[Secure-testing-commits] r11816 - data/CVE

Wed, 06 May 2009 08:09:04 -0700 

Author: derevko-guest
Date: 2009-05-06 15:04:45 +0000 (Wed, 06 May 2009)
New Revision: 11816

Modified:
   data/CVE/list
Log:
CVE-2009-1513: cve id assigned to libmodplug
CVE-2009-1438: gst-plugins-bad0.10 is vulnerable only in stable and oldstable


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-05-06 14:23:26 UTC (rev 11815)
+++ data/CVE/list       2009-05-06 15:04:45 UTC (rev 11816)
@@ -5,7 +5,10 @@
        NOTE: http://hg.moinmo.in/moin/1.8/rev/269a1fbc3ed7
        NOTE: CVE id requested
 CVE-2009-1513 (Buffer overflow in the PATinst function in src/load_pat.cpp in 
...)
-       TODO: check
+       - libmodplug <unfixed> (medium; bug #526084)
+       - gst-plugins-bad0.10 <not-affected> (Vulnerable code not present; bug 
#527077)
+       [etch] - libmodplug <not-affected> (Vulnerable code not present)
+       NOTE: gst-plugins-bad0.10 in testing and unstable builds against an 
external libmodplug.
 CVE-2009-XXXX [unsafe temp file in coccinelle]
        - coccinelle 0.1.7.deb-3 (low)
        [lenny] - coccinelle <no-dsa> (Minor issue)
@@ -34,12 +37,6 @@
        [etch] - xorg-server <no-dsa> (minor issue)
        [lenny] - xorg-server <no-dsa> (minor issue)
        NOTE: CVE id requested
-CVE-2009-XXXX [libmodplug buffer overflow in PAT sampler]
-       - libmodplug <unfixed> (medium; bug #526084)
-       - gst-plugins-bad0.10 <not-affected> (Vulnerable code not present; bug 
#527077)
-       [etch] - libmodplug <not-affected> (Vulnerable code not present)
-       NOTE: CVE id requested on oss-sec
-       NOTE: gst-plugins-bad0.10 in testing and unstable builds against an 
external libmodplug.
 CVE-2009-XXXX [clamav milter init script "typo"]
        - clamav <not-affected> (Vulnerable code not present)
        NOTE: from what I see this code was never uploaded to the debian archive
@@ -277,7 +274,9 @@
        - linux-2.6.24 <removed>
 CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...)
        - libmodplug <unfixed> (low; bug #526657; bug #527076)
-       - gst-plugins-bad0.10 <unfixed> (low; bug #527075)
+       - gst-plugins-bad0.10 <not-affected> (it builds against an external 
libmodplug; bug #527075)
+       [etch] - gst-plugins-bad0.10 <unfixed> (low; bug #527075)
+       [lenny] - gst-plugins-bad0.10 <unfixed> (low; bug #527075)
 CVE-2009-1437 (Stack-based buffer overflow in PortableApps CoolPlayer Portable 
(aka ...)
        NOT-FOR-US: CoolPlayer
 CVE-2009-1436 (The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to