Author: jmm-guest Date: 2009-03-13 20:48:54 +0000 (Fri, 13 Mar 2009) New Revision: 11386
Added: data/ospu-candidates.txt Modified: data/spu-candidates.txt Log: split and update spu candidates Added: data/ospu-candidates.txt =================================================================== --- data/ospu-candidates.txt (rev 0) +++ data/ospu-candidates.txt 2009-03-13 20:48:54 UTC (rev 11386) @@ -0,0 +1,677 @@ +This file records minor security issues, which do not warrant a DSA, +but which could be fixed in a oldstable point update if people feel like +it. If someone wants to address these, please add a note about it +and get in contact with debian-rele...@lists.debian.org + +-- + +acidbase (CVE-2007-5578) +notified maintainer + +-- + +aegis (CVE-2008-4938) +#496400 +notified maintainer + +-- + +apertium (CVE-2008-4939) +#496395 +notified maintainer + +-- + +asterisk (CVE-2009-0041) +#513413 + +-- + +audacity (CVE-2007-6061) +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283 +notified maintainer + +-- + +auctex (no CVE) +#506961 +notified maintainer + +-- + +audiolink (CVE-2008-4942) +#496433 +notified maintainer + +-- + +aview (CVE-2008-4935) +#496422 +notified maintainer + +-- + +beagle (CVE-2005-4791) +notified maintainer + +-- + +blam (CVE-2005-4791) +notified maintainer + +-- + +bluez-libs/bluez-utils (CVE-2008-2374) +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374 +notified maintainer + +-- + +boost (CVE-2008-0172/CVE-2008-0171) +#461236 +notified maintainer + +-- + +bugzilla (CVE-2008-2103) +#480190 +notified maintainer + +CVE-2008-4437 +#502019 +notified maintainer + +-- + +byacc (CVE-2008-3196) +#491182 +notified maintainer + +-- + +bzip2 (CVE-2008-1372) +#471670 +Maintainer has been notified + +-- + +cdcontrol +#496438 +notified maintainer + +-- + +cdrw-taper (CVE-2008-4945) +#496380 +notified maintainer + +-- + +cecilia (CVE-2008-1832) +#476321 +notified maintainer + +-- + +chillispot +#500181 +notified maintainer + +-- + +comix (CVE-2008-1568) +#462840 +notified maintainer + +-- + +cyrus-sasl2 (no CVE) +#465561 +notified maintainer + +-- + +dia (CVE-2008-5984) +#504251 +notified maintainer + +-- + +digitaldj (CVE-2008-4948) +#496399 +notified maintainer + +-- + +ed (CVE-2008-3916) +Fix from 0.7-2 +notified maintainer + +-- + +emacs21 (CVE-2007-6109/CVE-2008-1694) +bug #455433, bug #476612 +notified maintainer + +emacs21 (CVE-2008-2142) +bug #480877 +notified maintainer + +-- + +emacs-jabber (CVE-2008-4952) +#496428 +notified maintainer + +-- + +emacspeak (CVE-2008-4191) +#496431 +notified maintainer + +-- + +epiphany-browser (CVE-2008-5985) +#504363 +notified maintainer + +-- + +evolution (CVE-2008-1108, CVE-2008-1109) +#484639 +notified maintainer + +evolution (no CVE) +#484639 +notified maintainer + +-- + +exiv2 (CVE-2008-2696) +bug #486328 +http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499 +notified maintainer + +-- + +flac123 (CVE-2007-3507) +notified maintainer + +-- + +fml (CVE-2008-4954) +#496370 +notified maintainer + +-- + +freeradius (CVE-2008-4474) +#496489 +notified maintainer + +-- + +fwbuilder (CVE-2008-4956) +#496406 +notified maintainer + +-- + +gedit (CVE-2009-0314) +#513513 +notified maintainer + +-- + +gdrae +#496378 +notified maintainer + +-- + +gmanedit (CVE-2008-3971) +#497835 +notified maintainer + +-- + +gpsdrive (CVE-2008-5704, CVE-2008-5703, CVE-2008-5380) +#496436, #508597, #508595 +notified maintainer + +-- + +horde3 (CVE-2008-3330) +#495332 +notified maintainer + +-- + +hplip (CVE-2008-2940/CVE-2008-2941) +#499842 +notified maintainer + +-- + +ipsec-tools (CVE-2008-3651) +http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel +notified maintainer + +ipsec-tools (CVE-2008-3652) +#501026 +https://bugzilla.redhat.com/show_bug.cgi?id=456660 +notified maintainer + +-- + +konwert (CVE-2008-4964) +#496379 +notified maintainer + +-- + +libapache2-mod-perl2 (CVE-2007-1349) +http://svn.apache.org/viewvc?view=rev&revision=521584 +#433549 +notified maintainer + +-- + +libarchive-tar-perl (CVE-2007-4829) +#449544 +notified maintainer + +-- + +libpam-ssh (CVE-2007-0844) +#410236 +notified maintainer + +-- + +libsamplerate (CVE-2008-5008) +https://bugzilla.redhat.com/attachment.cgi?id=323069 +notified maintainer + +-- + +libpng (CVE-2008-1382) +#476669 +notified maintainer + +-- + +liferea (CVE-2005-4791) +notified maintainer + +-- + +lighttpd (CVE-2007-3948) +#434888 +Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own. +http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873 +http://trac.lighttpd.net/trac/ticket/1216 +notified maintainer + +-- + +links2 (CVE-2008-3329) +bug #492744 +notified maintainer + +-- + +linux-ftpd (CVE-2008-4247) +#500278 +notified maintainer + +-- + +linux-ftpd-ssl (CVE-2007-6263) +#454733 +notified maintainer + +-- + +mailscanner (CVE-2008-5312, CVE-2008-5313) +#506353 +notified maintainer + +-- + +mecab (CVE-2007-3231) +#429174 +notified maintainer + +-- + +mercurial (CVE-2008-4297) +#500781 +notified maintainer + +-- + +mgetty (CVE-2008-4936) +#496403 +notified maintainer + +-- + +mgt +#496434 +notified maintainer + +-- + +mksh (CVE-2008-1845) +notified maintainer + +-- + +mldonkey (CVE-2007-4100) +#435439 +notified maintainer + +-- + +mnogosearch (CVE-2007-5588) +#447753 +notified maintainer + +-- + +motion (CVE-2008-2654) +#484572 +notified maintainer + +-- + +mpfr (CVE-2009-0757) + +-- + +multi-gnome-terminal (CVE-2008-5143) +notified maintainer + +-- + +myspell +#496392 +notified maintainer + +-- + +net-snmp (CVE-2008-6123) +Noah will see to it. + +-- + +nfs-utils (CVE-2008-4552) +notified maintainer + +-- + +ngircd (CVE-2008-0285) +notified maintainer + +-- + +nvi +#496462 +notified maintainer + +-- + +p3nfs (CVE-2008-5154) +bug #506270 +notified maintainer + +-- + +paramiko (CVE-2008-0299) +#460706 +notified maintainer + +-- + +python2.4 (CVE-2008-4864, CVE-2008-5031) +#504620 + +python2.5 (CVE-2008-4864, CVE-2008-5031) +#504619 + +-- + +r-base (CVE-2008-3931) +#496418 +notified maintainer + +-- + +rancid (CVE-2008-4979) +#496426 +notified maintainer + +-- + +rccp (CVE-2008-4980) +#496364 +notified maintainer + +-- + +realtimebattle (CVE-2008-4981) +#496385 +notified maintainer + +-- + +redhat-cluster (CVE-2008-4192, CVE-2008-4579, CVE-2008-4580) +#496410 +notified maintainer + +-- + +rkhunter (CVE-2008-4982) +#496375 +notified maintainer + +-- + +rsync (CVE-2007-6200) +#453652 +notified maintainer + +-- + +sabre (CVE-2008-4406, CVE-2008-4407) +#433996 +notified maintainer + +-- + +scilab (CVE-2008-4983) +#496414 +notified maintainer + +-- + +sgml2x (CVE-2008-6397) +#496368 +notified maintainer + +-- + +sip-tester (CVE-2008-1959, CVE-2008-2085) +#479039 +notified maintainer + +-- + +slocate (CVE-2007-0227) +#411937 +notified maintainer + +-- + +smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472) +notified maintainer + +-- + +sng +#496407 +notified maintainer + +-- + +ssmtp (CVE-2008-3962) +#498366 +notified maintainer + +-- + +sylpheed (CVE-2007-2958) +#441854 +http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug +notified maintainer + +-- + +sympa (CVE-2008-4476) +#496405; bug #494969 +notified maintainer + +-- + +tau (CVE-2008-5157) +#506348 +notified maintainer + +-- + +tcl8.3/tcl8.4 (CVE-2007-4772) +notified maintainer + +tcl8.3/tcl8.4 (CVE-2007-6067) + +-- + +texlive-bin (CVE-2007-5935 CVE-2007-5936 CVE-2007-5937) +notified maintainer + +-- + +tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671) +#465643 +notified maintainer + +-- + +tomboy (CVE-2005-4790) +notified maintainer + +-- + +tqsllib 2.0-8 (CVE-2009-0124) +#511509 +notified maintainer + +-- + +trickle (CVE-2009-0415) +#513456 +notified maintainer + +-- + +unp (CVE-2007-6610) +#448437 +notified maintainer + +-- + +xmcd (CVE-2008-4994) +#496416 +notified maintainer + +-- + +vobcopy (CVE-2007-5718) +bug #448319 +notified maintainer + +-- + +wdiff [insecure tempfile in wdiff] +bug #425254 +notified maintainer + +-- + +wims (CVE-2008-4986) +#496387 +notified maintainer + +-- + +wyrd (CVE-2008-0806) +bug #466382 +notified maintainer + +-- + +xastir (CVE-2008-4987) +#496383 +notified maintainer + +-- + +xcal (CVE-2008-4988) +#496393 +notified maintainer + +-- + +xchat (CVE-2009-0315) +#513509 +notified maintainer + +-- + +xemacs21 (CVE-2007-6109/CVE-2008-1694) +bug #457764, bug #476613 +notified maintainer + +xemacs21 (CVE-2008-2142) +bug #480877 +notified maintainer + +-- + +xen-3 (CVE-2008-4993) +#496367 +notified maintainer + +-- + +xfce4 (CVE-2007-6351 CVE-2007-6352) +notified maintainer + +-- + +zabbix (CVE-2008-1353) +bug #471678 +notified maintainer + +-- + +zope-cmfplone (CVE-2008-1394) +notified maintainer + +-- + +zsh (CVE-2007-6209) +bug #454073) +notified maintainer + Modified: data/spu-candidates.txt =================================================================== --- data/spu-candidates.txt 2009-03-13 13:22:03 UTC (rev 11385) +++ data/spu-candidates.txt 2009-03-13 20:48:54 UTC (rev 11386) @@ -5,685 +5,32 @@ -- -acidbase (CVE-2007-5578) -notified maintainer - --- - -aegis -#496400 -notified maintainer - --- - -apertium -#496395 -notified maintainer - --- - asterisk (CVE-2009-0041) #513413 -- -audacity (CVE-2007-6061) -http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283 -notified maintainer - --- - -auctex (no CVE) -#506961 -notified maintainer - --- - -audiolink -#496433 -notified maintainer - --- - -aview -#496422 -notified maintainer - --- - -beagle (CVE-2005-4791) -notified maintainer - --- - -blam (CVE-2005-4791) -notified maintainer - --- - -bluez-libs/bluez-utils (CVE-2008-2374) -https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374 -notified maintainer - --- - -boost (CVE-2008-0172/CVE-2008-0171) -#461236 -notified maintainer - --- - -bugzilla (CVE-2008-2103) -#480190 -notified maintainer - -CVE-2008-4437 -#502019 -notified maintainer - --- - -byacc (CVE-2008-3196) -#491182 -notified maintainer - --- - -bzip2 (CVE-2008-1372) -#471670 -Maintainer has been notified - --- - -cdcontrol -#496438 -notified maintainer - --- - -cdrw-taper -#496380 -notified maintainer - --- - -cecilia (CVE-2008-1832) -#476321 -notified maintainer - --- - -chillispot -#500181 -notified maintainer - --- - -comix (CVE-2008-1568) -#462840 -notified maintainer - --- - -cyrus-sasl2 (no CVE) -#465561 -notified maintainer - --- - -dia -#504251 -notified maintainer - --- - -digitaldj -#496399 -notified maintainer - --- - -ed (CVE-2008-3916) -Fix from 0.7-2 -notified maintainer - --- - -emacs21 (CVE-2007-6109/CVE-2008-1694) -bug #455433, bug #476612 -notified maintainer - -emacs21 (CVE-2008-2142) -bug #480877 -notified maintainer - --- - -emacs-jabber -#496428 -notified maintainer - --- - -emacspeak (CVE-2008-4191) -#496431 -notified maintainer - --- - -epiphany-browser -#504363 -notified maintainer - --- - -evolution (CVE-2008-1108, CVE-2008-1109) -#484639 -notified maintainer - -evolution (no CVE) -#484639 -notified maintainer - --- - -exiv2 (CVE-2008-2696) -bug #486328 -http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499 -notified maintainer - --- - -flac123 (CVE-2007-3507) -notified maintainer - --- - -fml -#496370 -notified maintainer - --- - -freeradius (CVE-2008-4474) -#496489 -notified maintainer - --- - -fwbuilder -#496406 -notified maintainer - --- - -gedit (CVE-2009-0314) -#513513 -notified maintainer - --- - -gdrae -#496378 -notified maintainer - --- - -gmanedit -#497835 -notified maintainer - --- - -gpsdrive (CVE-2008-5704, CVE-2008-5703, CVE-2008-5380) -#496436, #508597, #508595 -notified maintainer - --- - -horde3 (CVE-2008-3330) -#495332 -notified maintainer - --- - -hplip (CVE-2008-2940/CVE-2008-2941) -#499842 -notified maintainer - --- - -ipsec-tools (CVE-2008-3651) -http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel -notified maintainer - -ipsec-tools (CVE-2008-3652) -#501026 -https://bugzilla.redhat.com/show_bug.cgi?id=456660 -notified maintainer - --- - -konwert -#496379 -notified maintainer - --- - -libapache2-mod-perl2 (CVE-2007-1349) -http://svn.apache.org/viewvc?view=rev&revision=521584 -#433549 -notified maintainer - --- - -libarchive-tar-perl (CVE-2007-4829) -#449544 -notified maintainer - --- - -libpam-ssh (CVE-2007-0844) -#410236 -notified maintainer - --- - -libsamplerate (CVE-2008-5008) -https://bugzilla.redhat.com/attachment.cgi?id=323069 -notified maintainer - --- - -libpng (CVE-2008-1382) -#476669 -notified maintainer - --- - -liferea (CVE-2005-4791) -notified maintainer - --- - -lighttpd (CVE-2007-3948) -#434888 -Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own. -http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873 -http://trac.lighttpd.net/trac/ticket/1216 -notified maintainer - --- - -links2 (CVE-2008-3329) -bug #492744 -notified maintainer - --- - -linux-ftpd (CVE-2008-4247) -#500278 -notified maintainer - --- - -linux-ftpd-ssl (CVE-2007-6263) -#454733 -notified maintainer - --- - -mailscanner (CVE-2008-5312, CVE-2008-5313) -#506353 -notified maintainer - --- - -mecab (CVE-2007-3231) -#429174 -notified maintainer - --- - -mercurial (CVE-2008-4297) -#500781 -notified maintainer - --- - -mgetty -#496403 -notified maintainer - --- - -mgt -#496434 -notified maintainer - --- - -mksh (CVE-2008-1845) -notified maintainer - --- - -mldonkey (CVE-2007-4100) -#435439 -notified maintainer - --- - -mnogosearch (CVE-2007-5588) -#447753 -notified maintainer - --- - -motion (CVE-2008-2654) -#484572 -notified maintainer - --- - mpfr (CVE-2009-0757) -- -multi-gnome-terminal (CVE-2008-5143) -notified maintainer - --- - -myspell -#496392 -notified maintainer - --- - net-snmp (CVE-2008-6123) Noah will see to it. -- -nfs-utils (CVE-2008-4552) -notified maintainer - --- - -ngircd (CVE-2008-0285) -notified maintainer - --- - -nvi -#496462 -notified maintainer - --- - -p3nfs (CVE-2008-5154) -bug #506270 -notified maintainer - --- - -paramiko (CVE-2008-0299) -#460706 -notified maintainer - --- - -python2.4 (CVE-2008-4864, CVE-2008-5031) -#504620 - -python2.5 (CVE-2008-4864, CVE-2008-5031) -#504619 - --- - -python-django (CVE-2007-5712) -http://media.djangoproject.com/patches/2007-10-26-security-fix/ -#448838 -notified maintainer - --- - -r-base -#496418 -notified maintainer - --- - -rancid -#496426 -notified maintainer - --- - -rccp -#496364 -notified maintainer - --- - -realtimebattle -#496385 -notified maintainer - --- - -redhat-cluster -#496410 -notified maintainer - --- - -rkhunter -#496375 -notified maintainer - --- - -rsync (CVE-2007-6200) -#453652 -notified maintainer - --- - -sabre -#433996 -notified maintainer - --- - -scilab -#496414 -notified maintainer - --- - -sgml2x -#496368 -notified maintainer - --- - -sip-tester (CVE-2008-1959, CVE-2008-2085) -#479039 -notified maintainer - --- - -slocate (CVE-2007-0227) -#411937 -notified maintainer - --- - -smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472) -notified maintainer - --- - -sng -#496407 -notified maintainer - --- - -ssmtp -#498366 -notified maintainer - --- - -streamripper (CVE-2007-4337) -notified maintainer - --- - -sylpheed (CVE-2007-2958) -#441854 -http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug -notified maintainer - --- - -sympa -#496405; bug #494969 -notified maintainer - --- - tau (CVE-2008-5157) #506348 notified maintainer -- -tcl8.3/tcl8.4 (CVE-2007-4772) -notified maintainer - -tcl8.3/tcl8.4 (CVE-2007-6067) - --- - -texlive-bin (CVE-2007-5935 CVE-2007-5936 CVE-2007-5937) -notified maintainer - --- - -tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671) -#465643 -notified maintainer - --- - -tomboy (CVE-2005-4790) -notified maintainer - --- - -tqsllib 2.0-8 (CVE-2009-0124) -#511509 -notified maintainer - --- - -trickle -#513456 -notified maintainer - --- - -unp (CVE-2007-6610) -#448437 -notified maintainer - --- - -xmcd -#496416 -notified maintainer - --- - -vobcopy (CVE-2007-5718) -bug #448319 -notified maintainer - --- - -wdiff [insecure tempfile in wdiff] -bug #425254 -notified maintainer - --- - -wims -#496387 -notified maintainer - --- - -wyrd (CVE-2008-0806) -bug #466382 -notified maintainer - --- - -xastir -#496383 -notified maintainer - --- - -xcal -#496393 -notified maintainer - --- - -xchat (CVE-2009-0315) -#513509 -notified maintainer - --- - -xemacs21 (CVE-2007-6109/CVE-2008-1694) -bug #457764, bug #476613 -notified maintainer - xemacs21 (CVE-2008-2142) bug #480877 notified maintainer -- -xen-3 +xen-3 (CVE-2008-4993) #496367 notified maintainer - --- - -xfce4 (CVE-2007-6351 CVE-2007-6352) -notified maintainer - --- - -zabbix (CVE-2008-1353) -bug #471678 -notified maintainer - --- - -zope-cmfplone (CVE-2008-1394) -notified maintainer - --- - -zsh (CVE-2007-6209) -bug #454073) -notified maintainer - _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
