/[secure-testing]/data/spu-candidates.txt
ViewVC logotype

Contents of /data/spu-candidates.txt

Parent Directory Parent Directory | Revision Log Revision Log

Revision 12922 - (hide annotations) (download)
Fri Oct 2 23:18:07 2009 UTC (3 years, 7 months ago) by jmm-guest
File MIME type: text/plain
File size: 4532 byte(s) 
- planet-venus scheduled for point update
- backuppc no-dsa
- new libfwbuilder issue
- new opensaml issue
- rewrite some not-affected entries
1 jmm-guest 7532 This file records minor security issues, which do not warrant a DSA,
2     but which could be fixed in a stable point update if people feel like
3     it. If someone wants to address these, please add a note about it
4     and get in contact with debian-release@lists.debian.org
5    
6     --
7    
8 jmm-guest 11373 asterisk (CVE-2009-0041)
9     #513413
10 nion 11718 notified maintainer
11 jmm-guest 11373
12 jmm-guest 11956 CVE-2008-3903
13     #522528
14 derevko-guest 12038 notified maintainer
15 jmm-guest 11956
16 jmm-guest 11373 --
17    
18 jmm-guest 11559 avahi (CVE-2009-0758)
19     #517683
20 nion 11718 notified maintainer
21 jmm-guest 11559
22     --
23    
24 jmm-guest 12922 backuppc [BackupPC ClientNameAlias ssh rsync backup security bypass]
25     #542218
26    
27     --
28    
29 jmm-guest 11507 bugzilla (CVE-2009-0481 to CVE-2009-0485)
30 nion 11718 notified maintainer
31 jmm-guest 11507
32     --
33    
34 jmm-guest 12757 buildbot (CVE-2009-2959, CVE-2009-2967)
35     #543822
36 derevko-guest 12789 notified maintainer
37 jmm-guest 12757
38     --
39    
40 jmm-guest 11963 compiz-fusion-plugins-main (CVE-2008-6514)
41 derevko-guest 12024 notified maintainer
42 jmm-guest 11963
43     --
44    
45 jmm-guest 11911 cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
46     #528434
47 derevko-guest 12038 notified maintainer
48 jmm-guest 11911
49     --
50    
51 white 12460 evolution (CVE-2009-1631)
52     #526409
53 derevko-guest 12477 notified maintainer through initial bugreport
54 white 12460
55     --
56    
57 jmm-guest 12542 firebird2.0 (CVE-2009-2620)
58     #539477
59 derevko-guest 12630 notified maintainer
60 jmm-guest 12542
61     --
62    
63 jmm-guest 12020 gnutls26 (CVE-2009-1417)
64     #531614
65 derevko-guest 12038 notified maintainer
66 jmm-guest 12020
67     --
68    
69 jmm-guest 12757 gri (no CVE)
70     fixed in gri 2.12.18-1:
71     "Improve security when creating temporary files."
72 derevko-guest 12789 notified maintainer
73 jmm-guest 12757
74     --
75    
76 jmm-guest 12830 gupnp (CVE-2009-2174)
77     #534594
78 derevko-guest 12869 notified maintainer
79 jmm-guest 12830
80     --
81    
82     htmldoc (CVE-2009-3050)
83     #537637
84    
85     --
86    
87     kde4libs (CVE-2009-2702)
88     #546218
89    
90     --
91    
92 jmm-guest 12108 kfreebsd-6
93     [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
94     http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
95 derevko-guest 12200 notified maintainer
96 jmm-guest 12108
97 jmm-guest 12191 [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
98 jmm-guest 12108 http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
99 derevko-guest 12200 notified maintainer
100 jmm-guest 12108
101     --
102    
103     kfreebsd-7
104     [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
105     http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
106 derevko-guest 12200 notified maintainer
107 jmm-guest 12108
108 jmm-guest 12191 [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
109 jmm-guest 12108 http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
110 derevko-guest 12200 notified maintainer
111 jmm-guest 12108
112     --
113    
114 jmm-guest 11729 kvm 82-1 (CVE-2008-5714)
115     #509997
116 derevko-guest 12047 notified maintainer
117 jmm-guest 11729
118     --
119    
120 derevko-guest 12292 lcms (CVE-2009-0793)
121     notified maintainer through initial bugreport
122    
123     --
124    
125 jmm-guest 12626 libpam-ssh (CVE-2009-1273)
126     #535877
127 jmm-guest 12655 maintainer notified through initial bug report, said he would work on an update
128 jmm-guest 12626
129     --
130    
131 jmm-guest 12244 libpng (CVE-2009-2042)
132     #533676
133 derevko-guest 12292 notified maintainer
134 jmm-guest 12244
135     --
136    
137 derevko-guest 12292 libsndfile
138     potential dos via crafted input
139     #530831
140    
141     --
142    
143 gilbert-guest 11775 libvorbis (CVE-2008-2009)
144     notified maintainer and release team
145    
146     --
147    
148 jmm-guest 12352 memcached (CVE-2009-1255)
149 derevko-guest 12387 notified maintainer
150 jmm-guest 12352
151 derevko-guest 12387 --
152 jmm-guest 12352
153 derevko-guest 12292 mimedecode
154     potential dos/crash due to invalid input
155 derevko-guest 12387 orphaned
156 derevko-guest 12292 #530430
157    
158     --
159    
160 jmm-guest 12810 movabletype-opensource (CVE-2009-2492)
161     #537935
162 derevko-guest 12891 notified maintainer
163 jmm-guest 12810
164     --
165    
166 jmm-guest 11704 mpg123 (CVE-2009-1301)
167 nion 11718 notified maintainer
168 jmm-guest 11704
169     --
170    
171 jmm-guest 12830 neon27 (CVE-2009-2474)
172     #542926
173 derevko-guest 12891 notified maintainer
174 jmm-guest 12830
175     --
176    
177     neon26 (CVE-2009-2474)
178     #542926
179 derevko-guest 12891 notified maintainer
180 jmm-guest 12830
181     --
182    
183 jmm-guest 12711 ntop (CVE-2009-2732)
184     #543312
185 derevko-guest 12892 notified maintainer through initial bugreport
186 jmm-guest 12711
187     --
188    
189 derevko-guest 12891 postfix (CVE-2009-2939)
190     notified maintainer
191    
192     --
193    
194 derevko-guest 12445 squid (CVE-2009-0801)
195     #521053
196    
197     --
198    
199     squid3 (CVE-2009-0801)
200     #521052
201    
202     --
203    
204 thijs 11319 net-snmp (CVE-2008-6123)
205     Noah will see to it.
206    
207     --
208    
209 jmm-guest 12830 ocsinventory-server (CVE-2009-3040, CVE-2009-3042, CVE-2009-1443)
210     #541995
211    
212     --
213    
214     open-iscsi (CVE-2009-1297)
215     notified maintainer in initial bug report
216    
217     --
218    
219 jmm-guest 11490 openldap
220     #253838
221 derevko-guest 12047 notified maintainer
222 jmm-guest 11490
223     --
224    
225 jmm-guest 12830 owl (CVE-2009-0363)
226     #515118
227    
228     --
229    
230 gilbert-guest 11732 pam (CVE-2009-0579)
231     #514437
232     asked maintainer in mail
233    
234     --
235    
236 jmm-guest 12830 pidgin (CVE-2009-1889, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085)
237     #535790
238     http://developer.pidgin.im/ticket/9483
239     http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
240    
241     --
242    
243 jmm-guest 11712 pptp-linux (no CVE)
244     #523476
245 jmm-guest 11758 Ola will prepare a fix in a point update
246 jmm-guest 11712
247     --
248    
249 derevko-guest 12869 rails (CVE-2009-3086)
250     bug #545063
251    
252     --
253    
254 jmm-guest 12029 slim (CVE-2009-1756)
255     bug #529306
256     Maintainer notified through followup in #529306
257    
258     --
259    
260 jmm-guest 11963 smarty (CVE-2009-1669)
261     #529810
262     http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462
263 derevko-guest 12047 notified maintainer
264 jmm-guest 11963
265     --
266    
267 jmm-guest 11184 tau (CVE-2008-5157)
268     #506348
269 nion 11202 notified maintainer
270 jmm-guest 11184
271     --
272    
273 derevko-guest 12047 texlive-bin (CVE-2009-1284)
274 jmm-guest 11704 #520920
275     https://bugzilla.redhat.com/show_bug.cgi?id=492136
276    
277     --
278    
279 jmm-guest 12258 udev (#462655)
280 gilbert-guest 12260 notified maintainer
281 jmm-guest 12258
282     --
283    
284 derevko-guest 12873 planet (CVE-2009-2937)
285     bug #546178
286     notified maintainer through initial bugreport
287    
288     --
289    
290 gilbert-guest 12148 webkit (CVE-2008-4724)
291 gilbert-guest 12147 #520052
292     asked maintainer
293    
294     --
295    
296 jmm-guest 8912 xemacs21 (CVE-2008-2142)
297     bug #480877
298 nion 8916 notified maintainer
299 jmm-guest 8912
300 jmm-guest 12626 xemacs21 (CVE-2009-2688)
301     #540470
302     Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
303 derevko-guest 12630 notified maintainer
304 jmm-guest 12626
305     --
306    
307 jmm-guest 11386 xen-3 (CVE-2008-4993)
308 jmm-guest 9973 #496367
309 nion 9991 notified maintainer
310 jmm-guest 11553
311     --
312    
313 jmm-guest 12830 xerces-c (CVE-2009-1885)
314     #540297
315    
316     --
317    
318 jmm-guest 11553 xfig
319 derevko-guest 12057 25_mkstemp added in 1:3.2.5.a-1
320     notified maintainer
321 jmm-guest 11553
322 jmm-guest 11704 --
323    
324 jmm-guest 12626 xscreensaver (no CVE)
325     #539699
326 derevko-guest 12789 notified maintainer
327 jmm-guest 12626
328     --
329    
330 jmm-guest 11704 ziproxy (CVE-2009-0804)
331     #521051
  ViewVC Help
Powered by ViewVC 1.1.5