This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

asterisk (CVE-2009-0041)
#513413
notified maintainer

--

avahi (CVE-2009-0758)
#517683
notified maintainer

--

bugzilla (CVE-2009-0481 to CVE-2009-0485)
notified maintainer

--

coccinelle
http://packages.qa.debian.org/c/coccinelle/news/20090502T001704Z.html

--

cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
#528434

--

kvm 82-1 (CVE-2008-5714)
#509997

--

libvorbis (CVE-2008-2009)
notified maintainer and release team

--

mpg123 (CVE-2009-1301)
notified maintainer

--

net-snmp (CVE-2008-6123)
Noah will see to it.

--

openldap
#253838

--

pam (CVE-2009-0579)
#514437
asked maintainer in mail

--

pptp-linux (no CVE)
#523476
Ola will prepare a fix in a point update

--

tau (CVE-2008-5157)
#506348
notified maintainer

--

tetex-bin (CVE-2009-1284)
#520920
https://bugzilla.redhat.com/show_bug.cgi?id=492136

--

xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

xen-3 (CVE-2008-4993)
#496367
notified maintainer

--

xfig
25_mkstemp added in :3.2.5.a-1

--

ziproxy (CVE-2009-0804)
#521051