secure-testing/data/spu-candidates.txt

This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

audacity (CVE-2007-6061)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
notified maintainer

--

balsa (CVE-2007-5007)
http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
notified maintainer

--

beagle (CVE-2005-4791)
notified maintainer

--

blam (CVE-2005-4791)
notified maintainer

--

flac123 (CVE-2007-3507)
notified maintainer

--

libapache2-mod-perl2 (CVE-2007-1349)
http://svn.apache.org/viewvc?view=rev&revision=521584
#433549
notified maintainer

--

libpam-ssh (CVE-2007-0844)
#410236
notified maintainer

--


liferea (CVE-2005-4791)
notified maintainer

--

lighttpd (CVE-2007-3948)
#434888
Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
http://trac.lighttpd.net/trac/ticket/1216
notified maintainer

--

linux-ftpd-ssl (CVE-2007-6263)
#454733
notified maintainer

--

mecab (CVE-2007-3231)
#429174
notified maintainer

--

mldonkey (CVE-2007-4100)
#435439
notified maintainer

--

mnogosearch (CVE-2007-5588)
#447753)
notified maintainer

---

proftpd-dfsg, proftpd (CVE-2007-2165)
update in progress

--

python2.4, python2.5 (CVE-2007-4965)
http://bugs.python.org/issue1179
notified maintainer

--

python-django (CVE-2007-5712)
http://media.djangoproject.com/patches/2007-10-26-security-fix/
#448838
notified maintainer

--

slocate (CVE-2007-0227)
#411937
notified maintainer

--

streamripper (CVE-2007-4337)
notified maintainer

--

sylpheed (CVE-2007-2958)
#441854
http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
notified maintainer

--

tomboy (CVE-2005-4790)
notified maintainer

--

vobcopy (CVE-2007-5718)
bug #448319
notified maintainer

--

xfce4 (CVE-2007-6351 CVE-2007-6352)
notified maintainer

--

zsh (CVE-2007-6209)
bug #454073)
notified maintainer

1	jmm-guest	7532	This file records minor security issues, which do not warrant a DSA,
2			but which could be fixed in a stable point update if people feel like
3			it. If someone wants to address these, please add a note about it
4			and get in contact with debian-release@lists.debian.org
5
6			--
7
8			audacity (CVE-2007-6061)
9			http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
10	nion	7768	notified maintainer
11	jmm-guest	7532
12			--
13
14	jmm-guest	7974	balsa (CVE-2007-5007)
15			http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
16	nion	7976	notified maintainer
17	jmm-guest	7974
18			--
19
20	jmm-guest	7873	beagle (CVE-2005-4791)
21	nion	7876	notified maintainer
22	jmm-guest	7873
23			--
24
25	jmm-guest	7553	blam (CVE-2005-4791)
26	nion	7768	notified maintainer
27	jmm-guest	7553
28			--
29
30	jmm-guest	7883	flac123 (CVE-2007-3507)
31	nion	7884	notified maintainer
32	jmm-guest	7883
33			--
34
35	jmm-guest	7870	libapache2-mod-perl2 (CVE-2007-1349)
36			http://svn.apache.org/viewvc?view=rev&revision=521584
37			#433549
38	nion	7876	notified maintainer
39	jmm-guest	7870
40			--
41
42	jmm-guest	7883	libpam-ssh (CVE-2007-0844)
43			#410236
44	nion	7884	notified maintainer
45	jmm-guest	7883
46			--
47
48	jmm-guest	7932
49	jmm-guest	7873	liferea (CVE-2005-4791)
50	nion	7876	notified maintainer
51	jmm-guest	7873
52			--
53
54	jmm-guest	7932	lighttpd (CVE-2007-3948)
55			#434888
56			Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
57			http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
58			http://trac.lighttpd.net/trac/ticket/1216
59	nion	7933	notified maintainer
60	jmm-guest	7932
61			--
62
63	jmm-guest	7554	linux-ftpd-ssl (CVE-2007-6263)
64			#454733
65	nion	7768	notified maintainer
66	jmm-guest	7554
67			--
68
69	jmm-guest	7847	mecab (CVE-2007-3231)
70			#429174
71	nion	7848	notified maintainer
72	jmm-guest	7847
73	jmm-guest	7856	--
74
75			mldonkey (CVE-2007-4100)
76			#435439
77	nion	7860	notified maintainer
78	jmm-guest	7856
79	jmm-guest	8023	--
80
81			mnogosearch (CVE-2007-5588)
82			#447753)
83	nion	8024	notified maintainer
84	jmm-guest	8023
85	jmm-guest	7847	---
86
87	nion	7781	proftpd-dfsg, proftpd (CVE-2007-2165)
88	jmm-guest	7801	update in progress
89	jmm-guest	7779
90			--
91
92	jmm-guest	7681	python2.4, python2.5 (CVE-2007-4965)
93			http://bugs.python.org/issue1179
94	nion	7768	notified maintainer
95	jmm-guest	7681
96			--
97
98	jmm-guest	8086	python-django (CVE-2007-5712)
99			http://media.djangoproject.com/patches/2007-10-26-security-fix/
100			#448838
101	nion	8088	notified maintainer
102	jmm-guest	8086
103			--
104
105	jmm-guest	7553	slocate (CVE-2007-0227)
106			#411937
107	nion	7768	notified maintainer
108	jmm-guest	7553
109			--
110
111	jmm-guest	8055	streamripper (CVE-2007-4337)
112	nion	8061	notified maintainer
113	jmm-guest	8055
114			--
115
116	jmm-guest	7871	sylpheed (CVE-2007-2958)
117			#441854
118			http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
119	nion	7876	notified maintainer
120	jmm-guest	7871
121			--
122
123	jmm-guest	7532	tomboy (CVE-2005-4790)
124	nion	7768	notified maintainer
125	jmm-guest	7532
126			--
127
128			vobcopy (CVE-2007-5718)
129			bug #448319
130	nion	7768	notified maintainer
131	jmm-guest	7532
132			--
133
134	jmm-guest	8056	xfce4 (CVE-2007-6351 CVE-2007-6352)
135	nion	8061	notified maintainer
136	jmm-guest	8056
137			--
138
139	jmm-guest	7532	zsh (CVE-2007-6209)
140			bug #454073)
141	nion	7768	notified maintainer
142