This file records minor security issues, which do not warrant a DSA, but which could be fixed in a stable point update if people feel like it. If someone wants to address these, please add a note about it and get in contact with debian-release@lists.debian.org -- acidbase (CVE-2009-4590, CVE-2009-4591, CVE-2009-4592) notified maintainer -- acl (CVE-2009-4411) #499076 notified maintainer -- asterisk (CVE-2009-0041) #513413 notified maintainer asterisk (CVE-2008-3903) #522528 notified maintainer -- avahi (CVE-2009-0758) #517683 notified maintainer -- babel (CVE-2009-3736) #559843 notified maintainer -- bugzilla (CVE-2009-0481 to CVE-2009-0485) notified maintainer -- buildbot (CVE-2009-2959, CVE-2009-2967) #543822 notified maintainer -- compiz-fusion-plugins-main (CVE-2008-6514) notified maintainer -- cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked #528434 notified maintainer -- cups (CVE-2009-3553) #557740 maintainer notified in initial bug report Initial patch was incomplete; CVE-2010-0302 -- devil (CVE-2009-3994) #560080 notified maintainer -- dopewars (CVE-2009-3591) #550913 notified maintainer -- dstat (CVE-2009-3894) http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog notified maintainer dstat (CVE-2009-4081) #559667 notified maintainer -- evolution (CVE-2009-1631) #526409 notified maintainer through initial bugreport -- fcron (CVE-2010-0791) #572587 notified maintainer through initial bugreport -- libgnucrypto-java (CVE-2008-5659) #559789 removed -- gnutls26 (CVE-2009-1417) #531614 notified maintainer -- gri (no CVE) fixed in gri 2.12.18-1: "Improve security when creating temporary files." notified maintainer -- gupnp (CVE-2009-2174) #534594 notified maintainer -- htmldoc (CVE-2009-3050) #537637 notified maintainer through initial bugreport -- hypre (CVE-2009-3736) #559834 notified maintainer -- kde4libs (CVE-2009-2702) #546218 notified maintainer CVE-2009-0689 -- kfreebsd-6 [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl] http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc notified maintainer [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935) http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc notified maintainer -- kfreebsd-7 [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl] http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc notified maintainer [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935) http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc notified maintainer -- kvm 82-1 (CVE-2008-5714) #509997 notified maintainer -- lcms (CVE-2009-0793) notified maintainer through initial bugreport -- libpam-ssh (CVE-2009-1273) #535877 maintainer notified through initial bug report, said he would work on an update -- libpng (CVE-2009-2042) #533676 notified maintainer CVE-2010-0205 #572308 -- libsndfile potential dos via crafted input #530831 -- libvorbis (CVE-2008-2009) notified maintainer and release team -- libstruts1.2-java (CVE-2008-2025) #528352 -- linux-ftpd: null ptr dereference #572813 -- makepasswd (no CVE ID) #564559 -- maradns http://maradns.org/download/maradns-1.4.02-parse_segfault.patch notified maintainer -- memcached (CVE-2009-1255) notified maintainer -- mimedecode potential dos/crash due to invalid input orphaned #530430 -- mpg123 (CVE-2009-1301) notified maintainer -- neon27 (CVE-2009-2474) #542926 notified maintainer -- neon26 (CVE-2009-2474) #542926 notified maintainer -- network-manager-applet (CVE-2009-4144) #560067 notified maintainer through initial bugreport CVE-2009-4145 #563371 notified maintainer through initial bugreport -- ntop (CVE-2009-2732) #543312 notified maintainer through initial bugreport -- postfix (CVE-2009-2939) notified maintainer -- squid (CVE-2009-0801) #521053 -- squid3 (CVE-2009-0801) #521052 -- t-prot (CVE-2009-4404) -- net-snmp (CVE-2008-6123) Noah will see to it. -- ocsinventory-server (CVE-2009-3040, CVE-2009-3042, CVE-2009-1443) #541995 notified maintainer -- openldap #253838 notified maintainer -- openssl (CVE-2009-3245) notified maintainer -- overkill (no CVE yet) #549310 -- owl (CVE-2009-0363) #515118 notified maintainer -- pam (CVE-2009-0579) #514437 asked maintainer in mail -- pidgin (CVE-2009-1889, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085) #535790 http://developer.pidgin.im/ticket/9483 http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7 notified maintainer -- pptp-linux (no CVE) #523476 Ola will prepare a fix in a point update -- puppet (CVE-2009-3564) #551073 notified maintainer in initial bug report CVE-2010-0156 #https://bugzilla.redhat.com/show_bug.cgi?id=502881 -- python-4suite (CVE-2009-3560, CVE-2009-3720) #560914 notified maintainer -- rails (CVE-2009-3086) bug #545063 notified maintainer -- shibboleth-sp2: world-readable key (no CVE) #571631 notified maintainer through bugreport -- slim (CVE-2009-1756) bug #529306 Maintainer notified through followup in #529306 -- squid (CVE-2010-0639) #572553 Maintainer notified through initial bugreport -- squid3 (CVE-2010-0639) #572554 Maintainer notified through initial bugreport -- sqlite #566326 -- tau (CVE-2008-5157) #506348 notified maintainer -- udev (#462655) notified maintainer -- planet (CVE-2009-2937) bug #546178 notified maintainer through initial bugreport -- webkit (CVE-2008-4724) #520052 asked maintainer -- xemacs21 (CVE-2008-2142) bug #480877 notified maintainer xemacs21 (CVE-2009-2688) #540470 Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994 notified maintainer -- xen-3 (CVE-2008-4993) #496367 notified maintainer -- xerces-c2 (CVE-2009-1885) #541986 notified maintainer -- xfig 25_mkstemp added in 1:3.2.5.a-1 notified maintainer CVE-2009-4228/CVE-2009-4227 #559274) https://bugzilla.redhat.com/show_bug.cgi?id=543905 -- xmp (CVE-2007-6731, CVE-2007-6732) #546730 notified maintainer -- xserver-xorg (no CVE) #555308 -- ytnef (CVE-2009-3887, CVE-2009-3721) -- ziproxy (CVE-2009-0804) #521051 notified maintainer -- zope2.10 (no CVE) https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html -- zoph (CVE-2008-6838, CVE-2008-6837, CVE-2009-2343) http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249 http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128