secure-testing/data/spu-candidates.txt

This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

asterisk (CVE-2009-0041)
#513413
notified maintainer

CVE-2008-3903
#522528

--

avahi (CVE-2009-0758)
#517683
notified maintainer

--

bugzilla (CVE-2009-0481 to CVE-2009-0485)
notified maintainer

--

coccinelle
http://packages.qa.debian.org/c/coccinelle/news/20090502T001704Z.html

--

cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
#528434

--

kvm 82-1 (CVE-2008-5714)
#509997

--

libvorbis (CVE-2008-2009)
notified maintainer and release team

--

mpg123 (CVE-2009-1301)
notified maintainer

--

net-snmp (CVE-2008-6123)
Noah will see to it.

--

openldap
#253838

--

pam (CVE-2009-0579)
#514437
asked maintainer in mail

--

pptp-linux (no CVE)
#523476
Ola will prepare a fix in a point update

--

tau (CVE-2008-5157)
#506348
notified maintainer

--

tetex-bin (CVE-2009-1284)
#520920
https://bugzilla.redhat.com/show_bug.cgi?id=492136

--

xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

xen-3 (CVE-2008-4993)
#496367
notified maintainer

--

xfig
25_mkstemp added in :3.2.5.a-1

--

ziproxy (CVE-2009-0804)
#521051
1	This file records minor security issues, which do not warrant a DSA,
2	but which could be fixed in a stable point update if people feel like
3	it. If someone wants to address these, please add a note about it
4	and get in contact with debian-release@lists.debian.org
5
6	--
7
8	asterisk (CVE-2009-0041)
9	#513413
10	notified maintainer
11
12	CVE-2008-3903
13	#522528
14
15	--
16
17	avahi (CVE-2009-0758)
18	#517683
19	notified maintainer
20
21	--
22
23	bugzilla (CVE-2009-0481 to CVE-2009-0485)
24	notified maintainer
25
26	--
27
28	coccinelle
29	http://packages.qa.debian.org/c/coccinelle/news/20090502T001704Z.html
30
31	--
32
33	cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
34	#528434
35
36	--
37
38	kvm 82-1 (CVE-2008-5714)
39	#509997
40
41	--
42
43	libvorbis (CVE-2008-2009)
44	notified maintainer and release team
45
46	--
47
48	mpg123 (CVE-2009-1301)
49	notified maintainer
50
51	--
52
53	net-snmp (CVE-2008-6123)
54	Noah will see to it.
55
56	--
57
58	openldap
59	#253838
60
61	--
62
63	pam (CVE-2009-0579)
64	#514437
65	asked maintainer in mail
66
67	--
68
69	pptp-linux (no CVE)
70	#523476
71	Ola will prepare a fix in a point update
72
73	--
74
75	tau (CVE-2008-5157)
76	#506348
77	notified maintainer
78
79	--
80
81	tetex-bin (CVE-2009-1284)
82	#520920
83	https://bugzilla.redhat.com/show_bug.cgi?id=492136
84
85	--
86
87	xemacs21 (CVE-2008-2142)
88	bug #480877
89	notified maintainer
90
91	--
92
93	xen-3 (CVE-2008-4993)
94	#496367
95	notified maintainer
96
97	--
98
99	xfig
100	25_mkstemp added in :3.2.5.a-1
101
102	--
103
104	ziproxy (CVE-2009-0804)
105	#521051