/[secure-testing]/data/ospu-candidates.txt
ViewVC logotype

Contents of /data/ospu-candidates.txt

Parent Directory Parent Directory | Revision Log Revision Log

Revision 16152 - (show annotations) (download)
Tue Feb 15 16:57:24 2011 UTC (2 years, 3 months ago) by jmm
File MIME type: text/plain
File size: 9675 byte(s) 
- stunnel, pidgin no-dsa
- 2008 eclipse issue already fixed before, 2010 fixed in sid
- one kfreebsd issue fixed long ago, the other no-dsa
1 This file records minor security issues, which do not warrant a DSA,
2 but which could be fixed in a oldstable point update if people feel like
3 it. If someone wants to address these, please add a note about it
4 and get in contact with debian-release@lists.debian.org
5
6
7 --
8
9 abcm2ps (no CVE)
10 #577014
11
12
13 --
14
15 acidbase (CVE-2009-4590, CVE-2009-4591, CVE-2009-4592)
16 notified maintainer
17
18 CVE-2009-4839 CVE-2009-4838 CVE-2009-4837
19 maintainer contacted us, notified about spu status
20
21 --
22
23 acl (CVE-2009-4411)
24 #499076
25 notified maintainer
26
27 --
28
29 aptitude (CVE-2011-XXXX)
30 #612034
31
32 --
33
34 asterisk (CVE-2009-0041)
35 #513413
36 notified maintainer
37
38 asterisk (CVE-2008-3903)
39 #522528
40 notified maintainer
41
42 --
43
44 avahi (CVE-2009-0758)
45 #517683
46 notified maintainer
47
48 --
49
50 babel (CVE-2009-3736)
51 #559843
52 notified maintainer
53
54 --
55
56 bugzilla (CVE-2009-0481 to CVE-2009-0485)
57 notified maintainer
58
59 CVE-2010-1204
60 notified maintainer through initial bugreport
61
62 --
63
64 buildbot (CVE-2009-2959, CVE-2009-2967)
65 #543822
66 notified maintainer
67
68 --
69
70 calendarserver
71 #605157
72
73 --
74
75 centerim
76 CVE-2009-3720
77
78 --
79
80 compiz-fusion-plugins-main (CVE-2008-6514)
81 notified maintainer
82
83 --
84
85 conky (CVE-2011-XXXX)
86 #612033
87
88 --
89
90 couchdb (CVE-2010-0009)
91 #576304
92 notified maintainer
93
94 --
95
96 cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
97 #528434
98 notified maintainer
99
100 --
101
102 cups (CVE-2009-3553)
103 #557740
104 maintainer notified in initial bug report
105 Initial patch was incomplete;
106
107 cups (CVE-2010-0302)
108 #572940
109 notified maintainer
110
111 --
112
113 dbus-glib (CVE-2010-1172)
114 #592753
115
116 --
117
118 devil (CVE-2009-3994)
119 #560080
120 notified maintainer
121
122 --
123
124 dopewars (CVE-2009-3591)
125 #550913
126 notified maintainer
127
128 --
129
130 dstat (CVE-2009-3894)
131 http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
132 notified maintainer
133
134 dstat (CVE-2009-4081)
135 #559667
136 notified maintainer
137
138 --
139
140 eclipse (CVE-2010-4647)
141 #611849
142
143 --
144
145 evolution (CVE-2009-1631)
146 #526409
147 notified maintainer through initial bugreport
148
149 --
150
151 exim4 (CVE-2010-2023, CVE-2010-2024)
152 notified maintainers
153
154 --
155
156 fastjar (CVE-2010-0831, CVE-2010-2322)
157
158 --
159
160 fcron (CVE-2010-0791)
161 #572587
162 notified maintainer through initial bugreport
163
164 --
165
166 feh (CVE-2011-XXXX)
167 #612035
168
169 --
170
171
172 flash-kernel temp file handling (fixed in 2.33)
173
174
175 --
176
177 gif2png (CVE-2010-4695/CVE-2010-4696)
178 #610479
179
180 --
181
182 gnome-shell (CVE-2010-4000)
183
184 --
185
186 gnome-subtitles (CVE-2010-3357)
187 #598289
188
189 --
190
191 CVE-2008-XXXX [greylistd bypass]
192 #464084
193
194 --
195
196 ika (CVE-2010-3361)
197 #5982925B
198 notified maintainer
199
200 --
201
202 imp4 (CVE-2010-0463)
203 #569661
204 notified maintainer
205
206 --
207
208 libgnucrypto-java (CVE-2008-5659)
209 #559789
210 removed
211
212 --
213
214 gnome-schedule
215 #605169
216
217 --
218
219 gnucash (CVE-2010-3999)
220 #603329
221
222 --
223
224 gnumed-client
225 #605159
226
227 --
228
229 gnutls26 (CVE-2009-1417)
230 #531614
231 notified maintainer
232
233 --
234
235 gri (no CVE)
236 fixed in gri 2.12.18-1:
237 "Improve security when creating temporary files."
238 notified maintainer
239
240 --
241
242 gupnp (CVE-2009-2174)
243 #534594
244 notified maintainer
245
246 --
247
248 htmldoc (CVE-2009-3050)
249 #537637
250 notified maintainer through initial bugreport
251
252 --
253
254 hypermail (CVE-2010-4339)
255 #598743
256
257 --
258
259 hypre (CVE-2009-3736)
260 #559834
261 notified maintainer
262
263 --
264
265 iceweasel (CVE-2009-0777)
266 #576466
267 notified maintainer
268
269 --
270
271 ironpython
272 #605158
273
274 --
275
276 kde4libs (CVE-2009-2702)
277 #546218
278 notified maintainer
279
280 kde4libs (CVE-2009-0689)
281 notified maintainer
282
283 --
284
285 kfreebsd-6
286 [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
287 http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
288 notified maintainer
289
290 [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
291 http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
292 notified maintainer
293
294 --
295
296 kfreebsd-7
297 [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
298 http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
299 notified maintainer
300
301 [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
302 http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
303 notified maintainer
304
305 --
306
307 kvm 82-1 (CVE-2008-5714)
308 #509997
309 notified maintainer
310
311 --
312
313 lcms (CVE-2009-0793)
314 notified maintainer through initial bugreport
315
316 --
317
318 libesmtp (CVE-2010-1192)
319 #572960
320 maintainer contacted us, notified about spu status
321
322 --
323
324 libnss-db (CVE-2010-0826)
325 #577057
326
327 --
328
329 liboggz (CVE-2009-3377)
330 Fixed in 0.9.9-1
331 Too intrusive to backport, needs to be updated to 0.9.9. Requires additional rebuild of rev dep.
332
333 --
334
335 libglpng (CVE-2010-1516)
336
337 --
338
339 libpoe-component-irc-perl
340 #581194
341 maintainer contacted us
342
343 --
344
345 libsndfile
346 potential dos via crafted input
347 #530831
348 notified maintainer
349
350 --
351
352 libvorbis (CVE-2008-2009)
353 notified maintainer and release team
354
355 --
356
357 libstruts1.2-java (CVE-2008-2025)
358 #528352
359 notified maintainer
360
361 --
362
363 linux-ftpd: null ptr dereference
364 #572813
365 notified maintainer
366
367 --
368
369 logrotate [logrotate race condition could lead to file disclosure]
370 Fixed in sid in 3.7.8-4
371
372 --
373
374 makepasswd (no CVE ID)
375 #564559
376 notified maintainer
377
378 --
379
380 mako (CVE-2010-2480)
381 http://bugs.python.org/issue9061
382
383 --
384
385 mapserver (CVE-2010-3484, CVE-2010-3485)
386 fixed in 5.6.4-1
387
388 --
389
390 maradns
391 http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
392 notified maintainer
393
394 --
395
396 matrixssl
397 CVE-2009-3555
398
399
400 --
401
402 mediatomb (CVE-2010-XXXX)
403 #580120
404 Interface should be disabled in a point update, no real fix
405
406 --
407
408 memcached (CVE-2009-1255)
409 notified maintainer
410
411 --
412
413 mercurial (CVE-2010-4237)
414 #598841
415
416 --
417
418 mimedecode
419 potential dos/crash due to invalid input
420 orphaned
421 #530430
422
423 --
424
425 mingetty
426 #597382
427
428 --
429
430 mono-debugger (CVE-2010-3369)
431 #598299
432
433 --
434
435 mpg123 (CVE-2009-1301)
436 notified maintainer
437
438 --
439
440 neon27 (CVE-2009-2474)
441 #542926
442 notified maintainer
443
444 --
445
446 neon26 (CVE-2009-2474)
447 #542926
448 notified maintainer
449
450 --
451
452 network-manager-applet (CVE-2009-4144)
453 #560067
454 notified maintainer through initial bugreport
455
456 CVE-2009-4145
457 #563371
458 notified maintainer through initial bugreport
459
460 --
461
462 ntop (CVE-2009-2732)
463 #543312
464 notified maintainer through initial bugreport
465
466 --
467
468 phpbb3 (CVE-2010-1630, 1627)
469
470 --
471
472 pidgin CVE-2011-XXXX
473 http://www.pidgin.im/news/security/?id=50
474
475 --
476
477 postfix (CVE-2009-2939)
478 notified maintainer
479
480 --
481
482 proftpd-dfsg (CVE-2008-7265)
483
484 --
485
486 puppet (CVE-2009-3564, CVE-2010-0156)
487
488 --
489
490 python-numpy (CVE-2010-XXXX [numpy memory corruption])
491 #581058
492 http://projects.scipy.org/numpy/changeset/8364
493
494 --
495
496 roaraudio (CVE-2010-3362)
497 #598295
498
499 --
500
501 ruby1.8 (CVE-2010-0541)
502
503 --
504
505 ruby1.9 (CVE-2010-0541)
506
507 --
508
509 squid (CVE-2009-0801)
510 #521053
511 notified maintainer
512
513 --
514
515 squid3 (CVE-2009-0801)
516 #521052
517 notified maintainer
518
519 --
520
521 stunnel (CVE-2011-XXXX)
522 http://www.stunnel.org/?page=sdf_ChangeLog (v4.35)
523
524 --
525
526 tangerine (CVE-2010-3381)
527 #598302
528
529 --
530
531 t-prot (CVE-2009-4404)
532 notified maintainer
533
534 --
535
536 texmacs (CVE-2010-3394)
537 #598424
538
539 --
540
541 tomcat-native (CVE-2009-3555)
542
543 --
544
545 torcs (CVE-2010-3384)
546 #598306
547
548 --
549
550 net-snmp (CVE-2008-6123)
551 Noah will see to it.
552
553 --
554
555 ocsinventory-server (CVE-2009-3040, CVE-2009-3042, CVE-2009-1443)
556 #541995
557 notified maintainer
558
559 --
560
561 offlineimap (CVE-2010-4533, CVE-2010-4532)
562 #606962
563
564 --
565
566 openldap
567 #253838
568 notified maintainer
569
570 --
571
572 overkill (no CVE yet)
573 #549310
574
575 --
576
577 owl (CVE-2009-0363)
578 #515118
579 notified maintainer
580
581 --
582
583 pam (CVE-2009-0579)
584 #514437
585 asked maintainer in mail
586
587 CVE-2010-4708/CVE-2010-4707/CVE-2010-4706
588
589 --
590
591 pidgin (CVE-2009-1889, CVE-2009-3085)
592 #535790
593 http://developer.pidgin.im/ticket/9483
594 http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
595 notified maintainer
596
597 --
598
599 pptp-linux (no CVE)
600 #523476
601 Ola will prepare a fix in a point update
602
603 --
604
605 prewikka (CVE-2010-2058)
606 #584469
607
608
609 --
610
611 puppet (CVE-2009-3564)
612 #551073
613 notified maintainer in initial bug report
614
615 CVE-2010-0156
616 #https://bugzilla.redhat.com/show_bug.cgi?id=502881
617 notified maintainer
618
619 --
620
621 python-4suite (CVE-2009-3560, CVE-2009-3720)
622 #560914
623 notified maintainer
624
625 --
626
627 python-cjson (CVE-2009-4924)
628 #593302
629
630 --
631
632 python2.4 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134)
633
634
635 --
636
637 python2.5 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134, CVE-2010-3493)
638
639 --
640
641 qtparted (CVE-2010-3375)
642 #598301
643
644 --
645
646 rails (CVE-2009-3086)
647 bug #545063
648 notified maintainer
649
650 --
651
652 scilab (CVE-2010-3378)
653 #598423; #598422
654
655 --
656
657 shibboleth-sp2: world-readable key (no CVE)
658 #571631
659 notified maintainer through bugreport
660
661 --
662
663 snappea
664 #605151
665
666 --
667
668 squid (CVE-2010-0639)
669 #572553
670 Maintainer notified through initial bugreport
671
672 --
673
674 squid3 (CVE-2010-0639)
675 #572554
676 Maintainer notified through initial bugreport
677
678 --
679
680 sqlite
681 #566326
682
683 --
684
685 tau (CVE-2008-5157)
686 #506348
687 notified maintainer
688
689 --
690
691 teamspeak-client
692 #598304
693
694 --
695
696 teamspeak-server
697 #598305
698
699 --
700
701 tesseract (CVE-2011-XXXX)
702 #612032
703
704 --
705
706 trac (CVE-2009-4405)
707 notified maintainer
708
709 --
710
711 udev (#462655)
712 notified maintainer
713
714 --
715
716 planet (CVE-2009-2937)
717 bug #546178
718 notified maintainer through initial bugreport
719
720 --
721
722 w3m (CVE-2010-2074)
723 maintainer notified through bug report
724
725 --
726
727 webkit (CVE-2008-4724)
728 #520052
729 asked maintainer
730
731 --
732
733 xemacs21 (CVE-2008-2142)
734 bug #480877
735 notified maintainer
736
737 xemacs21 (CVE-2009-2688)
738 #540470
739 Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
740 notified maintainer
741
742 --
743
744 xen-3 (CVE-2008-4993)
745 #496367
746 notified maintainer
747
748 --
749
750 xerces-c2 (CVE-2009-1885)
751 #541986
752 notified maintainer
753
754 --
755
756 xfig
757 25_mkstemp added in 1:3.2.5.a-1
758 notified maintainer
759
760 CVE-2009-4228/CVE-2009-4227
761 #559274)
762 https://bugzilla.redhat.com/show_bug.cgi?id=543905
763 notified maintainer
764
765 --
766
767 xmp (CVE-2007-6731, CVE-2007-6732)
768 #546730
769 notified maintainer
770
771 --
772
773 ytnef (CVE-2009-3887, CVE-2009-3721)
774 notified maintainer
775
776 --
777
778 ziproxy (CVE-2009-0804)
779 #521051
780 notified maintainer
781
782 --
783
784 zope2.10 (no CVE)
785 https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html
786
787 --
788
789 zoph (CVE-2008-6838, CVE-2008-6837, CVE-2009-2343)
790 http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249
791 http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128
792 notified maintainer
793
  ViewVC Help
Powered by ViewVC 1.1.5