/[secure-testing]/data/spu-candidates.txt
ViewVC logotype

Contents of /data/spu-candidates.txt

Parent Directory Parent Directory | Revision Log Revision Log

Revision 15536 - (hide annotations) (download)
Thu Oct 28 21:31:39 2010 UTC (2 years, 6 months ago) by jmm-guest
File MIME type: text/plain
File size: 8363 byte(s) 
- ember fixed
- two more dovecot issues (fixed in Squeeze, N/A in Lenny)
- new mozilla issue and various mozilla updates
- postgresql9 issue (sid only)
- new python issue (already fixed in 3.1, 2.6 and 2.5 still needed)
- eglibc issue unimportant
- NFUs
- mantis fixed
1 jmm-guest 7532 This file records minor security issues, which do not warrant a DSA,
2     but which could be fixed in a stable point update if people feel like
3     it. If someone wants to address these, please add a note about it
4     and get in contact with debian-release@lists.debian.org
5    
6 jmm-guest 13302
7 jmm-guest 7532 --
8    
9 jmm-guest 14483 abcm2ps (no CVE)
10     #577014
11    
12    
13     --
14    
15 jmm-guest 13932 acidbase (CVE-2009-4590, CVE-2009-4591, CVE-2009-4592)
16 derevko-guest 13977 notified maintainer
17 jmm-guest 13932
18 jmm-guest 14945 CVE-2009-4839 CVE-2009-4838 CVE-2009-4837
19 jmm-guest 15026 maintainer contacted us, notified about spu status
20 jmm-guest 14945
21 jmm-guest 13932 --
22    
23 jmm-guest 14019 acl (CVE-2009-4411)
24     #499076
25     notified maintainer
26    
27     --
28    
29 jmm-guest 11373 asterisk (CVE-2009-0041)
30     #513413
31 nion 11718 notified maintainer
32 jmm-guest 11373
33 derevko-guest 13696 asterisk (CVE-2008-3903)
34 jmm-guest 11956 #522528
35 derevko-guest 12038 notified maintainer
36 jmm-guest 11956
37 jmm-guest 11373 --
38    
39 jmm-guest 11559 avahi (CVE-2009-0758)
40     #517683
41 nion 11718 notified maintainer
42 jmm-guest 11559
43     --
44    
45 jmm-guest 13490 babel (CVE-2009-3736)
46     #559843
47 derevko-guest 13617 notified maintainer
48 jmm-guest 13490
49     --
50    
51 jmm-guest 11507 bugzilla (CVE-2009-0481 to CVE-2009-0485)
52 nion 11718 notified maintainer
53 jmm-guest 11507
54 jmm-guest 14935 CVE-2010-1204
55     notified maintainer through initial bugreport
56    
57 jmm-guest 11507 --
58    
59 jmm-guest 12757 buildbot (CVE-2009-2959, CVE-2009-2967)
60     #543822
61 derevko-guest 12789 notified maintainer
62 jmm-guest 12757
63     --
64    
65 jmm-guest 11963 compiz-fusion-plugins-main (CVE-2008-6514)
66 derevko-guest 12024 notified maintainer
67 jmm-guest 11963
68     --
69    
70 jmm-guest 14529 couchdb (CVE-2010-0009)
71     #576304
72 derevko-guest 14734 notified maintainer
73 jmm-guest 14529
74     --
75    
76 jmm-guest 11911 cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
77     #528434
78 derevko-guest 12038 notified maintainer
79 jmm-guest 11911
80     --
81    
82 jmm-guest 13678 cups (CVE-2009-3553)
83     #557740
84     maintainer notified in initial bug report
85 derevko-guest 14351 Initial patch was incomplete;
86 jmm-guest 13678
87 derevko-guest 14351 cups (CVE-2010-0302)
88     #572940
89     notified maintainer
90 jmm-guest 14210
91 jmm-guest 13678 --
92    
93 jmm-guest 13618 devil (CVE-2009-3994)
94     #560080
95 derevko-guest 13696 notified maintainer
96 jmm-guest 13618
97     --
98    
99 gilbert-guest 13009 dopewars (CVE-2009-3591)
100     #550913
101     notified maintainer
102    
103     --
104    
105 jmm-guest 15383 dropbox (CVE-2010-3354)
106     bug #598287
107    
108     --
109    
110 jmm-guest 13374 dstat (CVE-2009-3894)
111     http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
112 derevko-guest 13464 notified maintainer
113 jmm-guest 13374
114 derevko-guest 13464 dstat (CVE-2009-4081)
115     #559667
116     notified maintainer
117    
118 jmm-guest 13374 --
119    
120 white 12460 evolution (CVE-2009-1631)
121     #526409
122 derevko-guest 12477 notified maintainer through initial bugreport
123 white 12460
124     --
125    
126 jmm-guest 15116 exim4 (CVE-2010-2023, CVE-2010-2024)
127     notified maintainers
128    
129     --
130    
131 jmm-guest 14897 fastjar (CVE-2010-0831, CVE-2010-2322)
132    
133     --
134    
135 jmm-guest 14208 fcron (CVE-2010-0791)
136     #572587
137     notified maintainer through initial bugreport
138    
139     --
140    
141 jmm-guest 15506 flash-kernel temp file handling (fixed in 2.33)
142    
143    
144     --
145    
146 jmm-guest 15413 ika (CVE-2010-3361)
147     #5982925B
148     notified maintainer
149    
150     --
151    
152 jmm-guest 14439 imp4 (CVE-2010-0463)
153     #569661
154 derevko-guest 14734 notified maintainer
155 jmm-guest 14439
156     --
157    
158 jmm-guest 13932 libgnucrypto-java (CVE-2008-5659)
159     #559789
160 derevko-guest 13977 removed
161 jmm-guest 13932
162     --
163    
164 jmm-guest 12020 gnutls26 (CVE-2009-1417)
165     #531614
166 derevko-guest 12038 notified maintainer
167 jmm-guest 12020
168     --
169    
170 jmm-guest 12757 gri (no CVE)
171     fixed in gri 2.12.18-1:
172     "Improve security when creating temporary files."
173 derevko-guest 12789 notified maintainer
174 jmm-guest 12757
175     --
176    
177 jmm-guest 12830 gupnp (CVE-2009-2174)
178     #534594
179 derevko-guest 12869 notified maintainer
180 jmm-guest 12830
181     --
182    
183     htmldoc (CVE-2009-3050)
184     #537637
185 derevko-guest 12947 notified maintainer through initial bugreport
186 jmm-guest 12830
187     --
188    
189 jmm-guest 13490 hypre (CVE-2009-3736)
190     #559834
191 derevko-guest 13617 notified maintainer
192 jmm-guest 13490
193     --
194    
195 gilbert-guest 14398 iceweasel (CVE-2009-0777)
196     #576466
197     notified maintainer
198    
199     --
200    
201 jmm-guest 12830 kde4libs (CVE-2009-2702)
202     #546218
203 derevko-guest 13013 notified maintainer
204 jmm-guest 12830
205 derevko-guest 14351 kde4libs (CVE-2009-0689)
206     notified maintainer
207 jmm-guest 14124
208 jmm-guest 12830 --
209    
210 jmm-guest 12108 kfreebsd-6
211     [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
212     http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
213 derevko-guest 12200 notified maintainer
214 jmm-guest 12108
215 jmm-guest 12191 [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
216 jmm-guest 12108 http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
217 derevko-guest 12200 notified maintainer
218 jmm-guest 12108
219     --
220    
221     kfreebsd-7
222     [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
223     http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
224 derevko-guest 12200 notified maintainer
225 jmm-guest 12108
226 jmm-guest 12191 [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
227 jmm-guest 12108 http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
228 derevko-guest 12200 notified maintainer
229 jmm-guest 12108
230     --
231    
232 jmm-guest 11729 kvm 82-1 (CVE-2008-5714)
233     #509997
234 derevko-guest 12047 notified maintainer
235 jmm-guest 11729
236     --
237    
238 derevko-guest 12292 lcms (CVE-2009-0793)
239     notified maintainer through initial bugreport
240    
241     --
242    
243 jmm-guest 14420 libesmtp (CVE-2010-1192)
244     #572960
245 jmm-guest 15026 maintainer contacted us, notified about spu status
246 jmm-guest 14420
247     --
248    
249 jmm-guest 14606 libnss-db (CVE-2010-0826)
250     #577057
251    
252     --
253    
254 jmm-guest 12626 libpam-ssh (CVE-2009-1273)
255     #535877
256 jmm-guest 12655 maintainer notified through initial bug report, said he would work on an update
257 jmm-guest 12626
258     --
259    
260 jmm-guest 15251 libglpng (CVE-2010-1516)
261    
262     --
263    
264 jmm-guest 12244 libpng (CVE-2009-2042)
265     #533676
266 derevko-guest 12292 notified maintainer
267 jmm-guest 12244
268     --
269    
270 luciano 15123 libpoe-component-irc-perl
271     #581194
272     maintainer contacted us
273    
274     --
275    
276 derevko-guest 12292 libsndfile
277     potential dos via crafted input
278     #530831
279 derevko-guest 14351 notified maintainer
280 derevko-guest 12292
281     --
282    
283 gilbert-guest 11775 libvorbis (CVE-2008-2009)
284     notified maintainer and release team
285    
286     --
287    
288 jmm-guest 14019 libstruts1.2-java (CVE-2008-2025)
289     #528352
290 derevko-guest 14351 notified maintainer
291 jmm-guest 14019
292     --
293    
294 jmm-guest 14226 linux-ftpd: null ptr dereference
295     #572813
296 derevko-guest 14351 notified maintainer
297 jmm-guest 14226
298     --
299    
300 jmm-guest 14482 logrotate [logrotate race condition could lead to file disclosure]
301     Fixed in sid in 3.7.8-4
302    
303     --
304    
305 jmm-guest 14136 makepasswd (no CVE ID)
306     #564559
307 derevko-guest 14351 notified maintainer
308 jmm-guest 14136
309     --
310    
311 jmm-guest 15055 mako (CVE-2010-2480)
312     http://bugs.python.org/issue9061
313    
314     --
315    
316 jmm-guest 15243 mapserver (CVE-2010-3484, CVE-2010-3485)
317     fixed in 5.6.4-1
318    
319     --
320    
321 derevko-guest 13892 maradns
322     http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
323     notified maintainer
324    
325     --
326    
327 jmm-guest 12352 memcached (CVE-2009-1255)
328 derevko-guest 12387 notified maintainer
329 jmm-guest 12352
330 derevko-guest 12387 --
331 jmm-guest 12352
332 derevko-guest 12292 mimedecode
333     potential dos/crash due to invalid input
334 derevko-guest 12387 orphaned
335 derevko-guest 12292 #530430
336    
337     --
338    
339 jmm-guest 11704 mpg123 (CVE-2009-1301)
340 nion 11718 notified maintainer
341 jmm-guest 11704
342     --
343    
344 jmm-guest 12830 neon27 (CVE-2009-2474)
345     #542926
346 derevko-guest 12891 notified maintainer
347 jmm-guest 12830
348     --
349    
350     neon26 (CVE-2009-2474)
351     #542926
352 derevko-guest 12891 notified maintainer
353 jmm-guest 12830
354     --
355    
356 derevko-guest 13697 network-manager-applet (CVE-2009-4144)
357     #560067
358     notified maintainer through initial bugreport
359    
360     CVE-2009-4145
361     #563371
362     notified maintainer through initial bugreport
363    
364     --
365    
366 jmm-guest 12711 ntop (CVE-2009-2732)
367     #543312
368 derevko-guest 12892 notified maintainer through initial bugreport
369 jmm-guest 12711
370     --
371    
372 jmm-guest 15251 phpbb3 (CVE-2010-1630, 1627)
373    
374     --
375    
376 derevko-guest 12891 postfix (CVE-2009-2939)
377     notified maintainer
378    
379     --
380    
381 jmm-guest 15413 roaraudio (CVE-2010-3362)
382     #598295
383    
384     --
385    
386 jmm-guest 14951 ruby1.8 (CVE-2010-0541)
387    
388     --
389    
390     ruby1.9 (CVE-2010-0541)
391    
392     --
393    
394 derevko-guest 12445 squid (CVE-2009-0801)
395     #521053
396 derevko-guest 14351 notified maintainer
397 derevko-guest 12445
398     --
399    
400     squid3 (CVE-2009-0801)
401     #521052
402 derevko-guest 14351 notified maintainer
403 derevko-guest 12445
404     --
405    
406 jmm-guest 13932 t-prot (CVE-2009-4404)
407 derevko-guest 14351 notified maintainer
408 jmm-guest 13932
409     --
410    
411 jmm-guest 15460 torcs (CVE-2010-3384)
412     #598306
413    
414     --
415    
416 thijs 11319 net-snmp (CVE-2008-6123)
417     Noah will see to it.
418    
419     --
420    
421 jmm-guest 12830 ocsinventory-server (CVE-2009-3040, CVE-2009-3042, CVE-2009-1443)
422     #541995
423 derevko-guest 12928 notified maintainer
424 jmm-guest 12830
425     --
426    
427 jmm-guest 11490 openldap
428     #253838
429 derevko-guest 12047 notified maintainer
430 jmm-guest 11490
431     --
432    
433 jmm-guest 12925 overkill (no CVE yet)
434     #549310
435    
436     --
437    
438 jmm-guest 12830 owl (CVE-2009-0363)
439     #515118
440 derevko-guest 13013 notified maintainer
441 jmm-guest 12830
442     --
443    
444 gilbert-guest 11732 pam (CVE-2009-0579)
445     #514437
446     asked maintainer in mail
447    
448     --
449    
450 jmm-guest 12830 pidgin (CVE-2009-1889, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085)
451     #535790
452     http://developer.pidgin.im/ticket/9483
453     http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
454 derevko-guest 13013 notified maintainer
455 jmm-guest 12830
456     --
457    
458 jmm-guest 11712 pptp-linux (no CVE)
459     #523476
460 jmm-guest 11758 Ola will prepare a fix in a point update
461 jmm-guest 11712
462     --
463    
464 jmm-guest 15100 prewikka (CVE-2010-2058)
465     #584469
466    
467    
468     --
469    
470 derevko-guest 13021 puppet (CVE-2009-3564)
471     #551073
472     notified maintainer in initial bug report
473    
474 jmm-guest 14214 CVE-2010-0156
475     #https://bugzilla.redhat.com/show_bug.cgi?id=502881
476 derevko-guest 14351 notified maintainer
477 jmm-guest 14214
478 derevko-guest 13021 --
479    
480 derevko-guest 13696 python-4suite (CVE-2009-3560, CVE-2009-3720)
481 jmm-guest 13640 #560914
482 derevko-guest 13696 notified maintainer
483 jmm-guest 13640
484 jmm-guest 15434 --
485 jmm-guest 14842
486 jmm-guest 15434 python-cjson (CVE-2009-4924)
487     #593302
488    
489 jmm-guest 13640 --
490    
491 jmm-guest 14842 python2.4 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134)
492    
493    
494     --
495    
496 jmm-guest 15536 python2.5 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134, CVE-2010-3493)
497 jmm-guest 14842
498     --
499    
500 jmm-guest 15383 qtparted (CVE-2010-3375)
501     #598301
502    
503     --
504    
505 derevko-guest 12869 rails (CVE-2009-3086)
506     bug #545063
507 derevko-guest 13013 notified maintainer
508 derevko-guest 12869
509     --
510    
511 jmm-guest 15404 scilab (CVE-2010-3378)
512     #598423; #598422
513    
514     --
515    
516 jmm-guest 14212 shibboleth-sp2: world-readable key (no CVE)
517     #571631
518     notified maintainer through bugreport
519    
520     --
521    
522 jmm-guest 14186 squid (CVE-2010-0639)
523     #572553
524     Maintainer notified through initial bugreport
525    
526     --
527    
528     squid3 (CVE-2010-0639)
529     #572554
530     Maintainer notified through initial bugreport
531    
532     --
533    
534 jmm-guest 13932 sqlite
535     #566326
536    
537     --
538    
539 jmm-guest 11184 tau (CVE-2008-5157)
540     #506348
541 nion 11202 notified maintainer
542 jmm-guest 11184
543     --
544    
545 jmm-guest 15404 teamspeak-client
546     #598304
547    
548     --
549    
550     teamspeak-server
551     #598305
552    
553     --
554    
555 jmm-guest 14470 trac (CVE-2009-4405)
556 derevko-guest 14734 notified maintainer
557 jmm-guest 14470
558     --
559    
560 jmm-guest 12258 udev (#462655)
561 gilbert-guest 12260 notified maintainer
562 jmm-guest 12258
563     --
564    
565 derevko-guest 12873 planet (CVE-2009-2937)
566     bug #546178
567     notified maintainer through initial bugreport
568    
569     --
570    
571 jmm-guest 14874 w3m (CVE-2010-2074)
572 jmm-guest 14916 maintainer notified through bug report
573 jmm-guest 14874
574     --
575    
576 gilbert-guest 12148 webkit (CVE-2008-4724)
577 gilbert-guest 12147 #520052
578     asked maintainer
579    
580     --
581    
582 jmm-guest 8912 xemacs21 (CVE-2008-2142)
583     bug #480877
584 nion 8916 notified maintainer
585 jmm-guest 8912
586 jmm-guest 12626 xemacs21 (CVE-2009-2688)
587     #540470
588     Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
589 derevko-guest 12630 notified maintainer
590 jmm-guest 12626
591     --
592    
593 jmm-guest 11386 xen-3 (CVE-2008-4993)
594 jmm-guest 9973 #496367
595 nion 9991 notified maintainer
596 jmm-guest 11553
597     --
598    
599 derevko-guest 13013 xerces-c2 (CVE-2009-1885)
600     #541986
601     notified maintainer
602 jmm-guest 12830
603     --
604    
605 jmm-guest 11553 xfig
606 derevko-guest 12057 25_mkstemp added in 1:3.2.5.a-1
607     notified maintainer
608 jmm-guest 11553
609 jmm-guest 13557 CVE-2009-4228/CVE-2009-4227
610     #559274)
611     https://bugzilla.redhat.com/show_bug.cgi?id=543905
612 derevko-guest 14734 notified maintainer
613 jmm-guest 13557
614 jmm-guest 11704 --
615    
616 jmm-guest 13040 xmp (CVE-2007-6731, CVE-2007-6732)
617     #546730
618 derevko-guest 13339 notified maintainer
619 jmm-guest 13040
620     --
621    
622 jmm-guest 13969 ytnef (CVE-2009-3887, CVE-2009-3721)
623 derevko-guest 14351 notified maintainer
624 jmm-guest 13969
625     --
626    
627 jmm-guest 11704 ziproxy (CVE-2009-0804)
628     #521051
629 derevko-guest 13777 notified maintainer
630    
631 jmm-guest 13932 --
632    
633     zope2.10 (no CVE)
634     https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html
635 jmm-guest 13938
636     --
637    
638     zoph (CVE-2008-6838, CVE-2008-6837, CVE-2009-2343)
639     http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249
640     http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128
641 derevko-guest 14351 notified maintainer
642    
  ViewVC Help
Powered by ViewVC 1.1.5