This file records minor security issues, which do not warrant a DSA, but which could be fixed in a stable point update if people feel like it. If someone wants to address these, please add a note about it and get in contact with debian-release@lists.debian.org -- abcm2ps (no CVE) #577014 -- acidbase (CVE-2009-4590, CVE-2009-4591, CVE-2009-4592) notified maintainer CVE-2009-4839 CVE-2009-4838 CVE-2009-4837 maintainer contacted us, notified about spu status -- acl (CVE-2009-4411) #499076 notified maintainer -- asterisk (CVE-2009-0041) #513413 notified maintainer asterisk (CVE-2008-3903) #522528 notified maintainer -- avahi (CVE-2009-0758) #517683 notified maintainer -- babel (CVE-2009-3736) #559843 notified maintainer -- bugzilla (CVE-2009-0481 to CVE-2009-0485) notified maintainer CVE-2010-1204 notified maintainer through initial bugreport -- buildbot (CVE-2009-2959, CVE-2009-2967) #543822 notified maintainer -- calendarserver #605157 -- compiz-fusion-plugins-main (CVE-2008-6514) notified maintainer -- couchdb (CVE-2010-0009) #576304 notified maintainer -- cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked #528434 notified maintainer -- cups (CVE-2009-3553) #557740 maintainer notified in initial bug report Initial patch was incomplete; cups (CVE-2010-0302) #572940 notified maintainer -- devil (CVE-2009-3994) #560080 notified maintainer -- dopewars (CVE-2009-3591) #550913 notified maintainer -- dropbox (CVE-2010-3354) bug #598287 -- dstat (CVE-2009-3894) http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog notified maintainer dstat (CVE-2009-4081) #559667 notified maintainer -- evolution (CVE-2009-1631) #526409 notified maintainer through initial bugreport -- exim4 (CVE-2010-2023, CVE-2010-2024) notified maintainers -- fastjar (CVE-2010-0831, CVE-2010-2322) -- fcron (CVE-2010-0791) #572587 notified maintainer through initial bugreport -- flash-kernel temp file handling (fixed in 2.33) -- gnome-shell (CVE-2010-4000) -- gnome-subtitles (CVE-2010-3357) #598289 -- ika (CVE-2010-3361) #5982925B notified maintainer -- imp4 (CVE-2010-0463) #569661 notified maintainer -- libgnucrypto-java (CVE-2008-5659) #559789 removed -- gnome-schedule #605169 -- gnucash (CVE-2010-3999) #603329 -- gnumed-client #605159 -- gnutls26 (CVE-2009-1417) #531614 notified maintainer -- gri (no CVE) fixed in gri 2.12.18-1: "Improve security when creating temporary files." notified maintainer -- gupnp (CVE-2009-2174) #534594 notified maintainer -- htmldoc (CVE-2009-3050) #537637 notified maintainer through initial bugreport -- hypre (CVE-2009-3736) #559834 notified maintainer -- iceweasel (CVE-2009-0777) #576466 notified maintainer -- ironpython #605158 -- kde4libs (CVE-2009-2702) #546218 notified maintainer kde4libs (CVE-2009-0689) notified maintainer -- kfreebsd-6 [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl] http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc notified maintainer [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935) http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc notified maintainer -- kfreebsd-7 [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl] http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc notified maintainer [freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935) http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc notified maintainer -- kvm 82-1 (CVE-2008-5714) #509997 notified maintainer -- lcms (CVE-2009-0793) notified maintainer through initial bugreport -- libesmtp (CVE-2010-1192) #572960 maintainer contacted us, notified about spu status -- libnss-db (CVE-2010-0826) #577057 -- libpam-ssh (CVE-2009-1273) #535877 maintainer notified through initial bug report, said he would work on an update -- libglpng (CVE-2010-1516) -- libpoe-component-irc-perl #581194 maintainer contacted us -- libsndfile potential dos via crafted input #530831 notified maintainer -- libvorbis (CVE-2008-2009) notified maintainer and release team -- libstruts1.2-java (CVE-2008-2025) #528352 notified maintainer -- linux-ftpd: null ptr dereference #572813 notified maintainer -- logrotate [logrotate race condition could lead to file disclosure] Fixed in sid in 3.7.8-4 -- makepasswd (no CVE ID) #564559 notified maintainer -- mako (CVE-2010-2480) http://bugs.python.org/issue9061 -- mapserver (CVE-2010-3484, CVE-2010-3485) fixed in 5.6.4-1 -- maradns http://maradns.org/download/maradns-1.4.02-parse_segfault.patch notified maintainer -- memcached (CVE-2009-1255) notified maintainer -- mimedecode potential dos/crash due to invalid input orphaned #530430 -- mpg123 (CVE-2009-1301) notified maintainer -- neon27 (CVE-2009-2474) #542926 notified maintainer -- neon26 (CVE-2009-2474) #542926 notified maintainer -- network-manager-applet (CVE-2009-4144) #560067 notified maintainer through initial bugreport CVE-2009-4145 #563371 notified maintainer through initial bugreport -- ntop (CVE-2009-2732) #543312 notified maintainer through initial bugreport -- phpbb3 (CVE-2010-1630, 1627) -- postfix (CVE-2009-2939) notified maintainer -- proftpd-dfsg (CVE-2008-7265) -- roaraudio (CVE-2010-3362) #598295 -- ruby1.8 (CVE-2010-0541) -- ruby1.9 (CVE-2010-0541) -- squid (CVE-2009-0801) #521053 notified maintainer -- squid3 (CVE-2009-0801) #521052 notified maintainer -- t-prot (CVE-2009-4404) notified maintainer -- torcs (CVE-2010-3384) #598306 -- net-snmp (CVE-2008-6123) Noah will see to it. -- ocsinventory-server (CVE-2009-3040, CVE-2009-3042, CVE-2009-1443) #541995 notified maintainer -- openldap #253838 notified maintainer -- overkill (no CVE yet) #549310 -- owl (CVE-2009-0363) #515118 notified maintainer -- pam (CVE-2009-0579) #514437 asked maintainer in mail -- pidgin (CVE-2009-1889, CVE-2009-3085) #535790 http://developer.pidgin.im/ticket/9483 http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7 notified maintainer -- pptp-linux (no CVE) #523476 Ola will prepare a fix in a point update -- prewikka (CVE-2010-2058) #584469 -- puppet (CVE-2009-3564) #551073 notified maintainer in initial bug report CVE-2010-0156 #https://bugzilla.redhat.com/show_bug.cgi?id=502881 notified maintainer -- python-4suite (CVE-2009-3560, CVE-2009-3720) #560914 notified maintainer -- python-cjson (CVE-2009-4924) #593302 -- python2.4 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134) -- python2.5 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134, CVE-2010-3493) -- qtparted (CVE-2010-3375) #598301 -- rails (CVE-2009-3086) bug #545063 notified maintainer -- scilab (CVE-2010-3378) #598423; #598422 -- shibboleth-sp2: world-readable key (no CVE) #571631 notified maintainer through bugreport -- snappea #605151 -- squid (CVE-2010-0639) #572553 Maintainer notified through initial bugreport -- squid3 (CVE-2010-0639) #572554 Maintainer notified through initial bugreport -- sqlite #566326 -- tau (CVE-2008-5157) #506348 notified maintainer -- teamspeak-client #598304 -- teamspeak-server #598305 -- trac (CVE-2009-4405) notified maintainer -- udev (#462655) notified maintainer -- planet (CVE-2009-2937) bug #546178 notified maintainer through initial bugreport -- w3m (CVE-2010-2074) maintainer notified through bug report -- webkit (CVE-2008-4724) #520052 asked maintainer -- xemacs21 (CVE-2008-2142) bug #480877 notified maintainer xemacs21 (CVE-2009-2688) #540470 Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994 notified maintainer -- xen-3 (CVE-2008-4993) #496367 notified maintainer -- xerces-c2 (CVE-2009-1885) #541986 notified maintainer -- xfig 25_mkstemp added in 1:3.2.5.a-1 notified maintainer CVE-2009-4228/CVE-2009-4227 #559274) https://bugzilla.redhat.com/show_bug.cgi?id=543905 notified maintainer -- xmp (CVE-2007-6731, CVE-2007-6732) #546730 notified maintainer -- ytnef (CVE-2009-3887, CVE-2009-3721) notified maintainer -- ziproxy (CVE-2009-0804) #521051 notified maintainer -- zope2.10 (no CVE) https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html -- zoph (CVE-2008-6838, CVE-2008-6837, CVE-2009-2343) http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249 http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128 notified maintainer