This file records minor security issues, which do not warrant a DSA,
but which could be fixed in a stable point update if people feel like
it. If someone wants to address these, please add a note about it
and get in contact with debian-release@lists.debian.org

--

aegis
#496400
notified maintainer

--

apertium
#496395
notified maintainer

--

audacity (CVE-2007-6061)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283
notified maintainer

--

auctex (no CVE)
#506961
notified maintainer

--

audiolink 
#496433
notified maintainer

--

aview
#496422
notified maintainer

--

beagle (CVE-2005-4791)
notified maintainer

--

blam (CVE-2005-4791)
notified maintainer

--

boost (CVE-2008-0172/CVE-2008-0171)
#461236
notified maintainer

--

bugzilla (CVE-2008-2103)
#480190
notified maintainer

CVE-2008-4437
#502019
notified maintainer

--

byacc (CVE-2008-3196)
#491182
notified maintainer

--

bzip2 (CVE-2008-1372)
#471670
Maintainer has been notified

--

cdcontrol
#496438
notified maintainer

--

cdrw-taper
#496380 
notified maintainer

--

cecilia (CVE-2008-1832)
#476321
notified maintainer

--

chillispot
#500181
notified maintainer

--

comix (CVE-2008-1568)
#462840
notified maintainer

--

cyrus-sasl2 (no CVE)
#465561
notified maintainer

--

devscripts
#507482
notified maintainer

--

dia
#504251
notified maintainer

--

digitaldj
#496399
notified maintainer

--

ed (CVE-2008-3916)
Fix from 0.7-2
notified maintainer

--

emacs21 (CVE-2007-6109/CVE-2008-1694)
bug #455433, bug #476612
notified maintainer

emacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

emacs-jabber
#496428
notified maintainer

--

emacspeak (CVE-2008-4191)
#496431
notified maintainer

--

epiphany-browser
#504363
notified maintainer

--

evolution (CVE-2008-1108, CVE-2008-1109)
#484639
notified maintainer

evolution (no CVE)
#484639
notified maintainer

--

exiv2 (CVE-2008-2696)
bug #486328
http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
notified maintainer

--

flac123 (CVE-2007-3507)
notified maintainer

--

fml
#496370
notified maintainer

--

freeradius (CVE-2008-4474)
#496489
notified maintainer

--

fwbuilder
#496406
notified maintainer

--

gedit (CVE-2009-0314)
#513513
notified maintainer

--

gdrae
#496378
notified maintainer

--

gmanedit
#497835
notified maintainer

--

gpsdrive (CVE-2008-5704, CVE-2008-5703, CVE-2008-5380)
#496436, #508597, #508595
notified maintainer

--

horde3 (CVE-2008-3330)
#495332
notified maintainer

--

hplip (CVE-2008-2940/CVE-2008-2941)
#499842
notified maintainer

--

ipsec-tools (CVE-2008-3651)
http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
notified maintainer

ipsec-tools (CVE-2008-3652)
#501026
https://bugzilla.redhat.com/show_bug.cgi?id=456660
notified maintainer

--

konwert 
#496379
notified maintainer

--

libapache2-mod-perl2 (CVE-2007-1349)
http://svn.apache.org/viewvc?view=rev&revision=521584
#433549
notified maintainer

--

libpam-ssh (CVE-2007-0844)
#410236
notified maintainer

--

libpng (CVE-2008-1382)
#476669
notified maintainer

--

liferea (CVE-2005-4791)
notified maintainer

--

lighttpd (CVE-2007-3948)
#434888
Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
http://trac.lighttpd.net/trac/ticket/1216
notified maintainer

--

links2 (CVE-2008-3329)
bug #492744
notified maintainer

--

linux-ftpd (CVE-2008-4247)
#500278
notified maintainer

--

linux-ftpd-ssl (CVE-2007-6263)
#454733
notified maintainer

--

mecab (CVE-2007-3231)
#429174
notified maintainer

--

mercurial (CVE-2008-4297)
#500781
notified maintainer

--

mgetty
#496403
notified maintainer

--

mgt
#496434
notified maintainer

--

mksh (CVE-2008-1845)
notified maintainer

--

mldonkey (CVE-2007-4100)
#435439
notified maintainer

--

mnogosearch (CVE-2007-5588)
#447753
notified maintainer

--

multi-gnome-terminal (CVE-2008-5143)
notified maintainer

--

muttprint (CVE-2008-5368)
#509487
notified maintainer

--

myspell
#496392
notified maintainer

---

ngircd (CVE-2008-0285)
notified maintainer

--

nvi
#496462
notified maintainer

--

p3nfs (CVE-2008-5154)
bug #506270
notified maintainer

--

paramiko (CVE-2008-0299)
#460706
notified maintainer

--

python-django (CVE-2007-5712)
http://media.djangoproject.com/patches/2007-10-26-security-fix/
#448838
notified maintainer

--

r-base
#496418
notified maintainer

--

rancid
#496426
notified maintainer

--

rccp
#496364
notified maintainer

--

realtimebattle
#496385
notified maintainer

--

redhat-cluster
#496410
notified maintainer

--

rkhunter
#496375
notified maintainer

--

rsync (CVE-2007-6200)
#453652
notified maintainer

--

sabre
#433996
notified maintainer

--

scilab
#496414
notified maintainer

--

sgml2x
#496368
notified maintainer

--

sip-tester (CVE-2008-1959, CVE-2008-2085)
#479039
notified maintainer

--

slocate (CVE-2007-0227)
#411937
notified maintainer

--

smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
notified maintainer

--

sng
#496407
notified maintainer

--

ssmtp
#498366
notified maintainer

--

streamripper (CVE-2007-4337)
notified maintainer

--

sylpheed (CVE-2007-2958)
#441854
http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
notified maintainer

--

sympa
#496405; bug #494969
notified maintainer

--

tcl8.3/tcl8.4 (CVE-2007-4772)
notified maintainer

tcl8.3/tcl8.4 (CVE-2007-6067)

--

texlive-bin (CVE-2007-5935 CVE-2007-5936 CVE-2007-5937)
notified maintainer

--

tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
#465643
notified maintainer

--

tkman (CVE-2008-5137)
#506496
notified maintainer

--

tomboy (CVE-2005-4790)
notified maintainer

--

trickle
#513456
notified maintainer

--

unp (CVE-2007-6610)
#448437
notified maintainer

--

xmcd
#496416
notified maintainer

--

vobcopy (CVE-2007-5718)
bug #448319
notified maintainer

--

wdiff [insecure tempfile in wdiff]
bug #425254
notified maintainer

--

wims 
#496387
notified maintainer

--

wyrd (CVE-2008-0806)
bug #466382
notified maintainer

--

xastir
#496383
notified maintainer

--

xcal
#496393
notified maintainer

--

xchat (CVE-2009-0315)
#513509
notified maintainer

--

xemacs21 (CVE-2007-6109/CVE-2008-1694)
bug #457764, bug #476613
notified maintainer

xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer

--

xen-3
#496367
notified maintainer

--

xfce4 (CVE-2007-6351 CVE-2007-6352)
notified maintainer

--

zabbix (CVE-2008-1353)
bug #471678
notified maintainer

--

zope-cmfplone (CVE-2008-1394)
notified maintainer

--

zsh (CVE-2007-6209)
bug #454073)
notified maintainer