This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

asterisk (CVE-2009-0041)
#513413
notified maintainer

CVE-2008-3903
#522528
notified maintainer

--

avahi (CVE-2009-0758)
#517683
notified maintainer

--

bugzilla (CVE-2009-0481 to CVE-2009-0485)
notified maintainer

--

burn: (no CVE yet)
#542329
notified maintainer through bug report

--

compiz-fusion-plugins-main (CVE-2008-6514)
notified maintainer

--

cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
#528434
notified maintainer

--

evolution (CVE-2009-1631)
#526409
notified maintainer through initial bugreport

--

firebird2.0 (CVE-2009-2620)
#539477
notified maintainer

--

gnutls26 (CVE-2009-1417)
#531614
notified maintainer

--

kfreebsd-6
[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
notified maintainer

[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
notified maintainer

--

kfreebsd-7
[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
notified maintainer

[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
notified maintainer

--

kvm 82-1 (CVE-2008-5714)
#509997
notified maintainer

--

lcms (CVE-2009-0793)
notified maintainer through initial bugreport

--

libpam-ssh (CVE-2009-1273)
#535877
maintainer notified through initial bug report, said he would work on an update

--

libpng (CVE-2009-2042)
#533676
notified maintainer

--

libsndfile
potential dos via crafted input
#530831

--

libvorbis (CVE-2008-2009)
notified maintainer and release team

--

memcached (CVE-2009-1255)
notified maintainer

--

mimedecode
potential dos/crash due to invalid input
orphaned
#530430

--

mpg123 (CVE-2009-1301)
notified maintainer

--

squid (CVE-2009-0801)
#521053

--

squid3 (CVE-2009-0801)
#521052

--

net-snmp (CVE-2008-6123)
Noah will see to it.

--

openldap
#253838
notified maintainer

--

pam (CVE-2009-0579)
#514437
asked maintainer in mail

--

pptp-linux (no CVE)
#523476
Ola will prepare a fix in a point update

--

slim (CVE-2009-1756)
bug #529306
Maintainer notified through followup in #529306

--

smarty (CVE-2009-1669)
#529810
http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462
notified maintainer

--

tau (CVE-2008-5157)
#506348
notified maintainer

--

texlive-bin (CVE-2009-1284)
#520920
https://bugzilla.redhat.com/show_bug.cgi?id=492136

--

udev (#462655)
notified maintainer

--

webkit (CVE-2008-4724)
#520052
asked maintainer

--

xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer

xemacs21 (CVE-2009-2688)
#540470
Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
notified maintainer

--

xen-3 (CVE-2008-4993)
#496367
notified maintainer

--

xfig
25_mkstemp added in 1:3.2.5.a-1
notified maintainer

--

xscreensaver (no CVE)
#539699

--

ziproxy (CVE-2009-0804)
#521051