secure-testing/data/spu-candidates.txt

This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

asterisk (CVE-2009-0041)
#513413
notified maintainer

CVE-2008-3903
#522528
notified maintainer

--

avahi (CVE-2009-0758)
#517683
notified maintainer

--

bugzilla (CVE-2009-0481 to CVE-2009-0485)
notified maintainer

--

compiz-fusion-plugins-main (CVE-2008-6514)
notified maintainer

--

cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
#528434
notified maintainer

--

gnutls26 (CVE-2009-1417)
#531614
notified maintainer

--

kfreebsd-6
[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
notified maintainer

[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
notified maintainer

--

kfreebsd-7
[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
notified maintainer

[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
notified maintainer

--

kvm 82-1 (CVE-2008-5714)
#509997
notified maintainer

--

lcms (CVE-2009-0793)
notified maintainer through initial bugreport

--

libpng (CVE-2009-2042)
#533676
notified maintainer

--

libsndfile
potential dos via crafted input
#530831

--

libvorbis (CVE-2008-2009)
notified maintainer and release team

--

memcached (CVE-2009-1255)
notified maintainer

--

mimedecode
potential dos/crash due to invalid input
orphaned
#530430

--

mpg123 (CVE-2009-1301)
notified maintainer

--

net-snmp (CVE-2008-6123)
Noah will see to it.

--

openldap
#253838
notified maintainer

--

pam (CVE-2009-0579)
#514437
asked maintainer in mail

--

pptp-linux (no CVE)
#523476
Ola will prepare a fix in a point update

--

slim (CVE-2009-1756)
bug #529306
Maintainer notified through followup in #529306

--

smarty (CVE-2009-1669)
#529810
http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462
notified maintainer

--

tau (CVE-2008-5157)
#506348
notified maintainer

--

texlive-bin (CVE-2009-1284)
#520920
https://bugzilla.redhat.com/show_bug.cgi?id=492136

--

udev (#462655)
notified maintainer

--

webkit (CVE-2008-4724)
#520052
asked maintainer

--

xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

xen-3 (CVE-2008-4993)
#496367
notified maintainer

--

xfig
25_mkstemp added in 1:3.2.5.a-1
notified maintainer

--

ziproxy (CVE-2009-0804)
#521051
1	jmm-guest	7532	This file records minor security issues, which do not warrant a DSA,
2			but which could be fixed in a stable point update if people feel like
3			it. If someone wants to address these, please add a note about it
4			and get in contact with debian-release@lists.debian.org
5
6			--
7
8	jmm-guest	11373	asterisk (CVE-2009-0041)
9			#513413
10	nion	11718	notified maintainer
11	jmm-guest	11373
12	jmm-guest	11956	CVE-2008-3903
13			#522528
14	derevko-guest	12038	notified maintainer
15	jmm-guest	11956
16	jmm-guest	11373	--
17
18	jmm-guest	11559	avahi (CVE-2009-0758)
19			#517683
20	nion	11718	notified maintainer
21	jmm-guest	11559
22			--
23
24	jmm-guest	11507	bugzilla (CVE-2009-0481 to CVE-2009-0485)
25	nion	11718	notified maintainer
26	jmm-guest	11507
27			--
28
29	jmm-guest	11963	compiz-fusion-plugins-main (CVE-2008-6514)
30	derevko-guest	12024	notified maintainer
31	jmm-guest	11963
32			--
33
34	jmm-guest	11911	cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
35			#528434
36	derevko-guest	12038	notified maintainer
37	jmm-guest	11911
38			--
39
40	jmm-guest	12020	gnutls26 (CVE-2009-1417)
41			#531614
42	derevko-guest	12038	notified maintainer
43	jmm-guest	12020
44			--
45
46	jmm-guest	12108	kfreebsd-6
47			[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
48			http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
49	derevko-guest	12200	notified maintainer
50	jmm-guest	12108
51	jmm-guest	12191	[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
52	jmm-guest	12108	http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
53	derevko-guest	12200	notified maintainer
54	jmm-guest	12108
55			--
56
57			kfreebsd-7
58			[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
59			http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
60	derevko-guest	12200	notified maintainer
61	jmm-guest	12108
62	jmm-guest	12191	[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
63	jmm-guest	12108	http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
64	derevko-guest	12200	notified maintainer
65	jmm-guest	12108
66			--
67
68	jmm-guest	11729	kvm 82-1 (CVE-2008-5714)
69			#509997
70	derevko-guest	12047	notified maintainer
71	jmm-guest	11729
72			--
73
74	derevko-guest	12292	lcms (CVE-2009-0793)
75			notified maintainer through initial bugreport
76
77			--
78
79	jmm-guest	12244	libpng (CVE-2009-2042)
80			#533676
81	derevko-guest	12292	notified maintainer
82	jmm-guest	12244
83			--
84
85	derevko-guest	12292	libsndfile
86			potential dos via crafted input
87			#530831
88
89			--
90
91	gilbert-guest	11775	libvorbis (CVE-2008-2009)
92			notified maintainer and release team
93
94			--
95
96	jmm-guest	12352	memcached (CVE-2009-1255)
97	derevko-guest	12387	notified maintainer
98	jmm-guest	12352
99	derevko-guest	12387	--
100	jmm-guest	12352
101	derevko-guest	12292	mimedecode
102			potential dos/crash due to invalid input
103	derevko-guest	12387	orphaned
104	derevko-guest	12292	#530430
105
106			--
107
108	jmm-guest	11704	mpg123 (CVE-2009-1301)
109	nion	11718	notified maintainer
110	jmm-guest	11704
111			--
112
113	thijs	11319	net-snmp (CVE-2008-6123)
114			Noah will see to it.
115
116			--
117
118	jmm-guest	11490	openldap
119			#253838
120	derevko-guest	12047	notified maintainer
121	jmm-guest	11490
122			--
123
124	gilbert-guest	11732	pam (CVE-2009-0579)
125			#514437
126			asked maintainer in mail
127
128			--
129
130	jmm-guest	11712	pptp-linux (no CVE)
131			#523476
132	jmm-guest	11758	Ola will prepare a fix in a point update
133	jmm-guest	11712
134			--
135
136	jmm-guest	12029	slim (CVE-2009-1756)
137			bug #529306
138			Maintainer notified through followup in #529306
139
140			--
141
142	jmm-guest	11963	smarty (CVE-2009-1669)
143			#529810
144			http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462
145	derevko-guest	12047	notified maintainer
146	jmm-guest	11963
147			--
148
149	jmm-guest	11184	tau (CVE-2008-5157)
150			#506348
151	nion	11202	notified maintainer
152	jmm-guest	11184
153			--
154
155	derevko-guest	12047	texlive-bin (CVE-2009-1284)
156	jmm-guest	11704	#520920
157			https://bugzilla.redhat.com/show_bug.cgi?id=492136
158
159			--
160
161	jmm-guest	12258	udev (#462655)
162	gilbert-guest	12260	notified maintainer
163	jmm-guest	12258
164			--
165
166	gilbert-guest	12148	webkit (CVE-2008-4724)
167	gilbert-guest	12147	#520052
168			asked maintainer
169
170			--
171
172	jmm-guest	8912	xemacs21 (CVE-2008-2142)
173			bug #480877
174	nion	8916	notified maintainer
175	jmm-guest	8912
176	jmm-guest	8578	--
177
178	jmm-guest	11386	xen-3 (CVE-2008-4993)
179	jmm-guest	9973	#496367
180	nion	9991	notified maintainer
181	jmm-guest	11553
182			--
183
184			xfig
185	derevko-guest	12057	25_mkstemp added in 1:3.2.5.a-1
186			notified maintainer
187	jmm-guest	11553
188	jmm-guest	11704	--
189
190			ziproxy (CVE-2009-0804)
191			#521051