/[secure-testing]/data/spu-candidates.txt
ViewVC logotype

Contents of /data/spu-candidates.txt

Parent Directory Parent Directory | Revision Log Revision Log

Revision 13490 - (show annotations) (download)
Tue Dec 8 17:09:50 2009 UTC (3 years, 5 months ago) by jmm-guest
File MIME type: text/plain
File size: 5145 byte(s) 
- updates on libtool code copies: 
  * snbc, dico and unixodbc use the system copy
  * hypre and babel fixed, but no-dsa for Lenny/Etch
- update poppler issue for code copies
- fix kfreebsd bug num
- new devil issue
- fix tracking for dstat
1 This file records minor security issues, which do not warrant a DSA,
2 but which could be fixed in a stable point update if people feel like
3 it. If someone wants to address these, please add a note about it
4 and get in contact with debian-release@lists.debian.org
5
6
7 --
8
9 alien-arena (CVE-2009-3637)
10 #552038
11
12 --
13
14 asterisk (CVE-2009-0041)
15 #513413
16 notified maintainer
17
18 CVE-2008-3903
19 #522528
20 notified maintainer
21
22 --
23
24 avahi (CVE-2009-0758)
25 #517683
26 notified maintainer
27
28 --
29
30 babel (CVE-2009-3736)
31 #559843
32
33 --
34
35 backuppc (CVE-2009-3369)
36 #542218
37 notified maintainer
38
39 --
40
41 bugzilla (CVE-2009-0481 to CVE-2009-0485)
42 notified maintainer
43
44 --
45
46 buildbot (CVE-2009-2959, CVE-2009-2967)
47 #543822
48 notified maintainer
49
50 --
51
52 compiz-fusion-plugins-main (CVE-2008-6514)
53 notified maintainer
54
55 --
56
57 cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
58 #528434
59 notified maintainer
60
61 --
62
63 dopewars (CVE-2009-3591)
64 #550913
65 notified maintainer
66
67 --
68
69 dstat (CVE-2009-3894)
70 http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
71 notified maintainer
72
73 dstat (CVE-2009-4081)
74 #559667
75 notified maintainer
76
77 --
78
79 evolution (CVE-2009-1631)
80 #526409
81 notified maintainer through initial bugreport
82
83 --
84
85 firebird2.0 (CVE-2009-2620)
86 #539477
87 notified maintainer
88
89 --
90
91 glib2.0 (CVE-2009-3289)
92 https://bugzilla.gnome.org/show_bug.cgi?id=593406
93 notified maintainer
94
95 --
96
97 gnutls26 (CVE-2009-1417)
98 #531614
99 notified maintainer
100
101 --
102
103 gri (no CVE)
104 fixed in gri 2.12.18-1:
105 "Improve security when creating temporary files."
106 notified maintainer
107
108 --
109
110 gupnp (CVE-2009-2174)
111 #534594
112 notified maintainer
113
114 --
115
116 htmldoc (CVE-2009-3050)
117 #537637
118 notified maintainer through initial bugreport
119
120 --
121
122 hypre (CVE-2009-3736)
123 #559834
124
125 --
126
127 kde4libs (CVE-2009-2702)
128 #546218
129 notified maintainer
130
131 --
132
133 kfreebsd-6
134 [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
135 http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
136 notified maintainer
137
138 [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
139 http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
140 notified maintainer
141
142 --
143
144 kfreebsd-7
145 [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
146 http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
147 notified maintainer
148
149 [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
150 http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
151 notified maintainer
152
153 --
154
155 kvm 82-1 (CVE-2008-5714)
156 #509997
157 notified maintainer
158
159 --
160
161 lcms (CVE-2009-0793)
162 notified maintainer through initial bugreport
163
164 --
165
166 libpam-ssh (CVE-2009-1273)
167 #535877
168 maintainer notified through initial bug report, said he would work on an update
169
170 --
171
172 libpng (CVE-2009-2042)
173 #533676
174 notified maintainer
175
176 --
177
178 libsndfile
179 potential dos via crafted input
180 #530831
181
182 --
183
184 libvorbis (CVE-2008-2009)
185 notified maintainer and release team
186
187 --
188
189 memcached (CVE-2009-1255)
190 notified maintainer
191
192 --
193
194 mimedecode
195 potential dos/crash due to invalid input
196 orphaned
197 #530430
198
199 --
200
201 movabletype-opensource (CVE-2009-2492)
202 #537935
203 notified maintainer
204
205 --
206
207 mpg123 (CVE-2009-1301)
208 notified maintainer
209
210 --
211
212 neon27 (CVE-2009-2474)
213 #542926
214 notified maintainer
215
216 --
217
218 neon26 (CVE-2009-2474)
219 #542926
220 notified maintainer
221
222 --
223
224 ntop (CVE-2009-2732)
225 #543312
226 notified maintainer through initial bugreport
227
228 --
229
230 postfix (CVE-2009-2939)
231 notified maintainer
232
233 --
234
235 snort (CVE-2009-3641)
236 #553584
237
238 --
239
240 squid (CVE-2009-0801)
241 #521053
242
243 --
244
245 squid3 (CVE-2009-0801)
246 #521052
247
248 --
249
250 net-snmp (CVE-2008-6123)
251 Noah will see to it.
252
253 --
254
255 ocsinventory-server (CVE-2009-3040, CVE-2009-3042, CVE-2009-1443)
256 #541995
257 notified maintainer
258
259 --
260
261 open-iscsi (CVE-2009-1297)
262 notified maintainer in initial bug report
263
264 --
265
266 openldap
267 #253838
268 notified maintainer
269
270 --
271
272 overkill (no CVE yet)
273 #549310
274
275 --
276
277 owl (CVE-2009-0363)
278 #515118
279 notified maintainer
280
281 --
282
283 pam (CVE-2009-0579)
284 #514437
285 asked maintainer in mail
286
287 --
288
289 pidgin (CVE-2009-1889, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085)
290 #535790
291 http://developer.pidgin.im/ticket/9483
292 http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
293 notified maintainer
294
295 --
296
297 pptp-linux (no CVE)
298 #523476
299 Ola will prepare a fix in a point update
300
301 --
302
303 puppet (CVE-2009-3564)
304 #551073
305 notified maintainer in initial bug report
306
307 --
308
309 rails (CVE-2009-3086)
310 bug #545063
311 notified maintainer
312
313 --
314
315 slim (CVE-2009-1756)
316 bug #529306
317 Maintainer notified through followup in #529306
318
319 --
320
321 tau (CVE-2008-5157)
322 #506348
323 notified maintainer
324
325 --
326
327 texlive-bin (CVE-2009-1284)
328 #520920
329 https://bugzilla.redhat.com/show_bug.cgi?id=492136
330 notified maintainer
331
332 --
333
334 udev (#462655)
335 notified maintainer
336
337 --
338
339 planet (CVE-2009-2937)
340 bug #546178
341 notified maintainer through initial bugreport
342
343 --
344
345 webkit (CVE-2008-4724)
346 #520052
347 asked maintainer
348
349 --
350
351 xemacs21 (CVE-2008-2142)
352 bug #480877
353 notified maintainer
354
355 xemacs21 (CVE-2009-2688)
356 #540470
357 Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
358 notified maintainer
359
360 --
361
362 xen-3 (CVE-2008-4993)
363 #496367
364 notified maintainer
365
366 --
367
368 xerces-c2 (CVE-2009-1885)
369 #541986
370 notified maintainer
371
372
373 --
374
375 xfig
376 25_mkstemp added in 1:3.2.5.a-1
377 notified maintainer
378
379 --
380
381 xmp (CVE-2007-6731, CVE-2007-6732)
382 #546730
383 notified maintainer
384
385 --
386
387 ziproxy (CVE-2009-0804)
388 #521051
  ViewVC Help
Powered by ViewVC 1.1.5