Author: jmm Date: 2011-02-02 20:22:09 +0000 (Wed, 02 Feb 2011) New Revision: 16035 Added: data/ospu-candidates.txt Removed: data/spu-candidates.txt Log: rename spu-candidates to ospu-candidate to allow us to track Squeeze Copied: data/ospu-candidates.txt (from rev 16032, data/spu-candidates.txt) ==================================================================--- data/ospu-candidates.txt (rev 0) +++ data/ospu-candidates.txt 2011-02-02 20:22:09 UTC (rev 16035) @@ -0,0 +1,757 @@ +This file records minor security issues, which do not warrant a DSA, +but which could be fixed in a stable point update if people feel like +it. If someone wants to address these, please add a note about it +and get in contact with debian-release at lists.debian.org + + +-- + +abcm2ps (no CVE) +#577014 + + +-- + +acidbase (CVE-2009-4590, CVE-2009-4591, CVE-2009-4592) +notified maintainer + +CVE-2009-4839 CVE-2009-4838 CVE-2009-4837 +maintainer contacted us, notified about spu status + +-- + +acl (CVE-2009-4411) +#499076 +notified maintainer + +-- + +asterisk (CVE-2009-0041) +#513413 +notified maintainer + +asterisk (CVE-2008-3903) +#522528 +notified maintainer + +-- + +avahi (CVE-2009-0758) +#517683 +notified maintainer + +-- + +babel (CVE-2009-3736) +#559843 +notified maintainer + +-- + +bugzilla (CVE-2009-0481 to CVE-2009-0485) +notified maintainer + +CVE-2010-1204 +notified maintainer through initial bugreport + +-- + +buildbot (CVE-2009-2959, CVE-2009-2967) +#543822 +notified maintainer + +-- + +calendarserver +#605157 + +-- + +centerim +CVE-2009-3720 + +-- + +compiz-fusion-plugins-main (CVE-2008-6514) +notified maintainer + +-- + +couchdb (CVE-2010-0009) +#576304 +notified maintainer + +-- + +cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked +#528434 +notified maintainer + +-- + +cups (CVE-2009-3553) +#557740 +maintainer notified in initial bug report +Initial patch was incomplete; + +cups (CVE-2010-0302) +#572940 +notified maintainer + +-- + +dbus-glib (CVE-2010-1172) +#592753 + +-- + +devil (CVE-2009-3994) +#560080 +notified maintainer + +-- + +dopewars (CVE-2009-3591) +#550913 +notified maintainer + +-- + +dropbox (CVE-2010-3354) +bug #598287 + +-- + +dstat (CVE-2009-3894) +http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog +notified maintainer + +dstat (CVE-2009-4081) +#559667 +notified maintainer + +-- + +evolution (CVE-2009-1631) +#526409 +notified maintainer through initial bugreport + +-- + +exim4 (CVE-2010-2023, CVE-2010-2024) +notified maintainers + +-- + +fastjar (CVE-2010-0831, CVE-2010-2322) + +-- + +fcron (CVE-2010-0791) +#572587 +notified maintainer through initial bugreport + +-- + +flash-kernel temp file handling (fixed in 2.33) + + +-- + +gnome-shell (CVE-2010-4000) + +-- + +gnome-subtitles (CVE-2010-3357) +#598289 + +-- + +CVE-2008-XXXX [greylistd bypass] +#464084 + +-- + +ika (CVE-2010-3361) +#5982925B +notified maintainer + +-- + +imp4 (CVE-2010-0463) +#569661 +notified maintainer + +-- + +libgnucrypto-java (CVE-2008-5659) +#559789 +removed + +-- + +gnome-schedule +#605169 + +-- + +gnucash (CVE-2010-3999) +#603329 + +-- + +gnumed-client +#605159 + +-- + +gnutls26 (CVE-2009-1417) +#531614 +notified maintainer + +-- + +gri (no CVE) +fixed in gri 2.12.18-1: +"Improve security when creating temporary files." +notified maintainer + +-- + +gupnp (CVE-2009-2174) +#534594 +notified maintainer + +-- + +htmldoc (CVE-2009-3050) +#537637 +notified maintainer through initial bugreport + +-- + +hypermail (CVE-2010-4339) +#598743 + +-- + +hypre (CVE-2009-3736) +#559834 +notified maintainer + +-- + +iceweasel (CVE-2009-0777) +#576466 +notified maintainer + +-- + +ironpython +#605158 + +-- + +kde4libs (CVE-2009-2702) +#546218 +notified maintainer + +kde4libs (CVE-2009-0689) +notified maintainer + +-- + +kfreebsd-6 +[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl] +http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc +notified maintainer + +[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935) +http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc +notified maintainer + +-- + +kfreebsd-7 +[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl] +http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc +notified maintainer + +[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935) +http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc +notified maintainer + +-- + +kvm 82-1 (CVE-2008-5714) +#509997 +notified maintainer + +-- + +lcms (CVE-2009-0793) +notified maintainer through initial bugreport + +-- + +libesmtp (CVE-2010-1192) +#572960 +maintainer contacted us, notified about spu status + +-- + +libnss-db (CVE-2010-0826) +#577057 + +-- + +liboggz (CVE-2009-3377) +Fixed in 0.9.9-1 +Too intrusive to backport, needs to be updated to 0.9.9. Requires additional rebuild of rev dep. + +-- + +libpam-ssh (CVE-2009-1273) +#535877 +maintainer notified through initial bug report, said he would work on an update + +-- + +libglpng (CVE-2010-1516) + +-- + +libpoe-component-irc-perl +#581194 +maintainer contacted us + +-- + +libsndfile +potential dos via crafted input +#530831 +notified maintainer + +-- + +libvorbis (CVE-2008-2009) +notified maintainer and release team + +-- + +libstruts1.2-java (CVE-2008-2025) +#528352 +notified maintainer + +-- + +linux-ftpd: null ptr dereference +#572813 +notified maintainer + +-- + +logrotate [logrotate race condition could lead to file disclosure] +Fixed in sid in 3.7.8-4 + +-- + +makepasswd (no CVE ID) +#564559 +notified maintainer + +-- + +mako (CVE-2010-2480) +http://bugs.python.org/issue9061 + +-- + +mapserver (CVE-2010-3484, CVE-2010-3485) +fixed in 5.6.4-1 + +-- + +maradns +http://maradns.org/download/maradns-1.4.02-parse_segfault.patch +notified maintainer + +-- + +matrixssl +CVE-2009-3555 + + +-- + +memcached (CVE-2009-1255) +notified maintainer + +-- + +mercurial (CVE-2010-4237) +#598841 + +-- + +mimedecode +potential dos/crash due to invalid input +orphaned +#530430 + +-- + +mingetty +#597382 + +-- + +mono-debugger (CVE-2010-3369) +#598299 + +-- + +mpg123 (CVE-2009-1301) +notified maintainer + +-- + +neon27 (CVE-2009-2474) +#542926 +notified maintainer + +-- + +neon26 (CVE-2009-2474) +#542926 +notified maintainer + +-- + +network-manager-applet (CVE-2009-4144) +#560067 +notified maintainer through initial bugreport + +CVE-2009-4145 +#563371 +notified maintainer through initial bugreport + +-- + +ntop (CVE-2009-2732) +#543312 +notified maintainer through initial bugreport + +-- + +phpbb3 (CVE-2010-1630, 1627) + +-- + +postfix (CVE-2009-2939) +notified maintainer + +-- + +proftpd-dfsg (CVE-2008-7265) + +-- + +puppet (CVE-2009-3564, CVE-2010-0156) + +-- + +python-numpy (CVE-2010-XXXX [numpy memory corruption]) +#581058 +http://projects.scipy.org/numpy/changeset/8364 + +-- + +roaraudio (CVE-2010-3362) +#598295 + +-- + +ruby1.8 (CVE-2010-0541) + +-- + +ruby1.9 (CVE-2010-0541) + +-- + +squid (CVE-2009-0801) +#521053 +notified maintainer + +-- + +squid3 (CVE-2009-0801) +#521052 +notified maintainer + +-- + +tangerine (CVE-2010-3381) +#598302 + +-- + +t-prot (CVE-2009-4404) +notified maintainer + +-- + +texmacs (CVE-2010-3394) +#598424 + +-- + +tomcat-native (CVE-2009-3555) + +-- + +torcs (CVE-2010-3384) +#598306 + +-- + +net-snmp (CVE-2008-6123) +Noah will see to it. + +-- + +ocsinventory-server (CVE-2009-3040, CVE-2009-3042, CVE-2009-1443) +#541995 +notified maintainer + +-- + +offlineimap (CVE-2010-4533, CVE-2010-4532) +#606962 + +-- + +openldap +#253838 +notified maintainer + +-- + +overkill (no CVE yet) +#549310 + +-- + +owl (CVE-2009-0363) +#515118 +notified maintainer + +-- + +pam (CVE-2009-0579) +#514437 +asked maintainer in mail + +CVE-2010-4708/CVE-2010-4707/CVE-2010-4706 + +-- + +pidgin (CVE-2009-1889, CVE-2009-3085) +#535790 +http://developer.pidgin.im/ticket/9483 +http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7 +notified maintainer + +-- + +pptp-linux (no CVE) +#523476 +Ola will prepare a fix in a point update + +-- + +prewikka (CVE-2010-2058) +#584469 + + +-- + +puppet (CVE-2009-3564) +#551073 +notified maintainer in initial bug report + +CVE-2010-0156 +#https://bugzilla.redhat.com/show_bug.cgi?id=502881 +notified maintainer + +-- + +python-4suite (CVE-2009-3560, CVE-2009-3720) +#560914 +notified maintainer + +-- + +python-cjson (CVE-2009-4924) +#593302 + +-- + +python2.4 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134) + + +-- + +python2.5 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134, CVE-2010-3493) + +-- + +qtparted (CVE-2010-3375) +#598301 + +-- + +rails (CVE-2009-3086) +bug #545063 +notified maintainer + +-- + +scilab (CVE-2010-3378) +#598423; #598422 + +-- + +shibboleth-sp2: world-readable key (no CVE) +#571631 +notified maintainer through bugreport + +-- + +snappea +#605151 + +-- + +squid (CVE-2010-0639) +#572553 +Maintainer notified through initial bugreport + +-- + +squid3 (CVE-2010-0639) +#572554 +Maintainer notified through initial bugreport + +-- + +sqlite +#566326 + +-- + +tau (CVE-2008-5157) +#506348 +notified maintainer + +-- + +teamspeak-client +#598304 + +-- + +teamspeak-server +#598305 + +-- + +trac (CVE-2009-4405) +notified maintainer + +-- + +udev (#462655) +notified maintainer + +-- + +planet (CVE-2009-2937) +bug #546178 +notified maintainer through initial bugreport + +-- + +w3m (CVE-2010-2074) +maintainer notified through bug report + +-- + +webkit (CVE-2008-4724) +#520052 +asked maintainer + +-- + +xemacs21 (CVE-2008-2142) +bug #480877 +notified maintainer + +xemacs21 (CVE-2009-2688) +#540470 +Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994 +notified maintainer + +-- + +xen-3 (CVE-2008-4993) +#496367 +notified maintainer + +-- + +xerces-c2 (CVE-2009-1885) +#541986 +notified maintainer + +-- + +xfig +25_mkstemp added in 1:3.2.5.a-1 +notified maintainer + +CVE-2009-4228/CVE-2009-4227 +#559274) +https://bugzilla.redhat.com/show_bug.cgi?id=543905 +notified maintainer + +-- + +xmp (CVE-2007-6731, CVE-2007-6732) +#546730 +notified maintainer + +-- + +ytnef (CVE-2009-3887, CVE-2009-3721) +notified maintainer + +-- + +ziproxy (CVE-2009-0804) +#521051 +notified maintainer + +-- + +zope2.10 (no CVE) +https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html + +-- + +zoph (CVE-2008-6838, CVE-2008-6837, CVE-2009-2343) +http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249 +http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128 +notified maintainer + Deleted: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2011-02-02 20:21:30 UTC (rev 16034) +++ data/spu-candidates.txt 2011-02-02 20:22:09 UTC (rev 16035) @@ -1,757 +0,0 @@ -This file records minor security issues, which do not warrant a DSA, -but which could be fixed in a stable point update if people feel like -it. If someone wants to address these, please add a note about it -and get in contact with debian-release at lists.debian.org - - --- - -abcm2ps (no CVE) -#577014 - - --- - -acidbase (CVE-2009-4590, CVE-2009-4591, CVE-2009-4592) -notified maintainer - -CVE-2009-4839 CVE-2009-4838 CVE-2009-4837 -maintainer contacted us, notified about spu status - --- - -acl (CVE-2009-4411) -#499076 -notified maintainer - --- - -asterisk (CVE-2009-0041) -#513413 -notified maintainer - -asterisk (CVE-2008-3903) -#522528 -notified maintainer - --- - -avahi (CVE-2009-0758) -#517683 -notified maintainer - --- - -babel (CVE-2009-3736) -#559843 -notified maintainer - --- - -bugzilla (CVE-2009-0481 to CVE-2009-0485) -notified maintainer - -CVE-2010-1204 -notified maintainer through initial bugreport - --- - -buildbot (CVE-2009-2959, CVE-2009-2967) -#543822 -notified maintainer - --- - -calendarserver -#605157 - --- - -centerim -CVE-2009-3720 - --- - -compiz-fusion-plugins-main (CVE-2008-6514) -notified maintainer - --- - -couchdb (CVE-2010-0009) -#576304 -notified maintainer - --- - -cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked -#528434 -notified maintainer - --- - -cups (CVE-2009-3553) -#557740 -maintainer notified in initial bug report -Initial patch was incomplete; - -cups (CVE-2010-0302) -#572940 -notified maintainer - --- - -dbus-glib (CVE-2010-1172) -#592753 - --- - -devil (CVE-2009-3994) -#560080 -notified maintainer - --- - -dopewars (CVE-2009-3591) -#550913 -notified maintainer - --- - -dropbox (CVE-2010-3354) -bug #598287 - --- - -dstat (CVE-2009-3894) -http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog -notified maintainer - -dstat (CVE-2009-4081) -#559667 -notified maintainer - --- - -evolution (CVE-2009-1631) -#526409 -notified maintainer through initial bugreport - --- - -exim4 (CVE-2010-2023, CVE-2010-2024) -notified maintainers - --- - -fastjar (CVE-2010-0831, CVE-2010-2322) - --- - -fcron (CVE-2010-0791) -#572587 -notified maintainer through initial bugreport - --- - -flash-kernel temp file handling (fixed in 2.33) - - --- - -gnome-shell (CVE-2010-4000) - --- - -gnome-subtitles (CVE-2010-3357) -#598289 - --- - -CVE-2008-XXXX [greylistd bypass] -#464084 - --- - -ika (CVE-2010-3361) -#5982925B -notified maintainer - --- - -imp4 (CVE-2010-0463) -#569661 -notified maintainer - --- - -libgnucrypto-java (CVE-2008-5659) -#559789 -removed - --- - -gnome-schedule -#605169 - --- - -gnucash (CVE-2010-3999) -#603329 - --- - -gnumed-client -#605159 - --- - -gnutls26 (CVE-2009-1417) -#531614 -notified maintainer - --- - -gri (no CVE) -fixed in gri 2.12.18-1: -"Improve security when creating temporary files." -notified maintainer - --- - -gupnp (CVE-2009-2174) -#534594 -notified maintainer - --- - -htmldoc (CVE-2009-3050) -#537637 -notified maintainer through initial bugreport - --- - -hypermail (CVE-2010-4339) -#598743 - --- - -hypre (CVE-2009-3736) -#559834 -notified maintainer - --- - -iceweasel (CVE-2009-0777) -#576466 -notified maintainer - --- - -ironpython -#605158 - --- - -kde4libs (CVE-2009-2702) -#546218 -notified maintainer - -kde4libs (CVE-2009-0689) -notified maintainer - --- - -kfreebsd-6 -[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl] -http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc -notified maintainer - -[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935) -http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc -notified maintainer - --- - -kfreebsd-7 -[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl] -http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc -notified maintainer - -[freebsd Local information disclosure via direct pipe writes] (CVE-2009-1935) -http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc -notified maintainer - --- - -kvm 82-1 (CVE-2008-5714) -#509997 -notified maintainer - --- - -lcms (CVE-2009-0793) -notified maintainer through initial bugreport - --- - -libesmtp (CVE-2010-1192) -#572960 -maintainer contacted us, notified about spu status - --- - -libnss-db (CVE-2010-0826) -#577057 - --- - -liboggz (CVE-2009-3377) -Fixed in 0.9.9-1 -Too intrusive to backport, needs to be updated to 0.9.9. Requires additional rebuild of rev dep. - --- - -libpam-ssh (CVE-2009-1273) -#535877 -maintainer notified through initial bug report, said he would work on an update - --- - -libglpng (CVE-2010-1516) - --- - -libpoe-component-irc-perl -#581194 -maintainer contacted us - --- - -libsndfile -potential dos via crafted input -#530831 -notified maintainer - --- - -libvorbis (CVE-2008-2009) -notified maintainer and release team - --- - -libstruts1.2-java (CVE-2008-2025) -#528352 -notified maintainer - --- - -linux-ftpd: null ptr dereference -#572813 -notified maintainer - --- - -logrotate [logrotate race condition could lead to file disclosure] -Fixed in sid in 3.7.8-4 - --- - -makepasswd (no CVE ID) -#564559 -notified maintainer - --- - -mako (CVE-2010-2480) -http://bugs.python.org/issue9061 - --- - -mapserver (CVE-2010-3484, CVE-2010-3485) -fixed in 5.6.4-1 - --- - -maradns -http://maradns.org/download/maradns-1.4.02-parse_segfault.patch -notified maintainer - --- - -matrixssl -CVE-2009-3555 - - --- - -memcached (CVE-2009-1255) -notified maintainer - --- - -mercurial (CVE-2010-4237) -#598841 - --- - -mimedecode -potential dos/crash due to invalid input -orphaned -#530430 - --- - -mingetty -#597382 - --- - -mono-debugger (CVE-2010-3369) -#598299 - --- - -mpg123 (CVE-2009-1301) -notified maintainer - --- - -neon27 (CVE-2009-2474) -#542926 -notified maintainer - --- - -neon26 (CVE-2009-2474) -#542926 -notified maintainer - --- - -network-manager-applet (CVE-2009-4144) -#560067 -notified maintainer through initial bugreport - -CVE-2009-4145 -#563371 -notified maintainer through initial bugreport - --- - -ntop (CVE-2009-2732) -#543312 -notified maintainer through initial bugreport - --- - -phpbb3 (CVE-2010-1630, 1627) - --- - -postfix (CVE-2009-2939) -notified maintainer - --- - -proftpd-dfsg (CVE-2008-7265) - --- - -puppet (CVE-2009-3564, CVE-2010-0156) - --- - -python-numpy (CVE-2010-XXXX [numpy memory corruption]) -#581058 -http://projects.scipy.org/numpy/changeset/8364 - --- - -roaraudio (CVE-2010-3362) -#598295 - --- - -ruby1.8 (CVE-2010-0541) - --- - -ruby1.9 (CVE-2010-0541) - --- - -squid (CVE-2009-0801) -#521053 -notified maintainer - --- - -squid3 (CVE-2009-0801) -#521052 -notified maintainer - --- - -tangerine (CVE-2010-3381) -#598302 - --- - -t-prot (CVE-2009-4404) -notified maintainer - --- - -texmacs (CVE-2010-3394) -#598424 - --- - -tomcat-native (CVE-2009-3555) - --- - -torcs (CVE-2010-3384) -#598306 - --- - -net-snmp (CVE-2008-6123) -Noah will see to it. - --- - -ocsinventory-server (CVE-2009-3040, CVE-2009-3042, CVE-2009-1443) -#541995 -notified maintainer - --- - -offlineimap (CVE-2010-4533, CVE-2010-4532) -#606962 - --- - -openldap -#253838 -notified maintainer - --- - -overkill (no CVE yet) -#549310 - --- - -owl (CVE-2009-0363) -#515118 -notified maintainer - --- - -pam (CVE-2009-0579) -#514437 -asked maintainer in mail - -CVE-2010-4708/CVE-2010-4707/CVE-2010-4706 - --- - -pidgin (CVE-2009-1889, CVE-2009-3085) -#535790 -http://developer.pidgin.im/ticket/9483 -http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7 -notified maintainer - --- - -pptp-linux (no CVE) -#523476 -Ola will prepare a fix in a point update - --- - -prewikka (CVE-2010-2058) -#584469 - - --- - -puppet (CVE-2009-3564) -#551073 -notified maintainer in initial bug report - -CVE-2010-0156 -#https://bugzilla.redhat.com/show_bug.cgi?id=502881 -notified maintainer - --- - -python-4suite (CVE-2009-3560, CVE-2009-3720) -#560914 -notified maintainer - --- - -python-cjson (CVE-2009-4924) -#593302 - --- - -python2.4 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134) - - --- - -python2.5 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134, CVE-2010-3493) - --- - -qtparted (CVE-2010-3375) -#598301 - --- - -rails (CVE-2009-3086) -bug #545063 -notified maintainer - --- - -scilab (CVE-2010-3378) -#598423; #598422 - --- - -shibboleth-sp2: world-readable key (no CVE) -#571631 -notified maintainer through bugreport - --- - -snappea -#605151 - --- - -squid (CVE-2010-0639) -#572553 -Maintainer notified through initial bugreport - --- - -squid3 (CVE-2010-0639) -#572554 -Maintainer notified through initial bugreport - --- - -sqlite -#566326 - --- - -tau (CVE-2008-5157) -#506348 -notified maintainer - --- - -teamspeak-client -#598304 - --- - -teamspeak-server -#598305 - --- - -trac (CVE-2009-4405) -notified maintainer - --- - -udev (#462655) -notified maintainer - --- - -planet (CVE-2009-2937) -bug #546178 -notified maintainer through initial bugreport - --- - -w3m (CVE-2010-2074) -maintainer notified through bug report - --- - -webkit (CVE-2008-4724) -#520052 -asked maintainer - --- - -xemacs21 (CVE-2008-2142) -bug #480877 -notified maintainer - -xemacs21 (CVE-2009-2688) -#540470 -Patches at https://bugzilla.redhat.com/show_bug.cgi?id=511994 -notified maintainer - --- - -xen-3 (CVE-2008-4993) -#496367 -notified maintainer - --- - -xerces-c2 (CVE-2009-1885) -#541986 -notified maintainer - --- - -xfig -25_mkstemp added in 1:3.2.5.a-1 -notified maintainer - -CVE-2009-4228/CVE-2009-4227 -#559274) -https://bugzilla.redhat.com/show_bug.cgi?id=543905 -notified maintainer - --- - -xmp (CVE-2007-6731, CVE-2007-6732) -#546730 -notified maintainer - --- - -ytnef (CVE-2009-3887, CVE-2009-3721) -notified maintainer - --- - -ziproxy (CVE-2009-0804) -#521051 -notified maintainer - --- - -zope2.10 (no CVE) -https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html - --- - -zoph (CVE-2008-6838, CVE-2008-6837, CVE-2009-2343) -http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249 -http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128 -notified maintainer -