[Secure-testing-commits] r11386 - data
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Fri Mar 13 20:48:55 UTC 2009
Author: jmm-guest
Date: 2009-03-13 20:48:54 +0000 (Fri, 13 Mar 2009)
New Revision: 11386
Added:
data/ospu-candidates.txt
Modified:
data/spu-candidates.txt
Log:
split and update spu candidates
Added: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt (rev 0)
+++ data/ospu-candidates.txt 2009-03-13 20:48:54 UTC (rev 11386)
@@ -0,0 +1,677 @@
+This file records minor security issues, which do not warrant a DSA,
+but which could be fixed in a oldstable point update if people feel like
+it. If someone wants to address these, please add a note about it
+and get in contact with debian-release at lists.debian.org
+
+--
+
+acidbase (CVE-2007-5578)
+notified maintainer
+
+--
+
+aegis (CVE-2008-4938)
+#496400
+notified maintainer
+
+--
+
+apertium (CVE-2008-4939)
+#496395
+notified maintainer
+
+--
+
+asterisk (CVE-2009-0041)
+#513413
+
+--
+
+audacity (CVE-2007-6061)
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
+notified maintainer
+
+--
+
+auctex (no CVE)
+#506961
+notified maintainer
+
+--
+
+audiolink (CVE-2008-4942)
+#496433
+notified maintainer
+
+--
+
+aview (CVE-2008-4935)
+#496422
+notified maintainer
+
+--
+
+beagle (CVE-2005-4791)
+notified maintainer
+
+--
+
+blam (CVE-2005-4791)
+notified maintainer
+
+--
+
+bluez-libs/bluez-utils (CVE-2008-2374)
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
+notified maintainer
+
+--
+
+boost (CVE-2008-0172/CVE-2008-0171)
+#461236
+notified maintainer
+
+--
+
+bugzilla (CVE-2008-2103)
+#480190
+notified maintainer
+
+CVE-2008-4437
+#502019
+notified maintainer
+
+--
+
+byacc (CVE-2008-3196)
+#491182
+notified maintainer
+
+--
+
+bzip2 (CVE-2008-1372)
+#471670
+Maintainer has been notified
+
+--
+
+cdcontrol
+#496438
+notified maintainer
+
+--
+
+cdrw-taper (CVE-2008-4945)
+#496380
+notified maintainer
+
+--
+
+cecilia (CVE-2008-1832)
+#476321
+notified maintainer
+
+--
+
+chillispot
+#500181
+notified maintainer
+
+--
+
+comix (CVE-2008-1568)
+#462840
+notified maintainer
+
+--
+
+cyrus-sasl2 (no CVE)
+#465561
+notified maintainer
+
+--
+
+dia (CVE-2008-5984)
+#504251
+notified maintainer
+
+--
+
+digitaldj (CVE-2008-4948)
+#496399
+notified maintainer
+
+--
+
+ed (CVE-2008-3916)
+Fix from 0.7-2
+notified maintainer
+
+--
+
+emacs21 (CVE-2007-6109/CVE-2008-1694)
+bug #455433, bug #476612
+notified maintainer
+
+emacs21 (CVE-2008-2142)
+bug #480877
+notified maintainer
+
+--
+
+emacs-jabber (CVE-2008-4952)
+#496428
+notified maintainer
+
+--
+
+emacspeak (CVE-2008-4191)
+#496431
+notified maintainer
+
+--
+
+epiphany-browser (CVE-2008-5985)
+#504363
+notified maintainer
+
+--
+
+evolution (CVE-2008-1108, CVE-2008-1109)
+#484639
+notified maintainer
+
+evolution (no CVE)
+#484639
+notified maintainer
+
+--
+
+exiv2 (CVE-2008-2696)
+bug #486328
+http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
+notified maintainer
+
+--
+
+flac123 (CVE-2007-3507)
+notified maintainer
+
+--
+
+fml (CVE-2008-4954)
+#496370
+notified maintainer
+
+--
+
+freeradius (CVE-2008-4474)
+#496489
+notified maintainer
+
+--
+
+fwbuilder (CVE-2008-4956)
+#496406
+notified maintainer
+
+--
+
+gedit (CVE-2009-0314)
+#513513
+notified maintainer
+
+--
+
+gdrae
+#496378
+notified maintainer
+
+--
+
+gmanedit (CVE-2008-3971)
+#497835
+notified maintainer
+
+--
+
+gpsdrive (CVE-2008-5704, CVE-2008-5703, CVE-2008-5380)
+#496436, #508597, #508595
+notified maintainer
+
+--
+
+horde3 (CVE-2008-3330)
+#495332
+notified maintainer
+
+--
+
+hplip (CVE-2008-2940/CVE-2008-2941)
+#499842
+notified maintainer
+
+--
+
+ipsec-tools (CVE-2008-3651)
+http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
+notified maintainer
+
+ipsec-tools (CVE-2008-3652)
+#501026
+https://bugzilla.redhat.com/show_bug.cgi?id=456660
+notified maintainer
+
+--
+
+konwert (CVE-2008-4964)
+#496379
+notified maintainer
+
+--
+
+libapache2-mod-perl2 (CVE-2007-1349)
+http://svn.apache.org/viewvc?view=rev&revision=521584
+#433549
+notified maintainer
+
+--
+
+libarchive-tar-perl (CVE-2007-4829)
+#449544
+notified maintainer
+
+--
+
+libpam-ssh (CVE-2007-0844)
+#410236
+notified maintainer
+
+--
+
+libsamplerate (CVE-2008-5008)
+https://bugzilla.redhat.com/attachment.cgi?id=323069
+notified maintainer
+
+--
+
+libpng (CVE-2008-1382)
+#476669
+notified maintainer
+
+--
+
+liferea (CVE-2005-4791)
+notified maintainer
+
+--
+
+lighttpd (CVE-2007-3948)
+#434888
+Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
+http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
+http://trac.lighttpd.net/trac/ticket/1216
+notified maintainer
+
+--
+
+links2 (CVE-2008-3329)
+bug #492744
+notified maintainer
+
+--
+
+linux-ftpd (CVE-2008-4247)
+#500278
+notified maintainer
+
+--
+
+linux-ftpd-ssl (CVE-2007-6263)
+#454733
+notified maintainer
+
+--
+
+mailscanner (CVE-2008-5312, CVE-2008-5313)
+#506353
+notified maintainer
+
+--
+
+mecab (CVE-2007-3231)
+#429174
+notified maintainer
+
+--
+
+mercurial (CVE-2008-4297)
+#500781
+notified maintainer
+
+--
+
+mgetty (CVE-2008-4936)
+#496403
+notified maintainer
+
+--
+
+mgt
+#496434
+notified maintainer
+
+--
+
+mksh (CVE-2008-1845)
+notified maintainer
+
+--
+
+mldonkey (CVE-2007-4100)
+#435439
+notified maintainer
+
+--
+
+mnogosearch (CVE-2007-5588)
+#447753
+notified maintainer
+
+--
+
+motion (CVE-2008-2654)
+#484572
+notified maintainer
+
+--
+
+mpfr (CVE-2009-0757)
+
+--
+
+multi-gnome-terminal (CVE-2008-5143)
+notified maintainer
+
+--
+
+myspell
+#496392
+notified maintainer
+
+--
+
+net-snmp (CVE-2008-6123)
+Noah will see to it.
+
+--
+
+nfs-utils (CVE-2008-4552)
+notified maintainer
+
+--
+
+ngircd (CVE-2008-0285)
+notified maintainer
+
+--
+
+nvi
+#496462
+notified maintainer
+
+--
+
+p3nfs (CVE-2008-5154)
+bug #506270
+notified maintainer
+
+--
+
+paramiko (CVE-2008-0299)
+#460706
+notified maintainer
+
+--
+
+python2.4 (CVE-2008-4864, CVE-2008-5031)
+#504620
+
+python2.5 (CVE-2008-4864, CVE-2008-5031)
+#504619
+
+--
+
+r-base (CVE-2008-3931)
+#496418
+notified maintainer
+
+--
+
+rancid (CVE-2008-4979)
+#496426
+notified maintainer
+
+--
+
+rccp (CVE-2008-4980)
+#496364
+notified maintainer
+
+--
+
+realtimebattle (CVE-2008-4981)
+#496385
+notified maintainer
+
+--
+
+redhat-cluster (CVE-2008-4192, CVE-2008-4579, CVE-2008-4580)
+#496410
+notified maintainer
+
+--
+
+rkhunter (CVE-2008-4982)
+#496375
+notified maintainer
+
+--
+
+rsync (CVE-2007-6200)
+#453652
+notified maintainer
+
+--
+
+sabre (CVE-2008-4406, CVE-2008-4407)
+#433996
+notified maintainer
+
+--
+
+scilab (CVE-2008-4983)
+#496414
+notified maintainer
+
+--
+
+sgml2x (CVE-2008-6397)
+#496368
+notified maintainer
+
+--
+
+sip-tester (CVE-2008-1959, CVE-2008-2085)
+#479039
+notified maintainer
+
+--
+
+slocate (CVE-2007-0227)
+#411937
+notified maintainer
+
+--
+
+smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
+notified maintainer
+
+--
+
+sng
+#496407
+notified maintainer
+
+--
+
+ssmtp (CVE-2008-3962)
+#498366
+notified maintainer
+
+--
+
+sylpheed (CVE-2007-2958)
+#441854
+http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
+notified maintainer
+
+--
+
+sympa (CVE-2008-4476)
+#496405; bug #494969
+notified maintainer
+
+--
+
+tau (CVE-2008-5157)
+#506348
+notified maintainer
+
+--
+
+tcl8.3/tcl8.4 (CVE-2007-4772)
+notified maintainer
+
+tcl8.3/tcl8.4 (CVE-2007-6067)
+
+--
+
+texlive-bin (CVE-2007-5935 CVE-2007-5936 CVE-2007-5937)
+notified maintainer
+
+--
+
+tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
+#465643
+notified maintainer
+
+--
+
+tomboy (CVE-2005-4790)
+notified maintainer
+
+--
+
+tqsllib 2.0-8 (CVE-2009-0124)
+#511509
+notified maintainer
+
+--
+
+trickle (CVE-2009-0415)
+#513456
+notified maintainer
+
+--
+
+unp (CVE-2007-6610)
+#448437
+notified maintainer
+
+--
+
+xmcd (CVE-2008-4994)
+#496416
+notified maintainer
+
+--
+
+vobcopy (CVE-2007-5718)
+bug #448319
+notified maintainer
+
+--
+
+wdiff [insecure tempfile in wdiff]
+bug #425254
+notified maintainer
+
+--
+
+wims (CVE-2008-4986)
+#496387
+notified maintainer
+
+--
+
+wyrd (CVE-2008-0806)
+bug #466382
+notified maintainer
+
+--
+
+xastir (CVE-2008-4987)
+#496383
+notified maintainer
+
+--
+
+xcal (CVE-2008-4988)
+#496393
+notified maintainer
+
+--
+
+xchat (CVE-2009-0315)
+#513509
+notified maintainer
+
+--
+
+xemacs21 (CVE-2007-6109/CVE-2008-1694)
+bug #457764, bug #476613
+notified maintainer
+
+xemacs21 (CVE-2008-2142)
+bug #480877
+notified maintainer
+
+--
+
+xen-3 (CVE-2008-4993)
+#496367
+notified maintainer
+
+--
+
+xfce4 (CVE-2007-6351 CVE-2007-6352)
+notified maintainer
+
+--
+
+zabbix (CVE-2008-1353)
+bug #471678
+notified maintainer
+
+--
+
+zope-cmfplone (CVE-2008-1394)
+notified maintainer
+
+--
+
+zsh (CVE-2007-6209)
+bug #454073)
+notified maintainer
+
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2009-03-13 13:22:03 UTC (rev 11385)
+++ data/spu-candidates.txt 2009-03-13 20:48:54 UTC (rev 11386)
@@ -5,685 +5,32 @@
--
-acidbase (CVE-2007-5578)
-notified maintainer
-
---
-
-aegis
-#496400
-notified maintainer
-
---
-
-apertium
-#496395
-notified maintainer
-
---
-
asterisk (CVE-2009-0041)
#513413
--
-audacity (CVE-2007-6061)
-http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
-notified maintainer
-
---
-
-auctex (no CVE)
-#506961
-notified maintainer
-
---
-
-audiolink
-#496433
-notified maintainer
-
---
-
-aview
-#496422
-notified maintainer
-
---
-
-beagle (CVE-2005-4791)
-notified maintainer
-
---
-
-blam (CVE-2005-4791)
-notified maintainer
-
---
-
-bluez-libs/bluez-utils (CVE-2008-2374)
-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
-notified maintainer
-
---
-
-boost (CVE-2008-0172/CVE-2008-0171)
-#461236
-notified maintainer
-
---
-
-bugzilla (CVE-2008-2103)
-#480190
-notified maintainer
-
-CVE-2008-4437
-#502019
-notified maintainer
-
---
-
-byacc (CVE-2008-3196)
-#491182
-notified maintainer
-
---
-
-bzip2 (CVE-2008-1372)
-#471670
-Maintainer has been notified
-
---
-
-cdcontrol
-#496438
-notified maintainer
-
---
-
-cdrw-taper
-#496380
-notified maintainer
-
---
-
-cecilia (CVE-2008-1832)
-#476321
-notified maintainer
-
---
-
-chillispot
-#500181
-notified maintainer
-
---
-
-comix (CVE-2008-1568)
-#462840
-notified maintainer
-
---
-
-cyrus-sasl2 (no CVE)
-#465561
-notified maintainer
-
---
-
-dia
-#504251
-notified maintainer
-
---
-
-digitaldj
-#496399
-notified maintainer
-
---
-
-ed (CVE-2008-3916)
-Fix from 0.7-2
-notified maintainer
-
---
-
-emacs21 (CVE-2007-6109/CVE-2008-1694)
-bug #455433, bug #476612
-notified maintainer
-
-emacs21 (CVE-2008-2142)
-bug #480877
-notified maintainer
-
---
-
-emacs-jabber
-#496428
-notified maintainer
-
---
-
-emacspeak (CVE-2008-4191)
-#496431
-notified maintainer
-
---
-
-epiphany-browser
-#504363
-notified maintainer
-
---
-
-evolution (CVE-2008-1108, CVE-2008-1109)
-#484639
-notified maintainer
-
-evolution (no CVE)
-#484639
-notified maintainer
-
---
-
-exiv2 (CVE-2008-2696)
-bug #486328
-http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
-notified maintainer
-
---
-
-flac123 (CVE-2007-3507)
-notified maintainer
-
---
-
-fml
-#496370
-notified maintainer
-
---
-
-freeradius (CVE-2008-4474)
-#496489
-notified maintainer
-
---
-
-fwbuilder
-#496406
-notified maintainer
-
---
-
-gedit (CVE-2009-0314)
-#513513
-notified maintainer
-
---
-
-gdrae
-#496378
-notified maintainer
-
---
-
-gmanedit
-#497835
-notified maintainer
-
---
-
-gpsdrive (CVE-2008-5704, CVE-2008-5703, CVE-2008-5380)
-#496436, #508597, #508595
-notified maintainer
-
---
-
-horde3 (CVE-2008-3330)
-#495332
-notified maintainer
-
---
-
-hplip (CVE-2008-2940/CVE-2008-2941)
-#499842
-notified maintainer
-
---
-
-ipsec-tools (CVE-2008-3651)
-http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
-notified maintainer
-
-ipsec-tools (CVE-2008-3652)
-#501026
-https://bugzilla.redhat.com/show_bug.cgi?id=456660
-notified maintainer
-
---
-
-konwert
-#496379
-notified maintainer
-
---
-
-libapache2-mod-perl2 (CVE-2007-1349)
-http://svn.apache.org/viewvc?view=rev&revision=521584
-#433549
-notified maintainer
-
---
-
-libarchive-tar-perl (CVE-2007-4829)
-#449544
-notified maintainer
-
---
-
-libpam-ssh (CVE-2007-0844)
-#410236
-notified maintainer
-
---
-
-libsamplerate (CVE-2008-5008)
-https://bugzilla.redhat.com/attachment.cgi?id=323069
-notified maintainer
-
---
-
-libpng (CVE-2008-1382)
-#476669
-notified maintainer
-
---
-
-liferea (CVE-2005-4791)
-notified maintainer
-
---
-
-lighttpd (CVE-2007-3948)
-#434888
-Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
-http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
-http://trac.lighttpd.net/trac/ticket/1216
-notified maintainer
-
---
-
-links2 (CVE-2008-3329)
-bug #492744
-notified maintainer
-
---
-
-linux-ftpd (CVE-2008-4247)
-#500278
-notified maintainer
-
---
-
-linux-ftpd-ssl (CVE-2007-6263)
-#454733
-notified maintainer
-
---
-
-mailscanner (CVE-2008-5312, CVE-2008-5313)
-#506353
-notified maintainer
-
---
-
-mecab (CVE-2007-3231)
-#429174
-notified maintainer
-
---
-
-mercurial (CVE-2008-4297)
-#500781
-notified maintainer
-
---
-
-mgetty
-#496403
-notified maintainer
-
---
-
-mgt
-#496434
-notified maintainer
-
---
-
-mksh (CVE-2008-1845)
-notified maintainer
-
---
-
-mldonkey (CVE-2007-4100)
-#435439
-notified maintainer
-
---
-
-mnogosearch (CVE-2007-5588)
-#447753
-notified maintainer
-
---
-
-motion (CVE-2008-2654)
-#484572
-notified maintainer
-
---
-
mpfr (CVE-2009-0757)
--
-multi-gnome-terminal (CVE-2008-5143)
-notified maintainer
-
---
-
-myspell
-#496392
-notified maintainer
-
---
-
net-snmp (CVE-2008-6123)
Noah will see to it.
--
-nfs-utils (CVE-2008-4552)
-notified maintainer
-
---
-
-ngircd (CVE-2008-0285)
-notified maintainer
-
---
-
-nvi
-#496462
-notified maintainer
-
---
-
-p3nfs (CVE-2008-5154)
-bug #506270
-notified maintainer
-
---
-
-paramiko (CVE-2008-0299)
-#460706
-notified maintainer
-
---
-
-python2.4 (CVE-2008-4864, CVE-2008-5031)
-#504620
-
-python2.5 (CVE-2008-4864, CVE-2008-5031)
-#504619
-
---
-
-python-django (CVE-2007-5712)
-http://media.djangoproject.com/patches/2007-10-26-security-fix/
-#448838
-notified maintainer
-
---
-
-r-base
-#496418
-notified maintainer
-
---
-
-rancid
-#496426
-notified maintainer
-
---
-
-rccp
-#496364
-notified maintainer
-
---
-
-realtimebattle
-#496385
-notified maintainer
-
---
-
-redhat-cluster
-#496410
-notified maintainer
-
---
-
-rkhunter
-#496375
-notified maintainer
-
---
-
-rsync (CVE-2007-6200)
-#453652
-notified maintainer
-
---
-
-sabre
-#433996
-notified maintainer
-
---
-
-scilab
-#496414
-notified maintainer
-
---
-
-sgml2x
-#496368
-notified maintainer
-
---
-
-sip-tester (CVE-2008-1959, CVE-2008-2085)
-#479039
-notified maintainer
-
---
-
-slocate (CVE-2007-0227)
-#411937
-notified maintainer
-
---
-
-smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
-notified maintainer
-
---
-
-sng
-#496407
-notified maintainer
-
---
-
-ssmtp
-#498366
-notified maintainer
-
---
-
-streamripper (CVE-2007-4337)
-notified maintainer
-
---
-
-sylpheed (CVE-2007-2958)
-#441854
-http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
-notified maintainer
-
---
-
-sympa
-#496405; bug #494969
-notified maintainer
-
---
-
tau (CVE-2008-5157)
#506348
notified maintainer
--
-tcl8.3/tcl8.4 (CVE-2007-4772)
-notified maintainer
-
-tcl8.3/tcl8.4 (CVE-2007-6067)
-
---
-
-texlive-bin (CVE-2007-5935 CVE-2007-5936 CVE-2007-5937)
-notified maintainer
-
---
-
-tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
-#465643
-notified maintainer
-
---
-
-tomboy (CVE-2005-4790)
-notified maintainer
-
---
-
-tqsllib 2.0-8 (CVE-2009-0124)
-#511509
-notified maintainer
-
---
-
-trickle
-#513456
-notified maintainer
-
---
-
-unp (CVE-2007-6610)
-#448437
-notified maintainer
-
---
-
-xmcd
-#496416
-notified maintainer
-
---
-
-vobcopy (CVE-2007-5718)
-bug #448319
-notified maintainer
-
---
-
-wdiff [insecure tempfile in wdiff]
-bug #425254
-notified maintainer
-
---
-
-wims
-#496387
-notified maintainer
-
---
-
-wyrd (CVE-2008-0806)
-bug #466382
-notified maintainer
-
---
-
-xastir
-#496383
-notified maintainer
-
---
-
-xcal
-#496393
-notified maintainer
-
---
-
-xchat (CVE-2009-0315)
-#513509
-notified maintainer
-
---
-
-xemacs21 (CVE-2007-6109/CVE-2008-1694)
-bug #457764, bug #476613
-notified maintainer
-
xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer
--
-xen-3
+xen-3 (CVE-2008-4993)
#496367
notified maintainer
-
---
-
-xfce4 (CVE-2007-6351 CVE-2007-6352)
-notified maintainer
-
---
-
-zabbix (CVE-2008-1353)
-bug #471678
-notified maintainer
-
---
-
-zope-cmfplone (CVE-2008-1394)
-notified maintainer
-
---
-
-zsh (CVE-2007-6209)
-bug #454073)
-notified maintainer
-
More information about the Secure-testing-commits
mailing list