/[secure-testing]/data/ospu-candidates.txt

Diff of /data/ospu-candidates.txt

Parent Directory | Revision Log | View Patch Patch

-revision 10034 by jmm-guest,
Tue Oct  7 21:19:21 2008 UTC
+revision 14606 by jmm-guest,
Wed May  5 19:42:44 2010 UTC
 Line 3 
 but which could be fixed in a stable poi
  it. If someone wants to address these, please add a note about it
  and get in contact with debian-release@lists.debian.org
  --
- chillispot
+ abcm2ps (no CVE)
- #500181
+ #577014
- notified maintainer
  --
- aegis
+ acidbase (CVE-2009-4590, CVE-2009-4591, CVE-2009-4592)
- #496400
  notified maintainer
  --
- apertium
+ acl (CVE-2009-4411)
- #496395
+ #499076
  notified maintainer
  --
- audacity (CVE-2007-6061)
+ asterisk (CVE-2009-0041)
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
+ #513413
+ notified maintainer
+ asterisk (CVE-2008-3903)
+ #522528
  notified maintainer
  --
- audiolink
+ avahi (CVE-2009-0758)
- #496433
+ #517683
  notified maintainer
  --
- aview
+ babel (CVE-2009-3736)
- #496422
+ #559843
  notified maintainer
  --
- beagle (CVE-2005-4791)
+ bugzilla (CVE-2009-0481 to CVE-2009-0485)
  notified maintainer
  --
- blam (CVE-2005-4791)
+ buildbot (CVE-2009-2959, CVE-2009-2967)
+ #543822
  notified maintainer
  --
- boost (CVE-2008-0172/CVE-2008-0171)
+ compiz-fusion-plugins-main (CVE-2008-6514)
- #461236
  notified maintainer
  --
- bugzilla (CVE-2008-2103)
+ cpio (CVE-2010-0624)
- #480190
  notified maintainer
  --
- byacc (CVE-2008-3196)
+ couchdb (CVE-2010-0009)
- #491182
+ #576304
- notified maintainer
  --
- bzip2 (CVE-2008-1372)
+ cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
- #471670
+ #528434
- Maintainer has been notified
+ notified maintainer
  --
- cdcontrol
+ cups (CVE-2009-3553)
- #496438
+ #557740
+ maintainer notified in initial bug report
+ Initial patch was incomplete;
+ cups (CVE-2010-0302)
+ #572940
  notified maintainer
  --
- cdrw-taper
+ devil (CVE-2009-3994)
- #496380
+ #560080
  notified maintainer
  --
- cecilia (CVE-2008-1832)
+ dopewars (CVE-2009-3591)
- #476321
+ #550913
  notified maintainer
  --
- comix (CVE-2008-1568)
+ dstat (CVE-2009-3894)
- #462840
+ http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
+ notified maintainer
+ dstat (CVE-2009-4081)
+ #559667
  notified maintainer
  --
- crossfire-maps
+ evolution (CVE-2009-1631)
- #496358
+ #526409
- maintainer doesn't want to fix that, looking at the actual bug I also
+ notified maintainer through initial bugreport
- think an update is overkill
  --
- digitaldj
+ fcron (CVE-2010-0791)
- #496399
+ #572587
- notified maintainer
+ notified maintainer through initial bugreport
  --
- dist
+ imp4 (CVE-2010-0463)
- #496412
+ #569661
- package has been uploaded
  --
- emacs21 (CVE-2007-6109/CVE-2008-1694)
+ libgnucrypto-java (CVE-2008-5659)
- bug #455433, bug #476612
+ #559789
- notified maintainer
+ removed
- emacs21 (CVE-2008-2142)
+ --
- bug #480877
+ gnutls26 (CVE-2009-1417)
+ #531614
  notified maintainer
  --
- emacs-jabber
+ gri (no CVE)
- #496428
+ fixed in gri 2.12.18-1:
+ "Improve security when creating temporary files."
  notified maintainer
  --
- emacspeak (CVE-2008-4191)
+ gupnp (CVE-2009-2174)
- #496431
+ #534594
  notified maintainer
  --
- exiv2 (CVE-2008-2696)
+ htmldoc (CVE-2009-3050)
- bug #486328
+ #537637
- http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
+ notified maintainer through initial bugreport
- notified maintainer
  --
- flac123 (CVE-2007-3507)
+ hypre (CVE-2009-3736)
+ #559834
  notified maintainer
  --
- fml
+ iceweasel (CVE-2009-0777)
- #496370
+ #576466
  notified maintainer
  --
- freeradius (CVE-2008-4474)
+ kde4libs (CVE-2009-2702)
- #496489
+ #546218
+ notified maintainer
+ kde4libs (CVE-2009-0689)
+ notified maintainer
  --
- fwbuilder
+ kfreebsd-6
- #496406
+ [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
+ http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
+ notified maintainer
+ [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
+ http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
  notified maintainer
  --
- gdrae
+ kfreebsd-7
- #496378
+ [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
+ http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
+ notified maintainer
+ [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
+ http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
  notified maintainer
  --
- gpsdrive
+ kvm 82-1 (CVE-2008-5714)
- #496436
+ #509997
  notified maintainer
  --
- ipsec-tools (CVE-2008-3651)
+ lcms (CVE-2009-0793)
- http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
+ notified maintainer through initial bugreport
- notified maintainer
  --
- jumpnbump (no CVE yet)
+ libesmtp (CVE-2010-1192)
- #500611
+ #572960
- notified maintainer
  --
- konwert
+ libnss-db (CVE-2010-0826)
- #496379
+ #577057
- notified maintainer
  --
- libapache2-mod-perl2 (CVE-2007-1349)
+ libpam-ssh (CVE-2009-1273)
- http://svn.apache.org/viewvc?view=rev&revision=521584
+ #535877
- #433549
+ maintainer notified through initial bug report, said he would work on an update
- notified maintainer
  --
- libpam-ssh (CVE-2007-0844)
+ libpng (CVE-2009-2042)
- #410236
+ #533676
  notified maintainer
+ CVE-2010-0205
+ #572308
  --
- libpng (CVE-2008-1382)
+ libsndfile
- #476669
+ potential dos via crafted input
+ #530831
  notified maintainer
  --
- liferea (CVE-2005-4791)
+ libvorbis (CVE-2008-2009)
- notified maintainer
+ notified maintainer and release team
  --
- lighttpd (CVE-2007-3948)
+ libstruts1.2-java (CVE-2008-2025)
- #434888
+ #528352
- Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
- http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
- http://trac.lighttpd.net/trac/ticket/1216
  notified maintainer
  --
- links2 (CVE-2008-3329)
+ linux-ftpd: null ptr dereference
- bug #492744
+ #572813
  notified maintainer
  --
- linux-ftpd-ssl (CVE-2007-6263)
+ logrotate [logrotate race condition could lead to file disclosure]
- #454733
+ Fixed in sid in 3.7.8-4
- notified maintainer
  --
- mecab (CVE-2007-3231)
+ makepasswd (no CVE ID)
- #429174
+ #564559
  notified maintainer
  --
- mercurial (CVE-2008-4297)
+ maradns
- #500781
+ http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
  notified maintainer
  --
- mgetty
+ memcached (CVE-2009-1255)
- #496403
  notified maintainer
  --
- mgt
+ mimedecode
- #496434
+ potential dos/crash due to invalid input
- notified maintainer
+ orphaned
+ #530430
  --
- mksh (CVE-2008-1845)
+ mpg123 (CVE-2009-1301)
  notified maintainer
  --
- mldonkey (CVE-2007-4100)
+ nano (CVE-2010-1160, CVE-2010-1161)
- #435439
+ #577817
- notified maintainer
  --
- mnogosearch (CVE-2007-5588)
+ neon27 (CVE-2009-2474)
- #447753
+ #542926
  notified maintainer
  --
- myspell
+ neon26 (CVE-2009-2474)
- #496392
+ #542926
  notified maintainer
- ---
+ --
+ network-manager-applet (CVE-2009-4144)
+ #560067
+ notified maintainer through initial bugreport
- ngircd (CVE-2008-0285)
+ CVE-2009-4145
- notified maintainer
+ #563371
+ notified maintainer through initial bugreport
  --
- nvi
+ ntop (CVE-2009-2732)
- #496462
+ #543312
- notified maintainer
+ notified maintainer through initial bugreport
  --
- paramiko (CVE-2008-0299)
+ postfix (CVE-2009-2939)
- #460706
  notified maintainer
  --
- python-django (CVE-2007-5712)
+ squid (CVE-2009-0801)
- http://media.djangoproject.com/patches/2007-10-26-security-fix/
+ #521053
- #448838
  notified maintainer
  --
- r-base
+ squid3 (CVE-2009-0801)
- #496418
+ #521052
  notified maintainer
  --
- rancid
+ t-prot (CVE-2009-4404)
- #496426
  notified maintainer
  --
- rccp
+ net-snmp (CVE-2008-6123)
- #496364
+ Noah will see to it.
- notified maintainer
  --
- realtimebattle
+ ocsinventory-server (CVE-2009-3040, CVE-2009-3042, CVE-2009-1443)
- #496385
+ #541995
  notified maintainer
  --
- redhat-cluster
+ openldap
- #496410
+ #253838
  notified maintainer
  --
- rkhunter
+ openssl (CVE-2009-3245)
- #496375
  notified maintainer
  --
- rsync (CVE-2007-6200)
+ overkill (no CVE yet)
- #453652
+ #549310
- notified maintainer
  --
- sabre
+ owl (CVE-2009-0363)
- #433996
+ #515118
  notified maintainer
  --
- scilab
+ pam (CVE-2009-0579)
- #496414
+ #514437
- notified maintainer
+ asked maintainer in mail
  --
- sgml2x
+ pidgin (CVE-2009-1889, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085)
- #496368
+ #535790
+ http://developer.pidgin.im/ticket/9483
+ http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
  notified maintainer
  --
- sip-tester (CVE-2008-1959, CVE-2008-2085)
+ pptp-linux (no CVE)
- #479039
+ #523476
- notified maintainer
+ Ola will prepare a fix in a point update
  --
- slocate (CVE-2007-0227)
+ puppet (CVE-2009-3564)
- #411937
+ #551073
+ notified maintainer in initial bug report
+ CVE-2010-0156
+ #https://bugzilla.redhat.com/show_bug.cgi?id=502881
  notified maintainer
  --
- smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
+ python-4suite (CVE-2009-3560, CVE-2009-3720)
+ #560914
  notified maintainer
  --
- sng
+ rails (CVE-2009-3086)
- #496407
+ bug #545063
  notified maintainer
  --
- ssmtp
+ shibboleth-sp2: world-readable key (no CVE)
- #498366
+ #571631
- notified maintainer
+ notified maintainer through bugreport
  --
- streamripper (CVE-2007-4337)
+ slim (CVE-2009-1756)
- notified maintainer
+ bug #529306
+ Maintainer notified through followup in #529306
  --
- sylpheed (CVE-2007-2958)
+ squid (CVE-2010-0639)
- #441854
+ #572553
- http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
+ Maintainer notified through initial bugreport
- notified maintainer
  --
- sympa
+ squid3 (CVE-2010-0639)
- #496405; bug #494969
+ #572554
- notified maintainer
+ Maintainer notified through initial bugreport
  --
- tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
+ sqlite
- #465643
+ #566326
- notified maintainer
  --
- tomboy (CVE-2005-4790)
+ tau (CVE-2008-5157)
+ #506348
  notified maintainer
  --
- xmcd
+ texlive-bin (CVE-2010-0739, CVE-2010-0827)
- #496416
  notified maintainer
  --
- vobcopy (CVE-2007-5718)
+ trac (CVE-2009-4405)
- bug #448319
- notified maintainer
  --
- wdiff [insecure tempfile in wdiff]
+ udev (#462655)
- bug #425254
  notified maintainer
  --
- wims
+ planet (CVE-2009-2937)
- #496387
+ bug #546178
- notified maintainer
+ notified maintainer through initial bugreport
  --
- wyrd (CVE-2008-0806)
+ webkit (CVE-2008-4724)
- bug #466382
+ #520052
- notified maintainer
+ asked maintainer
  --
- xastir
+ xemacs21 (CVE-2008-2142)
- #496383
+ bug #480877
+ notified maintainer
+ xemacs21 (CVE-2009-2688)
+ #540470
+ Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
  notified maintainer
  --
- xcal
+ xen-3 (CVE-2008-4993)
- #496393
+ #496367
  notified maintainer
  --
- xemacs21 (CVE-2007-6109/CVE-2008-1694)
+ xerces-c2 (CVE-2009-1885)
- bug #457764, bug #476613
+ #541986
  notified maintainer
- xemacs21 (CVE-2008-2142)
+ --
- bug #480877
+ xfig
+_mkstemp added in 1:3.2.5.a-1
  notified maintainer
+ CVE-2009-4228/CVE-2009-4227
+ #559274)
+ https://bugzilla.redhat.com/show_bug.cgi?id=543905
  --
- xen-3
+ xmp (CVE-2007-6731, CVE-2007-6732)
- #496367
+ #546730
  notified maintainer
  --
- xfce4 (CVE-2007-6351 CVE-2007-6352)
+ xserver-xorg (no CVE)
+ #555308
+ --
+ ytnef (CVE-2009-3887, CVE-2009-3721)
  notified maintainer
  --
- zabbix (CVE-2008-1353)
+ ziproxy (CVE-2009-0804)
- bug #471678
+ #521051
  notified maintainer
  --
- zsh (CVE-2007-6209)
+ zope2.10 (no CVE)
- bug #454073)
+ https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html
+ --
+ zoph (CVE-2008-6838, CVE-2008-6837, CVE-2009-2343)
+ http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249
+ http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128
  notified maintainer

 Legend:



Removed from v.10034
 


changed lines


 
Added in v.14606
 Legend:



Removed from v.10034
 


changed lines


 
Added in v.14606
-Removed from v.10034
+Added in v.14606

	ViewVC Help
Powered by ViewVC 1.1.5