secure-testing/data/spu-candidates.txt

This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

asterisk (CVE-2009-0041)
#513413
notified maintainer

CVE-2008-3903
#522528
notified maintainer

--

avahi (CVE-2009-0758)
#517683
notified maintainer

--

bugzilla (CVE-2009-0481 to CVE-2009-0485)
notified maintainer

--

compiz-fusion-plugins-main (CVE-2008-6514)
notified maintainer

--

cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
#528434
notified maintainer

--

evolution (CVE-2009-1631)
#526409
notified maintainer through initial bugreport

--

firebird2.0 (CVE-2009-2620)
#539477

--

gnutls26 (CVE-2009-1417)
#531614
notified maintainer

--

kfreebsd-6
[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
notified maintainer

[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
notified maintainer

--

kfreebsd-7
[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
notified maintainer

[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
notified maintainer

--

kvm 82-1 (CVE-2008-5714)
#509997
notified maintainer

--

lcms (CVE-2009-0793)
notified maintainer through initial bugreport

--

libpng (CVE-2009-2042)
#533676
notified maintainer

--

libsndfile
potential dos via crafted input
#530831

--

libvorbis (CVE-2008-2009)
notified maintainer and release team

--

memcached (CVE-2009-1255)
notified maintainer

--

mimedecode
potential dos/crash due to invalid input
orphaned
#530430

--

mpg123 (CVE-2009-1301)
notified maintainer

--

squid (CVE-2009-0801)
#521053

--

squid3 (CVE-2009-0801)
#521052

--

stardict (CVE-2009-2260)
#534731
notified maintainer

--

net-snmp (CVE-2008-6123)
Noah will see to it.

--

openldap
#253838
notified maintainer

--

pam (CVE-2009-0579)
#514437
asked maintainer in mail

--

pptp-linux (no CVE)
#523476
Ola will prepare a fix in a point update

--

slim (CVE-2009-1756)
bug #529306
Maintainer notified through followup in #529306

--

smarty (CVE-2009-1669)
#529810
http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462
notified maintainer

--

tau (CVE-2008-5157)
#506348
notified maintainer

--

texlive-bin (CVE-2009-1284)
#520920
https://bugzilla.redhat.com/show_bug.cgi?id=492136

--

udev (#462655)
notified maintainer

--

webkit (CVE-2008-4724)
#520052
asked maintainer

--

xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

xen-3 (CVE-2008-4993)
#496367
notified maintainer

--

xfig
25_mkstemp added in 1:3.2.5.a-1
notified maintainer

--

ziproxy (CVE-2009-0804)
#521051
1	jmm-guest	7532	This file records minor security issues, which do not warrant a DSA,
2			but which could be fixed in a stable point update if people feel like
3			it. If someone wants to address these, please add a note about it
4			and get in contact with debian-release@lists.debian.org
5
6			--
7
8	jmm-guest	11373	asterisk (CVE-2009-0041)
9			#513413
10	nion	11718	notified maintainer
11	jmm-guest	11373
12	jmm-guest	11956	CVE-2008-3903
13			#522528
14	derevko-guest	12038	notified maintainer
15	jmm-guest	11956
16	jmm-guest	11373	--
17
18	jmm-guest	11559	avahi (CVE-2009-0758)
19			#517683
20	nion	11718	notified maintainer
21	jmm-guest	11559
22			--
23
24	jmm-guest	11507	bugzilla (CVE-2009-0481 to CVE-2009-0485)
25	nion	11718	notified maintainer
26	jmm-guest	11507
27			--
28
29	jmm-guest	11963	compiz-fusion-plugins-main (CVE-2008-6514)
30	derevko-guest	12024	notified maintainer
31	jmm-guest	11963
32			--
33
34	jmm-guest	11911	cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
35			#528434
36	derevko-guest	12038	notified maintainer
37	jmm-guest	11911
38			--
39
40	white	12460	evolution (CVE-2009-1631)
41			#526409
42	derevko-guest	12477	notified maintainer through initial bugreport
43	white	12460
44			--
45
46	jmm-guest	12542	firebird2.0 (CVE-2009-2620)
47			#539477
48
49			--
50
51	jmm-guest	12020	gnutls26 (CVE-2009-1417)
52			#531614
53	derevko-guest	12038	notified maintainer
54	jmm-guest	12020
55			--
56
57	jmm-guest	12108	kfreebsd-6
58			[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
59			http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
60	derevko-guest	12200	notified maintainer
61	jmm-guest	12108
62	jmm-guest	12191	[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
63	jmm-guest	12108	http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
64	derevko-guest	12200	notified maintainer
65	jmm-guest	12108
66			--
67
68			kfreebsd-7
69			[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
70			http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
71	derevko-guest	12200	notified maintainer
72	jmm-guest	12108
73	jmm-guest	12191	[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
74	jmm-guest	12108	http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
75	derevko-guest	12200	notified maintainer
76	jmm-guest	12108
77			--
78
79	jmm-guest	11729	kvm 82-1 (CVE-2008-5714)
80			#509997
81	derevko-guest	12047	notified maintainer
82	jmm-guest	11729
83			--
84
85	derevko-guest	12292	lcms (CVE-2009-0793)
86			notified maintainer through initial bugreport
87
88			--
89
90	jmm-guest	12244	libpng (CVE-2009-2042)
91			#533676
92	derevko-guest	12292	notified maintainer
93	jmm-guest	12244
94			--
95
96	derevko-guest	12292	libsndfile
97			potential dos via crafted input
98			#530831
99
100			--
101
102	gilbert-guest	11775	libvorbis (CVE-2008-2009)
103			notified maintainer and release team
104
105			--
106
107	jmm-guest	12352	memcached (CVE-2009-1255)
108	derevko-guest	12387	notified maintainer
109	jmm-guest	12352
110	derevko-guest	12387	--
111	jmm-guest	12352
112	derevko-guest	12292	mimedecode
113			potential dos/crash due to invalid input
114	derevko-guest	12387	orphaned
115	derevko-guest	12292	#530430
116
117			--
118
119	jmm-guest	11704	mpg123 (CVE-2009-1301)
120	nion	11718	notified maintainer
121	jmm-guest	11704
122			--
123
124	derevko-guest	12445	squid (CVE-2009-0801)
125			#521053
126
127			--
128
129			squid3 (CVE-2009-0801)
130			#521052
131
132			--
133
134	jmm-guest	12421	stardict (CVE-2009-2260)
135			#534731
136	derevko-guest	12427	notified maintainer
137	jmm-guest	12421
138			--
139
140	thijs	11319	net-snmp (CVE-2008-6123)
141			Noah will see to it.
142
143			--
144
145	jmm-guest	11490	openldap
146			#253838
147	derevko-guest	12047	notified maintainer
148	jmm-guest	11490
149			--
150
151	gilbert-guest	11732	pam (CVE-2009-0579)
152			#514437
153			asked maintainer in mail
154
155			--
156
157	jmm-guest	11712	pptp-linux (no CVE)
158			#523476
159	jmm-guest	11758	Ola will prepare a fix in a point update
160	jmm-guest	11712
161			--
162
163	jmm-guest	12029	slim (CVE-2009-1756)
164			bug #529306
165			Maintainer notified through followup in #529306
166
167			--
168
169	jmm-guest	11963	smarty (CVE-2009-1669)
170			#529810
171			http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462
172	derevko-guest	12047	notified maintainer
173	jmm-guest	11963
174			--
175
176	jmm-guest	11184	tau (CVE-2008-5157)
177			#506348
178	nion	11202	notified maintainer
179	jmm-guest	11184
180			--
181
182	derevko-guest	12047	texlive-bin (CVE-2009-1284)
183	jmm-guest	11704	#520920
184			https://bugzilla.redhat.com/show_bug.cgi?id=492136
185
186			--
187
188	jmm-guest	12258	udev (#462655)
189	gilbert-guest	12260	notified maintainer
190	jmm-guest	12258
191			--
192
193	gilbert-guest	12148	webkit (CVE-2008-4724)
194	gilbert-guest	12147	#520052
195			asked maintainer
196
197			--
198
199	jmm-guest	8912	xemacs21 (CVE-2008-2142)
200			bug #480877
201	nion	8916	notified maintainer
202	jmm-guest	8912
203	jmm-guest	8578	--
204
205	jmm-guest	11386	xen-3 (CVE-2008-4993)
206	jmm-guest	9973	#496367
207	nion	9991	notified maintainer
208	jmm-guest	11553
209			--
210
211			xfig
212	derevko-guest	12057	25_mkstemp added in 1:3.2.5.a-1
213			notified maintainer
214	jmm-guest	11553
215	jmm-guest	11704	--
216
217			ziproxy (CVE-2009-0804)
218			#521051