Re: Debian contributors looking for paid work on Squeeze LTS

To: debian-lts@lists.debian.org
Subject: Re: Debian contributors looking for paid work on Squeeze LTS
From: Thorsten Alteholz <alteholz@debian.org>
Date: Fri, 30 May 2014 18:54:10 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1405301849170.22750@jupiter.server.alteholz.net>
In-reply-to: <[🔎] 20140527161150.GA4833@inutil.org>
References: <[🔎] 20140526121513.GC9275@x230-buxy.home.ouaza.com> <[🔎] 20140526132041.GA7833@inutil.org> <[🔎] 20140526190917.GB27641@x230-buxy.home.ouaza.com> <[🔎] 20140526205442.GA31757@x230-buxy.home.ouaza.com> <[🔎] 20140527161150.GA4833@inutil.org>



On Tue, 27 May 2014, Moritz Muehlenhoff wrote:

BTW, did you really mean 2014 (so that would be only a few months) or
did you rather mean 2013 (so that we have a full year of history to make it
more representative)?


The full 2013 would be even better, yes (but also involves more work)

So here is the list of DSAs affecting Squeeze for 2013 (235 DSAs and 183for Squeeze; in May Squeeze became oldstable).


  Thorsten




[31 Dec 2013] DSA-2831 puppet - insecure temporary files
[28 Dec 2013] DSA-2829 hplip - several vulnerabilities
[28 Dec 2013] DSA-2828 drupal6 - several vulnerabilities
[24 Dec 2013] DSA-2827 libcommons-fileupload-java - arbitrary file upload via deserialization
[22 Dec 2013] DSA-2826 denyhosts - remote denial of ssh service
[18 Dec 2013] DSA-2823 pixman - integer underflow
[18 Dec 2013] DSA-2822 xorg-server - integer underflow
[18 Dec 2013] DSA-2821 gnupg - side channel attack
[17 Dec 2013] DSA-2820 nspr - integer overflow
[14 Dec 2013] DSA-2817 libtar - Integer overflow
[12 Dec 2013] DSA-2816 php5 - several vulnerabilities
[09 Dec 2013] DSA-2814 varnish - denial of service
[09 Dec 2013] DSA-2813 gimp - several vulnerabilities
[09 Dec 2013] DSA-2812 samba - several vulnerabilities
[04 Dec 2013] DSA-2810 ruby1.9.1 - heap overflow
[04 Dec 2013] DSA-2809 ruby1.8 - several vulnerabilities
[03 Dec 2013] DSA-2808 openjpeg - several vulnerabilities
[30 Nov 2013] DSA-2807 links2 - integer overflow
[29 Nov 2013] DSA-2806 nbd - privilege escalation
[27 Nov 2013] DSA-2805 sup-mail - command injection
[26 Nov 2013] DSA-2803 quagga - several vulnerabilities
[21 Nov 2013] DSA-2802 nginx - restriction bypass
[25 Nov 2013] DSA-2800 nss - buffer overflow
[17 Nov 2013] DSA-2798 curl - unchecked ssl certificate host name
[13 Nov 2013] DSA-2796 torque - arbitrary code execution
[17 Nov 2013] DSA-2795 lighttpd - several vulnerabilities
[10 Nov 2013] DSA-2794 spip - several vulnerabilities
[04 Nov 2013] DSA-2792 wireshark - several vulnerabilities
[04 Nov 2013] DSA-2791 tryton-client - missing input sanitization
[02 Nov 2013] DSA-2790 nss - uninitialized memory read
[01 Nov 2013] DSA-2789 strongswan - Denial of service and authorization bypass
[27 Oct 2013] DSA-2786 icu - several vulnerabilities
[22 Oct 2013] DSA-2784 xorg-server - use-after-free
[21 Oct 2013] DSA-2783 librack-ruby - several vulnerabilities
[20 Oct 2013] DSA-2782 polarssl - several vulnerabilities
[18 Oct 2013] DSA-2781 python-crypto - PRNG not correctly reseeded in some situations
[18 Oct 2013] DSA-2780 mysql-5.1 - several vulnerabilities
[13 Oct 2013] DSA-2779 libxml2 - denial of service
[12 Oct 2013] DSA-2778 libapache2-mod-fcgid - heap-based buffer overflow
[11 Oct 2013] DSA-2776 drupal6 - several vulnerabilities
[10 Oct 2013] DSA-2775 ejabberd - insecure SSL usage
[10 Oct 2013] DSA-2774 gnupg2 - several vulnerabilities
[10 Oct 2013] DSA-2773 gnupg - several vulnerabilities
[09 Oct 2013] DSA-2771 nas - several vulnerabilities
[09 Oct 2013] DSA-2770 torque - authentication bypass
[29 Sep 2013] DSA-2767 proftpd-dfsg - denial of service
[27 Sep 2013] DSA-2766 linux-2.6 - privilege escalation/denial of service/information leak
[26 Sep 2013] DSA-2765 davfs2 - privilege escalation
[24 Sep 2013] DSA-2763 pyopenssl - hostname check bypassing
[18 Sep 2013] DSA-2760 chrony - several vulnerabilities
[17 Sep 2013] DSA-2758 python-django - denial of service
[14 Sep 2013] DSA-2757 wordpress - several vulnerabilities
[13 Sep 2013] DSA-2756 wireshark - several vulnerabilities
[11 Sep 2013] DSA-2755 python-django - directory traversal
[10 Sep 2013] DSA-2754 exactimage - denial of service
[13 Sep 2013] DSA-2753 mediawiki - information leak
[07 Sep 2013] DSA-2752 phpbb3 - permissions too wide
[04 Sep 2013] DSA-2751 libmodplug - several vulnerabilities
[02 Sep 2013] DSA-2749 asterisk - several vulnerabilities
[01 Sep 2013] DSA-2748 exactimage - denial of service
[31 Aug 2013] DSA-2747 cacti - several vulnerabilities
[27 Aug 2013] DSA-2744 tiff - several vulnerabilities
[26 Aug 2013] DSA-2742 php5 - interpretation conflict
[23 Aug 2013] DSA-2740 python-django - cross-site scripting vulnerability
[21 Aug 2013] DSA-2739 cacti - several vulnerabilities
[18 Aug 2013] DSA-2738 ruby1.9.1 - several vulnerabilities
[11 Aug 2013] DSA-2736 putty - several vulnerabilities
[05 Aug 2013] DSA-2734 wireshark - several vulnerabilities
[02 Aug 2013] DSA-2733 otrs2 - SQL injection
[29 Jul 2013] DSA-2731 libgcrypt11 - information leak
[29 Jul 2013] DSA-2730 gnupg - information leak
[28 Jul 2013] DSA-2729 openafs - several vulnerabilities
[27 Jul 2013] DSA-2728 bind9 - denial of service
[25 Jul 2013] DSA-2727 openjdk-6 - several vulnerabilities
[25 Jul 2013] DSA-2726 php-radius - buffer overflow
[18 Jul 2013] DSA-2725 tomcat6 - several vulnerabilities
[17 Jul 2013] DSA-2723 php5 - heap corruption
[10 Jul 2013] DSA-2719 poppler - several vulnerabilities
[01 Jul 2013] DSA-2718 wordpress - several vulnerabilities
[28 Jun 2013] DSA-2717 xml-security-c - heap overflow
[26 Jun 2013] DSA-2715 puppet - code execution
[24 Jun 2013] DSA-2713 curl - heap overflow
[19 Jun 2013] DSA-2711 haproxy - several vulnerabilities
[18 Jun 2013] DSA-2710 xml-security-c - several vulnerabilities
[16 Jun 2013] DSA-2708 fail2ban - denial of service
[09 Jun 2013] DSA-2703 subversion - several vulnerabilities
[03 Jun 2013] DSA-2702 telepathy-gabble - TLS verification bypass
[29 May 2013] DSA-2701 krb5 - denial of service
[18 Jun 2013] DSA-2698 tiff - buffer overflow
[26 May 2013] DSA-2694 spip - privilege escalation
[24 May 2013] DSA-2693 libx11 - several vulnerabilities
[23 May 2013] DSA-2692 libxxf86vm - several vulnerabilities
[23 May 2013] DSA-2691 libxinerama - several vulnerabilities
[23 May 2013] DSA-2690 libxxf86dga - several vulnerabilities
[23 May 2013] DSA-2689 libxtst - several vulnerabilities
[23 May 2013] DSA-2688 libxres - several vulnerabilities
[23 May 2013] DSA-2687 libfs - several vulnerabilities
[23 May 2013] DSA-2686 libxcb - several vulnerabilities
[23 May 2013] DSA-2685 libxp - several vulnerabilities
[23 May 2013] DSA-2684 libxrandr - several vulnerabilities
[23 May 2013] DSA-2683 libxi - several vulnerabilities
[23 May 2013] DSA-2682 libxext - several vulnerabilities
[23 May 2013] DSA-2681 libxcursor - several vulnerabilities
[23 May 2013] DSA-2680 libxt - several vulnerabilities
[23 May 2013] DSA-2679 xserver-xorg-video-openchrome - several vulnerabilities
[23 May 2013] DSA-2678 mesa - several vulnerabilities
[23 May 2013] DSA-2677 libxrender - several vulnerabilities
[23 May 2013] DSA-2676 libxfixes - several vulnerabilities
[24 May 2013] DSA-2675 libxvmc - several vulnerabilities
[23 May 2013] DSA-2674 libxv - several vulnerabilities
[23 May 2013] DSA-2673 libdmx - several vulnerabilities
[22 May 2013] DSA-2670 request-tracker3.8 - several vulnerabilities
[14 May 2013] DSA-2668 linux-2.6 - privilege escalation/denial of service/information leak
[12 May 2013] DSA-2666 xen - several vulnerabilities
--- below are fixes for squeeze as stable
[30 Apr 2013] DSA-2665 strongswan - authentication bypass
[02 May 2013] DSA-2664 stunnel4 - buffer overflow
[22 Apr 2013] DSA-2663 tinc - stack based buffer overflow
[18 Apr 2013] DSA-2662 xen - several vulnerabilities
[17 Apr 2013] DSA-2661 xorg-server - information disclosure
[20 Apr 2013] DSA-2660 curl - exposure of sensitive information
[09 Apr 2013] DSA-2659 libapache-mod-security - XML external entity processing vulnerability
[04 Apr 2013] DSA-2658 postgresql-9.1 - several vulnerabilities
[04 Apr 2013] DSA-2657 postgresql-8.4 - guessable random numbers
[30 Mar 2013] DSA-2656 bind9 - denial of service
[28 Mar 2013] DSA-2655 rails - several vulnerabilities
[03 Apr 2013] DSA-2654 libxslt - denial of service
[26 Mar 2013] DSA-2653 icinga - buffer overflow
[24 Mar 2013] DSA-2652 libxml2 - external entity expansion
[20 Mar 2013] DSA-2651 smokeping - cross-site scripting vulnerability
[17 Mar 2013] DSA-2650 libvirt - files and device nodes ownership change to kvm group
[15 Mar 2013] DSA-2649 lighttpd - fixed socket name in world-writable directory
[15 Mar 2013] DSA-2648 firebird2.5 - several vulnerabilities
[15 Mar 2013] DSA-2647 firebird2.1 - buffer overflow
[15 Mar 2013] DSA-2646 typo3-src - several vulnerabilities
[14 Mar 2013] DSA-2645 inetutils - denial of service
[14 Mar 2013] DSA-2644 wireshark - several vulnerabilities
[12 Mar 2013] DSA-2643 puppet - several vulnerabilities
[09 Mar 2013] DSA-2642 sudo - several issues
[20 Mar 2013] DSA-2641 perl - rehashing flaw
[14 Mar 2013] DSA-2640 zoneminder - several issues
[05 Mar 2013] DSA-2639 php5 - several vulnerabilities
[04 Mar 2013] DSA-2638 openafs - buffer overflow
[04 Mar 2013] DSA-2637 apache2 - several issues
[03 Mar 2013] DSA-2636 xen - several vulnerabilities
[01 Mar 2013] DSA-2635 cfingerd - buffer overflow
[27 Feb 2013] DSA-2634 python-django - several vulnerabilities
[26 Feb 2013] DSA-2633 fusionforge - privilege escalation
[25 Feb 2013] DSA-2632 linux-2.6 - privilege escalation/denial of service
[24 Feb 2013] DSA-2631 squid3 - denial of service
[20 Feb 2013] DSA-2630 postgresql-8.4 - programming error
[25 Feb 2013] DSA-2629 openjpeg - several issues
[18 Jun 2013] DSA-2628 nss-pam-ldapd - buffer overflow
[17 Feb 2013] DSA-2627 nginx - information leak
[17 Feb 2013] DSA-2626 lighttpd - several issues
[17 Feb 2013] DSA-2625 wireshark - several vulnerabilities
[16 Feb 2013] DSA-2624 ffmpeg - several vulnerabilities
[14 Feb 2013] DSA-2623 openconnect - buffer overflow
[13 Feb 2013] DSA-2622 polarssl - several vulnerabilities
[13 Feb 2013] DSA-2621 openssl - several vulnerabilities
[12 Feb 2013] DSA-2620 rails - several vulnerabilities
[10 Feb 2013] DSA-2619 xen-qemu-dm-4.0 - buffer overflow
[07 Feb 2013] DSA-2618 ircd-hybrid - denial of service
[02 Feb 2013] DSA-2617 samba - several issues
[03 Feb 2013] DSA-2616 nagios3 - buffer overflow in CGI scripts
[01 Feb 2013] DSA-2615 libupnp4 - several vulnerabilities
[01 Feb 2013] DSA-2614 libupnp - several vulnerabilities
[29 Jan 2013] DSA-2613 rails - insufficient input validation
[10 Feb 2013] DSA-2612 ircd-ratbox - programming error
[22 Jan 2013] DSA-2611 movabletype-opensource - several vulnerabilities
[21 Jan 2013] DSA-2610 ganglia - arbitrary script execution
[16 Jan 2013] DSA-2609 rails - SQL query manipulation
[15 Jan 2013] DSA-2608 qemu - buffer overflow
[15 Jan 2013] DSA-2607 qemu-kvm - buffer overflow
[13 Jan 2013] DSA-2606 proftpd-dfsg - symlink race
[19 Jan 2013] DSA-2605 asterisk - several issues
[09 Jan 2013] DSA-2604 rails - insufficient input validation
[09 Jan 2013] DSA-2603 emacs23 - programming error
[08 Jan 2013] DSA-2602 zendframework - XML external entity inclusion
[06 Jan 2013] DSA-2601 gnupg, gnupg2 - missing input sanitation
[06 Jan 2013] DSA-2600 cups - privilege escalation
[06 Jan 2013] DSA-2599 nss - mis-issued intermediates
[05 Jan 2013] DSA-2598 weechat - several vulnerabilities
[04 Jan 2013] DSA-2597 rails - input validation error

Reply to:

References:
- Debian contributors looking for paid work on Squeeze LTS
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: Debian contributors looking for paid work on Squeeze LTS
  - From: Moritz Muehlenhoff <jmm@debian.orginutil.org>
- Re: Debian contributors looking for paid work on Squeeze LTS
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: Debian contributors looking for paid work on Squeeze LTS
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: Debian contributors looking for paid work on Squeeze LTS
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: Draft of announcement for Debian LTS
Next by Date: Re: squeeze-lts section
Previous by thread: Re: Debian contributors looking for paid work on Squeeze LTS
Next by thread: Re: Debian contributors looking for paid work on Squeeze LTS
Index(es):
- Date
- Thread