/[secure-testing]/data/ospu-candidates.txt
ViewVC logotype

Contents of /data/ospu-candidates.txt

Parent Directory Parent Directory | Revision Log Revision Log

Revision 13490 - (show annotations) (download)
Tue Dec 8 17:09:50 2009 UTC (3 years, 5 months ago) by jmm-guest
File MIME type: text/plain
File size: 11036 byte(s) 
- updates on libtool code copies: 
  * snbc, dico and unixodbc use the system copy
  * hypre and babel fixed, but no-dsa for Lenny/Etch
- update poppler issue for code copies
- fix kfreebsd bug num
- new devil issue
- fix tracking for dstat
1 This file records minor security issues, which do not warrant a DSA,
2 but which could be fixed in a oldstable point update if people feel like
3 it. If someone wants to address these, please add a note about it
4 and get in contact with debian-release@lists.debian.org
5
6 --
7
8 acidbase (CVE-2007-5578)
9 notified maintainer
10
11 --
12
13 aegis (CVE-2008-4938)
14 #496400
15 notified maintainer
16
17 --
18
19 apertium (CVE-2008-4939)
20 #496395
21 notified maintainer
22
23 --
24
25 asterisk (CVE-2009-0041)
26 #513413
27 notified maintainer
28
29 CVE-2008-3903
30 #522528
31 notified maintainer
32
33 --
34
35 audacity (CVE-2007-6061)
36 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
37 notified maintainer
38
39 --
40
41 auctex (no CVE)
42 #506961
43 notified maintainer
44
45 --
46
47 audiolink (CVE-2008-4942)
48 #496433
49 notified maintainer
50
51 --
52
53 avahi (CVE-2009-0758)
54 #517683
55 notified maintainer
56
57 --
58
59 aview (CVE-2008-4935)
60 #496422
61 notified maintainer
62
63 --
64
65 backuppc (CVE-2009-3369)
66 #542218
67 notified maintainer
68
69 --
70
71 beagle (CVE-2005-4791)
72 notified maintainer
73
74 --
75
76 blam (CVE-2005-4791)
77 notified maintainer
78
79 --
80
81 bluez-libs/bluez-utils (CVE-2008-2374)
82 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
83 notified maintainer
84
85 --
86
87 boost (CVE-2008-0172/CVE-2008-0171)
88 #461236
89 notified maintainer
90
91 --
92
93 bugzilla (CVE-2008-2103)
94 #480190
95 notified maintainer
96
97 CVE-2008-4437
98 #502019
99 notified maintainer
100
101 bugzilla (CVE-2009-0481 to CVE-2009-0485)
102 notified maintainer
103
104 --
105
106 burn: (no CVE yet)
107 #542329
108 notified maintainer through bug report
109
110 --
111
112 byacc (CVE-2008-3196)
113 #491182
114 notified maintainer
115
116 --
117
118 bzip2 (CVE-2008-1372)
119 #471670
120 Maintainer has been notified
121
122 --
123
124 cdcontrol
125 #496438
126 notified maintainer
127
128 --
129
130 cdrw-taper (CVE-2008-4945)
131 #496380
132 notified maintainer
133
134 --
135
136 cecilia (CVE-2008-1832)
137 #476321
138 notified maintainer
139
140 --
141
142 chillispot
143 #500181
144 notified maintainer
145
146 --
147
148 comix (CVE-2008-1568)
149 #462840
150 notified maintainer
151
152 --
153
154 cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
155 #528434
156 notified maintainer
157
158 --
159
160 cupsys (CVE-2008-5377)
161 notified maintainer
162
163 --
164
165 cyrus-sasl2 (no CVE)
166 #465561
167 notified maintainer
168
169 --
170
171 dia (CVE-2008-5984)
172 #504251
173 notified maintainer
174
175 --
176
177 digitaldj (CVE-2008-4948)
178 #496399
179 notified maintainer
180
181 --
182
183 dopewars (CVE-2009-3591)
184 #550913
185 notified maintainer
186
187 --
188
189 dstat (CVE-2009-3894)
190 http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
191 notified maintainer
192
193 dstat (CVE-2009-4081)
194 #559667
195 notified maintainer
196
197 --
198
199 ed (CVE-2008-3916)
200 Fix from 0.7-2
201 notified maintainer
202
203 --
204
205 emacs21 (CVE-2007-6109/CVE-2008-1694)
206 bug #455433, bug #476612
207 notified maintainer
208
209 emacs21 (CVE-2008-2142)
210 bug #480877
211 notified maintainer
212
213 --
214
215 emacs-jabber (CVE-2008-4952)
216 #496428
217 notified maintainer
218
219 --
220
221 emacspeak (CVE-2008-4191)
222 #496431
223 notified maintainer
224
225 --
226
227 epiphany-browser (CVE-2008-5985)
228 #504363
229 notified maintainer
230
231 --
232
233 evolution (CVE-2008-1108, CVE-2008-1109)
234 #484639
235 notified maintainer
236
237 evolution (no CVE)
238 #484639
239 notified maintainer
240
241 evolution (CVE-2009-1631)
242 #526409
243 notified maintainer through initial bugreport
244
245 --
246
247 exiv2 (CVE-2008-2696)
248 bug #486328
249 http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
250 notified maintainer
251
252 --
253
254 flac123 (CVE-2007-3507)
255 notified maintainer
256
257 --
258
259 fml (CVE-2008-4954)
260 #496370
261 notified maintainer
262
263 --
264
265 freeradius (CVE-2008-4474)
266 #496489
267 notified maintainer
268
269 --
270
271 fwbuilder (CVE-2008-4956)
272 #496406
273 notified maintainer
274
275 --
276
277 gedit (CVE-2009-0314)
278 #513513
279 notified maintainer
280
281 --
282
283 gdrae
284 #496378
285 notified maintainer
286
287 --
288
289 glib2.0 (CVE-2009-3289)
290 https://bugzilla.gnome.org/show_bug.cgi?id=593406
291 notified maintainer
292
293 --
294
295 gmanedit (CVE-2008-3971)
296 #497835
297 notified maintainer
298
299 --
300
301 gnutls13 (CVE-2009-1417)
302 #531614
303 notified maintainer
304
305 --
306
307 gpsdrive (CVE-2008-5704, CVE-2008-5703, CVE-2008-5380)
308 #496436, #508597, #508595
309 notified maintainer
310
311 --
312
313 gri (no CVE)
314 fixed in gri 2.12.18-1:
315 "Improve security when creating temporary files."
316 notified maintainer
317
318 --
319
320 gupnp (CVE-2009-2174)
321 #534594
322
323 --
324
325 hplip (CVE-2008-2940/CVE-2008-2941)
326 #499842
327 notified maintainer
328
329 --
330
331 htmldoc (CVE-2009-3050)
332 #537637
333 notified maintainer through initial bugreport
334
335 --
336
337 hypre (CVE-2009-3736)
338 #559834
339
340 --
341
342 ipsec-tools (CVE-2008-3651)
343 http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
344 notified maintainer
345
346 ipsec-tools (CVE-2008-3652)
347 #501026
348 https://bugzilla.redhat.com/show_bug.cgi?id=456660
349 notified maintainer
350
351 --
352
353 kaya (CVE-2008-6428)
354 notified maintainer
355
356 --
357
358 konwert (CVE-2008-4964)
359 #496379
360 notified maintainer
361
362 --
363
364 lcms (CVE-2009-0793)
365 notified maintainer through initial bugreport
366
367 --
368
369 libapache2-mod-perl2 (CVE-2007-1349)
370 http://svn.apache.org/viewvc?view=rev&revision=521584
371 #433549
372 notified maintainer
373
374 --
375
376 libpam-ssh (CVE-2007-0844)
377 #410236
378 notified maintainer
379
380 --
381
382 libsamplerate (CVE-2008-5008)
383 https://bugzilla.redhat.com/attachment.cgi?id=323069
384 notified maintainer
385
386 --
387 libsndfile
388 potential dos via crafted input
389 #530831
390
391 --
392
393 libpam-ssh (CVE-2009-1273)
394 #535877
395 maintainer notified through initial bug report
396
397 --
398
399 libpng (CVE-2008-1382)
400 #476669
401 notified maintainer
402
403 libpng (CVE-2009-2042)
404 #533676
405 notified maintainer
406
407 --
408
409 libvorbis (CVE-2008-2009)
410 notified maintainer and release team
411
412 --
413
414 liferea (CVE-2005-4791)
415 notified maintainer
416
417 --
418
419 lighttpd (CVE-2007-3948)
420 #434888
421 Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
422 http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
423 http://trac.lighttpd.net/trac/ticket/1216
424 notified maintainer
425
426 --
427
428 links2 (CVE-2008-3329)
429 bug #492744
430 notified maintainer
431
432 --
433
434 linux-ftpd (CVE-2008-4247)
435 #500278
436 notified maintainer
437
438 --
439
440 linux-ftpd-ssl (CVE-2007-6263)
441 #454733
442 notified maintainer
443
444 --
445
446 mailscanner (CVE-2008-5312, CVE-2008-5313)
447 #506353
448 notified maintainer
449
450 --
451
452 mecab (CVE-2007-3231)
453 #429174
454 notified maintainer
455
456 --
457
458 mercurial (CVE-2008-4297)
459 #500781
460 notified maintainer
461
462 --
463
464 mgetty (CVE-2008-4936)
465 #496403
466 notified maintainer
467
468 --
469
470 mgt
471 #496434
472 notified maintainer
473
474 --
475
476 memcached (CVE-2009-1255)
477 bug #527330
478 notified maintainer
479
480 --
481
482 mimedecode
483 potential dos/crash due to invalid input
484 #530430
485 orphaned
486
487 --
488
489 mksh (CVE-2008-1845)
490 notified maintainer
491
492 --
493
494 mldonkey (CVE-2007-4100)
495 #435439
496 notified maintainer
497
498 --
499
500 mnogosearch (CVE-2007-5588)
501 #447753
502 notified maintainer
503
504 --
505
506 motion (CVE-2008-2654)
507 #484572
508 notified maintainer
509
510 --
511
512 mpg123 (CVE-2009-1301)
513 notified maintainer
514
515 --
516
517 multi-gnome-terminal (CVE-2008-5143)
518 notified maintainer
519
520 --
521
522 myspell
523 #496392
524 notified maintainer
525
526 --
527
528 neon (CVE-2009-2474)
529 #542926
530 notified maintainer
531
532 --
533
534 neon26 (CVE-2009-2474)
535 #542926
536 notified maintainer
537
538 --
539
540 net-snmp (CVE-2008-6123)
541 Noah will see to it.
542
543 --
544
545 nfs-utils (CVE-2008-4552)
546 notified maintainer
547
548 --
549
550 ngircd (CVE-2008-0285)
551 notified maintainer
552
553 --
554
555 ntop (CVE-2009-2732)
556 #543312
557 notified maintainer through initial bugreport
558
559 --
560
561 nvi
562 #496462
563 notified maintainer
564
565 --
566
567 openldap
568 #253838
569 notified maintainer
570
571 --
572
573 overkill (no CVE yet)
574 #549310
575
576 --
577
578 owl (CVE-2009-0363)
579 #515118
580 notified maintainer
581
582 --
583
584 p3nfs (CVE-2008-5154)
585 bug #506270
586 notified maintainer
587
588 --
589
590 pam (CVE-2009-0579)
591 #514437
592 asked maintainer in mail
593
594 --
595
596 paramiko (CVE-2008-0299)
597 #460706
598 notified maintainer
599
600 --
601
602 planet (CVE-2009-2937)
603 bug #546178
604 notified maintainer through initial bugreport
605
606 --
607
608 postfix (CVE-2009-2939)
609 notified maintainer
610
611 postfix (CVE-2008-2937)
612 notified maintainer
613
614 --
615
616 pptp-linux (no CVE)
617 #523476
618 Ola will prepare a fix in a point update
619
620 --
621
622 puppet (CVE-2009-3564)
623 #551073
624 notified maintainer in initial bug report
625
626 --
627
628 python2.4 (CVE-2008-4864, CVE-2008-5031)
629 #504620
630 notified maintainer
631
632 python2.5 (CVE-2008-4864, CVE-2008-5031)
633 #504619
634 notified maintainer
635
636 --
637
638 r-base (CVE-2008-3931)
639 #496418
640 notified maintainer
641
642 --
643
644 rails (CVE-2009-3086)
645 bug #545063
646 notified maintainer
647
648 --
649
650 rancid (CVE-2008-4979)
651 #496426
652 notified maintainer
653
654 --
655
656 rccp (CVE-2008-4980)
657 #496364
658 notified maintainer
659
660 --
661
662 realtimebattle (CVE-2008-4981)
663 #496385
664 notified maintainer
665
666 --
667
668 redhat-cluster (CVE-2008-4192, CVE-2008-4579, CVE-2008-4580)
669 #496410
670 notified maintainer
671
672 --
673
674 rkhunter (CVE-2008-4982)
675 #496375
676 notified maintainer
677
678 --
679
680 rsync (CVE-2007-6200)
681 #453652
682 notified maintainer
683
684 --
685
686 sabre (CVE-2008-4406, CVE-2008-4407)
687 #433996
688 notified maintainer
689
690 --
691
692 scilab (CVE-2008-4983)
693 #496414
694 notified maintainer
695
696 --
697
698 sgml2x (CVE-2008-6397)
699 #496368
700 notified maintainer
701
702 --
703
704 sip-tester (CVE-2008-1959, CVE-2008-2085)
705 #479039
706 notified maintainer
707
708 --
709
710 slocate (CVE-2007-0227)
711 #411937
712 notified maintainer
713
714 --
715
716 smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
717 notified maintainer
718
719 --
720
721 sng
722 #496407
723 notified maintainer
724
725 --
726
727 snort (CVE-2009-3641)
728 #553584
729
730 --
731
732 squid (CVE-2009-0801)
733 #521053
734
735 --
736
737 squid3 (CVE-2009-0801)
738 #521052
739
740 --
741
742 ssmtp (CVE-2008-3962)
743 #498366
744 notified maintainer
745
746 --
747
748 sylpheed (CVE-2007-2958)
749 #441854
750 http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
751 notified maintainer
752
753 --
754
755 sympa (CVE-2008-4476)
756 #496405; bug #494969
757 notified maintainer
758
759 --
760
761 tau (CVE-2008-5157)
762 #506348
763 notified maintainer
764
765 --
766
767 tcl8.3/tcl8.4 (CVE-2007-4772)
768 notified maintainer
769
770 tcl8.3/tcl8.4 (CVE-2007-6067)
771 notified maintainer
772
773 --
774
775 tetex-bin (CVE-2009-1284)
776 #520920
777 https://bugzilla.redhat.com/show_bug.cgi?id=492136
778
779 --
780
781 texlive-bin (CVE-2007-5935 CVE-2007-5936 CVE-2007-5937)
782 notified maintainer
783
784 --
785
786 tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
787 #465643
788 notified maintainer
789
790 --
791
792 tomboy (CVE-2005-4790)
793 notified maintainer
794
795 --
796
797 tqsllib 2.0-8 (CVE-2009-0124)
798 #511509
799 notified maintainer
800
801 --
802
803 trac (CVE-2008-5646 CVE-2008-5647)
804 #509342, #505197
805 notified maintainer
806
807 --
808
809 trickle (CVE-2009-0415)
810 #513456
811 notified maintainer
812
813 --
814
815 udev
816 #462655
817 notified maintainer
818
819 --
820
821 unp (CVE-2007-6610)
822 #448437
823 notified maintainer
824
825 --
826
827 vobcopy (CVE-2007-5718)
828 bug #448319
829 notified maintainer
830
831 --
832
833 wdiff [insecure tempfile in wdiff]
834 bug #425254
835 notified maintainer
836
837 --
838
839 wims (CVE-2008-4986)
840 #496387
841 notified maintainer
842
843 --
844
845 wyrd (CVE-2008-0806)
846 bug #466382
847 notified maintainer
848
849 --
850
851 xastir (CVE-2008-4987)
852 #496383
853 notified maintainer
854
855 --
856
857 xcal (CVE-2008-4988)
858 #496393
859 notified maintainer
860
861 --
862
863 xcftools (CVE-2009-2175)
864 #533361
865 orphaned
866 Jan Hauke Rahm will prepare a package for stable and oldstable (#533361)
867
868 --
869
870 xchat (CVE-2009-0315)
871 #513509
872 notified maintainer
873
874 --
875
876 xemacs21 (CVE-2007-6109/CVE-2008-1694)
877 bug #457764, bug #476613
878 notified maintainer
879
880 xemacs21 (CVE-2008-2142)
881 bug #480877
882 notified maintainer
883
884 xemacs21 (CVE-2009-2688)
885 #540470
886 Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
887 notified maintainer
888
889 --
890
891 xen-3 (CVE-2008-4993)
892 #496367
893 notified maintainer
894
895 --
896
897 xerces-c2 (CVE-2009-1885)
898 #541986
899 notified maintainer
900
901 --
902
903 xerces27 (CVE-2009-1885)
904 notified maintainer
905
906 --
907
908 xfce4 (CVE-2007-6351 CVE-2007-6352)
909 notified maintainer
910
911 --
912
913 xfig
914 25_mkstemp added in 1:3.2.5.a-1
915 notified maintainer
916
917 --
918
919 xmcd (CVE-2008-4994)
920 #496416
921 notified maintainer
922
923 --
924
925 xmp (CVE-2007-6731, CVE-2007-6732)
926 #546730
927
928 --
929
930 xscreensaver (no CVE)
931 #539699
932 notified maintainer
933
934 --
935
936 zabbix (CVE-2008-1353)
937 bug #471678
938 notified maintainer
939
940 --
941
942 zope-cmfplone (CVE-2008-1394)
943 notified maintainer
944
945 --
946
947 zsh (CVE-2007-6209)
948 bug #454073)
949 notified maintainer
950
  ViewVC Help
Powered by ViewVC 1.1.5