secure-testing/data/spu-candidates.txt

This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

audacity (CVE-2007-6061)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
notified maintainer

--

balsa (CVE-2007-5007)
http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
notified maintainer

--

beagle (CVE-2005-4791)
notified maintainer

--

blam (CVE-2005-4791)
notified maintainer

--

boost (CVE-2008-0172/CVE-2008-0171)
#461236
notified maintainer

--

bzip2 (CVE-2008-1372)
#471670
Maintainer has been notified

--

cecilia (CVE-2008-1832)
#476321
notified maintainer

--

comix (CVE-2008-1568)
#462840
notified maintainer

--

flac123 (CVE-2007-3507)
notified maintainer

--

libapache2-mod-perl2 (CVE-2007-1349)
http://svn.apache.org/viewvc?view=rev&revision=521584
#433549
notified maintainer

--

libpam-ssh (CVE-2007-0844)
#410236
notified maintainer

--


liferea (CVE-2005-4791)
notified maintainer

--

lighttpd (CVE-2007-3948)
#434888
Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
http://trac.lighttpd.net/trac/ticket/1216
notified maintainer

--

linux-ftpd-ssl (CVE-2007-6263)
#454733
notified maintainer

--

mecab (CVE-2007-3231)
#429174
notified maintainer

--

mldonkey (CVE-2007-4100)
#435439
notified maintainer

--

mnogosearch (CVE-2007-5588)
#447753)
notified maintainer

---

ngircd (CVE-2008-0285)
notified maintainer

--

paramiko (CVE-2008-0299)
#460706
notified maintainer

--

proftpd-dfsg, proftpd (CVE-2007-2165)
update in progress

--

python-django (CVE-2007-5712)
http://media.djangoproject.com/patches/2007-10-26-security-fix/
#448838
notified maintainer

--

slocate (CVE-2007-0227)
#411937
notified maintainer

--

streamripper (CVE-2007-4337)
notified maintainer

--

sylpheed (CVE-2007-2958)
#441854
http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
notified maintainer

--

tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
#465643
notified maintainer

--

tomboy (CVE-2005-4790)
notified maintainer

--

vobcopy (CVE-2007-5718)
bug #448319
notified maintainer

--

wyrd (CVE-2008-0806)
bug #466382
notified maintainer

--

xfce4 (CVE-2007-6351 CVE-2007-6352)
notified maintainer

--

zabbix (CVE-2008-1353)
bug #471678
notified maintainer

--

zsh (CVE-2007-6209)
bug #454073)
notified maintainer

1	This file records minor security issues, which do not warrant a DSA,
2	but which could be fixed in a stable point update if people feel like
3	it. If someone wants to address these, please add a note about it
4	and get in contact with debian-release@lists.debian.org
5
6	--
7
8	audacity (CVE-2007-6061)
9	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
10	notified maintainer
11
12	--
13
14	balsa (CVE-2007-5007)
15	http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
16	notified maintainer
17
18	--
19
20	beagle (CVE-2005-4791)
21	notified maintainer
22
23	--
24
25	blam (CVE-2005-4791)
26	notified maintainer
27
28	--
29
30	boost (CVE-2008-0172/CVE-2008-0171)
31	#461236
32	notified maintainer
33
34	--
35
36	bzip2 (CVE-2008-1372)
37	#471670
38	Maintainer has been notified
39
40	--
41
42	cecilia (CVE-2008-1832)
43	#476321
44	notified maintainer
45
46	--
47
48	comix (CVE-2008-1568)
49	#462840
50	notified maintainer
51
52	--
53
54	flac123 (CVE-2007-3507)
55	notified maintainer
56
57	--
58
59	libapache2-mod-perl2 (CVE-2007-1349)
60	http://svn.apache.org/viewvc?view=rev&revision=521584
61	#433549
62	notified maintainer
63
64	--
65
66	libpam-ssh (CVE-2007-0844)
67	#410236
68	notified maintainer
69
70	--
71
72
73	liferea (CVE-2005-4791)
74	notified maintainer
75
76	--
77
78	lighttpd (CVE-2007-3948)
79	#434888
80	Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
81	http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
82	http://trac.lighttpd.net/trac/ticket/1216
83	notified maintainer
84
85	--
86
87	linux-ftpd-ssl (CVE-2007-6263)
88	#454733
89	notified maintainer
90
91	--
92
93	mecab (CVE-2007-3231)
94	#429174
95	notified maintainer
96
97	--
98
99	mldonkey (CVE-2007-4100)
100	#435439
101	notified maintainer
102
103	--
104
105	mnogosearch (CVE-2007-5588)
106	#447753)
107	notified maintainer
108
109	---
110
111	ngircd (CVE-2008-0285)
112	notified maintainer
113
114	--
115
116	paramiko (CVE-2008-0299)
117	#460706
118	notified maintainer
119
120	--
121
122	proftpd-dfsg, proftpd (CVE-2007-2165)
123	update in progress
124
125	--
126
127	python-django (CVE-2007-5712)
128	http://media.djangoproject.com/patches/2007-10-26-security-fix/
129	#448838
130	notified maintainer
131
132	--
133
134	slocate (CVE-2007-0227)
135	#411937
136	notified maintainer
137
138	--
139
140	streamripper (CVE-2007-4337)
141	notified maintainer
142
143	--
144
145	sylpheed (CVE-2007-2958)
146	#441854
147	http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
148	notified maintainer
149
150	--
151
152	tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
153	#465643
154	notified maintainer
155
156	--
157
158	tomboy (CVE-2005-4790)
159	notified maintainer
160
161	--
162
163	vobcopy (CVE-2007-5718)
164	bug #448319
165	notified maintainer
166
167	--
168
169	wyrd (CVE-2008-0806)
170	bug #466382
171	notified maintainer
172
173	--
174
175	xfce4 (CVE-2007-6351 CVE-2007-6352)
176	notified maintainer
177
178	--
179
180	zabbix (CVE-2008-1353)
181	bug #471678
182	notified maintainer
183
184	--
185
186	zsh (CVE-2007-6209)
187	bug #454073)
188	notified maintainer
189