Bug#619216: mutt: please build with openssl instead of gnutls

Package: mutt Version: 1.5.20-9+squeeze1 Severity: grave Tags: security Justification: user security hole The gnutls implementation of ssl found in mutt, in mutt_ssl_gnutls.c, appears to not validate the common name of a remote server correctly. The openssl implementation found in mutt_ssl.c

Bug#617998: python-feedparser: please update feedparser, it hasn't been updated in a _long_ time

Package: python-feedparser Version: 4.1-14 Severity: grave Tags: security Justification: user security hole Please update the version of python-feedparser found in debian to something recent: The following bugs will then be fixed: 1. Issue 195: XSS vulnerability in feedparser

Bug#611800: isc-dhcp-server is really slow and windows 7 cannot get a lease

Package: isc-dhcp-server Severity: critical My windows 7 vm timesout when trying to get a dhcp lease from isc-dhcp-server. I am using isc-dhcp-server from debian squeeze. -- System Information: Debian Release: 6.0 APT prefers testing APT policy: (500, 'testing'), (500, 'stable')

Bug#607988: python2.6: the latest update is totally broken and can't byte compile *modules*

Package: python2.6 Version: 2.6.6-6 Severity: critical The latest update is totally broken and can't byte compile *modules* (squeeze). -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel:

Bug#603594: epiphany-browser: doesn't perform any ssl certificate checking (in the squeeze version)

Package: epiphany-browser Severity: grave Tags: security Justification: user security hole epiphany-browser as found in squeeze does not check remote ssl certificate validity for https connections. Here is a test url: (WHICH SHOULD FAIL)

Bug#603450: offlineimap: fails check the remote servers ssl certificate is valid

Package: offlineimap Severity: grave Tags: security Justification: user security hole offlineimap performs absolutely no ssl certificate checking. So users could/can be the victim of a man in the middle attack. In debian the following bugs exist:

Bug#598463: python-libcloud: libcloud https connections are not secured against mitm attacks

Package: python-libcloud Severity: grave Tags: security Justification: user security hole libcloud fails to perform ssl validation on https connections. This means that users of this module, who which perform api requests using https urls / connections are at risk to mitm attacks. See

Bug#543171: pidgin: CVE IN PIDGIN 2.5.9

Package: pidgin Version: 2.6.1-1 Severity: grave Tags: security Justification: user security hole PIDGIN 2.5.9 has a CVE filled in it - http://www.pidgin.im/news/security/?id=34 -- System Information: Debian Release: 5.0.2 APT prefers stable APT policy: (500, 'stable') Architecture: i386

Bug#543170: pidgin prior to 2.5.9 HAS SECURITY ISSUE CVE-2009-2694

Package: pidgin Version: pidgin prior to 2.5.9 HAS SECURITY ISSUE CVE-2009-2694 Severity: critical Tags: security Justification: root security hole pidgin prior to 2.5.9 HAS SECURITY ISSUE CVE-2009-2694 http://www.pidgin.im/news/security/?id=34 -- System Information: Debian Release: 5.0.2

Bug#348306: /etc/knowledgetree/environment.php (which contains passwords) world-readable

Package: knowledgetree Version: 2.0.7-1 Severity: critical Hey, /etc/knowledgetree/environment.php is world-readable by default. It is supposed to contain (amongst other things) the username and password for the KnowledgeTree database. Cc:'d to [EMAIL PROTECTED] just in case they care (the