secure-testing/data/spu-candidates.txt

This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

asterisk (CVE-2009-0041)
#513413
notified maintainer

CVE-2008-3903
#522528
notified maintainer

--

avahi (CVE-2009-0758)
#517683
notified maintainer

--

bugzilla (CVE-2009-0481 to CVE-2009-0485)
notified maintainer

--

compiz-fusion-plugins-main (CVE-2008-6514)
notified maintainer

--

cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
#528434
notified maintainer

--

gnutls26 (CVE-2009-1417)
#531614
notified maintainer

--

lcms (CVE-2009-0793)
notified maintainer through initial bugreport

--

kfreebsd-6
[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
notified maintainer

[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
notified maintainer

--

kfreebsd-7
[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
notified maintainer

[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
notified maintainer

--

kvm 82-1 (CVE-2008-5714)
#509997
notified maintainer

--

libpng (CVE-2009-2042)
#533676

--

libvorbis (CVE-2008-2009)
notified maintainer and release team

--

mpg123 (CVE-2009-1301)
notified maintainer

--

net-snmp (CVE-2008-6123)
Noah will see to it.

--

openldap
#253838
notified maintainer

--

pam (CVE-2009-0579)
#514437
asked maintainer in mail

--

pptp-linux (no CVE)
#523476
Ola will prepare a fix in a point update

--

slim (CVE-2009-1756)
bug #529306
Maintainer notified through followup in #529306

--

smarty (CVE-2009-1669)
#529810
http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462
notified maintainer

--

tau (CVE-2008-5157)
#506348
notified maintainer

--

texlive-bin (CVE-2009-1284)
#520920
https://bugzilla.redhat.com/show_bug.cgi?id=492136

--

udev (#462655)
notified maintainer

--

webkit (CVE-2008-4724)
#520052
asked maintainer

--

xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

xen-3 (CVE-2008-4993)
#496367
notified maintainer

--

xfig
25_mkstemp added in 1:3.2.5.a-1
notified maintainer

--

ziproxy (CVE-2009-0804)
#521051
1	This file records minor security issues, which do not warrant a DSA,
2	but which could be fixed in a stable point update if people feel like
3	it. If someone wants to address these, please add a note about it
4	and get in contact with debian-release@lists.debian.org
5
6	--
7
8	asterisk (CVE-2009-0041)
9	#513413
10	notified maintainer
11
12	CVE-2008-3903
13	#522528
14	notified maintainer
15
16	--
17
18	avahi (CVE-2009-0758)
19	#517683
20	notified maintainer
21
22	--
23
24	bugzilla (CVE-2009-0481 to CVE-2009-0485)
25	notified maintainer
26
27	--
28
29	compiz-fusion-plugins-main (CVE-2008-6514)
30	notified maintainer
31
32	--
33
34	cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
35	#528434
36	notified maintainer
37
38	--
39
40	gnutls26 (CVE-2009-1417)
41	#531614
42	notified maintainer
43
44	--
45
46	lcms (CVE-2009-0793)
47	notified maintainer through initial bugreport
48
49	--
50
51	kfreebsd-6
52	[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
53	http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
54	notified maintainer
55
56	[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
57	http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
58	notified maintainer
59
60	--
61
62	kfreebsd-7
63	[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
64	http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
65	notified maintainer
66
67	[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
68	http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
69	notified maintainer
70
71	--
72
73	kvm 82-1 (CVE-2008-5714)
74	#509997
75	notified maintainer
76
77	--
78
79	libpng (CVE-2009-2042)
80	#533676
81
82	--
83
84	libvorbis (CVE-2008-2009)
85	notified maintainer and release team
86
87	--
88
89	mpg123 (CVE-2009-1301)
90	notified maintainer
91
92	--
93
94	net-snmp (CVE-2008-6123)
95	Noah will see to it.
96
97	--
98
99	openldap
100	#253838
101	notified maintainer
102
103	--
104
105	pam (CVE-2009-0579)
106	#514437
107	asked maintainer in mail
108
109	--
110
111	pptp-linux (no CVE)
112	#523476
113	Ola will prepare a fix in a point update
114
115	--
116
117	slim (CVE-2009-1756)
118	bug #529306
119	Maintainer notified through followup in #529306
120
121	--
122
123	smarty (CVE-2009-1669)
124	#529810
125	http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462
126	notified maintainer
127
128	--
129
130	tau (CVE-2008-5157)
131	#506348
132	notified maintainer
133
134	--
135
136	texlive-bin (CVE-2009-1284)
137	#520920
138	https://bugzilla.redhat.com/show_bug.cgi?id=492136
139
140	--
141
142	udev (#462655)
143	notified maintainer
144
145	--
146
147	webkit (CVE-2008-4724)
148	#520052
149	asked maintainer
150
151	--
152
153	xemacs21 (CVE-2008-2142)
154	bug #480877
155	notified maintainer
156
157	--
158
159	xen-3 (CVE-2008-4993)
160	#496367
161	notified maintainer
162
163	--
164
165	xfig
166	25_mkstemp added in 1:3.2.5.a-1
167	notified maintainer
168
169	--
170
171	ziproxy (CVE-2009-0804)
172	#521051