/[secure-testing]/data/ospu-candidates.txt

Diff of /data/ospu-candidates.txt

Parent Directory | Revision Log | View Patch Patch

-revision 12653 by jmm-guest,
Fri Aug 21 17:50:45 2009 UTC
+revision 15243 by jmm-guest,
Tue Aug 31 16:20:21 2010 UTC
 Line 3 
 but which could be fixed in a stable poi
  it. If someone wants to address these, please add a note about it
  and get in contact with debian-release@lists.debian.org
+ --
+ abcm2ps (no CVE)
+ #577014
+ --
+ acidbase (CVE-2009-4590, CVE-2009-4591, CVE-2009-4592)
+ notified maintainer
+ CVE-2009-4839  CVE-2009-4838 CVE-2009-4837
+ maintainer contacted us, notified about spu status
+ --
+ acl (CVE-2009-4411)
+ #499076
+ notified maintainer
  --
  asterisk (CVE-2009-0041)
  #513413
  notified maintainer
- CVE-2008-3903
+ asterisk (CVE-2008-3903)
  #522528
  notified maintainer
-Line 21 
 notified maintainer
+Line 42 
 notified maintainer
  --
+ babel (CVE-2009-3736)
+ #559843
+ notified maintainer
+ --
  bugzilla (CVE-2009-0481 to CVE-2009-0485)
  notified maintainer
+ CVE-2010-1204
+ notified maintainer through initial bugreport
  --
- burn: (no CVE yet)
+ buildbot (CVE-2009-2959, CVE-2009-2967)
- #542329
+ #543822
- notified maintainer through bug report
+ notified maintainer
  --
-Line 37 
 notified maintainer
+Line 67 
 notified maintainer
  --
+ couchdb (CVE-2010-0009)
+ #576304
+ notified maintainer
+ --
  cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
  #528434
  notified maintainer
  --
+ cups (CVE-2009-3553)
+ #557740
+ maintainer notified in initial bug report
+ Initial patch was incomplete;
+ cups (CVE-2010-0302)
+ #572940
+ notified maintainer
+ --
+ devil (CVE-2009-3994)
+ #560080
+ notified maintainer
+ --
+ dopewars (CVE-2009-3591)
+ #550913
+ notified maintainer
+ --
+ dstat (CVE-2009-3894)
+ http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
+ notified maintainer
+ dstat (CVE-2009-4081)
+ #559667
+ notified maintainer
+ --
  evolution (CVE-2009-1631)
  #526409
  notified maintainer through initial bugreport
  --
- firebird2.0 (CVE-2009-2620)
+ exim4 (CVE-2010-2023, CVE-2010-2024)
- #539477
+ notified maintainers
+ --
+ fastjar (CVE-2010-0831, CVE-2010-2322)
+ --
+ fcron (CVE-2010-0791)
+ #572587
+ notified maintainer through initial bugreport
+ --
+ imp4 (CVE-2010-0463)
+ #569661
  notified maintainer
  --
+ libgnucrypto-java (CVE-2008-5659)
+ #559789
+ removed
+ --
  gnutls26 (CVE-2009-1417)
  #531614
  notified maintainer
  --
+ gri (no CVE)
+ fixed in gri 2.12.18-1:
+ "Improve security when creating temporary files."
+ notified maintainer
+ --
+ gupnp (CVE-2009-2174)
+ #534594
+ notified maintainer
+ --
+ htmldoc (CVE-2009-3050)
+ #537637
+ notified maintainer through initial bugreport
+ --
+ hypre (CVE-2009-3736)
+ #559834
+ notified maintainer
+ --
+ iceweasel (CVE-2009-0777)
+ #576466
+ notified maintainer
+ --
+ kde4libs (CVE-2009-2702)
+ #546218
+ notified maintainer
+ kde4libs (CVE-2009-0689)
+ notified maintainer
+ --
  kfreebsd-6
  [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
  http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
-Line 94 
 notified maintainer through initial bugr
+Line 224 
 notified maintainer through initial bugr
  --
+ libesmtp (CVE-2010-1192)
+ #572960
+ maintainer contacted us, notified about spu status
+ --
+ libnss-db (CVE-2010-0826)
+ #577057
+ --
  libpam-ssh (CVE-2009-1273)
  #535877
- maintainer notified through initial bug report
+ maintainer notified through initial bug report, said he would work on an update
  --
-Line 106 
 notified maintainer
+Line 247 
 notified maintainer
  --
+ libpoe-component-irc-perl
+ #581194
+ maintainer contacted us
+ --
  libsndfile
  potential dos via crafted input
  #530831
+ notified maintainer
  --
-Line 117 
 notified maintainer and release team
+Line 265 
 notified maintainer and release team
  --
+ libstruts1.2-java (CVE-2008-2025)
+ #528352
+ notified maintainer
+ --
+ linux-ftpd: null ptr dereference
+ #572813
+ notified maintainer
+ --
+ logrotate [logrotate race condition could lead to file disclosure]
+ Fixed in sid in 3.7.8-4
+ --
+ makepasswd (no CVE ID)
+ #564559
+ notified maintainer
+ --
+ mako (CVE-2010-2480)
+ http://bugs.python.org/issue9061
+ --
+ mapserver (CVE-2010-3484, CVE-2010-3485)
+ fixed in 5.6.4-1
+ --
+ maradns
+ http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
+ notified maintainer
+ --
  memcached (CVE-2009-1255)
  notified maintainer
-Line 134 
 notified maintainer
+Line 321 
 notified maintainer
  --
+ neon27 (CVE-2009-2474)
+ #542926
+ notified maintainer
+ --
+ neon26 (CVE-2009-2474)
+ #542926
+ notified maintainer
+ --
+ network-manager-applet (CVE-2009-4144)
+ #560067
+ notified maintainer through initial bugreport
+ CVE-2009-4145
+ #563371
+ notified maintainer through initial bugreport
+ --
+ ntop (CVE-2009-2732)
+ #543312
+ notified maintainer through initial bugreport
+ --
+ postfix (CVE-2009-2939)
+ notified maintainer
+ --
+ ruby1.8 (CVE-2010-0541)
+ --
+ ruby1.9 (CVE-2010-0541)
+ --
  squid (CVE-2009-0801)
  #521053
+ notified maintainer
  --
  squid3 (CVE-2009-0801)
  #521052
+ notified maintainer
  --
- stardict (CVE-2009-2260)
+ t-prot (CVE-2009-4404)
- #534731
  notified maintainer
  --
-Line 155 
 Noah will see to it.
+Line 384 
 Noah will see to it.
  --
+ ocsinventory-server (CVE-2009-3040, CVE-2009-3042, CVE-2009-1443)
+ #541995
+ notified maintainer
+ --
  openldap
  #253838
  notified maintainer
  --
+ overkill (no CVE yet)
+ #549310
+ --
+ owl (CVE-2009-0363)
+ #515118
+ notified maintainer
+ --
  pam (CVE-2009-0579)
  #514437
  asked maintainer in mail
  --
+ pidgin (CVE-2009-1889, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085)
+ #535790
+ http://developer.pidgin.im/ticket/9483
+ http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
+ notified maintainer
+ --
  pptp-linux (no CVE)
  #523476
  Ola will prepare a fix in a point update
  --
- slim (CVE-2009-1756)
+ prewikka (CVE-2010-2058)
- bug #529306
+ #584469
- Maintainer notified through followup in #529306
+ --
+ puppet (CVE-2009-3564)
+ #551073
+ notified maintainer in initial bug report
+ CVE-2010-0156
+ #https://bugzilla.redhat.com/show_bug.cgi?id=502881
+ notified maintainer
+ --
+ python-4suite (CVE-2009-3560, CVE-2009-3720)
+ #560914
+ notified maintainer
+ --
+ python2.4 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134)
  --
- smarty (CVE-2009-1669)
+ python2.5 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134)
- #529810
- http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462
+ --
+ rails (CVE-2009-3086)
+ bug #545063
  notified maintainer
  --
+ shibboleth-sp2: world-readable key (no CVE)
+ #571631
+ notified maintainer through bugreport
+ --
+ squid (CVE-2010-0639)
+ #572553
+ Maintainer notified through initial bugreport
+ --
+ squid3 (CVE-2010-0639)
+ #572554
+ Maintainer notified through initial bugreport
+ --
+ sqlite
+ #566326
+ --
  tau (CVE-2008-5157)
  #506348
  notified maintainer
  --
- texlive-bin (CVE-2009-1284)
+ trac (CVE-2009-4405)
- #520920
+ notified maintainer
- https://bugzilla.redhat.com/show_bug.cgi?id=492136
  --
-Line 203 
 notified maintainer
+Line 504 
 notified maintainer
  --
+ planet (CVE-2009-2937)
+ bug #546178
+ notified maintainer through initial bugreport
+ --
+ w3m (CVE-2010-2074)
+ maintainer notified through bug report
+ --
  webkit (CVE-2008-4724)
  #520052
  asked maintainer
-Line 226 
 notified maintainer
+Line 538 
 notified maintainer
  --
+ xerces-c2 (CVE-2009-1885)
+ #541986
+ notified maintainer
+ --
  xfig
 _mkstemp added in 1:3.2.5.a-1
  notified maintainer
+ CVE-2009-4228/CVE-2009-4227
+ #559274)
+ https://bugzilla.redhat.com/show_bug.cgi?id=543905
+ notified maintainer
+ --
+ xmp (CVE-2007-6731, CVE-2007-6732)
+ #546730
+ notified maintainer
  --
- xscreensaver (no CVE)
+ xserver-xorg (no CVE)
- #539699
+ #555308
+ --
+ ytnef (CVE-2009-3887, CVE-2009-3721)
+ notified maintainer
  --
  ziproxy (CVE-2009-0804)
  #521051
+ notified maintainer
+ --
+ zope2.10 (no CVE)
+ https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html
+ --
+ zoph (CVE-2008-6838, CVE-2008-6837, CVE-2009-2343)
+ http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249
+ http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128
+ notified maintainer

 Legend:



Removed from v.12653
 


changed lines


 
Added in v.15243
 Legend:



Removed from v.12653
 


changed lines


 
Added in v.15243
-Removed from v.12653
+Added in v.15243

	ViewVC Help
Powered by ViewVC 1.1.5