/[secure-testing]/data/ospu-candidates.txt
ViewVC logotype

Contents of /data/ospu-candidates.txt

Parent Directory Parent Directory | Revision Log Revision Log

Revision 16192 - (show annotations) (download)
Fri Feb 18 01:23:15 2011 UTC (2 years, 3 months ago) by geissert
File MIME type: text/plain
File size: 9700 byte(s) 
php5 won't be updated via {o,}spu

thanks for the help, but no, I won't be releasing a DSA and then
another update via {o,}spu for sec issues.
1 This file records minor security issues, which do not warrant a DSA,
2 but which could be fixed in a oldstable point update if people feel like
3 it. If someone wants to address these, please add a note about it
4 and get in contact with debian-release@lists.debian.org
5
6 --
7
8 feh (CVE-2011-1031, CVE-2011-0702)
9 #612035
10
11 --
12
13 abcm2ps (no CVE)
14 #577014
15
16
17 --
18
19 acidbase (CVE-2009-4590, CVE-2009-4591, CVE-2009-4592)
20 notified maintainer
21
22 CVE-2009-4839 CVE-2009-4838 CVE-2009-4837
23 maintainer contacted us, notified about spu status
24
25 --
26
27 acl (CVE-2009-4411)
28 #499076
29 notified maintainer
30
31 --
32
33 aptitude (CVE-2011-XXXX)
34 #612034
35
36 --
37
38 babel (CVE-2009-3736)
39 #559843
40 notified maintainer
41
42 --
43
44 bugzilla (CVE-2009-0481 to CVE-2009-0485)
45 notified maintainer
46
47 CVE-2010-1204
48 notified maintainer through initial bugreport
49
50 --
51
52 buildbot (CVE-2009-2959, CVE-2009-2967)
53 #543822
54 notified maintainer
55
56 --
57
58 calendarserver
59 #605157
60
61 --
62
63 centerim
64 CVE-2009-3720
65
66 --
67
68 compiz-fusion-plugins-main (CVE-2008-6514)
69 notified maintainer
70
71 --
72
73 conky (CVE-2011-XXXX)
74 #612033
75
76 --
77
78 couchdb (CVE-2010-0009)
79 #576304
80 notified maintainer
81
82 --
83
84 cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
85 #528434
86 notified maintainer
87
88 --
89
90 cups (CVE-2009-3553)
91 #557740
92 maintainer notified in initial bug report
93 Initial patch was incomplete;
94
95 cups (CVE-2010-0302)
96 #572940
97 notified maintainer
98
99 --
100
101 dbus-glib (CVE-2010-1172)
102 #592753
103
104 --
105
106 devil (CVE-2009-3994)
107 #560080
108 notified maintainer
109
110 --
111
112 dopewars (CVE-2009-3591)
113 #550913
114 notified maintainer
115
116 --
117
118 dstat (CVE-2009-3894)
119 http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
120 notified maintainer
121
122 dstat (CVE-2009-4081)
123 #559667
124 notified maintainer
125
126 --
127
128 eclipse (CVE-2010-4647)
129 #611849
130
131 --
132
133 evolution (CVE-2009-1631)
134 #526409
135 notified maintainer through initial bugreport
136
137 --
138
139 exim4 (CVE-2010-2023, CVE-2010-2024)
140 notified maintainers
141
142 --
143
144 fastjar (CVE-2010-0831, CVE-2010-2322)
145
146 --
147
148 fcron (CVE-2010-0791)
149 #572587
150 notified maintainer through initial bugreport
151
152 --
153
154 feh (CVE-2011-XXXX)
155 #612035
156
157 --
158
159
160 flash-kernel temp file handling (fixed in 2.33)
161
162
163 --
164
165 gif2png (CVE-2010-4695/CVE-2010-4696)
166 #610479
167 awaiting maintainer response
168
169 --
170
171 gnome-shell (CVE-2010-4000)
172
173 --
174
175 gnome-subtitles (CVE-2010-3357)
176 #598289
177
178 --
179
180 CVE-2008-XXXX [greylistd bypass]
181 #464084
182
183 --
184
185 ika (CVE-2010-3361)
186 #5982925B
187 notified maintainer
188
189 --
190
191 imp4 (CVE-2010-0463)
192 #569661
193 notified maintainer
194
195 --
196
197 libgnucrypto-java (CVE-2008-5659)
198 #559789
199 removed
200
201 --
202
203 gnome-schedule
204 #605169
205
206 --
207
208 gnucash (CVE-2010-3999)
209 #603329
210
211 --
212
213 gnumed-client
214 #605159
215
216 --
217
218 gnutls26 (CVE-2009-1417)
219 #531614
220 notified maintainer
221
222 --
223
224 gri (no CVE)
225 fixed in gri 2.12.18-1:
226 "Improve security when creating temporary files."
227 notified maintainer
228
229 --
230
231 gupnp (CVE-2009-2174)
232 #534594
233 notified maintainer
234
235 --
236
237 htmldoc (CVE-2009-3050)
238 #537637
239 notified maintainer through initial bugreport
240
241 --
242
243 hypermail (CVE-2010-4339)
244 #598743
245
246 --
247
248 hypre (CVE-2009-3736)
249 #559834
250 notified maintainer
251
252 --
253
254 iceweasel (CVE-2009-0777)
255 #576466
256 notified maintainer
257
258 --
259
260 ironpython
261 #605158
262
263 --
264
265 kde4libs (CVE-2009-2702)
266 #546218
267 notified maintainer
268
269 kde4libs (CVE-2009-0689)
270 notified maintainer
271
272 --
273
274 kfreebsd-6
275 [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
276 http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
277 notified maintainer
278
279 [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
280 http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
281 notified maintainer
282
283 --
284
285 kfreebsd-7
286 [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
287 http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
288 notified maintainer
289
290 [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
291 http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
292 notified maintainer
293
294 --
295
296 krb5 (CVE-2011-0281/CVE-2010-0282)
297 maintainer preparing upload (r16154)
298
299 --
300
301 kvm 82-1 (CVE-2008-5714)
302 #509997
303 notified maintainer
304
305 --
306
307 lcms (CVE-2009-0793)
308 notified maintainer through initial bugreport
309
310 --
311
312 libesmtp (CVE-2010-1192)
313 #572960
314 maintainer contacted us, notified about spu status
315
316 --
317
318 libnss-db (CVE-2010-0826)
319 #577057
320
321 --
322
323 liboggz (CVE-2009-3377)
324 Fixed in 0.9.9-1
325 Too intrusive to backport, needs to be updated to 0.9.9. Requires additional rebuild of rev dep.
326
327 --
328
329 libglpng (CVE-2010-1516)
330
331 --
332
333 libpoe-component-irc-perl
334 #581194
335 maintainer contacted us
336
337 --
338
339 libsndfile
340 potential dos via crafted input
341 #530831
342 notified maintainer
343
344 --
345
346 libvorbis (CVE-2008-2009)
347 notified maintainer and release team
348
349 --
350
351 libstruts1.2-java (CVE-2008-2025)
352 #528352
353 notified maintainer
354
355 --
356
357 linux-ftpd: null ptr dereference
358 #572813
359 notified maintainer
360
361 --
362
363 logrotate [logrotate race condition could lead to file disclosure]
364 Fixed in sid in 3.7.8-4
365
366 --
367
368 magpierss (CVE-2011-0740)
369 #611940
370
371 --
372
373 makepasswd (no CVE ID)
374 #564559
375 notified maintainer
376
377 --
378
379 mako (CVE-2010-2480)
380 http://bugs.python.org/issue9061
381
382 --
383
384 mapserver (CVE-2010-3484, CVE-2010-3485)
385 fixed in 5.6.4-1
386
387 --
388
389 maradns
390 http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
391 notified maintainer
392
393 --
394
395 matrixssl
396 CVE-2009-3555
397
398
399 --
400
401 mediatomb (CVE-2010-XXXX)
402 #580120
403 Interface should be disabled in a point update, no real fix
404
405 --
406
407 memcached (CVE-2009-1255)
408 notified maintainer
409
410 --
411
412 mercurial (CVE-2010-4237)
413 #598841
414
415 --
416
417 mimedecode
418 potential dos/crash due to invalid input
419 orphaned
420 #530430
421
422 --
423
424 mingetty
425 #597382
426
427 --
428
429 mono-debugger (CVE-2010-3369)
430 #598299
431
432 --
433
434 mpg123 (CVE-2009-1301)
435 notified maintainer
436
437 --
438
439 neon27 (CVE-2009-2474)
440 #542926
441 notified maintainer
442
443 --
444
445 neon26 (CVE-2009-2474)
446 #542926
447 notified maintainer
448
449 --
450
451 network-manager-applet (CVE-2009-4144)
452 #560067
453 notified maintainer through initial bugreport
454
455 CVE-2009-4145
456 #563371
457 notified maintainer through initial bugreport
458
459 --
460
461 ntop (CVE-2009-2732)
462 #543312
463 notified maintainer through initial bugreport
464
465 --
466
467 phpbb3 (CVE-2010-1630, 1627)
468
469 --
470
471 pidgin CVE-2011-XXXX
472 http://www.pidgin.im/news/security/?id=50
473
474 --
475
476 postfix (CVE-2009-2939)
477 notified maintainer
478
479 --
480
481 proftpd-dfsg (CVE-2008-7265)
482
483 --
484
485 puppet (CVE-2009-3564, CVE-2010-0156)
486
487 --
488
489 python-numpy (CVE-2010-XXXX [numpy memory corruption])
490 #581058
491 http://projects.scipy.org/numpy/changeset/8364
492
493 --
494
495 roaraudio (CVE-2010-3362)
496 #598295
497
498 --
499
500 ruby1.8 (CVE-2010-0541)
501
502 --
503
504 ruby1.9 (CVE-2010-0541)
505
506 --
507
508 squid (CVE-2009-0801)
509 #521053
510 notified maintainer
511
512 --
513
514 squid3 (CVE-2009-0801)
515 #521052
516 notified maintainer
517
518 --
519
520 stunnel (CVE-2011-XXXX)
521 http://www.stunnel.org/?page=sdf_ChangeLog (v4.35)
522
523 --
524
525 tangerine (CVE-2010-3381)
526 #598302
527
528 --
529
530 t-prot (CVE-2009-4404)
531 notified maintainer
532
533 --
534
535 texmacs (CVE-2010-3394)
536 #598424
537
538 --
539
540 tomcat-native (CVE-2009-3555)
541
542 --
543
544 torcs (CVE-2010-3384)
545 #598306
546
547 --
548
549 net-snmp (CVE-2008-6123)
550 Noah will see to it.
551
552 --
553
554 ocsinventory-server (CVE-2009-3040, CVE-2009-3042, CVE-2009-1443)
555 #541995
556 notified maintainer
557
558 --
559
560 offlineimap (CVE-2010-4533, CVE-2010-4532)
561 #606962
562
563 --
564
565 openldap
566 #253838
567 notified maintainer
568
569 --
570
571 overkill (no CVE yet)
572 #549310
573
574 --
575
576 owl (CVE-2009-0363)
577 #515118
578 notified maintainer
579
580 --
581
582 pam (CVE-2009-0579)
583 #514437
584 asked maintainer in mail
585
586 CVE-2010-4708/CVE-2010-4707/CVE-2010-4706
587
588 --
589
590 pidgin (CVE-2009-1889, CVE-2009-3085)
591 #535790
592 http://developer.pidgin.im/ticket/9483
593 http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
594 notified maintainer
595
596 --
597
598 pptp-linux (no CVE)
599 #523476
600 Ola will prepare a fix in a point update
601
602 --
603
604 prewikka (CVE-2010-2058)
605 #584469
606
607
608 --
609
610 puppet (CVE-2009-3564)
611 #551073
612 notified maintainer in initial bug report
613
614 CVE-2010-0156
615 #https://bugzilla.redhat.com/show_bug.cgi?id=502881
616 notified maintainer
617
618 --
619
620 python-4suite (CVE-2009-3560, CVE-2009-3720)
621 #560914
622 notified maintainer
623
624 --
625
626 python-cjson (CVE-2009-4924)
627 #593302
628
629 --
630
631 python2.4 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134)
632
633
634 --
635
636 python2.5 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134, CVE-2010-3493)
637
638 --
639
640 qtparted (CVE-2010-3375)
641 #598301
642
643 --
644
645 rails (CVE-2009-3086)
646 bug #545063
647 notified maintainer
648
649 --
650
651 scilab (CVE-2010-3378)
652 #598423; #598422
653
654 --
655
656 shibboleth-sp2: world-readable key (no CVE)
657 #571631
658 notified maintainer through bugreport
659
660 --
661
662 snappea
663 #605151
664
665 --
666
667 squid (CVE-2010-0639)
668 #572553
669 Maintainer notified through initial bugreport
670
671 --
672
673 squid3 (CVE-2010-0639)
674 #572554
675 Maintainer notified through initial bugreport
676
677 --
678
679 sqlite
680 #566326
681
682 --
683
684 tau (CVE-2008-5157)
685 #506348
686 notified maintainer
687
688 --
689
690 teamspeak-client
691 #598304
692
693 --
694
695 teamspeak-server
696 #598305
697
698 --
699
700 tesseract (CVE-2011-XXXX)
701 #612032
702
703 --
704
705 trac (CVE-2009-4405)
706 notified maintainer
707
708 --
709
710 udev (#462655)
711 notified maintainer
712
713 --
714
715 planet (CVE-2009-2937)
716 bug #546178
717 notified maintainer through initial bugreport
718
719 --
720
721 w3m (CVE-2010-2074)
722 maintainer notified through bug report
723
724 --
725
726 webkit (CVE-2008-4724)
727 #520052
728 asked maintainer
729
730 --
731
732 xemacs21 (CVE-2008-2142)
733 bug #480877
734 notified maintainer
735
736 xemacs21 (CVE-2009-2688)
737 #540470
738 Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
739 notified maintainer
740
741 --
742
743 xen-3 (CVE-2008-4993)
744 #496367
745 notified maintainer
746
747 --
748
749 xerces-c2 (CVE-2009-1885)
750 #541986
751 notified maintainer
752
753 --
754
755 xfig
756 25_mkstemp added in 1:3.2.5.a-1
757 notified maintainer
758
759 CVE-2009-4228/CVE-2009-4227
760 #559274)
761 https://bugzilla.redhat.com/show_bug.cgi?id=543905
762 notified maintainer
763
764 --
765
766 xmp (CVE-2007-6731, CVE-2007-6732)
767 #546730
768 notified maintainer
769
770 --
771
772 ytnef (CVE-2009-3887, CVE-2009-3721)
773 notified maintainer
774
775 --
776
777 ziproxy (CVE-2009-0804)
778 #521051
779 notified maintainer
780
781 --
782
783 zope2.10 (no CVE)
784 https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html
785
786 --
787
788 zoph (CVE-2008-6838, CVE-2008-6837, CVE-2009-2343)
789 http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249
790 http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128
791 notified maintainer
792
  ViewVC Help
Powered by ViewVC 1.1.5