[Secure-testing-commits] r10934 - data/CVE

thijs Mon, 12 Jan 2009 02:35:10 -0800

Author: thijs
Date: 2009-01-12 10:35:03 +0000 (Mon, 12 Jan 2009)
New Revision: 10934


Modified:
   data/CVE/list
Log:
xine uploads to sid and lenny fix all open issues :-)


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-01-12 09:14:09 UTC (rev 10933)
+++ data/CVE/list       2009-01-12 10:35:03 UTC (rev 10934)
@@ -1754,30 +1754,38 @@
        - mplayer 1.0~rc2-20 (bug #407010)
        NOTE: overlaps with CVE-2008-4610, same aac issue
 CVE-2008-5243 (The real_parse_headers function in demux_real.c in xine-lib 
1.1.12, ...)
-       - xine-lib <unfixed> (unimportant; bug #508716)
+       - xine-lib 1.1.16-1 (unimportant; bug #508716)
+       [lenny] - xine-lib 1.1.14-4
        NOTE: these are just invalid reads that result in segfaults, denial of 
service doesnt
        NOTE: apply here as xine reading a file is no service -> application bug
 CVE-2008-5242 (demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier 
versions, ...)
-       - xine-lib <unfixed> (medium; bug #507165; bug #498243)
+       - xine-lib 1.1.16-1 (medium; bug #507165; bug #498243)
+       [lenny] - xine-lib 1.1.14-4
 CVE-2008-5241 (Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 
1.1.15 ...)
-       - xine-lib <unfixed> (low; bug #509008)
+       - xine-lib 1.1.16-1 (low; bug #509008)
+       [lenny] - xine-lib 1.1.14-4
 CVE-2008-5240 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies 
on an ...)
-       - xine-lib <unfixed> (low; bug #509352)
+       - xine-lib 1.1.16-1 (low; bug #509352)
+       [lenny] - xine-lib 1.1.14-4
 CVE-2008-5239 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, does 
not ...)
-       - xine-lib <unfixed> (medium; bug #509353)
+       - xine-lib 1.1.16-1 (medium; bug #509353)
+       [lenny] - xine-lib 1.1.14-4
 CVE-2008-5238 (Integer overflow in the real_parse_mdpr function in 
demux_real.c in ...)
        - xine-lib 1.1.14-3 (low)
        NOTE: code execution shouldn't work here as if 0xff will be extended to 
0xffffffff
        NOTE: memcpy fails for copying from the complete addressable address 
space long before any code is executed
        NOTE: the malloc check for type_specific_data is missing, minor issue 
filed as #508065
 CVE-2008-5237 (Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 
and ...)
-       - xine-lib <unfixed> (bug #509265; low)
+       - xine-lib 1.1.16-1 (bug #509265; low)
+       [lenny] - xine-lib 1.1.14-4
 CVE-2008-5236 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and 
other ...)
-       - xine-lib <unfixed> (bug #509521)
+       - xine-lib 1.1.16-1 (bug #509521)
+       [lenny] - xine-lib 1.1.14-4
 CVE-2008-5235 (Heap-based buffer overflow in the demux_real_send_chunk 
function in ...)
        - xine-lib 1.1.14-3
 CVE-2008-5234 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and 
other ...)
-       - xine-lib <unfixed> (medium; bug #508313; bug #498243)
+       - xine-lib 1.1.16-1 (medium; bug #508313; bug #498243)
+       [lenny] - xine-lib 1.1.14-4
 CVE-2008-5233 (xine-lib 1.1.12, and other versions before 1.1.15, does not 
check for ...)
        - xine-lib 1.1.14-3 (low)
 CVE-2008-5232 (Buffer overflow in the CallHTMLHelp method in the Microsoft 
Windows ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r10934 - data/CVE

Reply via email to