secure-testing/data/spu-candidates.txt

This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

asterisk (CVE-2009-0041)
#513413
notified maintainer

CVE-2008-3903
#522528
notified maintainer

--

avahi (CVE-2009-0758)
#517683
notified maintainer

--

bugzilla (CVE-2009-0481 to CVE-2009-0485)
notified maintainer

--

burn: (no CVE yet)
#542329
notified maintainer through bug report

--

compiz-fusion-plugins-main (CVE-2008-6514)
notified maintainer

--

cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
#528434
notified maintainer

--

evolution (CVE-2009-1631)
#526409
notified maintainer through initial bugreport

--

firebird2.0 (CVE-2009-2620)
#539477
notified maintainer

--

gnutls26 (CVE-2009-1417)
#531614
notified maintainer

--

kfreebsd-6
[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
notified maintainer

[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
notified maintainer

--

kfreebsd-7
[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
notified maintainer

[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
notified maintainer

--

kvm 82-1 (CVE-2008-5714)
#509997
notified maintainer

--

lcms (CVE-2009-0793)
notified maintainer through initial bugreport

--

libpam-ssh (CVE-2009-1273)
#535877
maintainer notified through initial bug report

--

libpng (CVE-2009-2042)
#533676
notified maintainer

--

libsndfile
potential dos via crafted input
#530831

--

libvorbis (CVE-2008-2009)
notified maintainer and release team

--

memcached (CVE-2009-1255)
notified maintainer

--

mimedecode
potential dos/crash due to invalid input
orphaned
#530430

--

mpg123 (CVE-2009-1301)
notified maintainer

--

squid (CVE-2009-0801)
#521053

--

squid3 (CVE-2009-0801)
#521052

--

stardict (CVE-2009-2260)
#534731
notified maintainer

--

net-snmp (CVE-2008-6123)
Noah will see to it.

--

openldap
#253838
notified maintainer

--

pam (CVE-2009-0579)
#514437
asked maintainer in mail

--

pptp-linux (no CVE)
#523476
Ola will prepare a fix in a point update

--

slim (CVE-2009-1756)
bug #529306
Maintainer notified through followup in #529306

--

smarty (CVE-2009-1669)
#529810
http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462
notified maintainer

--

tau (CVE-2008-5157)
#506348
notified maintainer

--

texlive-bin (CVE-2009-1284)
#520920
https://bugzilla.redhat.com/show_bug.cgi?id=492136

--

udev (#462655)
notified maintainer

--

webkit (CVE-2008-4724)
#520052
asked maintainer

--

xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer

xemacs21 (CVE-2009-2688)
#540470
Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
notified maintainer

--

xen-3 (CVE-2008-4993)
#496367
notified maintainer

--

xfig
25_mkstemp added in 1:3.2.5.a-1
notified maintainer

--

xscreensaver (no CVE)
#539699

--

ziproxy (CVE-2009-0804)
#521051
1	This file records minor security issues, which do not warrant a DSA,
2	but which could be fixed in a stable point update if people feel like
3	it. If someone wants to address these, please add a note about it
4	and get in contact with debian-release@lists.debian.org
5
6	--
7
8	asterisk (CVE-2009-0041)
9	#513413
10	notified maintainer
11
12	CVE-2008-3903
13	#522528
14	notified maintainer
15
16	--
17
18	avahi (CVE-2009-0758)
19	#517683
20	notified maintainer
21
22	--
23
24	bugzilla (CVE-2009-0481 to CVE-2009-0485)
25	notified maintainer
26
27	--
28
29	burn: (no CVE yet)
30	#542329
31	notified maintainer through bug report
32
33	--
34
35	compiz-fusion-plugins-main (CVE-2008-6514)
36	notified maintainer
37
38	--
39
40	cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
41	#528434
42	notified maintainer
43
44	--
45
46	evolution (CVE-2009-1631)
47	#526409
48	notified maintainer through initial bugreport
49
50	--
51
52	firebird2.0 (CVE-2009-2620)
53	#539477
54	notified maintainer
55
56	--
57
58	gnutls26 (CVE-2009-1417)
59	#531614
60	notified maintainer
61
62	--
63
64	kfreebsd-6
65	[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
66	http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
67	notified maintainer
68
69	[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
70	http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
71	notified maintainer
72
73	--
74
75	kfreebsd-7
76	[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
77	http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
78	notified maintainer
79
80	[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
81	http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
82	notified maintainer
83
84	--
85
86	kvm 82-1 (CVE-2008-5714)
87	#509997
88	notified maintainer
89
90	--
91
92	lcms (CVE-2009-0793)
93	notified maintainer through initial bugreport
94
95	--
96
97	libpam-ssh (CVE-2009-1273)
98	#535877
99	maintainer notified through initial bug report
100
101	--
102
103	libpng (CVE-2009-2042)
104	#533676
105	notified maintainer
106
107	--
108
109	libsndfile
110	potential dos via crafted input
111	#530831
112
113	--
114
115	libvorbis (CVE-2008-2009)
116	notified maintainer and release team
117
118	--
119
120	memcached (CVE-2009-1255)
121	notified maintainer
122
123	--
124
125	mimedecode
126	potential dos/crash due to invalid input
127	orphaned
128	#530430
129
130	--
131
132	mpg123 (CVE-2009-1301)
133	notified maintainer
134
135	--
136
137	squid (CVE-2009-0801)
138	#521053
139
140	--
141
142	squid3 (CVE-2009-0801)
143	#521052
144
145	--
146
147	stardict (CVE-2009-2260)
148	#534731
149	notified maintainer
150
151	--
152
153	net-snmp (CVE-2008-6123)
154	Noah will see to it.
155
156	--
157
158	openldap
159	#253838
160	notified maintainer
161
162	--
163
164	pam (CVE-2009-0579)
165	#514437
166	asked maintainer in mail
167
168	--
169
170	pptp-linux (no CVE)
171	#523476
172	Ola will prepare a fix in a point update
173
174	--
175
176	slim (CVE-2009-1756)
177	bug #529306
178	Maintainer notified through followup in #529306
179
180	--
181
182	smarty (CVE-2009-1669)
183	#529810
184	http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462
185	notified maintainer
186
187	--
188
189	tau (CVE-2008-5157)
190	#506348
191	notified maintainer
192
193	--
194
195	texlive-bin (CVE-2009-1284)
196	#520920
197	https://bugzilla.redhat.com/show_bug.cgi?id=492136
198
199	--
200
201	udev (#462655)
202	notified maintainer
203
204	--
205
206	webkit (CVE-2008-4724)
207	#520052
208	asked maintainer
209
210	--
211
212	xemacs21 (CVE-2008-2142)
213	bug #480877
214	notified maintainer
215
216	xemacs21 (CVE-2009-2688)
217	#540470
218	Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
219	notified maintainer
220
221	--
222
223	xen-3 (CVE-2008-4993)
224	#496367
225	notified maintainer
226
227	--
228
229	xfig
230	25_mkstemp added in 1:3.2.5.a-1
231	notified maintainer
232
233	--
234
235	xscreensaver (no CVE)
236	#539699
237
238	--
239
240	ziproxy (CVE-2009-0804)
241	#521051