secure-testing/data/spu-candidates.txt

This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

aegis
#496400
notified maintainer

--

apertium
#496395
notified maintainer

--

audacity (CVE-2007-6061)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
notified maintainer

--

audiolink 
#496433
notified maintainer

--

aview
#496422
notified maintainer

--

beagle (CVE-2005-4791)
notified maintainer

--

blam (CVE-2005-4791)
notified maintainer

--

blender (CVE-2008-4863)
#503632

--

boost (CVE-2008-0172/CVE-2008-0171)
#461236
notified maintainer

--

bugzilla (CVE-2008-2103)
#480190
notified maintainer

--

byacc (CVE-2008-3196)
#491182
notified maintainer

--

bzip2 (CVE-2008-1372)
#471670
Maintainer has been notified

--

cdcontrol
#496438
notified maintainer

--

cdrw-taper
#496380 
notified maintainer

--

cecilia (CVE-2008-1832)
#476321
notified maintainer

--

chillispot
#500181
notified maintainer

--

comix (CVE-2008-1568)
#462840
notified maintainer

--

dia
#504251
notified maintainer

--

digitaldj
#496399
notified maintainer

--

emacs21 (CVE-2007-6109/CVE-2008-1694)
bug #455433, bug #476612
notified maintainer

emacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

emacs-jabber
#496428
notified maintainer

--

emacspeak (CVE-2008-4191)
#496431
notified maintainer

--

epiphany-browser
#504363
notified maintainer

--

exiv2 (CVE-2008-2696)
bug #486328
http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
notified maintainer

--

flac123 (CVE-2007-3507)
notified maintainer

--

fml
#496370
notified maintainer

--

freeradius (CVE-2008-4474)
#496489
notified maintainer

--

fwbuilder
#496406
notified maintainer

--

gdrae
#496378
notified maintainer

--

gmanedit
#497835
notified maintainer

--

gpsdrive
#496436
notified maintainer

--

graphviz (CVE-2008-4555)
notified maintainer

--

hplip (CVE-2008-2940/CVE-2008-2941)
#499842
notified maintainer

--

ipsec-tools (CVE-2008-3651)
http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
notified maintainer

ipsec-tools (CVE-2008-3652)
#501026
https://bugzilla.redhat.com/show_bug.cgi?id=456660
notified maintainer

--

konwert 
#496379
notified maintainer

--

libapache2-mod-perl2 (CVE-2007-1349)
http://svn.apache.org/viewvc?view=rev&revision=521584
#433549
notified maintainer

--

libpam-ssh (CVE-2007-0844)
#410236
notified maintainer

--

libpng (CVE-2008-1382)
#476669
notified maintainer

--

liferea (CVE-2005-4791)
notified maintainer

--

lighttpd (CVE-2007-3948)
#434888
Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
http://trac.lighttpd.net/trac/ticket/1216
notified maintainer

--

links2 (CVE-2008-3329)
bug #492744
notified maintainer

--

linux-ftpd (CVE-2008-4247)
#500278
notified maintainer

--

linux-ftpd-ssl (CVE-2007-6263)
#454733
notified maintainer

CVE-2008-4247
#500518
notified maintainer

--

mecab (CVE-2007-3231)
#429174
notified maintainer

--

mercurial (CVE-2008-4297)
#500781
notified maintainer

--

mgetty
#496403
notified maintainer

--

mgt
#496434
notified maintainer

--

mksh (CVE-2008-1845)
notified maintainer

--

mldonkey (CVE-2007-4100)
#435439
notified maintainer

--

mnogosearch (CVE-2007-5588)
#447753
notified maintainer

--

myspell
#496392
notified maintainer

---

ngircd (CVE-2008-0285)
notified maintainer

--

nvi
#496462
notified maintainer

--

paramiko (CVE-2008-0299)
#460706
notified maintainer

--

python-django (CVE-2007-5712)
http://media.djangoproject.com/patches/2007-10-26-security-fix/
#448838
notified maintainer

--

r-base
#496418
notified maintainer

--

rancid
#496426
notified maintainer

--

rccp
#496364
notified maintainer

--

realtimebattle
#496385
notified maintainer

--

redhat-cluster
#496410
notified maintainer

--

rkhunter
#496375
notified maintainer

--

rsync (CVE-2007-6200)
#453652
notified maintainer

--

sabre
#433996
notified maintainer

--

scilab
#496414
notified maintainer

--

sgml2x
#496368
notified maintainer

--

sip-tester (CVE-2008-1959, CVE-2008-2085)
#479039
notified maintainer

--

slocate (CVE-2007-0227)
#411937
notified maintainer

--

smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
notified maintainer

--

sng
#496407
notified maintainer

--

ssmtp
#498366
notified maintainer

--

streamripper (CVE-2007-4337)
notified maintainer

--

sylpheed (CVE-2007-2958)
#441854
http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
notified maintainer

--

sympa
#496405; bug #494969
notified maintainer

--

tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
#465643
notified maintainer

--

tomboy (CVE-2005-4790)
notified maintainer

--

xmcd
#496416
notified maintainer

--

vobcopy (CVE-2007-5718)
bug #448319
notified maintainer

--

wdiff [insecure tempfile in wdiff]
bug #425254
notified maintainer

--

wims 
#496387
notified maintainer

--

wyrd (CVE-2008-0806)
bug #466382
notified maintainer

--

xastir
#496383
notified maintainer

--

xcal
#496393
notified maintainer

--

xemacs21 (CVE-2007-6109/CVE-2008-1694)
bug #457764, bug #476613
notified maintainer

xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

xen-3
#496367
notified maintainer

--

xfce4 (CVE-2007-6351 CVE-2007-6352)
notified maintainer

--

zabbix (CVE-2008-1353)
bug #471678
notified maintainer

--

zsh (CVE-2007-6209)
bug #454073)
notified maintainer

1	jmm-guest	7532	This file records minor security issues, which do not warrant a DSA,
2			but which could be fixed in a stable point update if people feel like
3			it. If someone wants to address these, please add a note about it
4			and get in contact with debian-release@lists.debian.org
5
6			--
7
8	jmm-guest	9980	aegis
9			#496400
10	nion	9991	notified maintainer
11	jmm-guest	9980
12			--
13
14	jmm-guest	9930	apertium
15			#496395
16	nion	9937	notified maintainer
17	jmm-guest	9930
18			--
19
20	jmm-guest	7532	audacity (CVE-2007-6061)
21			http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
22	nion	7768	notified maintainer
23	jmm-guest	7532
24			--
25
26	jmm-guest	9975	audiolink
27			#496433
28	nion	9991	notified maintainer
29	jmm-guest	9975
30			--
31
32	jmm-guest	9929	aview
33			#496422
34	nion	9937	notified maintainer
35	jmm-guest	9929
36			--
37
38	jmm-guest	7873	beagle (CVE-2005-4791)
39	nion	7876	notified maintainer
40	jmm-guest	7873
41			--
42
43	jmm-guest	7553	blam (CVE-2005-4791)
44	nion	7768	notified maintainer
45	jmm-guest	7553
46			--
47
48	white	10474	blender (CVE-2008-4863)
49			#503632
50
51			--
52
53	jmm-guest	8476	boost (CVE-2008-0172/CVE-2008-0171)
54			#461236
55	nion	8477	notified maintainer
56	jmm-guest	8476
57			--
58
59	jmm-guest	9135	bugzilla (CVE-2008-2103)
60	nion	9966	#480190
61	nion	9137	notified maintainer
62	jmm-guest	9135
63			--
64
65	jmm-guest	9386	byacc (CVE-2008-3196)
66			#491182
67	nion	9387	notified maintainer
68	jmm-guest	9386
69			--
70
71	jmm-guest	8526	bzip2 (CVE-2008-1372)
72			#471670
73			Maintainer has been notified
74
75			--
76
77	jmm-guest	9929	cdcontrol
78	nion	9937	#496438
79			notified maintainer
80	jmm-guest	9929
81			--
82
83	jmm-guest	9927	cdrw-taper
84			#496380
85	nion	9937	notified maintainer
86	jmm-guest	9927
87			--
88
89	jmm-guest	8541	cecilia (CVE-2008-1832)
90			#476321
91	nion	8542	notified maintainer
92	jmm-guest	8541
93			--
94
95	jmm-guest	10209	chillispot
96			#500181
97	nion	8492	notified maintainer
98	jmm-guest	8490
99			--
100
101	jmm-guest	10209	comix (CVE-2008-1568)
102			#462840
103			notified maintainer
104	jmm-guest	9973
105			--
106
107	white	10240	dia
108			#504251
109	nion	10242	notified maintainer
110	white	10240
111			--
112
113	jmm-guest	9927	digitaldj
114			#496399
115	nion	9937	notified maintainer
116	jmm-guest	9927
117			--
118
119	jmm-guest	8578	emacs21 (CVE-2007-6109/CVE-2008-1694)
120			bug #455433, bug #476612
121	nion	8580	notified maintainer
122	jmm-guest	8578
123	jmm-guest	8912	emacs21 (CVE-2008-2142)
124			bug #480877
125	nion	8916	notified maintainer
126	jmm-guest	8912
127	jmm-guest	8578	--
128
129	jmm-guest	9975	emacs-jabber
130			#496428
131	nion	9991	notified maintainer
132	jmm-guest	9975
133			--
134
135			emacspeak (CVE-2008-4191)
136			#496431
137	nion	9991	notified maintainer
138	jmm-guest	9975
139			--
140
141	white	10254	epiphany-browser
142			#504363
143	nion	10259	notified maintainer
144	white	10254
145			--
146
147	jmm-guest	9522	exiv2 (CVE-2008-2696)
148	nion	9991	bug #486328
149	jmm-guest	9522	http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
150	nion	9534	notified maintainer
151	jmm-guest	9522
152			--
153
154	jmm-guest	7883	flac123 (CVE-2007-3507)
155	nion	7884	notified maintainer
156	jmm-guest	7883
157			--
158
159	jmm-guest	9978	fml
160			#496370
161	nion	9991	notified maintainer
162	jmm-guest	9978
163			--
164
165	jmm-guest	10034	freeradius (CVE-2008-4474)
166			#496489
167	nion	10038	notified maintainer
168	jmm-guest	10034
169			--
170
171	jmm-guest	9980	fwbuilder
172			#496406
173	nion	9991	notified maintainer
174	jmm-guest	9980
175			--
176
177	jmm-guest	9927	gdrae
178			#496378
179	nion	9937	notified maintainer
180	jmm-guest	9927
181			--
182
183	jmm-guest	10111	gmanedit
184			#497835
185	nion	10116	notified maintainer
186	jmm-guest	10111
187			--
188
189	jmm-guest	9976	gpsdrive
190			#496436
191	nion	9991	notified maintainer
192	jmm-guest	9976
193			--
194
195	jmm-guest	10110	graphviz (CVE-2008-4555)
196			notified maintainer
197
198			--
199
200	jmm-guest	10466	hplip (CVE-2008-2940/CVE-2008-2941)
201			#499842
202	nion	10470	notified maintainer
203	jmm-guest	10466
204			--
205
206	jmm-guest	9638	ipsec-tools (CVE-2008-3651)
207	nion	9641	http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
208			notified maintainer
209	jmm-guest	9638
210	jmm-guest	10131	ipsec-tools (CVE-2008-3652)
211			#501026
212			https://bugzilla.redhat.com/show_bug.cgi?id=456660
213	nion	10134	notified maintainer
214	jmm-guest	10131
215	jmm-guest	9638	--
216
217	jmm-guest	9971	konwert
218			#496379
219	nion	9991	notified maintainer
220	jmm-guest	9971
221			--
222
223	jmm-guest	7870	libapache2-mod-perl2 (CVE-2007-1349)
224			http://svn.apache.org/viewvc?view=rev&revision=521584
225			#433549
226	nion	7876	notified maintainer
227	jmm-guest	7870
228			--
229
230	jmm-guest	7883	libpam-ssh (CVE-2007-0844)
231			#410236
232	nion	7884	notified maintainer
233	jmm-guest	7883
234			--
235
236	jmm-guest	8590	libpng (CVE-2008-1382)
237			#476669
238	nion	8591	notified maintainer
239	jmm-guest	7932
240	jmm-guest	8590	--
241
242	jmm-guest	7873	liferea (CVE-2005-4791)
243	nion	7876	notified maintainer
244	jmm-guest	7873
245			--
246
247	jmm-guest	7932	lighttpd (CVE-2007-3948)
248			#434888
249			Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
250			http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
251			http://trac.lighttpd.net/trac/ticket/1216
252	nion	7933	notified maintainer
253	jmm-guest	7932
254			--
255
256	jmm-guest	9522	links2 (CVE-2008-3329)
257	jmm-guest	9994	bug #492744
258	nion	9534	notified maintainer
259	jmm-guest	9522
260			--
261
262	jmm-guest	10209	linux-ftpd (CVE-2008-4247)
263			#500278
264	nion	10215	notified maintainer
265	jmm-guest	10209
266			--
267
268	jmm-guest	7554	linux-ftpd-ssl (CVE-2007-6263)
269			#454733
270	nion	7768	notified maintainer
271	jmm-guest	7554
272	jmm-guest	10209	CVE-2008-4247
273			#500518
274	nion	10215	notified maintainer
275	jmm-guest	10209
276	jmm-guest	7554	--
277
278	jmm-guest	7847	mecab (CVE-2007-3231)
279			#429174
280	nion	7848	notified maintainer
281	jmm-guest	7847
282	jmm-guest	7856	--
283
284	jmm-guest	9995	mercurial (CVE-2008-4297)
285			#500781
286	nion	10006	notified maintainer
287	jmm-guest	9995
288			--
289
290	jmm-guest	9978	mgetty
291			#496403
292	nion	9991	notified maintainer
293	jmm-guest	9978
294			--
295
296	jmm-guest	9929	mgt
297	nion	9937	#496434
298			notified maintainer
299	jmm-guest	9929
300			--
301
302	jmm-guest	9040	mksh (CVE-2008-1845)
303			notified maintainer
304
305			--
306
307	jmm-guest	7856	mldonkey (CVE-2007-4100)
308			#435439
309	nion	7860	notified maintainer
310	jmm-guest	7856
311	jmm-guest	8023	--
312
313			mnogosearch (CVE-2007-5588)
314	nion	9953	#447753
315	nion	8024	notified maintainer
316	jmm-guest	8023
317	jmm-guest	9975	--
318
319			myspell
320			#496392
321	nion	9991	notified maintainer
322	jmm-guest	9975
323	jmm-guest	7847	---
324
325	jmm-guest	8203	ngircd (CVE-2008-0285)
326	nion	8204	notified maintainer
327	jmm-guest	8203
328			--
329
330	jmm-guest	9995	nvi
331			#496462
332	nion	9997	notified maintainer
333	jmm-guest	9995
334			--
335
336	jmm-guest	8526	paramiko (CVE-2008-0299)
337			#460706
338	nion	8528	notified maintainer
339	jmm-guest	8526
340			--
341
342	jmm-guest	8086	python-django (CVE-2007-5712)
343			http://media.djangoproject.com/patches/2007-10-26-security-fix/
344			#448838
345	nion	8088	notified maintainer
346	jmm-guest	8086
347			--
348
349	jmm-guest	9976	r-base
350			#496418
351	nion	9991	notified maintainer
352	jmm-guest	9976
353			--
354
355	jmm-guest	9980	rancid
356			#496426
357	nion	9991	notified maintainer
358	jmm-guest	9980
359			--
360
361	jmm-guest	9959	rccp
362			#496364
363	nion	9966	notified maintainer
364	jmm-guest	9959
365			--
366
367	white	9950	realtimebattle
368			#496385
369	nion	9953	notified maintainer
370	white	9950
371			--
372
373	jmm-guest	9971	redhat-cluster
374			#496410
375	nion	9991	notified maintainer
376	jmm-guest	9971
377			--
378
379	jmm-guest	9978	rkhunter
380	nion	9991	#496375
381			notified maintainer
382	jmm-guest	9978
383			--
384
385	jmm-guest	8643	rsync (CVE-2007-6200)
386	jmm-guest	9041	#453652
387	nion	8647	notified maintainer
388	jmm-guest	8643
389			--
390	white	9939
391	nion	9941	sabre
392	white	9939	#433996
393	nion	9941	notified maintainer
394	white	9939
395			--
396
397	jmm-guest	9971	scilab
398			#496414
399	nion	9991	notified maintainer
400	jmm-guest	9971
401			--
402
403	jmm-guest	9973	sgml2x
404			#496368
405	nion	9991	notified maintainer
406	jmm-guest	9973
407			--
408
409	jmm-guest	9041	sip-tester (CVE-2008-1959, CVE-2008-2085)
410			#479039
411	nion	9043	notified maintainer
412	jmm-guest	8643
413	jmm-guest	9041	--
414
415	jmm-guest	7553	slocate (CVE-2007-0227)
416			#411937
417	nion	7768	notified maintainer
418	jmm-guest	7553
419			--
420
421	jmm-guest	8643	smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
422	nion	8647	notified maintainer
423	jmm-guest	8643
424			--
425
426	jmm-guest	9929	sng
427	nion	9937	#496407
428			notified maintainer
429	jmm-guest	9929
430			--
431
432	jmm-guest	10002	ssmtp
433			#498366
434	nion	10006	notified maintainer
435	jmm-guest	10002
436			--
437
438	jmm-guest	8055	streamripper (CVE-2007-4337)
439	nion	8061	notified maintainer
440	jmm-guest	8055
441			--
442
443	jmm-guest	7871	sylpheed (CVE-2007-2958)
444			#441854
445			http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
446	nion	7876	notified maintainer
447	jmm-guest	7871
448			--
449
450	jmm-guest	9980	sympa
451			#496405; bug #494969
452	nion	9991	notified maintainer
453	jmm-guest	9980
454			--
455
456	jmm-guest	8203	tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
457			#465643
458	nion	8204	notified maintainer
459	jmm-guest	8203
460			--
461
462	jmm-guest	7532	tomboy (CVE-2005-4790)
463	nion	7768	notified maintainer
464	jmm-guest	7532
465			--
466
467	jmm-guest	9959	xmcd
468			#496416
469	nion	9966	notified maintainer
470	jmm-guest	9959
471			--
472
473	jmm-guest	7532	vobcopy (CVE-2007-5718)
474			bug #448319
475	nion	7768	notified maintainer
476	jmm-guest	7532
477			--
478
479	jmm-guest	9331	wdiff [insecure tempfile in wdiff]
480			bug #425254
481	nion	9534	notified maintainer
482	jmm-guest	9331
483			--
484
485	jmm-guest	9971	wims
486			#496387
487	nion	9991	notified maintainer
488	jmm-guest	9971
489			--
490
491	jmm-guest	8317	wyrd (CVE-2008-0806)
492			bug #466382
493	nion	8318	notified maintainer
494	jmm-guest	8317
495			--
496
497	jmm-guest	9927	xastir
498			#496383
499	nion	9937	notified maintainer
500	jmm-guest	9927
501			--
502
503	jmm-guest	9929	xcal
504			#496393
505	nion	9937	notified maintainer
506	jmm-guest	9929
507			--
508
509	jmm-guest	8578	xemacs21 (CVE-2007-6109/CVE-2008-1694)
510			bug #457764, bug #476613
511	nion	8580	notified maintainer
512	jmm-guest	8578
513	jmm-guest	8912	xemacs21 (CVE-2008-2142)
514			bug #480877
515	nion	8916	notified maintainer
516	jmm-guest	8912
517	jmm-guest	8578	--
518
519	jmm-guest	9973	xen-3
520			#496367
521	nion	9991	notified maintainer
522	jmm-guest	9973
523			--
524
525	jmm-guest	8056	xfce4 (CVE-2007-6351 CVE-2007-6352)
526	nion	8061	notified maintainer
527	jmm-guest	8056
528			--
529
530	jmm-guest	8446	zabbix (CVE-2008-1353)
531			bug #471678
532	nion	8448	notified maintainer
533	jmm-guest	8446
534			--
535
536	jmm-guest	7532	zsh (CVE-2007-6209)
537			bug #454073)
538	nion	7768	notified maintainer
539