secure-testing/data/spu-candidates.txt

This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

audacity (CVE-2007-6061)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
notified maintainer

--

balsa (CVE-2007-5007)
http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
notified maintainer

--

beagle (CVE-2005-4791)
notified maintainer

--

blam (CVE-2005-4791)
notified maintainer

--

boost (CVE-2008-0172/CVE-2008-0171)
#461236
notified maintainer

--

bzip2 (CVE-2008-1372)
#471670
Maintainer has been notified

--

cbrpager CVE-2008-2575 [command execution flaw via malicious file names]
#482853
notified maintainer

--

cecilia (CVE-2008-1832)
#476321
notified maintainer

--

comix (CVE-2008-1568)
#462840
notified maintainer

--

emacs21 (CVE-2007-6109/CVE-2008-1694)
bug #455433, bug #476612
notified maintainer

emacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

flac123 (CVE-2007-3507)
notified maintainer

--

libapache2-mod-perl2 (CVE-2007-1349)
http://svn.apache.org/viewvc?view=rev&revision=521584
#433549
notified maintainer

--

libpam-ssh (CVE-2007-0844)
#410236
notified maintainer

--

libpng (CVE-2008-1382)
#476669
notified maintainer

--

liferea (CVE-2005-4791)
notified maintainer

--

lighttpd (CVE-2007-3948)
#434888
Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
http://trac.lighttpd.net/trac/ticket/1216
notified maintainer

--

linux-ftpd-ssl (CVE-2007-6263)
#454733
notified maintainer

--

mecab (CVE-2007-3231)
#429174
notified maintainer

--

mksh (CVE-2008-1845)
notified maintainer

--

mldonkey (CVE-2007-4100)
#435439
notified maintainer

--

mnogosearch (CVE-2007-5588)
#447753)
notified maintainer

---

ngircd (CVE-2008-0285)
notified maintainer

--

paramiko (CVE-2008-0299)
#460706
notified maintainer

--

proftpd-dfsg, proftpd (CVE-2007-2165)
update in progress

--

python-django (CVE-2007-5712)
http://media.djangoproject.com/patches/2007-10-26-security-fix/
#448838
notified maintainer

--

rsync (CVE-2007-6200)
#453652
notified maintainer

--
sip-tester (CVE-2008-1959, CVE-2008-2085)
#479039
notified maintainer

--

slocate (CVE-2007-0227)
#411937
notified maintainer

--

smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
notified maintainer

--

streamripper (CVE-2007-4337)
notified maintainer

--

sylpheed (CVE-2007-2958)
#441854
http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
notified maintainer

--

tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
#465643
notified maintainer

--

tomboy (CVE-2005-4790)
notified maintainer

--

vobcopy (CVE-2007-5718)
bug #448319
notified maintainer

--

wyrd (CVE-2008-0806)
bug #466382
notified maintainer

--

xemacs21 (CVE-2007-6109/CVE-2008-1694)
bug #457764, bug #476613
notified maintainer

xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

xfce4 (CVE-2007-6351 CVE-2007-6352)
notified maintainer

--

zabbix (CVE-2008-1353)
bug #471678
notified maintainer

--

zsh (CVE-2007-6209)
bug #454073)
notified maintainer

1	This file records minor security issues, which do not warrant a DSA,
2	but which could be fixed in a stable point update if people feel like
3	it. If someone wants to address these, please add a note about it
4	and get in contact with debian-release@lists.debian.org
5
6	--
7
8	audacity (CVE-2007-6061)
9	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
10	notified maintainer
11
12	--
13
14	balsa (CVE-2007-5007)
15	http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
16	notified maintainer
17
18	--
19
20	beagle (CVE-2005-4791)
21	notified maintainer
22
23	--
24
25	blam (CVE-2005-4791)
26	notified maintainer
27
28	--
29
30	boost (CVE-2008-0172/CVE-2008-0171)
31	#461236
32	notified maintainer
33
34	--
35
36	bzip2 (CVE-2008-1372)
37	#471670
38	Maintainer has been notified
39
40	--
41
42	cbrpager CVE-2008-2575 [command execution flaw via malicious file names]
43	#482853
44	notified maintainer
45
46	--
47
48	cecilia (CVE-2008-1832)
49	#476321
50	notified maintainer
51
52	--
53
54	comix (CVE-2008-1568)
55	#462840
56	notified maintainer
57
58	--
59
60	emacs21 (CVE-2007-6109/CVE-2008-1694)
61	bug #455433, bug #476612
62	notified maintainer
63
64	emacs21 (CVE-2008-2142)
65	bug #480877
66	notified maintainer
67
68	--
69
70	flac123 (CVE-2007-3507)
71	notified maintainer
72
73	--
74
75	libapache2-mod-perl2 (CVE-2007-1349)
76	http://svn.apache.org/viewvc?view=rev&revision=521584
77	#433549
78	notified maintainer
79
80	--
81
82	libpam-ssh (CVE-2007-0844)
83	#410236
84	notified maintainer
85
86	--
87
88	libpng (CVE-2008-1382)
89	#476669
90	notified maintainer
91
92	--
93
94	liferea (CVE-2005-4791)
95	notified maintainer
96
97	--
98
99	lighttpd (CVE-2007-3948)
100	#434888
101	Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
102	http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
103	http://trac.lighttpd.net/trac/ticket/1216
104	notified maintainer
105
106	--
107
108	linux-ftpd-ssl (CVE-2007-6263)
109	#454733
110	notified maintainer
111
112	--
113
114	mecab (CVE-2007-3231)
115	#429174
116	notified maintainer
117
118	--
119
120	mksh (CVE-2008-1845)
121	notified maintainer
122
123	--
124
125	mldonkey (CVE-2007-4100)
126	#435439
127	notified maintainer
128
129	--
130
131	mnogosearch (CVE-2007-5588)
132	#447753)
133	notified maintainer
134
135	---
136
137	ngircd (CVE-2008-0285)
138	notified maintainer
139
140	--
141
142	paramiko (CVE-2008-0299)
143	#460706
144	notified maintainer
145
146	--
147
148	proftpd-dfsg, proftpd (CVE-2007-2165)
149	update in progress
150
151	--
152
153	python-django (CVE-2007-5712)
154	http://media.djangoproject.com/patches/2007-10-26-security-fix/
155	#448838
156	notified maintainer
157
158	--
159
160	rsync (CVE-2007-6200)
161	#453652
162	notified maintainer
163
164	--
165	sip-tester (CVE-2008-1959, CVE-2008-2085)
166	#479039
167	notified maintainer
168
169	--
170
171	slocate (CVE-2007-0227)
172	#411937
173	notified maintainer
174
175	--
176
177	smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
178	notified maintainer
179
180	--
181
182	streamripper (CVE-2007-4337)
183	notified maintainer
184
185	--
186
187	sylpheed (CVE-2007-2958)
188	#441854
189	http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
190	notified maintainer
191
192	--
193
194	tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
195	#465643
196	notified maintainer
197
198	--
199
200	tomboy (CVE-2005-4790)
201	notified maintainer
202
203	--
204
205	vobcopy (CVE-2007-5718)
206	bug #448319
207	notified maintainer
208
209	--
210
211	wyrd (CVE-2008-0806)
212	bug #466382
213	notified maintainer
214
215	--
216
217	xemacs21 (CVE-2007-6109/CVE-2008-1694)
218	bug #457764, bug #476613
219	notified maintainer
220
221	xemacs21 (CVE-2008-2142)
222	bug #480877
223	notified maintainer
224
225	--
226
227	xfce4 (CVE-2007-6351 CVE-2007-6352)
228	notified maintainer
229
230	--
231
232	zabbix (CVE-2008-1353)
233	bug #471678
234	notified maintainer
235
236	--
237
238	zsh (CVE-2007-6209)
239	bug #454073)
240	notified maintainer
241