CVE-2009-5068 NOT-FOR-US: Simple Machines Forum CVE-2009-5025 [PyForum XSS+CSRF] NOT-FOR-US: PyForum CVE-2009-5023 [fail2ban: Insecure creating/writing to tmpfile] - fail2ban 0.8.4+svn20110323-1 (low; bug #544232) [lenny] - fail2ban (Minor issue) [squeeze] - fail2ban (Minor issue) CVE-2009-5004 - qpid-cpp (Fixed before initial upload to archive) CVE-2009-4900 [pixelpost XSS] - pixelpost (bug #597224) NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/ CVE-2009-4899 [pixelpost SQL injection] - pixelpost (bug #597224) NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/ CVE-2009-5050 [konversation DoS] - konversation 1.2.3-1 (low) [lenny] - konversation (Doesn't affect the combination of kdelibs/QT in Lenny) NOTE: http://bugs.kde.org/show_bug.cgi?id=219985 CVE-2009-5042 [docutils insecure usage of temporary files] - python-docutils 0.6-2 (low; bug #560755) [etch] - python-docutils (vulnerable code introduced in 0.5) [lenny] - python-docutils 0.5-2+lenny1 NOTE: cve requested CVE-2009-4067 {DSA-2310-1} - linux-2.6 2.6.28-1 (low) NOTE: Driver was removed in 2.6.27 CVE-2009-4011 [dtc-xen race condition] - dtc-xen 0.5.4-1 [lenny] - dtc-xen (Only affects 0.5.x) CVE-2009-3887 [ytnef path traversal] - ytnef (bug #567631) [lenny] - ytnef (Minor issue) NOTE: http://www.ocert.org/advisories/ocert-2009-013.html NOTE: This doesn't affect Evolution, the TNEF plugin is external CVE-2009-5045 [multiple vulnerabilities in jetty] - jetty 6.1.22-1 (unimportant; bug #553644) NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt NOTE: The affected apps are not shipped in the package, see #553644 CVE-2009-5046 [multiple vulnerabilities in jetty] - jetty 6.1.22-1 (unimportant; bug #553644) NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt NOTE: The affected apps are not shipped in the package, see #553644 CVE-2009-5047 [multiple vulnerabilities in jetty] - jetty 6.1.22-1 (unimportant; bug #553644) NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt NOTE: The affected apps are not shipped in the package, see #553644 CVE-2009-5048 [multiple vulnerabilities in jetty] - jetty 6.1.22-1 (unimportant; bug #553644) NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt NOTE: The affected apps are not shipped in the package, see #553644 CVE-2009-5049 [multiple vulnerabilities in jetty] - jetty 6.1.22-1 (unimportant; bug #553644) NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt NOTE: The affected apps are not shipped in the package, see #553644 CVE-2009-3724 NOT-FOR-US: python-markdown2 (not our markdown, different code base) CVE-2009-3723 [Unauthorized calls allowed on prohibited networks in asterisk] [etch] - asterisk [lenny] - asterisk - asterisk 1:1.6.2.0~rc3-2 (medium; bug #552756) NOTE: http://downloads.asterisk.org/pub/security/AST-2009-007.html CVE-2009-3721 [ytnef buffer overflow] - ytnef (bug #567631) [lenny] - ytnef (Minor issue) NOTE: http://www.ocert.org/advisories/ocert-2009-013.html NOTE: This doesn't affect Evolution, the TNEF plugin is external CVE-2009-3614 [oping suid 0 arbitrary file disclosure] - liboping 1.3.3-1 (low; bug #548684) [lenny] - liboping (doesn't have -f option yet) [etch] - liboping (doesn't have -f option yet) CVE-2009-3552 NOT-FOR-US: Red Hat Enterprise Virtualization Manager CVE-2009-5041 [buffer overflow in overkill] - overkill 0.16-14.1 (bug #549310; low) [lenny] - overkill (Minor issue) [etch] - overkill (Minor issue) CVE-2009-5043 [burn: Insecure escaping of file names] - burn 0.4.5-1 (low; bug #542329) [lenny] - burn 0.4.3-2.1+lenny1 [etch] - burn (Minor issue) CVE-2009-2802 - mantis (Only affects 1.2.x) NOTE: http://www.mantisbt.org/bugs/view.php?id=11952 NOTE: http://www.mantisbt.org/blog/?p=113 CVE-2009-0035 [alsainfo insecure temp file usage] - alsa-driver 1.0.20-1 (unimportant) NOTE: alsainfo not built into source package