secure-testing/data/spu-candidates.txt

This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

audacity (CVE-2007-6061)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
notified maintainer

--

balsa (CVE-2007-5007)
http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
notified maintainer

--

beagle (CVE-2005-4791)
notified maintainer

--

blam (CVE-2005-4791)
notified maintainer

--

boost (CVE-2008-0172/CVE-2008-0171)
#461236
notified maintainer

--

bzip2 (CVE-2008-1372)
#471670
Maintainer has been notified

--

cecilia (CVE-2008-1832)
#476321
notified maintainer

--

comix (CVE-2008-1568)
#462840
notified maintainer

--

emacs21 (CVE-2007-6109/CVE-2008-1694)
bug #455433, bug #476612
notified maintainer

emacs21 (CVE-2008-2142)
bug #480877

--

flac123 (CVE-2007-3507)
notified maintainer

--

libapache2-mod-perl2 (CVE-2007-1349)
http://svn.apache.org/viewvc?view=rev&revision=521584
#433549
notified maintainer

--

libpam-ssh (CVE-2007-0844)
#410236
notified maintainer

--

libpng (CVE-2008-1382)
#476669
notified maintainer

--

liferea (CVE-2005-4791)
notified maintainer

--

lighttpd (CVE-2007-3948)
#434888
Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
http://trac.lighttpd.net/trac/ticket/1216
notified maintainer

--

linux-ftpd-ssl (CVE-2007-6263)
#454733
notified maintainer

--

mecab (CVE-2007-3231)
#429174
notified maintainer

--

mldonkey (CVE-2007-4100)
#435439
notified maintainer

--

mnogosearch (CVE-2007-5588)
#447753)
notified maintainer

---

ngircd (CVE-2008-0285)
notified maintainer

--

paramiko (CVE-2008-0299)
#460706
notified maintainer

--

proftpd-dfsg, proftpd (CVE-2007-2165)
update in progress

--

python-django (CVE-2007-5712)
http://media.djangoproject.com/patches/2007-10-26-security-fix/
#448838
notified maintainer

--

rsync (CVE-2007-6200)
#453652)
notified maintainer

--

slocate (CVE-2007-0227)
#411937
notified maintainer

--

smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
notified maintainer

--

streamripper (CVE-2007-4337)
notified maintainer

--

sylpheed (CVE-2007-2958)
#441854
http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
notified maintainer

--

tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
#465643
notified maintainer

--

tomboy (CVE-2005-4790)
notified maintainer

--

vobcopy (CVE-2007-5718)
bug #448319
notified maintainer

--

wyrd (CVE-2008-0806)
bug #466382
notified maintainer

--

xemacs21 (CVE-2007-6109/CVE-2008-1694)
bug #457764, bug #476613
notified maintainer

xemacs21 (CVE-2008-2142)
bug #480877

--

xfce4 (CVE-2007-6351 CVE-2007-6352)
notified maintainer

--

zabbix (CVE-2008-1353)
bug #471678
notified maintainer

--

zsh (CVE-2007-6209)
bug #454073)
notified maintainer

1	This file records minor security issues, which do not warrant a DSA,
2	but which could be fixed in a stable point update if people feel like
3	it. If someone wants to address these, please add a note about it
4	and get in contact with debian-release@lists.debian.org
5
6	--
7
8	audacity (CVE-2007-6061)
9	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
10	notified maintainer
11
12	--
13
14	balsa (CVE-2007-5007)
15	http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
16	notified maintainer
17
18	--
19
20	beagle (CVE-2005-4791)
21	notified maintainer
22
23	--
24
25	blam (CVE-2005-4791)
26	notified maintainer
27
28	--
29
30	boost (CVE-2008-0172/CVE-2008-0171)
31	#461236
32	notified maintainer
33
34	--
35
36	bzip2 (CVE-2008-1372)
37	#471670
38	Maintainer has been notified
39
40	--
41
42	cecilia (CVE-2008-1832)
43	#476321
44	notified maintainer
45
46	--
47
48	comix (CVE-2008-1568)
49	#462840
50	notified maintainer
51
52	--
53
54	emacs21 (CVE-2007-6109/CVE-2008-1694)
55	bug #455433, bug #476612
56	notified maintainer
57
58	emacs21 (CVE-2008-2142)
59	bug #480877
60
61	--
62
63	flac123 (CVE-2007-3507)
64	notified maintainer
65
66	--
67
68	libapache2-mod-perl2 (CVE-2007-1349)
69	http://svn.apache.org/viewvc?view=rev&revision=521584
70	#433549
71	notified maintainer
72
73	--
74
75	libpam-ssh (CVE-2007-0844)
76	#410236
77	notified maintainer
78
79	--
80
81	libpng (CVE-2008-1382)
82	#476669
83	notified maintainer
84
85	--
86
87	liferea (CVE-2005-4791)
88	notified maintainer
89
90	--
91
92	lighttpd (CVE-2007-3948)
93	#434888
94	Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
95	http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
96	http://trac.lighttpd.net/trac/ticket/1216
97	notified maintainer
98
99	--
100
101	linux-ftpd-ssl (CVE-2007-6263)
102	#454733
103	notified maintainer
104
105	--
106
107	mecab (CVE-2007-3231)
108	#429174
109	notified maintainer
110
111	--
112
113	mldonkey (CVE-2007-4100)
114	#435439
115	notified maintainer
116
117	--
118
119	mnogosearch (CVE-2007-5588)
120	#447753)
121	notified maintainer
122
123	---
124
125	ngircd (CVE-2008-0285)
126	notified maintainer
127
128	--
129
130	paramiko (CVE-2008-0299)
131	#460706
132	notified maintainer
133
134	--
135
136	proftpd-dfsg, proftpd (CVE-2007-2165)
137	update in progress
138
139	--
140
141	python-django (CVE-2007-5712)
142	http://media.djangoproject.com/patches/2007-10-26-security-fix/
143	#448838
144	notified maintainer
145
146	--
147
148	rsync (CVE-2007-6200)
149	#453652)
150	notified maintainer
151
152	--
153
154	slocate (CVE-2007-0227)
155	#411937
156	notified maintainer
157
158	--
159
160	smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
161	notified maintainer
162
163	--
164
165	streamripper (CVE-2007-4337)
166	notified maintainer
167
168	--
169
170	sylpheed (CVE-2007-2958)
171	#441854
172	http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
173	notified maintainer
174
175	--
176
177	tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
178	#465643
179	notified maintainer
180
181	--
182
183	tomboy (CVE-2005-4790)
184	notified maintainer
185
186	--
187
188	vobcopy (CVE-2007-5718)
189	bug #448319
190	notified maintainer
191
192	--
193
194	wyrd (CVE-2008-0806)
195	bug #466382
196	notified maintainer
197
198	--
199
200	xemacs21 (CVE-2007-6109/CVE-2008-1694)
201	bug #457764, bug #476613
202	notified maintainer
203
204	xemacs21 (CVE-2008-2142)
205	bug #480877
206
207	--
208
209	xfce4 (CVE-2007-6351 CVE-2007-6352)
210	notified maintainer
211
212	--
213
214	zabbix (CVE-2008-1353)
215	bug #471678
216	notified maintainer
217
218	--
219
220	zsh (CVE-2007-6209)
221	bug #454073)
222	notified maintainer
223