This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a oldstable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

acidbase (CVE-2007-5578)
notified maintainer

--

aegis (CVE-2008-4938)
#496400
notified maintainer

--

apertium (CVE-2008-4939)
#496395
notified maintainer

--

asterisk (CVE-2009-0041)
#513413
notified maintainer

CVE-2008-3903
#522528
notified maintainer

--

audacity (CVE-2007-6061)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
notified maintainer

--

auctex (no CVE)
#506961
notified maintainer

--

audiolink (CVE-2008-4942)
#496433
notified maintainer

--

avahi (CVE-2009-0758)
#517683
notified maintainer

--

aview (CVE-2008-4935)
#496422
notified maintainer

--

backuppc (CVE-2009-3369)
#542218
notified maintainer

--

beagle (CVE-2005-4791)
notified maintainer

--

blam (CVE-2005-4791)
notified maintainer

--

bluez-libs/bluez-utils (CVE-2008-2374)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
notified maintainer

--

boost (CVE-2008-0172/CVE-2008-0171)
#461236
notified maintainer

--

bugzilla (CVE-2008-2103)
#480190
notified maintainer

CVE-2008-4437
#502019
notified maintainer

bugzilla (CVE-2009-0481 to CVE-2009-0485)
notified maintainer

--

burn: (no CVE yet)
#542329
notified maintainer through bug report

--

byacc (CVE-2008-3196)
#491182
notified maintainer

--

bzip2 (CVE-2008-1372)
#471670
Maintainer has been notified

--

cdcontrol
#496438
notified maintainer

--

cdrw-taper (CVE-2008-4945)
#496380 
notified maintainer

--

cecilia (CVE-2008-1832)
#476321
notified maintainer

--

chillispot
#500181
notified maintainer

--

comix (CVE-2008-1568)
#462840
notified maintainer

--

cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
#528434
notified maintainer

--

cupsys (CVE-2008-5377)
notified maintainer

--

cyrus-sasl2 (no CVE)
#465561
notified maintainer

--

dia (CVE-2008-5984)
#504251
notified maintainer

--

digitaldj (CVE-2008-4948)
#496399
notified maintainer

--

dopewars (CVE-2009-3591)
#550913
notified maintainer

--

dstat (CVE-2009-3894)
http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog

--

ed (CVE-2008-3916)
Fix from 0.7-2
notified maintainer

--

emacs21 (CVE-2007-6109/CVE-2008-1694)
bug #455433, bug #476612
notified maintainer

emacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

emacs-jabber (CVE-2008-4952)
#496428
notified maintainer

--

emacspeak (CVE-2008-4191)
#496431
notified maintainer

--

epiphany-browser (CVE-2008-5985)
#504363
notified maintainer

--

evolution (CVE-2008-1108, CVE-2008-1109)
#484639
notified maintainer

evolution (no CVE)
#484639
notified maintainer

evolution (CVE-2009-1631)
#526409
notified maintainer through initial bugreport

--

exiv2 (CVE-2008-2696)
bug #486328
http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
notified maintainer

--

flac123 (CVE-2007-3507)
notified maintainer

--

fml (CVE-2008-4954)
#496370
notified maintainer

--

freeradius (CVE-2008-4474)
#496489
notified maintainer

--

fwbuilder (CVE-2008-4956)
#496406
notified maintainer

--

gedit (CVE-2009-0314)
#513513
notified maintainer

--

gdrae
#496378
notified maintainer

--

glib2.0 (CVE-2009-3289)
https://bugzilla.gnome.org/show_bug.cgi?id=593406
notified maintainer

--

gmanedit (CVE-2008-3971)
#497835
notified maintainer

--

gnutls13 (CVE-2009-1417)
#531614
notified maintainer

--

gpsdrive (CVE-2008-5704, CVE-2008-5703, CVE-2008-5380)
#496436, #508597, #508595
notified maintainer

--

gri (no CVE)
fixed in gri 2.12.18-1:
"Improve security when creating temporary files."
notified maintainer

--

gupnp (CVE-2009-2174)
#534594

--

hplip (CVE-2008-2940/CVE-2008-2941)
#499842
notified maintainer

--

htmldoc (CVE-2009-3050)
#537637
notified maintainer through initial bugreport

--

ipsec-tools (CVE-2008-3651)
http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
notified maintainer

ipsec-tools (CVE-2008-3652)
#501026
https://bugzilla.redhat.com/show_bug.cgi?id=456660
notified maintainer

--

kaya (CVE-2008-6428)
notified maintainer

--

konwert (CVE-2008-4964)
#496379
notified maintainer

--

lcms (CVE-2009-0793)
notified maintainer through initial bugreport

--

libapache2-mod-perl2 (CVE-2007-1349)
http://svn.apache.org/viewvc?view=rev&revision=521584
#433549
notified maintainer

--

libpam-ssh (CVE-2007-0844)
#410236
notified maintainer

--

libsamplerate (CVE-2008-5008)
https://bugzilla.redhat.com/attachment.cgi?id=323069
notified maintainer

--
libsndfile
potential dos via crafted input
#530831

--

libpam-ssh (CVE-2009-1273)
#535877
maintainer notified through initial bug report

--

libpng (CVE-2008-1382)
#476669
notified maintainer

libpng (CVE-2009-2042)
#533676
notified maintainer

--

libvorbis (CVE-2008-2009)
notified maintainer and release team

--

liferea (CVE-2005-4791)
notified maintainer

--

lighttpd (CVE-2007-3948)
#434888
Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
http://trac.lighttpd.net/trac/ticket/1216
notified maintainer

--

links2 (CVE-2008-3329)
bug #492744
notified maintainer

--

linux-ftpd (CVE-2008-4247)
#500278
notified maintainer

--

linux-ftpd-ssl (CVE-2007-6263)
#454733
notified maintainer

--

mailscanner (CVE-2008-5312, CVE-2008-5313)
#506353
notified maintainer

--

mecab (CVE-2007-3231)
#429174
notified maintainer

--

mercurial (CVE-2008-4297)
#500781
notified maintainer

--

mgetty (CVE-2008-4936)
#496403
notified maintainer

--

mgt
#496434
notified maintainer

--

memcached (CVE-2009-1255)
bug #527330
notified maintainer

--

mimedecode
potential dos/crash due to invalid input
#530430
orphaned

--

mksh (CVE-2008-1845)
notified maintainer

--

mldonkey (CVE-2007-4100)
#435439
notified maintainer

--

mnogosearch (CVE-2007-5588)
#447753
notified maintainer

--

motion (CVE-2008-2654)
#484572
notified maintainer

--

mpg123 (CVE-2009-1301)
notified maintainer

--

multi-gnome-terminal (CVE-2008-5143)
notified maintainer

--

myspell
#496392
notified maintainer

--

neon (CVE-2009-2474)
#542926 
notified maintainer

--

neon26 (CVE-2009-2474)
#542926
notified maintainer

--

net-snmp (CVE-2008-6123)
Noah will see to it.

--

nfs-utils (CVE-2008-4552)
notified maintainer

--

ngircd (CVE-2008-0285)
notified maintainer

--

ntop (CVE-2009-2732)
#543312
notified maintainer through initial bugreport

--

nvi
#496462
notified maintainer

--

openldap
#253838
notified maintainer

--

overkill (no CVE yet)
#549310

--

owl (CVE-2009-0363)
#515118
notified maintainer

--

p3nfs (CVE-2008-5154)
bug #506270
notified maintainer

--

pam (CVE-2009-0579)
#514437
asked maintainer in mail

--

paramiko (CVE-2008-0299)
#460706
notified maintainer

--

planet (CVE-2009-2937)
bug #546178
notified maintainer through initial bugreport

--

postfix (CVE-2009-2939)
notified maintainer

postfix (CVE-2008-2937)
notified maintainer

--

pptp-linux (no CVE)
#523476
Ola will prepare a fix in a point update

--

puppet (CVE-2009-3564)
#551073
notified maintainer in initial bug report

--

python2.4 (CVE-2008-4864, CVE-2008-5031)
#504620
notified maintainer

python2.5 (CVE-2008-4864, CVE-2008-5031)
#504619
notified maintainer

--

r-base (CVE-2008-3931)
#496418
notified maintainer

--

rails (CVE-2009-3086)
bug #545063
notified maintainer

--

rancid (CVE-2008-4979)
#496426
notified maintainer

--

rccp (CVE-2008-4980)
#496364
notified maintainer

--

realtimebattle (CVE-2008-4981)
#496385
notified maintainer

--

redhat-cluster (CVE-2008-4192, CVE-2008-4579, CVE-2008-4580)
#496410
notified maintainer

--

rkhunter (CVE-2008-4982)
#496375
notified maintainer

--

rsync (CVE-2007-6200)
#453652
notified maintainer

--

sabre (CVE-2008-4406, CVE-2008-4407)
#433996
notified maintainer

--

scilab (CVE-2008-4983)
#496414
notified maintainer

--

sgml2x (CVE-2008-6397)
#496368
notified maintainer

--

sip-tester (CVE-2008-1959, CVE-2008-2085)
#479039
notified maintainer

--

slocate (CVE-2007-0227)
#411937
notified maintainer

--

smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
notified maintainer

--

sng
#496407
notified maintainer

--

snort (CVE-2009-3641)
#553584

--

squid (CVE-2009-0801)
#521053

--

squid3 (CVE-2009-0801)
#521052

--

ssmtp (CVE-2008-3962)
#498366
notified maintainer

--

sylpheed (CVE-2007-2958)
#441854
http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
notified maintainer

--

sympa (CVE-2008-4476)
#496405; bug #494969
notified maintainer

--

tau (CVE-2008-5157)
#506348
notified maintainer

--

tcl8.3/tcl8.4 (CVE-2007-4772)
notified maintainer

tcl8.3/tcl8.4 (CVE-2007-6067)
notified maintainer

--

tetex-bin (CVE-2009-1284)
#520920
https://bugzilla.redhat.com/show_bug.cgi?id=492136

--

texlive-bin (CVE-2007-5935 CVE-2007-5936 CVE-2007-5937)
notified maintainer

--

tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
#465643
notified maintainer

--

tomboy (CVE-2005-4790)
notified maintainer

--

tqsllib 2.0-8 (CVE-2009-0124)
#511509
notified maintainer

--

trac (CVE-2008-5646 CVE-2008-5647)
#509342, #505197
notified maintainer

--

trickle (CVE-2009-0415)
#513456
notified maintainer

--

udev
#462655
notified maintainer

--

unp (CVE-2007-6610)
#448437
notified maintainer

--

vobcopy (CVE-2007-5718)
bug #448319
notified maintainer

--

wdiff [insecure tempfile in wdiff]
bug #425254
notified maintainer

--

wims (CVE-2008-4986)
#496387
notified maintainer

--

wyrd (CVE-2008-0806)
bug #466382
notified maintainer

--

xastir (CVE-2008-4987)
#496383
notified maintainer

--

xcal (CVE-2008-4988)
#496393
notified maintainer

--

xcftools (CVE-2009-2175)
#533361
orphaned
Jan Hauke Rahm will prepare a package for stable and oldstable (#533361)

--

xchat (CVE-2009-0315)
#513509
notified maintainer

--

xemacs21 (CVE-2007-6109/CVE-2008-1694)
bug #457764, bug #476613
notified maintainer

xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer

xemacs21 (CVE-2009-2688)
#540470
Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994
notified maintainer

--

xen-3 (CVE-2008-4993)
#496367
notified maintainer

--

xerces-c2 (CVE-2009-1885)
#541986
notified maintainer

--

xerces27 (CVE-2009-1885)
notified maintainer

--

xfce4 (CVE-2007-6351 CVE-2007-6352)
notified maintainer

--

xfig
25_mkstemp added in 1:3.2.5.a-1
notified maintainer

--

xmcd (CVE-2008-4994)
#496416
notified maintainer

--

xmp (CVE-2007-6731, CVE-2007-6732)
#546730

--

xscreensaver (no CVE)
#539699
notified maintainer

--

zabbix (CVE-2008-1353)
bug #471678
notified maintainer

--

zope-cmfplone (CVE-2008-1394)
notified maintainer

--

zsh (CVE-2007-6209)
bug #454073)
notified maintainer