secure-testing/data/spu-candidates.txt

This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

audacity (CVE-2007-6061)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
notified maintainer

--

balsa (CVE-2007-5007)
http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
notified maintainer

--

beagle (CVE-2005-4791)
notified maintainer

--

blam (CVE-2005-4791)
notified maintainer

--

boost (CVE-2008-0172/CVE-2008-0171)
#461236
notified maintainer

--

bugzilla (CVE-2008-2103)
#480190)
notified maintainer

--

byacc (CVE-2008-3196)
#491182

--

bzip2 (CVE-2008-1372)
#471670
Maintainer has been notified

--

cbrpager CVE-2008-2575 [command execution flaw via malicious file names]
#482853
work-in-progress

--

cecilia (CVE-2008-1832)
#476321
notified maintainer

--

comix (CVE-2008-1568)
#462840
notified maintainer

--

emacs21 (CVE-2007-6109/CVE-2008-1694)
bug #455433, bug #476612
notified maintainer

emacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

flac123 (CVE-2007-3507)
notified maintainer

--

libapache2-mod-perl2 (CVE-2007-1349)
http://svn.apache.org/viewvc?view=rev&revision=521584
#433549
notified maintainer

--

libpam-ssh (CVE-2007-0844)
#410236
notified maintainer

--

libpng (CVE-2008-1382)
#476669
notified maintainer

--

liferea (CVE-2005-4791)
notified maintainer

--

lighttpd (CVE-2007-3948)
#434888
Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
http://trac.lighttpd.net/trac/ticket/1216
notified maintainer

--

linux-ftpd-ssl (CVE-2007-6263)
#454733
notified maintainer

--

mecab (CVE-2007-3231)
#429174
notified maintainer

--

mksh (CVE-2008-1845)
notified maintainer

--

mldonkey (CVE-2007-4100)
#435439
notified maintainer

--

mnogosearch (CVE-2007-5588)
#447753)
notified maintainer

---

ngircd (CVE-2008-0285)
notified maintainer

--

paramiko (CVE-2008-0299)
#460706
notified maintainer

--

proftpd-dfsg, proftpd (CVE-2007-2165)
update in progress

--

python-django (CVE-2007-5712)
http://media.djangoproject.com/patches/2007-10-26-security-fix/
#448838
notified maintainer

--

rsync (CVE-2007-6200)
#453652
notified maintainer

--
sip-tester (CVE-2008-1959, CVE-2008-2085)
#479039
notified maintainer

--

slocate (CVE-2007-0227)
#411937
notified maintainer

--

smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
notified maintainer

--

streamripper (CVE-2007-4337)
notified maintainer

--

sylpheed (CVE-2007-2958)
#441854
http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
notified maintainer

--

tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
#465643
notified maintainer

--

tomboy (CVE-2005-4790)
notified maintainer

--

vobcopy (CVE-2007-5718)
bug #448319
notified maintainer

--

wdiff [insecure tempfile in wdiff]
bug #425254

--

wyrd (CVE-2008-0806)
bug #466382
notified maintainer

--

xemacs21 (CVE-2007-6109/CVE-2008-1694)
bug #457764, bug #476613
notified maintainer

xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

xfce4 (CVE-2007-6351 CVE-2007-6352)
notified maintainer

--

zabbix (CVE-2008-1353)
bug #471678
notified maintainer

--

zsh (CVE-2007-6209)
bug #454073)
notified maintainer

1	jmm-guest	7532	This file records minor security issues, which do not warrant a DSA,
2			but which could be fixed in a stable point update if people feel like
3			it. If someone wants to address these, please add a note about it
4			and get in contact with debian-release@lists.debian.org
5
6			--
7
8			audacity (CVE-2007-6061)
9			http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
10	nion	7768	notified maintainer
11	jmm-guest	7532
12			--
13
14	jmm-guest	7974	balsa (CVE-2007-5007)
15			http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
16	nion	7976	notified maintainer
17	jmm-guest	7974
18			--
19
20	jmm-guest	7873	beagle (CVE-2005-4791)
21	nion	7876	notified maintainer
22	jmm-guest	7873
23			--
24
25	jmm-guest	7553	blam (CVE-2005-4791)
26	nion	7768	notified maintainer
27	jmm-guest	7553
28			--
29
30	jmm-guest	8476	boost (CVE-2008-0172/CVE-2008-0171)
31			#461236
32	nion	8477	notified maintainer
33	jmm-guest	8476
34			--
35
36	jmm-guest	9135	bugzilla (CVE-2008-2103)
37			#480190)
38	nion	9137	notified maintainer
39	jmm-guest	9135
40			--
41
42	jmm-guest	9386	byacc (CVE-2008-3196)
43			#491182
44
45			--
46
47	jmm-guest	8526	bzip2 (CVE-2008-1372)
48			#471670
49			Maintainer has been notified
50
51			--
52
53	nion	9043	cbrpager CVE-2008-2575 [command execution flaw via malicious file names]
54	jmm-guest	9041	#482853
55	nion	9067	work-in-progress
56	jmm-guest	9041
57			--
58
59	jmm-guest	8541	cecilia (CVE-2008-1832)
60			#476321
61	nion	8542	notified maintainer
62	jmm-guest	8541
63			--
64
65	jmm-guest	8490	comix (CVE-2008-1568)
66			#462840
67	nion	8492	notified maintainer
68	jmm-guest	8490
69			--
70
71	jmm-guest	8578	emacs21 (CVE-2007-6109/CVE-2008-1694)
72			bug #455433, bug #476612
73	nion	8580	notified maintainer
74	jmm-guest	8578
75	jmm-guest	8912	emacs21 (CVE-2008-2142)
76			bug #480877
77	nion	8916	notified maintainer
78	jmm-guest	8912
79	jmm-guest	8578	--
80
81	jmm-guest	7883	flac123 (CVE-2007-3507)
82	nion	7884	notified maintainer
83	jmm-guest	7883
84			--
85
86	jmm-guest	7870	libapache2-mod-perl2 (CVE-2007-1349)
87			http://svn.apache.org/viewvc?view=rev&revision=521584
88			#433549
89	nion	7876	notified maintainer
90	jmm-guest	7870
91			--
92
93	jmm-guest	7883	libpam-ssh (CVE-2007-0844)
94			#410236
95	nion	7884	notified maintainer
96	jmm-guest	7883
97			--
98
99	jmm-guest	8590	libpng (CVE-2008-1382)
100			#476669
101	nion	8591	notified maintainer
102	jmm-guest	7932
103	jmm-guest	8590	--
104
105	jmm-guest	7873	liferea (CVE-2005-4791)
106	nion	7876	notified maintainer
107	jmm-guest	7873
108			--
109
110	jmm-guest	7932	lighttpd (CVE-2007-3948)
111			#434888
112			Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
113			http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
114			http://trac.lighttpd.net/trac/ticket/1216
115	nion	7933	notified maintainer
116	jmm-guest	7932
117			--
118
119	jmm-guest	7554	linux-ftpd-ssl (CVE-2007-6263)
120			#454733
121	nion	7768	notified maintainer
122	jmm-guest	7554
123			--
124
125	jmm-guest	7847	mecab (CVE-2007-3231)
126			#429174
127	nion	7848	notified maintainer
128	jmm-guest	7847
129	jmm-guest	7856	--
130
131	jmm-guest	9040	mksh (CVE-2008-1845)
132			notified maintainer
133
134			--
135
136	jmm-guest	7856	mldonkey (CVE-2007-4100)
137			#435439
138	nion	7860	notified maintainer
139	jmm-guest	7856
140	jmm-guest	8023	--
141
142			mnogosearch (CVE-2007-5588)
143			#447753)
144	nion	8024	notified maintainer
145	jmm-guest	8023
146	jmm-guest	7847	---
147
148	jmm-guest	8203	ngircd (CVE-2008-0285)
149	nion	8204	notified maintainer
150	jmm-guest	8203
151			--
152
153	jmm-guest	8526	paramiko (CVE-2008-0299)
154			#460706
155	nion	8528	notified maintainer
156	jmm-guest	8526
157			--
158
159	nion	7781	proftpd-dfsg, proftpd (CVE-2007-2165)
160	jmm-guest	7801	update in progress
161	jmm-guest	7779
162			--
163
164	jmm-guest	8086	python-django (CVE-2007-5712)
165			http://media.djangoproject.com/patches/2007-10-26-security-fix/
166			#448838
167	nion	8088	notified maintainer
168	jmm-guest	8086
169			--
170
171	jmm-guest	8643	rsync (CVE-2007-6200)
172	jmm-guest	9041	#453652
173	nion	8647	notified maintainer
174	jmm-guest	8643
175			--
176	jmm-guest	9041	sip-tester (CVE-2008-1959, CVE-2008-2085)
177			#479039
178	nion	9043	notified maintainer
179	jmm-guest	8643
180	jmm-guest	9041	--
181
182	jmm-guest	7553	slocate (CVE-2007-0227)
183			#411937
184	nion	7768	notified maintainer
185	jmm-guest	7553
186			--
187
188	jmm-guest	8643	smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
189	nion	8647	notified maintainer
190	jmm-guest	8643
191			--
192
193	jmm-guest	8055	streamripper (CVE-2007-4337)
194	nion	8061	notified maintainer
195	jmm-guest	8055
196			--
197
198	jmm-guest	7871	sylpheed (CVE-2007-2958)
199			#441854
200			http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
201	nion	7876	notified maintainer
202	jmm-guest	7871
203			--
204
205	jmm-guest	8203	tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
206			#465643
207	nion	8204	notified maintainer
208	jmm-guest	8203
209			--
210
211	jmm-guest	7532	tomboy (CVE-2005-4790)
212	nion	7768	notified maintainer
213	jmm-guest	7532
214			--
215
216			vobcopy (CVE-2007-5718)
217			bug #448319
218	nion	7768	notified maintainer
219	jmm-guest	7532
220			--
221
222	jmm-guest	9331	wdiff [insecure tempfile in wdiff]
223			bug #425254
224
225			--
226
227	jmm-guest	8317	wyrd (CVE-2008-0806)
228			bug #466382
229	nion	8318	notified maintainer
230	jmm-guest	8317
231			--
232
233	jmm-guest	8578	xemacs21 (CVE-2007-6109/CVE-2008-1694)
234			bug #457764, bug #476613
235	nion	8580	notified maintainer
236	jmm-guest	8578
237	jmm-guest	8912	xemacs21 (CVE-2008-2142)
238			bug #480877
239	nion	8916	notified maintainer
240	jmm-guest	8912
241	jmm-guest	8578	--
242
243	jmm-guest	8056	xfce4 (CVE-2007-6351 CVE-2007-6352)
244	nion	8061	notified maintainer
245	jmm-guest	8056
246			--
247
248	jmm-guest	8446	zabbix (CVE-2008-1353)
249			bug #471678
250	nion	8448	notified maintainer
251	jmm-guest	8446
252			--
253
254	jmm-guest	7532	zsh (CVE-2007-6209)
255			bug #454073)
256	nion	7768	notified maintainer
257