secure-testing/data/spu-candidates.txt

This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

audacity (CVE-2007-6061)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
notified maintainer

--

balsa (CVE-2007-5007)
http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
notified maintainer

--

beagle (CVE-2005-4791)
notified maintainer

--

blam (CVE-2005-4791)
notified maintainer

--

boost (CVE-2008-0172/CVE-2008-0171)
#461236
notified maintainer

--

bzip2 (CVE-2008-1372)
#471670
Maintainer has been notified

--

cbrpager CVE-2008-XXXX [command execution flaw via malicious file names]
#482853

--

cecilia (CVE-2008-1832)
#476321
notified maintainer

--

comix (CVE-2008-1568)
#462840
notified maintainer

--

emacs21 (CVE-2007-6109/CVE-2008-1694)
bug #455433, bug #476612
notified maintainer

emacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

flac123 (CVE-2007-3507)
notified maintainer

--

libapache2-mod-perl2 (CVE-2007-1349)
http://svn.apache.org/viewvc?view=rev&revision=521584
#433549
notified maintainer

--

libpam-ssh (CVE-2007-0844)
#410236
notified maintainer

--

libpng (CVE-2008-1382)
#476669
notified maintainer

--

liferea (CVE-2005-4791)
notified maintainer

--

lighttpd (CVE-2007-3948)
#434888
Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
http://trac.lighttpd.net/trac/ticket/1216
notified maintainer

--

linux-ftpd-ssl (CVE-2007-6263)
#454733
notified maintainer

--

mecab (CVE-2007-3231)
#429174
notified maintainer

--

mksh (CVE-2008-1845)
notified maintainer

--

mldonkey (CVE-2007-4100)
#435439
notified maintainer

--

mnogosearch (CVE-2007-5588)
#447753)
notified maintainer

---

ngircd (CVE-2008-0285)
notified maintainer

--

paramiko (CVE-2008-0299)
#460706
notified maintainer

--

proftpd-dfsg, proftpd (CVE-2007-2165)
update in progress

--

python-django (CVE-2007-5712)
http://media.djangoproject.com/patches/2007-10-26-security-fix/
#448838
notified maintainer

--

rsync (CVE-2007-6200)
#453652
notified maintainer

--
sip-tester (CVE-2008-1959, CVE-2008-2085)
#479039

--

slocate (CVE-2007-0227)
#411937
notified maintainer

--

smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
notified maintainer

--

streamripper (CVE-2007-4337)
notified maintainer

--

sylpheed (CVE-2007-2958)
#441854
http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
notified maintainer

--

tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
#465643
notified maintainer

--

tomboy (CVE-2005-4790)
notified maintainer

--

vobcopy (CVE-2007-5718)
bug #448319
notified maintainer

--

wyrd (CVE-2008-0806)
bug #466382
notified maintainer

--

xemacs21 (CVE-2007-6109/CVE-2008-1694)
bug #457764, bug #476613
notified maintainer

xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

xfce4 (CVE-2007-6351 CVE-2007-6352)
notified maintainer

--

zabbix (CVE-2008-1353)
bug #471678
notified maintainer

--

zsh (CVE-2007-6209)
bug #454073)
notified maintainer

1	This file records minor security issues, which do not warrant a DSA,
2	but which could be fixed in a stable point update if people feel like
3	it. If someone wants to address these, please add a note about it
4	and get in contact with debian-release@lists.debian.org
5
6	--
7
8	audacity (CVE-2007-6061)
9	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
10	notified maintainer
11
12	--
13
14	balsa (CVE-2007-5007)
15	http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
16	notified maintainer
17
18	--
19
20	beagle (CVE-2005-4791)
21	notified maintainer
22
23	--
24
25	blam (CVE-2005-4791)
26	notified maintainer
27
28	--
29
30	boost (CVE-2008-0172/CVE-2008-0171)
31	#461236
32	notified maintainer
33
34	--
35
36	bzip2 (CVE-2008-1372)
37	#471670
38	Maintainer has been notified
39
40	--
41
42	cbrpager CVE-2008-XXXX [command execution flaw via malicious file names]
43	#482853
44
45	--
46
47	cecilia (CVE-2008-1832)
48	#476321
49	notified maintainer
50
51	--
52
53	comix (CVE-2008-1568)
54	#462840
55	notified maintainer
56
57	--
58
59	emacs21 (CVE-2007-6109/CVE-2008-1694)
60	bug #455433, bug #476612
61	notified maintainer
62
63	emacs21 (CVE-2008-2142)
64	bug #480877
65	notified maintainer
66
67	--
68
69	flac123 (CVE-2007-3507)
70	notified maintainer
71
72	--
73
74	libapache2-mod-perl2 (CVE-2007-1349)
75	http://svn.apache.org/viewvc?view=rev&revision=521584
76	#433549
77	notified maintainer
78
79	--
80
81	libpam-ssh (CVE-2007-0844)
82	#410236
83	notified maintainer
84
85	--
86
87	libpng (CVE-2008-1382)
88	#476669
89	notified maintainer
90
91	--
92
93	liferea (CVE-2005-4791)
94	notified maintainer
95
96	--
97
98	lighttpd (CVE-2007-3948)
99	#434888
100	Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
101	http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
102	http://trac.lighttpd.net/trac/ticket/1216
103	notified maintainer
104
105	--
106
107	linux-ftpd-ssl (CVE-2007-6263)
108	#454733
109	notified maintainer
110
111	--
112
113	mecab (CVE-2007-3231)
114	#429174
115	notified maintainer
116
117	--
118
119	mksh (CVE-2008-1845)
120	notified maintainer
121
122	--
123
124	mldonkey (CVE-2007-4100)
125	#435439
126	notified maintainer
127
128	--
129
130	mnogosearch (CVE-2007-5588)
131	#447753)
132	notified maintainer
133
134	---
135
136	ngircd (CVE-2008-0285)
137	notified maintainer
138
139	--
140
141	paramiko (CVE-2008-0299)
142	#460706
143	notified maintainer
144
145	--
146
147	proftpd-dfsg, proftpd (CVE-2007-2165)
148	update in progress
149
150	--
151
152	python-django (CVE-2007-5712)
153	http://media.djangoproject.com/patches/2007-10-26-security-fix/
154	#448838
155	notified maintainer
156
157	--
158
159	rsync (CVE-2007-6200)
160	#453652
161	notified maintainer
162
163	--
164	sip-tester (CVE-2008-1959, CVE-2008-2085)
165	#479039
166
167	--
168
169	slocate (CVE-2007-0227)
170	#411937
171	notified maintainer
172
173	--
174
175	smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
176	notified maintainer
177
178	--
179
180	streamripper (CVE-2007-4337)
181	notified maintainer
182
183	--
184
185	sylpheed (CVE-2007-2958)
186	#441854
187	http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
188	notified maintainer
189
190	--
191
192	tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
193	#465643
194	notified maintainer
195
196	--
197
198	tomboy (CVE-2005-4790)
199	notified maintainer
200
201	--
202
203	vobcopy (CVE-2007-5718)
204	bug #448319
205	notified maintainer
206
207	--
208
209	wyrd (CVE-2008-0806)
210	bug #466382
211	notified maintainer
212
213	--
214
215	xemacs21 (CVE-2007-6109/CVE-2008-1694)
216	bug #457764, bug #476613
217	notified maintainer
218
219	xemacs21 (CVE-2008-2142)
220	bug #480877
221	notified maintainer
222
223	--
224
225	xfce4 (CVE-2007-6351 CVE-2007-6352)
226	notified maintainer
227
228	--
229
230	zabbix (CVE-2008-1353)
231	bug #471678
232	notified maintainer
233
234	--
235
236	zsh (CVE-2007-6209)
237	bug #454073)
238	notified maintainer
239