[Secure-testing-commits] r18645 - data

Sun Mar 11 15:41:39 UTC 2012

Author: jmw
Date: 2012-03-11 15:41:38 +0000 (Sun, 11 Mar 2012)
New Revision: 18645

Modified:
   data/ospu-candidates.txt
Log:
eol lenny

Modified: data/ospu-candidates.txt
===================================================================

--- data/ospu-candidates.txt	2012-03-11 12:06:07 UTC (rev 18644)
+++ data/ospu-candidates.txt	2012-03-11 15:41:38 UTC (rev 18645)
@@ -1,926 +1,6 @@
 This file records minor security issues, which do not warrant a DSA,
-but which could be fixed in a oldstable point update if people feel like
+but which could be fixed in a stable point update if people feel like
 it. If someone wants to address these, please add a note about it
 and get in contact with debian-release at lists.debian.org
 
-feh (CVE-2011-1031, CVE-2011-0702)
-#612035
-waiting unstable
-
 --
-
-abcm2ps (CVE-2010-3441, CVE-2010-4743, CVE-2010-4744)
-#577014
-awaiting maintainer response
-
---
-
-acidbase (CVE-2009-4590, CVE-2009-4591, CVE-2009-4592)
-notified maintainer
-
-CVE-2009-4839  CVE-2009-4838 CVE-2009-4837 
-maintainer contacted us, notified about spu status
-
---
-
-acpid (CVE-2011-1159)
-https://bugzilla.redhat.com/show_bug.cgi?id=688698
-
---
-
-acl (CVE-2009-4411)
-#499076
-notified maintainer
-awaiting maintainer response
-
---
-
-aptitude (CVE-2011-XXXX)
-#612034
-
---
-
-ax25-tools (CVE-2011-2910)
-#638918
-waiting unstable
-
---
-
-babel (CVE-2009-3736)
-#559843
-notified maintainer
-awaiting maintainer response
-
---
-
-bugzilla (CVE-2009-0481 to CVE-2009-0485)
-notified maintainer
-
-CVE-2010-1204
-notified maintainer through initial bugreport
-
---
-
-buildbot (CVE-2009-2959, CVE-2009-2967)
-#543822
-notified maintainer
-
---
-
-calendarserver 
-#605157
-
---
-
-ccid (CVE-2010-4530)
-#607780
-
---
-
-centerim
-CVE-2009-3720
-
---
-
-compiz-fusion-plugins-main (CVE-2008-6514)
-notified maintainer
-
---
-
-couchdb (CVE-2010-0009)
-#576304
-notified maintainer
-
---
-
-cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
-#528434
-notified maintainer
-
---
-
-cups (CVE-2009-3553)
-#557740
-maintainer notified in initial bug report
-Initial patch was incomplete; 
-
-cups (CVE-2010-0302)
-#572940
-notified maintainer
-
---
-
-dbus-glib (CVE-2010-1172)
-#592753
-
---
-
-devil (CVE-2009-3994)
-#560080
-notified maintainer
-
---
-
-dokuwiki (XML-RPC vulns)
-maintainer is working on uploads
-
---
-
-dopewars (CVE-2009-3591)
-#550913
-notified maintainer
-
---
-
-dstat (CVE-2009-3894)
-http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
-notified maintainer
-
-dstat (CVE-2009-4081)
-#559667
-notified maintainer
-
---
-
-eclipse (CVE-2010-4647)
-#611849
-awaiting maintainer response
-
---
-
-evolution (CVE-2009-1631)
-#526409
-notified maintainer through initial bugreport
-
---
-
-exim4 (CVE-2010-2023, CVE-2010-2024)
-notified maintainers
-
---
-
-fail2ban [fail2ban: Insecure creating/writing to tmpfile]
-#544232
-
---
-
-fastjar (CVE-2010-0831, CVE-2010-2322)
-
---
-
-fcron (CVE-2010-0791)
-#572587
-notified maintainer through initial bugreport
-
---
-
-feedparser
-CVE-2011-1158 [sanitizer doesn't strip unsafe URI schemes]
-CVE-2011-1157 [sanitization can be bypassed by malformed XML comments]
-CVE-2011-1156 [invalid text in XML declaration causes sanitizer to crash]
-CVE-2011-XXXX [XSS vuln]
-#617998
-waiting unstable
-
---
-
-feh (CVE-2011-XXXX)
-#612035
-
---
-
-
-flash-kernel temp file handling (fixed in 2.33)
-
-
---
-
-foo2zjs (CVE-2011-2684)
-maintainer notified in initial bug report
-
---
-
-gif2png (CVE-2010-4695/CVE-2010-4696)
-#610479
-awaiting maintainer response
-
---
-
-gnome-shell (CVE-2010-4000)
-
---
-
-gnome-subtitles (CVE-2010-3357)
-#598289
-
---
-
-CVE-2008-XXXX [greylistd bypass]
-#464084
-
---
-
-ika (CVE-2010-3361)
-#5982925B
-notified maintainer
-
---
-
-imp4 (CVE-2010-0463)
-#569661
-notified maintainer
-
---
-
-libgnucrypto-java (CVE-2008-5659) 
-#559789
-removed
-
---
-
-gnome-schedule
-#605169
-
---
-
-gnucash (CVE-2010-3999)
-#603329
-
---
-
-gnumed-client
-#605159
-
---
-
-gnutls26 (CVE-2009-1417)
-#531614
-notified maintainer
-
---
-
-gri (no CVE)
-fixed in gri 2.12.18-1:
-"Improve security when creating temporary files."
-notified maintainer
-
---
-
-gupnp (CVE-2009-2174)
-#534594
-notified maintainer
-
---
-
-hammerhead (CVE-2011-3204)
-#639890
-waiting unstable
-
---
-
-htmldoc (CVE-2009-3050)
-#537637
-notified maintainer through initial bugreport
-
---
-
-hypermail (CVE-2010-4339)
-#598743
-
---
-
-hypre (CVE-2009-3736)
-#559834
-notified maintainer
-
---
-
-iceweasel (CVE-2009-0777)
-#576466
-notified maintainer
-
---
-
-ironpython
-#605158
-
---
-
-kde4libs (CVE-2009-2702)
-#546218
-notified maintainer
-
-kde4libs (CVE-2009-0689)
-notified maintainer
-
---
-
-kdeutils (CVE-2011-2725)
-#635541
-
---
-
-keepalived (CVE-2011-1784)
-#626281
-
---
-
-kfreebsd-6
-[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
-http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
-notified maintainer
-
-[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
-http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
-notified maintainer
-
---
-
-kfreebsd-7
-[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
-http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
-notified maintainer
-
-[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935)
-http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
-notified maintainer
-
---
-
-krb5 (CVE-2011-0281/CVE-2010-0282)
-maintainer preparing upload (r16154)
-
-krb5 (CVE-2011-0284)
-#618517
-waiting unstable
-
---
-
-kvm 82-1 (CVE-2008-5714)
-#509997
-notified maintainer
-
---
-
-lcms (CVE-2009-0793)
-notified maintainer through initial bugreport
-
---
-
-libesmtp (CVE-2010-1192)
-#572960
-maintainer contacted us, notified about spu status
-
---
-
-libnss-db (CVE-2010-0826)
-#577057
-
---
-
-liboggz (CVE-2009-3377)
-Fixed in 0.9.9-1
-Too intrusive to backport, needs to be updated to 0.9.9. Requires additional rebuild of rev dep.
-
---
-
-libglpng (CVE-2010-1516)
-
---
-
-libpoe-component-irc-perl
-#581194
-maintainer contacted us
-
---
-
-libsndfile
-potential dos via crafted input
-#530831
-notified maintainer
-
---
-
-libvorbis (CVE-2008-2009)
-notified maintainer and release team
-
---
-
-libstruts1.2-java (CVE-2008-2025)
-#528352
-notified maintainer
-
---
-
-linux-ftpd: null ptr dereference
-#572813
-notified maintainer
-
---
-
-logrotate [logrotate race condition could lead to file disclosure]
-Fixed in sid in 3.7.8-4
-
---
-
-makepasswd (no CVE ID)
-#564559
-notified maintainer
-
---
-
-mako (CVE-2010-2480)
-http://bugs.python.org/issue9061
-
---
-
-mapserver (CVE-2010-3484, CVE-2010-3485)
-fixed in 5.6.4-1
-
---
-
-maradns
-http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
-notified maintainer
-
---
-
-matrixssl
-CVE-2009-3555
-
-
---
-
-mcabber (CVE-2009-3720/CVE-2009-3560)
-#601053
-awaiting maintainer response
-
---
-
-mediatomb (CVE-2010-XXXX)
-#580120
-Interface should be disabled in a point update, no real fix
-
---
-
-memcached (CVE-2009-1255)
-notified maintainer
-
---
-
-mercurial (CVE-2010-4237)
-#598841
-
---
-
-mimedecode
-potential dos/crash due to invalid input
-orphaned
-#530430
-
---
-
-mingetty
-#597382
-
---
-
-mono-debugger (CVE-2010-3369)
-#598299
-
---
-
-mutt (CVE-2011-1429)
-#619216
-
---
-
-mpg123 (CVE-2009-1301)
-notified maintainer
-
---
-
-neon27 (CVE-2009-2474)
-#542926
-notified maintainer
-
---
-
-neon26 (CVE-2009-2474)
-#542926
-notified maintainer
-
---
-
-net-snmp (CVE-2008-6123)
-Noah will see to it.
-
---
-
-network-manager-applet (CVE-2009-4144)
-#560067
-notified maintainer through initial bugreport
-
-CVE-2009-4145
-#563371
-notified maintainer through initial bugreport
-
---
-
-ntop (CVE-2009-2732)
-#543312
-notified maintainer through initial bugreport
-
---
-
-open-vm-tools (CVE-2011-1681)
-
---
-
-otrs2 (CVE-2011-2746)
-http://otrs.org/advisory/OSA-2011-03-en/
-
---
-
-perl (CVE-2011-3597)
-
---
-
-phpbb3 (CVE-2010-1630, 1627)
-
---
-
-pidgin CVE-2011-XXXX
-http://www.pidgin.im/news/security/?id=50
-
---
-
-postfix (CVE-2009-2939)
-notified maintainer
-
---
-
-prosody (CVE-2011-2205)
-#579087
-Also requires additional fix in lua-expat
-
---
-
-puppet (CVE-2009-3564, CVE-2010-0156)
-
---
-
-python2.4 (CVE-2011-1015)
-http://bugs.python.org/issue2254
-
---
-
-python2.5 (CVE-2011-1015)
-http://bugs.python.org/issue2254
-
-
-
-python-numpy (CVE-2010-XXXX [numpy memory corruption])
-#581058
-http://projects.scipy.org/numpy/changeset/8364
-
---
-
-rdesktop (CVE-2011-1595)
-#623552
-https://bugzilla.redhat.com/attachment.cgi?id=492845&action=diff&context=patch&collapsed=&headers=1&format=raw
-
---
-
-roaraudio (CVE-2010-3362)
-#598295
-
---
-
-ruby1.8 (CVE-2010-0541, CVE-2011-1004, CVE-2011-1005)
-#615517, #615518
-awaiting maintainer response
-
-CVE-2011-3624
-
---
-
-ruby1.9 (CVE-2010-0541, CVE-2011-1004)
-#615519
-awaiting maintainer response
-
-CVE-2011-3624
-
---
-
-squid (CVE-2009-0801)
-#521053
-notified maintainer
-
---
-
-squid3 (CVE-2009-0801)
-#521052
-notified maintainer
-
---
-
-stunnel (CVE-2011-XXXX)
-http://www.stunnel.org/?page=sdf_ChangeLog (v4.35)
-
---
-
-tangerine (CVE-2010-3381)
-#598302
-
---
-
-t-prot (CVE-2009-4404)
-notified maintainer
-
---
-
-texmacs (CVE-2010-3394)
-#598424
-
---
-
-tomcat-native (CVE-2009-3555)
-
---
-
-torcs (CVE-2010-3384)
-#598306
-
---
-
-vte (CVE-2011-2198)
-#629688
-awaiting maintainer response
-
---
-
-ocsinventory-server (CVE-2009-3040, CVE-2009-3042, CVE-2009-1443)
-#541995
-notified maintainer
-
---
-
-offlineimap (CVE-2010-4533, CVE-2010-4532)
-#606962
-
---
-
-openldap (CVE-2011-1024/CVE-2011-1025/CVE-2011-1081)
-#617606
-maintainer preparing upload
-
---
-
-openldap
-#253838
-notified maintainer
-
---
-
-overkill (no CVE yet)
-#549310
-
---
-
-owl (CVE-2009-0363)
-#515118
-notified maintainer
-
---
-
-pam (CVE-2009-0579)
-#514437
-asked maintainer in mail
-
-CVE-2010-4708/CVE-2010-4707/CVE-2010-4706
-
---
-
-pidgin (CVE-2009-1889, CVE-2009-3085)
-#535790
-http://developer.pidgin.im/ticket/9483
-http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
-notified maintainer
-
---
-
-pptp-linux (no CVE)
-#523476
-Ola will prepare a fix in a point update
-
---
-
-prewikka (CVE-2010-2058)
-#584469
-
-
---
-
-puppet (CVE-2009-3564)
-#551073
-notified maintainer in initial bug report
-
-CVE-2010-0156
-#https://bugzilla.redhat.com/show_bug.cgi?id=502881
-notified maintainer
-
---
-
-python-4suite (CVE-2009-3560, CVE-2009-3720)
-#560914
-notified maintainer
-
---
-
-python-cjson (CVE-2009-4924)
-#593302
-
---
-
-python2.4 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134)
-
-
---
-
-python2.5 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134, CVE-2010-3493)
-
---
-
-qtparted (CVE-2010-3375)
-#598301
-
---
-
-rails (CVE-2009-3086)
-bug #545063
-notified maintainer
-
---
-
-scilab (CVE-2010-3378)
-#598423; #598422
-
---
-
-shibboleth-sp2: world-readable key (no CVE)
-#571631
-notified maintainer through bugreport
-
---
-
-snappea
-#605151
-
---
-
-squid (CVE-2010-0639)
-#572553
-Maintainer notified through initial bugreport
-
---
-
-squid3 (CVE-2010-0639)
-#572554
-Maintainer notified through initial bugreport
-
---
-
-sqlite
-#566326
-
---
-
-tau (CVE-2008-5157)
-#506348
-notified maintainer
-
---
-
-tcptrack (CVE-2011-2903)
-#551092
-
---
-
-teamspeak-client
-#598304
-
---
-
-teamspeak-server
-#598305
-
---
-
-trac (CVE-2009-4405)
-notified maintainer
-
---
-
-udev (#462655)
-notified maintainer
-
---
-
-vftool (CVE-2011-0433)
-https://bugzilla.gnome.org/show_bug.cgi?id=640923
-bug #614669
-awaiting maintainer response
-
---
-
-planet (CVE-2009-2937)
-bug #546178
-notified maintainer through initial bugreport
-
---
-
-w3m (CVE-2010-2074)
-maintainer notified through bug report
-
---
-
-webkit (CVE-2008-4724)
-#520052
-asked maintainer
-
---
-
-widelands
-#617960
-maintainer preparing upload
-
---
-
-xemacs21 (CVE-2008-2142)
-bug #480877
-notified maintainer
-
-xemacs21 (CVE-2009-2688)
-#540470
-Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
-notified maintainer
-
---
-
-xen-3 (CVE-2008-4993)
-#496367
-notified maintainer
-
---
-
-xerces-c2 (CVE-2009-1885)
-#541986
-notified maintainer
-
---
-
-xfig
-25_mkstemp added in 1:3.2.5.a-1
-notified maintainer
-
-CVE-2009-4228/CVE-2009-4227
-#559274)
-https://bugzilla.redhat.com/show_bug.cgi?id=543905
-notified maintainer
-
---
-
-xmp (CVE-2007-6731, CVE-2007-6732)
-#546730
-notified maintainer
-
---
-
-ytnef (CVE-2009-3887, CVE-2009-3721)
-notified maintainer
-
---
-
-ziproxy (CVE-2009-0804)
-#521051
-notified maintainer
-
---
-
-zope2.10 (no CVE)
-https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html
-
---
-
-zoph (CVE-2008-6838, CVE-2008-6837, CVE-2009-2343)
-http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249
-http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128
-notified maintainer
-
---
-
-quassel
-#640960
-
---


