secure-testing/data/spu-candidates.txt

This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

chillispot
#500181
notified maintainer

--

apertium
#496395
notified maintainer

--

audacity (CVE-2007-6061)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
notified maintainer

--

aview
#496422
notified maintainer

--

beagle (CVE-2005-4791)
notified maintainer

--

blam (CVE-2005-4791)
notified maintainer

--

boost (CVE-2008-0172/CVE-2008-0171)
#461236
notified maintainer

--

bugzilla (CVE-2008-2103)
#480190
notified maintainer

--

byacc (CVE-2008-3196)
#491182
notified maintainer

--

bzip2 (CVE-2008-1372)
#471670
Maintainer has been notified

--

cdcontrol
#496438
notified maintainer

--

cdrw-taper
#496380 
notified maintainer

--

cecilia (CVE-2008-1832)
#476321
notified maintainer

--

comix (CVE-2008-1568)
#462840
notified maintainer

--

digitaldj
#496399
notified maintainer

--

emacs21 (CVE-2007-6109/CVE-2008-1694)
bug #455433, bug #476612
notified maintainer

emacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

exiv2 (CVE-2008-2696)
bug #486328)
http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
notified maintainer

--

flac123 (CVE-2007-3507)
notified maintainer

--

gdrae
#496378
notified maintainer

--

ipsec-tools (CVE-2008-3651)
http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
notified maintainer

--

jumpnbump (no CVE yet)
#500611
notified maintainer

--

libapache2-mod-perl2 (CVE-2007-1349)
http://svn.apache.org/viewvc?view=rev&revision=521584
#433549
notified maintainer

--

libpam-ssh (CVE-2007-0844)
#410236
notified maintainer

--

libpng (CVE-2008-1382)
#476669
notified maintainer

--

liferea (CVE-2005-4791)
notified maintainer

--

lighttpd (CVE-2007-3948)
#434888
Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
http://trac.lighttpd.net/trac/ticket/1216
notified maintainer

--

links2 (CVE-2008-3329)
bug #492744)
notified maintainer

--

linux-ftpd-ssl (CVE-2007-6263)
#454733
notified maintainer

--

mecab (CVE-2007-3231)
#429174
notified maintainer

--

mgt
#496434
notified maintainer

--

mksh (CVE-2008-1845)
notified maintainer

--

mldonkey (CVE-2007-4100)
#435439
notified maintainer

--

mnogosearch (CVE-2007-5588)
#447753
notified maintainer

---

ngircd (CVE-2008-0285)
notified maintainer

--

paramiko (CVE-2008-0299)
#460706
notified maintainer

--

python-django (CVE-2007-5712)
http://media.djangoproject.com/patches/2007-10-26-security-fix/
#448838
notified maintainer

--

rccp
#496364
notified maintainer

--

realtimebattle
#496385
notified maintainer

--

rsync (CVE-2007-6200)
#453652
notified maintainer

--

sabre
#433996
notified maintainer

--

sip-tester (CVE-2008-1959, CVE-2008-2085)
#479039
notified maintainer

--

slocate (CVE-2007-0227)
#411937
notified maintainer

--

smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
notified maintainer

--

sng
#496407
notified maintainer

--

streamripper (CVE-2007-4337)
notified maintainer

--

sylpheed (CVE-2007-2958)
#441854
http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
notified maintainer

--

tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
#465643
notified maintainer

--

tomboy (CVE-2005-4790)
notified maintainer

--

xmcd
#496416
notified maintainer

--

vobcopy (CVE-2007-5718)
bug #448319
notified maintainer

--

wdiff [insecure tempfile in wdiff]
bug #425254
notified maintainer

--

wyrd (CVE-2008-0806)
bug #466382
notified maintainer

--

xastir
#496383
notified maintainer

--

xcal
#496393
notified maintainer

--

xemacs21 (CVE-2007-6109/CVE-2008-1694)
bug #457764, bug #476613
notified maintainer

xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

xfce4 (CVE-2007-6351 CVE-2007-6352)
notified maintainer

--

zabbix (CVE-2008-1353)
bug #471678
notified maintainer

--

zsh (CVE-2007-6209)
bug #454073)
notified maintainer

1	jmm-guest	7532	This file records minor security issues, which do not warrant a DSA,
2			but which could be fixed in a stable point update if people feel like
3			it. If someone wants to address these, please add a note about it
4			and get in contact with debian-release@lists.debian.org
5
6			--
7
8	nion	9945	chillispot
9			#500181
10			notified maintainer
11
12			--
13
14	jmm-guest	9930	apertium
15			#496395
16	nion	9937	notified maintainer
17	jmm-guest	9930
18			--
19
20	jmm-guest	7532	audacity (CVE-2007-6061)
21			http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
22	nion	7768	notified maintainer
23	jmm-guest	7532
24			--
25
26	jmm-guest	9929	aview
27			#496422
28	nion	9937	notified maintainer
29	jmm-guest	9929
30			--
31
32	jmm-guest	7873	beagle (CVE-2005-4791)
33	nion	7876	notified maintainer
34	jmm-guest	7873
35			--
36
37	jmm-guest	7553	blam (CVE-2005-4791)
38	nion	7768	notified maintainer
39	jmm-guest	7553
40			--
41
42	jmm-guest	8476	boost (CVE-2008-0172/CVE-2008-0171)
43			#461236
44	nion	8477	notified maintainer
45	jmm-guest	8476
46			--
47
48	jmm-guest	9135	bugzilla (CVE-2008-2103)
49	nion	9966	#480190
50	nion	9137	notified maintainer
51	jmm-guest	9135
52			--
53
54	jmm-guest	9386	byacc (CVE-2008-3196)
55			#491182
56	nion	9387	notified maintainer
57	jmm-guest	9386
58			--
59
60	jmm-guest	8526	bzip2 (CVE-2008-1372)
61			#471670
62			Maintainer has been notified
63
64			--
65
66	jmm-guest	9929	cdcontrol
67	nion	9937	#496438
68			notified maintainer
69	jmm-guest	9929
70			--
71
72	jmm-guest	9927	cdrw-taper
73			#496380
74	nion	9937	notified maintainer
75	jmm-guest	9927
76			--
77
78	jmm-guest	8541	cecilia (CVE-2008-1832)
79			#476321
80	nion	8542	notified maintainer
81	jmm-guest	8541
82			--
83
84	jmm-guest	8490	comix (CVE-2008-1568)
85			#462840
86	nion	8492	notified maintainer
87	jmm-guest	8490
88			--
89
90	jmm-guest	9927	digitaldj
91			#496399
92	nion	9937	notified maintainer
93	jmm-guest	9927
94			--
95
96	jmm-guest	8578	emacs21 (CVE-2007-6109/CVE-2008-1694)
97			bug #455433, bug #476612
98	nion	8580	notified maintainer
99	jmm-guest	8578
100	jmm-guest	8912	emacs21 (CVE-2008-2142)
101			bug #480877
102	nion	8916	notified maintainer
103	jmm-guest	8912
104	jmm-guest	8578	--
105
106	jmm-guest	9522	exiv2 (CVE-2008-2696)
107			bug #486328)
108			http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
109	nion	9534	notified maintainer
110	jmm-guest	9522
111			--
112
113	jmm-guest	7883	flac123 (CVE-2007-3507)
114	nion	7884	notified maintainer
115	jmm-guest	7883
116			--
117
118	jmm-guest	9927	gdrae
119			#496378
120	nion	9937	notified maintainer
121	jmm-guest	9927
122			--
123
124	jmm-guest	9638	ipsec-tools (CVE-2008-3651)
125	nion	9641	http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
126			notified maintainer
127	jmm-guest	9638
128			--
129
130	white	9920	jumpnbump (no CVE yet)
131			#500611
132			notified maintainer
133
134			--
135
136	jmm-guest	7870	libapache2-mod-perl2 (CVE-2007-1349)
137			http://svn.apache.org/viewvc?view=rev&revision=521584
138			#433549
139	nion	7876	notified maintainer
140	jmm-guest	7870
141			--
142
143	jmm-guest	7883	libpam-ssh (CVE-2007-0844)
144			#410236
145	nion	7884	notified maintainer
146	jmm-guest	7883
147			--
148
149	jmm-guest	8590	libpng (CVE-2008-1382)
150			#476669
151	nion	8591	notified maintainer
152	jmm-guest	7932
153	jmm-guest	8590	--
154
155	jmm-guest	7873	liferea (CVE-2005-4791)
156	nion	7876	notified maintainer
157	jmm-guest	7873
158			--
159
160	jmm-guest	7932	lighttpd (CVE-2007-3948)
161			#434888
162			Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
163			http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
164			http://trac.lighttpd.net/trac/ticket/1216
165	nion	7933	notified maintainer
166	jmm-guest	7932
167			--
168
169	jmm-guest	9522	links2 (CVE-2008-3329)
170			bug #492744)
171	nion	9534	notified maintainer
172	jmm-guest	9522
173			--
174
175	jmm-guest	7554	linux-ftpd-ssl (CVE-2007-6263)
176			#454733
177	nion	7768	notified maintainer
178	jmm-guest	7554
179			--
180
181	jmm-guest	7847	mecab (CVE-2007-3231)
182			#429174
183	nion	7848	notified maintainer
184	jmm-guest	7847
185	jmm-guest	7856	--
186
187	jmm-guest	9929	mgt
188	nion	9937	#496434
189			notified maintainer
190	jmm-guest	9929
191			--
192
193	jmm-guest	9040	mksh (CVE-2008-1845)
194			notified maintainer
195
196			--
197
198	jmm-guest	7856	mldonkey (CVE-2007-4100)
199			#435439
200	nion	7860	notified maintainer
201	jmm-guest	7856
202	jmm-guest	8023	--
203
204			mnogosearch (CVE-2007-5588)
205	nion	9953	#447753
206	nion	8024	notified maintainer
207	jmm-guest	8023
208	jmm-guest	7847	---
209
210	jmm-guest	8203	ngircd (CVE-2008-0285)
211	nion	8204	notified maintainer
212	jmm-guest	8203
213			--
214
215	jmm-guest	8526	paramiko (CVE-2008-0299)
216			#460706
217	nion	8528	notified maintainer
218	jmm-guest	8526
219			--
220
221	jmm-guest	8086	python-django (CVE-2007-5712)
222			http://media.djangoproject.com/patches/2007-10-26-security-fix/
223			#448838
224	nion	8088	notified maintainer
225	jmm-guest	8086
226			--
227
228	jmm-guest	9959	rccp
229			#496364
230	nion	9966	notified maintainer
231	jmm-guest	9959
232			--
233
234	white	9950	realtimebattle
235			#496385
236	nion	9953	notified maintainer
237	white	9950
238			--
239
240	jmm-guest	8643	rsync (CVE-2007-6200)
241	jmm-guest	9041	#453652
242	nion	8647	notified maintainer
243	jmm-guest	8643
244			--
245	white	9939
246	nion	9941	sabre
247	white	9939	#433996
248	nion	9941	notified maintainer
249	white	9939
250			--
251
252	jmm-guest	9041	sip-tester (CVE-2008-1959, CVE-2008-2085)
253			#479039
254	nion	9043	notified maintainer
255	jmm-guest	8643
256	jmm-guest	9041	--
257
258	jmm-guest	7553	slocate (CVE-2007-0227)
259			#411937
260	nion	7768	notified maintainer
261	jmm-guest	7553
262			--
263
264	jmm-guest	8643	smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
265	nion	8647	notified maintainer
266	jmm-guest	8643
267			--
268
269	jmm-guest	9929	sng
270	nion	9937	#496407
271			notified maintainer
272	jmm-guest	9929
273			--
274
275	jmm-guest	8055	streamripper (CVE-2007-4337)
276	nion	8061	notified maintainer
277	jmm-guest	8055
278			--
279
280	jmm-guest	7871	sylpheed (CVE-2007-2958)
281			#441854
282			http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
283	nion	7876	notified maintainer
284	jmm-guest	7871
285			--
286
287	jmm-guest	8203	tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
288			#465643
289	nion	8204	notified maintainer
290	jmm-guest	8203
291			--
292
293	jmm-guest	7532	tomboy (CVE-2005-4790)
294	nion	7768	notified maintainer
295	jmm-guest	7532
296			--
297
298	jmm-guest	9959	xmcd
299			#496416
300	nion	9966	notified maintainer
301	jmm-guest	9959
302			--
303
304	jmm-guest	7532	vobcopy (CVE-2007-5718)
305			bug #448319
306	nion	7768	notified maintainer
307	jmm-guest	7532
308			--
309
310	jmm-guest	9331	wdiff [insecure tempfile in wdiff]
311			bug #425254
312	nion	9534	notified maintainer
313	jmm-guest	9331
314			--
315
316	jmm-guest	8317	wyrd (CVE-2008-0806)
317			bug #466382
318	nion	8318	notified maintainer
319	jmm-guest	8317
320			--
321
322	jmm-guest	9927	xastir
323			#496383
324	nion	9937	notified maintainer
325	jmm-guest	9927
326			--
327
328	jmm-guest	9929	xcal
329			#496393
330	nion	9937	notified maintainer
331	jmm-guest	9929
332			--
333
334	jmm-guest	8578	xemacs21 (CVE-2007-6109/CVE-2008-1694)
335			bug #457764, bug #476613
336	nion	8580	notified maintainer
337	jmm-guest	8578
338	jmm-guest	8912	xemacs21 (CVE-2008-2142)
339			bug #480877
340	nion	8916	notified maintainer
341	jmm-guest	8912
342	jmm-guest	8578	--
343
344	jmm-guest	8056	xfce4 (CVE-2007-6351 CVE-2007-6352)
345	nion	8061	notified maintainer
346	jmm-guest	8056
347			--
348
349	jmm-guest	8446	zabbix (CVE-2008-1353)
350			bug #471678
351	nion	8448	notified maintainer
352	jmm-guest	8446
353			--
354
355	jmm-guest	7532	zsh (CVE-2007-6209)
356			bug #454073)
357	nion	7768	notified maintainer
358