This file records minor security issues, which do not warrant a DSA, but which could be fixed in a stable point update if people feel like it. If someone wants to address these, please add a note about it and get in contact with debian-release@lists.debian.org -- audacity (CVE-2007-6061) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283 notified maintainer -- balsa (CVE-2007-5007) http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view notified maintainer -- beagle (CVE-2005-4791) notified maintainer -- blam (CVE-2005-4791) notified maintainer -- boost (CVE-2008-0172/CVE-2008-0171) #461236 notified maintainer -- bugzilla (CVE-2008-2103) #480190) -- bzip2 (CVE-2008-1372) #471670 Maintainer has been notified -- cbrpager CVE-2008-2575 [command execution flaw via malicious file names] #482853 work-in-progress -- cecilia (CVE-2008-1832) #476321 notified maintainer -- comix (CVE-2008-1568) #462840 notified maintainer -- emacs21 (CVE-2007-6109/CVE-2008-1694) bug #455433, bug #476612 notified maintainer emacs21 (CVE-2008-2142) bug #480877 notified maintainer -- flac123 (CVE-2007-3507) notified maintainer -- libapache2-mod-perl2 (CVE-2007-1349) http://svn.apache.org/viewvc?view=rev&revision=521584 #433549 notified maintainer -- libpam-ssh (CVE-2007-0844) #410236 notified maintainer -- libpng (CVE-2008-1382) #476669 notified maintainer -- liferea (CVE-2005-4791) notified maintainer -- lighttpd (CVE-2007-3948) #434888 Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own. http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873 http://trac.lighttpd.net/trac/ticket/1216 notified maintainer -- linux-ftpd-ssl (CVE-2007-6263) #454733 notified maintainer -- mecab (CVE-2007-3231) #429174 notified maintainer -- mksh (CVE-2008-1845) notified maintainer -- mldonkey (CVE-2007-4100) #435439 notified maintainer -- mnogosearch (CVE-2007-5588) #447753) notified maintainer --- ngircd (CVE-2008-0285) notified maintainer -- paramiko (CVE-2008-0299) #460706 notified maintainer -- proftpd-dfsg, proftpd (CVE-2007-2165) update in progress -- python-django (CVE-2007-5712) http://media.djangoproject.com/patches/2007-10-26-security-fix/ #448838 notified maintainer -- rsync (CVE-2007-6200) #453652 notified maintainer -- sip-tester (CVE-2008-1959, CVE-2008-2085) #479039 notified maintainer -- slocate (CVE-2007-0227) #411937 notified maintainer -- smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472) notified maintainer -- streamripper (CVE-2007-4337) notified maintainer -- sylpheed (CVE-2007-2958) #441854 http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug notified maintainer -- tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671) #465643 notified maintainer -- tomboy (CVE-2005-4790) notified maintainer -- vobcopy (CVE-2007-5718) bug #448319 notified maintainer -- wyrd (CVE-2008-0806) bug #466382 notified maintainer -- xemacs21 (CVE-2007-6109/CVE-2008-1694) bug #457764, bug #476613 notified maintainer xemacs21 (CVE-2008-2142) bug #480877 notified maintainer -- xfce4 (CVE-2007-6351 CVE-2007-6352) notified maintainer -- zabbix (CVE-2008-1353) bug #471678 notified maintainer -- zsh (CVE-2007-6209) bug #454073) notified maintainer