line 228 
 notified maintainer and release team
  --
+ libstruts1.2-java (CVE-2008-2025)
+ #528352
+ notified maintainer
+ --
+ linux-ftpd: null ptr dereference
+ #572813
+ notified maintainer
+ --
+ makepasswd (no CVE ID)
+ #564559
+ notified maintainer
+ --
+ maradns
+ http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
+ notified maintainer
+ --
  memcached (CVE-2009-1255)
  notified maintainer
-Line 121 
 notified maintainer
+Line 269 
 notified maintainer
  --
+ neon27 (CVE-2009-2474)
+ #542926
+ notified maintainer
+ --
+ neon26 (CVE-2009-2474)
+ #542926
+ notified maintainer
+ --
+ network-manager-applet (CVE-2009-4144)
+ #560067
+ notified maintainer through initial bugreport
+ CVE-2009-4145
+ #563371
+ notified maintainer through initial bugreport
+ --
+ ntop (CVE-2009-2732)
+ #543312
+ notified maintainer through initial bugreport
+ --
+ postfix (CVE-2009-2939)
+ notified maintainer
+ --
  squid (CVE-2009-0801)
  #521053
+ notified maintainer
  --
  squid3 (CVE-2009-0801)
  #521052
+ notified maintainer
  --
- stardict (CVE-2009-2260)
+ t-prot (CVE-2009-4404)
- #534731
  notified maintainer
  --
-Line 142 
 Noah will see to it.
+Line 324 
 Noah will see to it.
  --
+ ocsinventory-server (CVE-2009-3040, CVE-2009-3042, CVE-2009-1443)
+ #541995
+ notified maintainer
+ --
  openldap
  #253838
  notified maintainer
  --
+ openssl (CVE-2009-3245)
+ notified maintainer
+ --
+ overkill (no CVE yet)
+ #549310
+ --
+ owl (CVE-2009-0363)
+ #515118
+ notified maintainer
+ --
  pam (CVE-2009-0579)
  #514437
  asked maintainer in mail
  --
+ pidgin (CVE-2009-1889, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085)
+ #535790
+ http://developer.pidgin.im/ticket/9483
+ http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
+ notified maintainer
+ --
  pptp-linux (no CVE)
  #523476
  Ola will prepare a fix in a point update
  --
+ puppet (CVE-2009-3564)
+ #551073
+ notified maintainer in initial bug report
+ CVE-2010-0156
+ #https://bugzilla.redhat.com/show_bug.cgi?id=502881
+ notified maintainer
+ --
+ python-4suite (CVE-2009-3560, CVE-2009-3720)
+ #560914
+ notified maintainer
+ --
+ rails (CVE-2009-3086)
+ bug #545063
+ notified maintainer
+ --
+ shibboleth-sp2: world-readable key (no CVE)
+ #571631
+ notified maintainer through bugreport
+ --
  slim (CVE-2009-1756)
  bug #529306
  Maintainer notified through followup in #529306
  --
- smarty (CVE-2009-1669)
+ squid (CVE-2010-0639)
- #529810
+ #572553
- http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462
+ Maintainer notified through initial bugreport
- notified maintainer
+ --
+ squid3 (CVE-2010-0639)
+ #572554
+ Maintainer notified through initial bugreport
+ --
+ sqlite
+ #566326
  --
-Line 179 
 notified maintainer
+Line 429 
 notified maintainer
  --
- texlive-bin (CVE-2009-1284)
+ udev (#462655)
- #520920
+ notified maintainer
- https://bugzilla.redhat.com/show_bug.cgi?id=492136
  --
- udev (#462655)
+ planet (CVE-2009-2937)
- notified maintainer
+ bug #546178
+ notified maintainer through initial bugreport
  --
-Line 200 
 xemacs21 (CVE-2008-2142)
+Line 450 
 xemacs21 (CVE-2008-2142)
  bug #480877
  notified maintainer
+ xemacs21 (CVE-2009-2688)
+ #540470
+ Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
+ notified maintainer
  --
  xen-3 (CVE-2008-4993)
-Line 208 
 notified maintainer
+Line 463 
 notified maintainer
  --
+ xerces-c2 (CVE-2009-1885)
+ #541986
+ notified maintainer
+ --
  xfig
 _mkstemp added in 1:3.2.5.a-1
  notified maintainer
+ CVE-2009-4228/CVE-2009-4227
+ #559274)
+ https://bugzilla.redhat.com/show_bug.cgi?id=543905
+ --
+ xmp (CVE-2007-6731, CVE-2007-6732)
+ #546730
+ notified maintainer
+ --
+ xserver-xorg (no CVE)
+ #555308
+ --
+ ytnef (CVE-2009-3887, CVE-2009-3721)
+ notified maintainer
  --
  ziproxy (CVE-2009-0804)
  #521051
+ notified maintainer
+ --
+ zope2.10 (no CVE)
+ https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html
+ --
+ zoph (CVE-2008-6838, CVE-2008-6837, CVE-2009-2343)
+ http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249
+ http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128
+ notified maintainer

 Legend:



Removed from v.12571
 


changed lines


 
Added in v.14420
 Legend:



Removed from v.12571
 


changed lines


 
Added in v.14420
-Removed from v.12571
+Added in v.14420

	ViewVC Help
Powered by ViewVC 1.1.5