secure-testing/data/spu-candidates.txt

This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

audacity (CVE-2007-6061)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
notified maintainer

--

balsa (CVE-2007-5007)
http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
notified maintainer

--

beagle (CVE-2005-4791)
notified maintainer

--

blam (CVE-2005-4791)
notified maintainer

--

flac123 (CVE-2007-3507)
notified maintainer

--

libapache2-mod-perl2 (CVE-2007-1349)
http://svn.apache.org/viewvc?view=rev&revision=521584
#433549
notified maintainer

--

libpam-ssh (CVE-2007-0844)
#410236
notified maintainer

--


liferea (CVE-2005-4791)
notified maintainer

--

lighttpd (CVE-2007-3948)
#434888
Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
http://trac.lighttpd.net/trac/ticket/1216
notified maintainer

--

linux-ftpd-ssl (CVE-2007-6263)
#454733
notified maintainer

--

mecab (CVE-2007-3231)
#429174
notified maintainer

--

mldonkey (CVE-2007-4100)
#435439
notified maintainer

---

proftpd-dfsg, proftpd (CVE-2007-2165)
update in progress

--

python2.4, python2.5 (CVE-2007-4965)
http://bugs.python.org/issue1179
notified maintainer

--

slocate (CVE-2007-0227)
#411937
notified maintainer

--

sylpheed (CVE-2007-2958)
#441854
http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
notified maintainer

--

tomboy (CVE-2005-4790)
notified maintainer

--

vobcopy (CVE-2007-5718)
bug #448319
notified maintainer

--

zsh (CVE-2007-6209)
bug #454073)
notified maintainer

1	This file records minor security issues, which do not warrant a DSA,
2	but which could be fixed in a stable point update if people feel like
3	it. If someone wants to address these, please add a note about it
4	and get in contact with debian-release@lists.debian.org
5
6	--
7
8	audacity (CVE-2007-6061)
9	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
10	notified maintainer
11
12	--
13
14	balsa (CVE-2007-5007)
15	http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
16	notified maintainer
17
18	--
19
20	beagle (CVE-2005-4791)
21	notified maintainer
22
23	--
24
25	blam (CVE-2005-4791)
26	notified maintainer
27
28	--
29
30	flac123 (CVE-2007-3507)
31	notified maintainer
32
33	--
34
35	libapache2-mod-perl2 (CVE-2007-1349)
36	http://svn.apache.org/viewvc?view=rev&revision=521584
37	#433549
38	notified maintainer
39
40	--
41
42	libpam-ssh (CVE-2007-0844)
43	#410236
44	notified maintainer
45
46	--
47
48
49	liferea (CVE-2005-4791)
50	notified maintainer
51
52	--
53
54	lighttpd (CVE-2007-3948)
55	#434888
56	Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
57	http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
58	http://trac.lighttpd.net/trac/ticket/1216
59	notified maintainer
60
61	--
62
63	linux-ftpd-ssl (CVE-2007-6263)
64	#454733
65	notified maintainer
66
67	--
68
69	mecab (CVE-2007-3231)
70	#429174
71	notified maintainer
72
73	--
74
75	mldonkey (CVE-2007-4100)
76	#435439
77	notified maintainer
78
79	---
80
81	proftpd-dfsg, proftpd (CVE-2007-2165)
82	update in progress
83
84	--
85
86	python2.4, python2.5 (CVE-2007-4965)
87	http://bugs.python.org/issue1179
88	notified maintainer
89
90	--
91
92	slocate (CVE-2007-0227)
93	#411937
94	notified maintainer
95
96	--
97
98	sylpheed (CVE-2007-2958)
99	#441854
100	http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
101	notified maintainer
102
103	--
104
105	tomboy (CVE-2005-4790)
106	notified maintainer
107
108	--
109
110	vobcopy (CVE-2007-5718)
111	bug #448319
112	notified maintainer
113
114	--
115
116	zsh (CVE-2007-6209)
117	bug #454073)
118	notified maintainer
119