CVEs related to bugs in Launchpad itself

Open bugs

Bug	CVE(s)
Bug #605026: edge.launchpad.net : server does not support RFC 5746, see CVE-2009-3555	CVE-2009-3555
Launchpad itself	New (unassigned)
Bug #651128: Email bug submission fails due to erroneous bad signature detection	CVE-2010-3362
Launchpad itself	New (unassigned)
Bug #1473092: Move all subdomains of launchpad.net to HTTPS	CVE-2016-1252 CVE-2019-3462
Launchpad itself	Triaged (unassigned)

Resolved bugs

Bug	CVE(s)
Bug #134477: With Gutsy - Nikon cameras need support in unusual_devs.h	CVE-2007-4571 CVE-2007-4573
Launchpad itself	Invalid (unassigned)
Bug #532445: Arbitrary diff application hole in upload processor	CVE-2010-0396
Launchpad itself	Invalid (unassigned)
Bug #566467: potentially vulnerable to cve-2009-3555	CVE-2009-3555
Launchpad itself	Won't fix, assigned to Robert Collins
Bug #670678: libc translations not imported from upstream	CVE-2010-3847 CVE-2010-3856
Launchpad itself	Invalid (unassigned)
Bug #740142: persistent xss vector in (unescaped) filenames in revision views	CVE-2011-0728
Launchpad itself	Fix released, assigned to William Grant
Bug #741527: XSS issue in lists.launchpad.net	CVE-2010-4524
Launchpad itself	Fix released (unassigned)
Bug #1255120: Support listing HTTPS archive mirrors	CVE-2016-1252 CVE-2019-3462
Launchpad itself	Fix released, assigned to Thiago F. Pappacena
Bug #1473091: default PPAs to HTTPS	CVE-2016-1252 CVE-2019-3462
Launchpad itself	Fix released, assigned to Colin Watson
Bug #1696154: [18.04 FEAT] Sign POWER host/NV kernels	CVE-2017-5715 CVE-2017-5753 CVE-2017-5754
Launchpad itself	Fix released, assigned to Andy Whitcroft
Bug #1750473: Can't link to CVE number in the form of YYYY-NNNNN	CVE-2017-18191
Launchpad itself	Invalid (unassigned)
Bug #1831942: u-boot Flat Image Tree (FIT) signing support	CVE-2020-8432
Launchpad itself	Fix released, assigned to Andy Whitcroft