/[secure-testing]/data/spu-candidates.txt

Diff of /data/spu-candidates.txt

Parent Directory | Revision Log | View Patch Patch

-revision 11373 by jmm-guest,
Tue Mar 10 20:52:51 2009 UTC
+revision 12928 by derevko-guest,
Sat Oct  3 15:45:34 2009 UTC
 Line 5 
 and get in contact with debian-release@l
  --
- acidbase (CVE-2007-5578)
- notified maintainer
- --
- aegis
- #496400
- notified maintainer
- --
- apertium
- #496395
- notified maintainer
- --
  asterisk (CVE-2009-0041)
  #513413
- --
- audacity (CVE-2007-6061)
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
- notified maintainer
- --
- auctex (no CVE)
- #506961
- notified maintainer
- --
- audiolink
- #496433
- notified maintainer
- --
- aview
- #496422
- notified maintainer
- --
- beagle (CVE-2005-4791)
- notified maintainer
- --
- blam (CVE-2005-4791)
- notified maintainer
- --
- bluez-libs/bluez-utils (CVE-2008-2374)
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
- notified maintainer
- --
- boost (CVE-2008-0172/CVE-2008-0171)
- #461236
- notified maintainer
- --
- bugzilla (CVE-2008-2103)
- #480190
  notified maintainer
- CVE-2008-4437
+ CVE-2008-3903
- #502019
+ #522528
  notified maintainer
  --
- byacc (CVE-2008-3196)
+ avahi (CVE-2009-0758)
- #491182
+ #517683
  notified maintainer
  --
- bzip2 (CVE-2008-1372)
+ backuppc (CVE-2009-3369)
- #471670
+ #542218
- Maintainer has been notified
- --
- cdcontrol
- #496438
  notified maintainer
  --
- cdrw-taper
+ bugzilla (CVE-2009-0481 to CVE-2009-0485)
- #496380
  notified maintainer
  --
- cecilia (CVE-2008-1832)
+ buildbot (CVE-2009-2959, CVE-2009-2967)
- #476321
+ #543822
  notified maintainer
  --
- chillispot
+ compiz-fusion-plugins-main (CVE-2008-6514)
- #500181
  notified maintainer
  --
- comix (CVE-2008-1568)
+ cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
- #462840
+ #528434
  notified maintainer
  --
- cyrus-sasl2 (no CVE)
+ evolution (CVE-2009-1631)
- #465561
+ #526409
- notified maintainer
+ notified maintainer through initial bugreport
  --
- dia
+ firebird2.0 (CVE-2009-2620)
- #504251
+ #539477
  notified maintainer
  --
- digitaldj
+ glib2.0 (CVE-2009-3289)
- #496399
+ https://bugzilla.gnome.org/show_bug.cgi?id=593406
  notified maintainer
  --
- ed (CVE-2008-3916)
+ gnutls26 (CVE-2009-1417)
- Fix from 0.7-2
+ #531614
  notified maintainer
  --
- emacs21 (CVE-2007-6109/CVE-2008-1694)
+ gri (no CVE)
- bug #455433, bug #476612
+ fixed in gri 2.12.18-1:
- notified maintainer
+ "Improve security when creating temporary files."
- emacs21 (CVE-2008-2142)
- bug #480877
  notified maintainer
  --
- emacs-jabber
+ gupnp (CVE-2009-2174)
- #496428
+ #534594
  notified maintainer
  --
- emacspeak (CVE-2008-4191)
+ htmldoc (CVE-2009-3050)
- #496431
+ #537637
- notified maintainer
  --
- epiphany-browser
+ kde4libs (CVE-2009-2702)
- #504363
+ #546218
- notified maintainer
  --
- evolution (CVE-2008-1108, CVE-2008-1109)
+ kfreebsd-6
- #484639
+ [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
+ http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
  notified maintainer
- evolution (no CVE)
+ [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
- #484639
+ http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
  notified maintainer
  --
- exiv2 (CVE-2008-2696)
+ kfreebsd-7
- bug #486328
+ [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
- http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
+ http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
  notified maintainer
- --
+ [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
+ http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
- flac123 (CVE-2007-3507)
- notified maintainer
- --
- fml
- #496370
  notified maintainer
  --
- freeradius (CVE-2008-4474)
+ kvm 82-1 (CVE-2008-5714)
- #496489
+ #509997
  notified maintainer
  --
- fwbuilder
+ lcms (CVE-2009-0793)
- #496406
+ notified maintainer through initial bugreport
- notified maintainer
  --
- gedit (CVE-2009-0314)
+ libpam-ssh (CVE-2009-1273)
- #513513
+ #535877
- notified maintainer
+ maintainer notified through initial bug report, said he would work on an update
  --
- gdrae
+ libpng (CVE-2009-2042)
- #496378
+ #533676
  notified maintainer
  --
- gmanedit
+ libsndfile
- #497835
+ potential dos via crafted input
- notified maintainer
+ #530831
- --
- gpsdrive (CVE-2008-5704, CVE-2008-5703, CVE-2008-5380)
- #496436, #508597, #508595
- notified maintainer
- --
- horde3 (CVE-2008-3330)
- #495332
- notified maintainer
- --
- hplip (CVE-2008-2940/CVE-2008-2941)
- #499842
- notified maintainer
- --
- ipsec-tools (CVE-2008-3651)
- http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
- notified maintainer
- ipsec-tools (CVE-2008-3652)
- #501026
- https://bugzilla.redhat.com/show_bug.cgi?id=456660
- notified maintainer
- --
- konwert
- #496379
- notified maintainer
- --
- libapache2-mod-perl2 (CVE-2007-1349)
- http://svn.apache.org/viewvc?view=rev&revision=521584
- #433549
- notified maintainer
- --
- libarchive-tar-perl (CVE-2007-4829)
- #449544
- notified maintainer
- --
- libpam-ssh (CVE-2007-0844)
- #410236
- notified maintainer
- --
- libsamplerate (CVE-2008-5008)
- https://bugzilla.redhat.com/attachment.cgi?id=323069
- notified maintainer
- --
- libpng (CVE-2008-1382)
- #476669
- notified maintainer
- --
- liferea (CVE-2005-4791)
- notified maintainer
- --
- lighttpd (CVE-2007-3948)
- #434888
- Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
- http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
- http://trac.lighttpd.net/trac/ticket/1216
- notified maintainer
- --
- links2 (CVE-2008-3329)
- bug #492744
- notified maintainer
- --
- linux-ftpd (CVE-2008-4247)
- #500278
- notified maintainer
- --
- linux-ftpd-ssl (CVE-2007-6263)
- #454733
- notified maintainer
  --
- mailscanner (CVE-2008-5312, CVE-2008-5313)
+ libvorbis (CVE-2008-2009)
- #506353
+ notified maintainer and release team
- notified maintainer
  --
- mecab (CVE-2007-3231)
+ memcached (CVE-2009-1255)
- #429174
  notified maintainer
  --
- mercurial (CVE-2008-4297)
+ mimedecode
- #500781
+ potential dos/crash due to invalid input
- notified maintainer
+ orphaned
+ #530430
  --
- mgetty
+ movabletype-opensource (CVE-2009-2492)
- #496403
+ #537935
  notified maintainer
  --
- mgt
+ mpg123 (CVE-2009-1301)
- #496434
  notified maintainer
  --
- mksh (CVE-2008-1845)
+ neon27 (CVE-2009-2474)
+ #542926
  notified maintainer
  --
- mldonkey (CVE-2007-4100)
+ neon26 (CVE-2009-2474)
- #435439
+ #542926
  notified maintainer
  --
- mnogosearch (CVE-2007-5588)
+ ntop (CVE-2009-2732)
- #447753
+ #543312
- notified maintainer
+ notified maintainer through initial bugreport
  --
- motion (CVE-2008-2654)
+ postfix (CVE-2009-2939)
- #484572
  notified maintainer
  --
- mpfr (CVE-2009-0757)
+ squid (CVE-2009-0801)
+ #521053
- --
- multi-gnome-terminal (CVE-2008-5143)
- notified maintainer
  --
- myspell
+ squid3 (CVE-2009-0801)
- #496392
+ #521052
- notified maintainer
  --
-Line 406 
 Noah will see to it.
+Line 213 
 Noah will see to it.
  --
- nfs-utils (CVE-2008-4552)
+ ocsinventory-server (CVE-2009-3040, CVE-2009-3042, CVE-2009-1443)
- notified maintainer
+ #541995
- --
- ngircd (CVE-2008-0285)
- notified maintainer
- --
- nvi
- #496462
- notified maintainer
- --
- p3nfs (CVE-2008-5154)
- bug #506270
- notified maintainer
- --
- paramiko (CVE-2008-0299)
- #460706
- notified maintainer
- --
- python2.4 (CVE-2008-4864, CVE-2008-5031)
- #504620
- python2.5 (CVE-2008-4864, CVE-2008-5031)
- #504619
- --
- python-django (CVE-2007-5712)
- http://media.djangoproject.com/patches/2007-10-26-security-fix/
- #448838
  notified maintainer
  --
- r-base
+ open-iscsi (CVE-2009-1297)
- #496418
+ notified maintainer in initial bug report
- notified maintainer
- --
- rancid
- #496426
- notified maintainer
- --
- rccp
- #496364
- notified maintainer
- --
- realtimebattle
- #496385
- notified maintainer
- --
- redhat-cluster
- #496410
- notified maintainer
- --
- rkhunter
- #496375
- notified maintainer
- --
- rsync (CVE-2007-6200)
- #453652
- notified maintainer
  --
- sabre
+ openldap
- #433996
+ #253838
  notified maintainer
  --
- scilab
+ overkill (no CVE yet)
- #496414
+ #549310
- notified maintainer
  --
- sgml2x
+ owl (CVE-2009-0363)
- #496368
+ #515118
- notified maintainer
  --
- sip-tester (CVE-2008-1959, CVE-2008-2085)
+ pam (CVE-2009-0579)
- #479039
+ #514437
- notified maintainer
+ asked maintainer in mail
  --
- slocate (CVE-2007-0227)
+ pidgin (CVE-2009-1889, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085)
- #411937
+ #535790
- notified maintainer
+ http://developer.pidgin.im/ticket/9483
+ http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
  --
- smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
+ pptp-linux (no CVE)
- notified maintainer
+ #523476
+ Ola will prepare a fix in a point update
  --
- sng
+ rails (CVE-2009-3086)
- #496407
+ bug #545063
- notified maintainer
  --
- ssmtp
+ slim (CVE-2009-1756)
- #498366
+ bug #529306
- notified maintainer
+ Maintainer notified through followup in #529306
  --
- streamripper (CVE-2007-4337)
+ smarty (CVE-2009-1669)
- notified maintainer
+ #529810
+ http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462
- --
- sylpheed (CVE-2007-2958)
- #441854
- http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
- notified maintainer
- --
- sympa
- #496405; bug #494969
  notified maintainer
  --
-Line 562 
 notified maintainer
+Line 283 
 notified maintainer
  --
- tcl8.3/tcl8.4 (CVE-2007-4772)
+ texlive-bin (CVE-2009-1284)
- notified maintainer
+ #520920
+ https://bugzilla.redhat.com/show_bug.cgi?id=492136
- tcl8.3/tcl8.4 (CVE-2007-6067)
- --
- texlive-bin (CVE-2007-5935 CVE-2007-5936 CVE-2007-5937)
- notified maintainer
- --
- tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
- #465643
- notified maintainer
- --
- tomboy (CVE-2005-4790)
- notified maintainer
- --
- tqsllib 2.0-8 (CVE-2009-0124)
- #511509
- notified maintainer
- --
- trickle
- #513456
- notified maintainer
  --
- unp (CVE-2007-6610)
+ udev (#462655)
- #448437
  notified maintainer
  --
- xmcd
+ planet (CVE-2009-2937)
- #496416
+ bug #546178
- notified maintainer
+ notified maintainer through initial bugreport
  --
- vobcopy (CVE-2007-5718)
+ webkit (CVE-2008-4724)
- bug #448319
+ #520052
- notified maintainer
+ asked maintainer
  --
- wdiff [insecure tempfile in wdiff]
- bug #425254
- notified maintainer
- --
- wims
- #496387
- notified maintainer
- --
- wyrd (CVE-2008-0806)
- bug #466382
- notified maintainer
- --
- xastir
- #496383
- notified maintainer
- --
- xcal
- #496393
- notified maintainer
- --
- xchat (CVE-2009-0315)
- #513509
- notified maintainer
- --
- xemacs21 (CVE-2007-6109/CVE-2008-1694)
- bug #457764, bug #476613
- notified maintainer
  xemacs21 (CVE-2008-2142)
  bug #480877
  notified maintainer
+ xemacs21 (CVE-2009-2688)
+ #540470
+ Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
+ notified maintainer
  --
- xen-3
+ xen-3 (CVE-2008-4993)
  #496367
  notified maintainer
  --
- xfce4 (CVE-2007-6351 CVE-2007-6352)
+ xerces-c (CVE-2009-1885)
- notified maintainer
+ #540297
  --
- zabbix (CVE-2008-1353)
+ xfig
- bug #471678
+_mkstemp added in 1:3.2.5.a-1
  notified maintainer
  --
- zope-cmfplone (CVE-2008-1394)
+ xscreensaver (no CVE)
+ #539699
  notified maintainer
  --
- zsh (CVE-2007-6209)
+ ziproxy (CVE-2009-0804)
- bug #454073)
+ #521051
- notified maintainer

 Legend:



Removed from v.11373
 


changed lines


 
Added in v.12928
 Legend:



Removed from v.11373
 


changed lines


 
Added in v.12928
-Removed from v.11373
+Added in v.12928

	ViewVC Help
Powered by ViewVC 1.1.5