This file records minor security issues, which do not warrant a DSA, but which could be fixed in a stable point update if people feel like it. If someone wants to address these, please add a note about it and get in contact with debian-release@lists.debian.org -- chillispot #500181 notified maintainer -- apertium #496395 notified maintainer -- audacity (CVE-2007-6061) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283 notified maintainer -- aview #496422 notified maintainer -- beagle (CVE-2005-4791) notified maintainer -- blam (CVE-2005-4791) notified maintainer -- boost (CVE-2008-0172/CVE-2008-0171) #461236 notified maintainer -- bugzilla (CVE-2008-2103) #480190) notified maintainer -- byacc (CVE-2008-3196) #491182 notified maintainer -- bzip2 (CVE-2008-1372) #471670 Maintainer has been notified -- cdcontrol #496438 notified maintainer -- cdrw-taper #496380 notified maintainer -- cecilia (CVE-2008-1832) #476321 notified maintainer -- comix (CVE-2008-1568) #462840 notified maintainer -- digitaldj #496399 notified maintainer -- emacs21 (CVE-2007-6109/CVE-2008-1694) bug #455433, bug #476612 notified maintainer emacs21 (CVE-2008-2142) bug #480877 notified maintainer -- exiv2 (CVE-2008-2696) bug #486328) http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499 notified maintainer -- flac123 (CVE-2007-3507) notified maintainer -- gdrae #496378 notified maintainer -- ipsec-tools (CVE-2008-3651) http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel notified maintainer -- jumpnbump (no CVE yet) #500611 notified maintainer -- libapache2-mod-perl2 (CVE-2007-1349) http://svn.apache.org/viewvc?view=rev&revision=521584 #433549 notified maintainer -- libpam-ssh (CVE-2007-0844) #410236 notified maintainer -- libpng (CVE-2008-1382) #476669 notified maintainer -- liferea (CVE-2005-4791) notified maintainer -- lighttpd (CVE-2007-3948) #434888 Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own. http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873 http://trac.lighttpd.net/trac/ticket/1216 notified maintainer -- links2 (CVE-2008-3329) bug #492744) notified maintainer -- linux-ftpd-ssl (CVE-2007-6263) #454733 notified maintainer -- mecab (CVE-2007-3231) #429174 notified maintainer -- mgt #496434 notified maintainer -- mksh (CVE-2008-1845) notified maintainer -- mldonkey (CVE-2007-4100) #435439 notified maintainer -- mnogosearch (CVE-2007-5588) #447753 notified maintainer --- ngircd (CVE-2008-0285) notified maintainer -- paramiko (CVE-2008-0299) #460706 notified maintainer -- python-django (CVE-2007-5712) http://media.djangoproject.com/patches/2007-10-26-security-fix/ #448838 notified maintainer -- rccp #496364 -- realtimebattle #496385 notified maintainer -- rsync (CVE-2007-6200) #453652 notified maintainer -- sabre #433996 notified maintainer -- sip-tester (CVE-2008-1959, CVE-2008-2085) #479039 notified maintainer -- slocate (CVE-2007-0227) #411937 notified maintainer -- smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472) notified maintainer -- sng #496407 notified maintainer -- streamripper (CVE-2007-4337) notified maintainer -- sylpheed (CVE-2007-2958) #441854 http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug notified maintainer -- tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671) #465643 notified maintainer -- tomboy (CVE-2005-4790) notified maintainer -- xmcd #496416 -- vobcopy (CVE-2007-5718) bug #448319 notified maintainer -- wdiff [insecure tempfile in wdiff] bug #425254 notified maintainer -- wyrd (CVE-2008-0806) bug #466382 notified maintainer -- xastir #496383 notified maintainer -- xcal #496393 notified maintainer -- xemacs21 (CVE-2007-6109/CVE-2008-1694) bug #457764, bug #476613 notified maintainer xemacs21 (CVE-2008-2142) bug #480877 notified maintainer -- xfce4 (CVE-2007-6351 CVE-2007-6352) notified maintainer -- zabbix (CVE-2008-1353) bug #471678 notified maintainer -- zsh (CVE-2007-6209) bug #454073) notified maintainer