secure-testing/data/spu-candidates.txt

This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

audacity (CVE-2007-6061)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
notified maintainer

--

balsa (CVE-2007-5007)
http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
notified maintainer

--

beagle (CVE-2005-4791)
notified maintainer

--

blam (CVE-2005-4791)
notified maintainer

--

boost (CVE-2008-0172/CVE-2008-0171)
#461236
notified maintainer

--

bugzilla (CVE-2008-2103)
#480190)
notified maintainer

--

bzip2 (CVE-2008-1372)
#471670
Maintainer has been notified

--

cbrpager CVE-2008-2575 [command execution flaw via malicious file names]
#482853
work-in-progress

--

cecilia (CVE-2008-1832)
#476321
notified maintainer

--

comix (CVE-2008-1568)
#462840
notified maintainer

--

emacs21 (CVE-2007-6109/CVE-2008-1694)
bug #455433, bug #476612
notified maintainer

emacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

flac123 (CVE-2007-3507)
notified maintainer

--

libapache2-mod-perl2 (CVE-2007-1349)
http://svn.apache.org/viewvc?view=rev&revision=521584
#433549
notified maintainer

--

libpam-ssh (CVE-2007-0844)
#410236
notified maintainer

--

libpng (CVE-2008-1382)
#476669
notified maintainer

--

liferea (CVE-2005-4791)
notified maintainer

--

lighttpd (CVE-2007-3948)
#434888
Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
http://trac.lighttpd.net/trac/ticket/1216
notified maintainer

--

linux-ftpd-ssl (CVE-2007-6263)
#454733
notified maintainer

--

mecab (CVE-2007-3231)
#429174
notified maintainer

--

mksh (CVE-2008-1845)
notified maintainer

--

mldonkey (CVE-2007-4100)
#435439
notified maintainer

--

mnogosearch (CVE-2007-5588)
#447753)
notified maintainer

---

ngircd (CVE-2008-0285)
notified maintainer

--

paramiko (CVE-2008-0299)
#460706
notified maintainer

--

proftpd-dfsg, proftpd (CVE-2007-2165)
update in progress

--

python-django (CVE-2007-5712)
http://media.djangoproject.com/patches/2007-10-26-security-fix/
#448838
notified maintainer

--

rsync (CVE-2007-6200)
#453652
notified maintainer

--
sip-tester (CVE-2008-1959, CVE-2008-2085)
#479039
notified maintainer

--

slocate (CVE-2007-0227)
#411937
notified maintainer

--

smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
notified maintainer

--

streamripper (CVE-2007-4337)
notified maintainer

--

sylpheed (CVE-2007-2958)
#441854
http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
notified maintainer

--

tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
#465643
notified maintainer

--

tomboy (CVE-2005-4790)
notified maintainer

--

vobcopy (CVE-2007-5718)
bug #448319
notified maintainer

--

wdiff [insecure tempfile in wdiff]
bug #425254

--

wyrd (CVE-2008-0806)
bug #466382
notified maintainer

--

xemacs21 (CVE-2007-6109/CVE-2008-1694)
bug #457764, bug #476613
notified maintainer

xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

xfce4 (CVE-2007-6351 CVE-2007-6352)
notified maintainer

--

zabbix (CVE-2008-1353)
bug #471678
notified maintainer

--

zsh (CVE-2007-6209)
bug #454073)
notified maintainer

1	This file records minor security issues, which do not warrant a DSA,
2	but which could be fixed in a stable point update if people feel like
3	it. If someone wants to address these, please add a note about it
4	and get in contact with debian-release@lists.debian.org
5
6	--
7
8	audacity (CVE-2007-6061)
9	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
10	notified maintainer
11
12	--
13
14	balsa (CVE-2007-5007)
15	http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
16	notified maintainer
17
18	--
19
20	beagle (CVE-2005-4791)
21	notified maintainer
22
23	--
24
25	blam (CVE-2005-4791)
26	notified maintainer
27
28	--
29
30	boost (CVE-2008-0172/CVE-2008-0171)
31	#461236
32	notified maintainer
33
34	--
35
36	bugzilla (CVE-2008-2103)
37	#480190)
38	notified maintainer
39
40	--
41
42	bzip2 (CVE-2008-1372)
43	#471670
44	Maintainer has been notified
45
46	--
47
48	cbrpager CVE-2008-2575 [command execution flaw via malicious file names]
49	#482853
50	work-in-progress
51
52	--
53
54	cecilia (CVE-2008-1832)
55	#476321
56	notified maintainer
57
58	--
59
60	comix (CVE-2008-1568)
61	#462840
62	notified maintainer
63
64	--
65
66	emacs21 (CVE-2007-6109/CVE-2008-1694)
67	bug #455433, bug #476612
68	notified maintainer
69
70	emacs21 (CVE-2008-2142)
71	bug #480877
72	notified maintainer
73
74	--
75
76	flac123 (CVE-2007-3507)
77	notified maintainer
78
79	--
80
81	libapache2-mod-perl2 (CVE-2007-1349)
82	http://svn.apache.org/viewvc?view=rev&revision=521584
83	#433549
84	notified maintainer
85
86	--
87
88	libpam-ssh (CVE-2007-0844)
89	#410236
90	notified maintainer
91
92	--
93
94	libpng (CVE-2008-1382)
95	#476669
96	notified maintainer
97
98	--
99
100	liferea (CVE-2005-4791)
101	notified maintainer
102
103	--
104
105	lighttpd (CVE-2007-3948)
106	#434888
107	Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
108	http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
109	http://trac.lighttpd.net/trac/ticket/1216
110	notified maintainer
111
112	--
113
114	linux-ftpd-ssl (CVE-2007-6263)
115	#454733
116	notified maintainer
117
118	--
119
120	mecab (CVE-2007-3231)
121	#429174
122	notified maintainer
123
124	--
125
126	mksh (CVE-2008-1845)
127	notified maintainer
128
129	--
130
131	mldonkey (CVE-2007-4100)
132	#435439
133	notified maintainer
134
135	--
136
137	mnogosearch (CVE-2007-5588)
138	#447753)
139	notified maintainer
140
141	---
142
143	ngircd (CVE-2008-0285)
144	notified maintainer
145
146	--
147
148	paramiko (CVE-2008-0299)
149	#460706
150	notified maintainer
151
152	--
153
154	proftpd-dfsg, proftpd (CVE-2007-2165)
155	update in progress
156
157	--
158
159	python-django (CVE-2007-5712)
160	http://media.djangoproject.com/patches/2007-10-26-security-fix/
161	#448838
162	notified maintainer
163
164	--
165
166	rsync (CVE-2007-6200)
167	#453652
168	notified maintainer
169
170	--
171	sip-tester (CVE-2008-1959, CVE-2008-2085)
172	#479039
173	notified maintainer
174
175	--
176
177	slocate (CVE-2007-0227)
178	#411937
179	notified maintainer
180
181	--
182
183	smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
184	notified maintainer
185
186	--
187
188	streamripper (CVE-2007-4337)
189	notified maintainer
190
191	--
192
193	sylpheed (CVE-2007-2958)
194	#441854
195	http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
196	notified maintainer
197
198	--
199
200	tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
201	#465643
202	notified maintainer
203
204	--
205
206	tomboy (CVE-2005-4790)
207	notified maintainer
208
209	--
210
211	vobcopy (CVE-2007-5718)
212	bug #448319
213	notified maintainer
214
215	--
216
217	wdiff [insecure tempfile in wdiff]
218	bug #425254
219
220	--
221
222	wyrd (CVE-2008-0806)
223	bug #466382
224	notified maintainer
225
226	--
227
228	xemacs21 (CVE-2007-6109/CVE-2008-1694)
229	bug #457764, bug #476613
230	notified maintainer
231
232	xemacs21 (CVE-2008-2142)
233	bug #480877
234	notified maintainer
235
236	--
237
238	xfce4 (CVE-2007-6351 CVE-2007-6352)
239	notified maintainer
240
241	--
242
243	zabbix (CVE-2008-1353)
244	bug #471678
245	notified maintainer
246
247	--
248
249	zsh (CVE-2007-6209)
250	bug #454073)
251	notified maintainer
252