/[secure-testing]/data/ospu-candidates.txt

Diff of /data/ospu-candidates.txt

Parent Directory | Revision Log | View Patch Patch

-data/spu-candidates.txt
revision 12571 by derevko-guest,
Tue Aug 11 20:45:32 2009 UTC
+data/ospu-candidates.txt
revision 16166 by nion,
Wed Feb 16 13:35:26 2011 UTC
 Line 1
  This file records minor security issues, which do not warrant a DSA,
- but which could be fixed in a stable point update if people feel like
+ but which could be fixed in a oldstable point update if people feel like
  it. If someone wants to address these, please add a note about it
  and get in contact with debian-release@lists.debian.org
+ --
+ feh (CVE-2011-1031, CVE-2011-0702)
+ #612035
+ --
+ abcm2ps (no CVE)
+ #577014
  --
- asterisk (CVE-2009-0041)
+ acidbase (CVE-2009-4590, CVE-2009-4591, CVE-2009-4592)
- #513413
  notified maintainer
- CVE-2008-3903
+ CVE-2009-4839  CVE-2009-4838 CVE-2009-4837
- #522528
+ maintainer contacted us, notified about spu status
+ --
+ acl (CVE-2009-4411)
+ #499076
  notified maintainer
  --
- avahi (CVE-2009-0758)
+ aptitude (CVE-2011-XXXX)
- #517683
+ #612034
+ --
+ babel (CVE-2009-3736)
+ #559843
  notified maintainer
  --
-Line 24 
 notified maintainer
+Line 45 
 notified maintainer
  bugzilla (CVE-2009-0481 to CVE-2009-0485)
  notified maintainer
+ CVE-2010-1204
+ notified maintainer through initial bugreport
+ --
+ buildbot (CVE-2009-2959, CVE-2009-2967)
+ #543822
+ notified maintainer
+ --
+ calendarserver
+ #605157
+ --
+ centerim
+ CVE-2009-3720
  --
  compiz-fusion-plugins-main (CVE-2008-6514)
-Line 31 
 notified maintainer
+Line 71 
 notified maintainer
  --
+ conky (CVE-2011-XXXX)
+ #612033
+ --
+ couchdb (CVE-2010-0009)
+ #576304
+ notified maintainer
+ --
  cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
  #528434
  notified maintainer
  --
+ cups (CVE-2009-3553)
+ #557740
+ maintainer notified in initial bug report
+ Initial patch was incomplete;
+ cups (CVE-2010-0302)
+ #572940
+ notified maintainer
+ --
+ dbus-glib (CVE-2010-1172)
+ #592753
+ --
+ devil (CVE-2009-3994)
+ #560080
+ notified maintainer
+ --
+ dopewars (CVE-2009-3591)
+ #550913
+ notified maintainer
+ --
+ dstat (CVE-2009-3894)
+ http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
+ notified maintainer
+ dstat (CVE-2009-4081)
+ #559667
+ notified maintainer
+ --
+ eclipse (CVE-2010-4647)
+ #611849
+ --
  evolution (CVE-2009-1631)
  #526409
  notified maintainer through initial bugreport
  --
- firebird2.0 (CVE-2009-2620)
+ exim4 (CVE-2010-2023, CVE-2010-2024)
- #539477
+ notified maintainers
+ --
+ fastjar (CVE-2010-0831, CVE-2010-2322)
+ --
+ fcron (CVE-2010-0791)
+ #572587
+ notified maintainer through initial bugreport
+ --
+ feh (CVE-2011-XXXX)
+ #612035
+ --
+ flash-kernel temp file handling (fixed in 2.33)
+ --
+ gif2png (CVE-2010-4695/CVE-2010-4696)
+ #610479
+ --
+ gnome-shell (CVE-2010-4000)
+ --
+ gnome-subtitles (CVE-2010-3357)
+ #598289
+ --
+ CVE-2008-XXXX [greylistd bypass]
+ #464084
+ --
+ ika (CVE-2010-3361)
+ #5982925B
+ notified maintainer
+ --
+ imp4 (CVE-2010-0463)
+ #569661
+ notified maintainer
+ --
+ libgnucrypto-java (CVE-2008-5659)
+ #559789
+ removed
+ --
+ gnome-schedule
+ #605169
+ --
+ gnucash (CVE-2010-3999)
+ #603329
+ --
+ gnumed-client
+ #605159
  --
-Line 54 
 notified maintainer
+Line 221 
 notified maintainer
  --
+ gri (no CVE)
+ fixed in gri 2.12.18-1:
+ "Improve security when creating temporary files."
+ notified maintainer
+ --
+ gupnp (CVE-2009-2174)
+ #534594
+ notified maintainer
+ --
+ htmldoc (CVE-2009-3050)
+ #537637
+ notified maintainer through initial bugreport
+ --
+ hypermail (CVE-2010-4339)
+ #598743
+ --
+ hypre (CVE-2009-3736)
+ #559834
+ notified maintainer
+ --
+ iceweasel (CVE-2009-0777)
+ #576466
+ notified maintainer
+ --
+ ironpython
+ #605158
+ --
+ kde4libs (CVE-2009-2702)
+ #546218
+ notified maintainer
+ kde4libs (CVE-2009-0689)
+ notified maintainer
+ --
  kfreebsd-6
  [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
  http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
-Line 76 
 notified maintainer
+Line 293 
 notified maintainer
  --
+ krb5 (CVE-2011-0281/CVE-2010-0282)
+ maintainer preparing upload (r16154)
+ --
  kvm 82-1 (CVE-2008-5714)
  #509997
  notified maintainer
-Line 87 
 notified maintainer through initial bugr
+Line 309 
 notified maintainer through initial bugr
  --
- libpng (CVE-2009-2042)
+ libesmtp (CVE-2010-1192)
- #533676
+ #572960
- notified maintainer
+ maintainer contacted us, notified about spu status
+ --
+ libnss-db (CVE-2010-0826)
+ #577057
+ --
+ liboggz (CVE-2009-3377)
+ Fixed in 0.9.9-1
+ Too intrusive to backport, needs to be updated to 0.9.9. Requires additional rebuild of rev dep.
+ --
+ libglpng (CVE-2010-1516)
+ --
+ libpoe-component-irc-perl
+ #581194
+ maintainer contacted us
  --
  libsndfile
  potential dos via crafted input
  #530831
+ notified maintainer
  --
-Line 104 
 notified maintainer and release team
+Line 348 
 notified maintainer and release team
  --
+ libstruts1.2-java (CVE-2008-2025)
+ #528352
+ notified maintainer
+ --
+ linux-ftpd: null ptr dereference
+ #572813
+ notified maintainer
+ --
+ logrotate [logrotate race condition could lead to file disclosure]
+ Fixed in sid in 3.7.8-4
+ --
+ magpierss (CVE-2011-0740)
+ #611940
+ --
+ makepasswd (no CVE ID)
+ #564559
+ notified maintainer
+ --
+ mako (CVE-2010-2480)
+ http://bugs.python.org/issue9061
+ --
+ mapserver (CVE-2010-3484, CVE-2010-3485)
+ fixed in 5.6.4-1
+ --
+ maradns
+ http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
+ notified maintainer
+ --
+ matrixssl
+ CVE-2009-3555
+ --
+ mediatomb (CVE-2010-XXXX)
+ #580120
+ Interface should be disabled in a point update, no real fix
+ --
  memcached (CVE-2009-1255)
  notified maintainer
  --
+ mercurial (CVE-2010-4237)
+ #598841
+ --
  mimedecode
  potential dos/crash due to invalid input
  orphaned
-Line 116 
 orphaned
+Line 421 
 orphaned
  --
+ mingetty
+ #597382
+ --
+ mono-debugger (CVE-2010-3369)
+ #598299
+ --
  mpg123 (CVE-2009-1301)
  notified maintainer
  --
+ neon27 (CVE-2009-2474)
+ #542926
+ notified maintainer
+ --
+ neon26 (CVE-2009-2474)
+ #542926
+ notified maintainer
+ --
+ network-manager-applet (CVE-2009-4144)
+ #560067
+ notified maintainer through initial bugreport
+ CVE-2009-4145
+ #563371
+ notified maintainer through initial bugreport
+ --
+ ntop (CVE-2009-2732)
+ #543312
+ notified maintainer through initial bugreport
+ --
+ phpbb3 (CVE-2010-1630, 1627)
+ --
+ pidgin CVE-2011-XXXX
+ http://www.pidgin.im/news/security/?id=50
+ --
+ postfix (CVE-2009-2939)
+ notified maintainer
+ --
+ proftpd-dfsg (CVE-2008-7265)
+ --
+ puppet (CVE-2009-3564, CVE-2010-0156)
+ --
+ python-numpy (CVE-2010-XXXX [numpy memory corruption])
+ #581058
+ http://projects.scipy.org/numpy/changeset/8364
+ --
+ roaraudio (CVE-2010-3362)
+ #598295
+ --
+ ruby1.8 (CVE-2010-0541)
+ --
+ ruby1.9 (CVE-2010-0541)
+ --
  squid (CVE-2009-0801)
  #521053
+ notified maintainer
  --
  squid3 (CVE-2009-0801)
  #521052
+ notified maintainer
  --
- stardict (CVE-2009-2260)
+ stunnel (CVE-2011-XXXX)
- #534731
+ http://www.stunnel.org/?page=sdf_ChangeLog (v4.35)
+ --
+ tangerine (CVE-2010-3381)
+ #598302
+ --
+ t-prot (CVE-2009-4404)
  notified maintainer
  --
+ texmacs (CVE-2010-3394)
+ #598424
+ --
+ tomcat-native (CVE-2009-3555)
+ --
+ torcs (CVE-2010-3384)
+ #598306
+ --
  net-snmp (CVE-2008-6123)
  Noah will see to it.
  --
+ ocsinventory-server (CVE-2009-3040, CVE-2009-3042, CVE-2009-1443)
+ #541995
+ notified maintainer
+ --
+ offlineimap (CVE-2010-4533, CVE-2010-4532)
+ #606962
+ --
  openldap
  #253838
  notified maintainer
  --
+ overkill (no CVE yet)
+ #549310
+ --
+ owl (CVE-2009-0363)
+ #515118
+ notified maintainer
+ --
  pam (CVE-2009-0579)
  #514437
  asked maintainer in mail
+ CVE-2010-4708/CVE-2010-4707/CVE-2010-4706
+ --
+ pidgin (CVE-2009-1889, CVE-2009-3085)
+ #535790
+ http://developer.pidgin.im/ticket/9483
+ http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
+ notified maintainer
  --
  pptp-linux (no CVE)
-Line 160 
 Ola will prepare a fix in a point update
+Line 601 
 Ola will prepare a fix in a point update
  --
- slim (CVE-2009-1756)
+ prewikka (CVE-2010-2058)
- bug #529306
+ #584469
- Maintainer notified through followup in #529306
  --
- smarty (CVE-2009-1669)
+ puppet (CVE-2009-3564)
- #529810
+ #551073
- http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462
+ notified maintainer in initial bug report
+ CVE-2010-0156
+ #https://bugzilla.redhat.com/show_bug.cgi?id=502881
  notified maintainer
  --
+ python-4suite (CVE-2009-3560, CVE-2009-3720)
+ #560914
+ notified maintainer
+ --
+ python-cjson (CVE-2009-4924)
+ #593302
+ --
+ python2.4 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134)
+ --
+ python2.5 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134, CVE-2010-3493)
+ --
+ qtparted (CVE-2010-3375)
+ #598301
+ --
+ rails (CVE-2009-3086)
+ bug #545063
+ notified maintainer
+ --
+ scilab (CVE-2010-3378)
+ #598423; #598422
+ --
+ shibboleth-sp2: world-readable key (no CVE)
+ #571631
+ notified maintainer through bugreport
+ --
+ snappea
+ #605151
+ --
+ squid (CVE-2010-0639)
+ #572553
+ Maintainer notified through initial bugreport
+ --
+ squid3 (CVE-2010-0639)
+ #572554
+ Maintainer notified through initial bugreport
+ --
+ sqlite
+ #566326
+ --
  tau (CVE-2008-5157)
  #506348
  notified maintainer
  --
- texlive-bin (CVE-2009-1284)
+ teamspeak-client
- #520920
+ #598304
- https://bugzilla.redhat.com/show_bug.cgi?id=492136
+ --
+ teamspeak-server
+ #598305
+ --
+ tesseract (CVE-2011-XXXX)
+ #612032
+ --
+ trac (CVE-2009-4405)
+ notified maintainer
  --
-Line 190 
 notified maintainer
+Line 712 
 notified maintainer
  --
+ planet (CVE-2009-2937)
+ bug #546178
+ notified maintainer through initial bugreport
+ --
+ w3m (CVE-2010-2074)
+ maintainer notified through bug report
+ --
  webkit (CVE-2008-4724)
  #520052
  asked maintainer
-Line 200 
 xemacs21 (CVE-2008-2142)
+Line 733 
 xemacs21 (CVE-2008-2142)
  bug #480877
  notified maintainer
+ xemacs21 (CVE-2009-2688)
+ #540470
+ Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
+ notified maintainer
  --
  xen-3 (CVE-2008-4993)
-Line 208 
 notified maintainer
+Line 746 
 notified maintainer
  --
+ xerces-c2 (CVE-2009-1885)
+ #541986
+ notified maintainer
+ --
  xfig
 _mkstemp added in 1:3.2.5.a-1
  notified maintainer
+ CVE-2009-4228/CVE-2009-4227
+ #559274)
+ https://bugzilla.redhat.com/show_bug.cgi?id=543905
+ notified maintainer
+ --
+ xmp (CVE-2007-6731, CVE-2007-6732)
+ #546730
+ notified maintainer
+ --
+ ytnef (CVE-2009-3887, CVE-2009-3721)
+ notified maintainer
  --
  ziproxy (CVE-2009-0804)
  #521051
+ notified maintainer
+ --
+ zope2.10 (no CVE)
+ https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html
+ --
+ zoph (CVE-2008-6838, CVE-2008-6837, CVE-2009-2343)
+ http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249
+ http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128
+ notified maintainer

 Legend:



Removed from v.12571
 


changed lines


 
Added in v.16166
 Legend:



Removed from v.12571
 


changed lines


 
Added in v.16166
-Removed from v.12571
+Added in v.16166

	ViewVC Help
Powered by ViewVC 1.1.5