Author: jmm-guest
Date: 2010-01-07 22:53:06 +0000 (Thu, 07 Jan 2010)
New Revision: 13757

Modified:
   data/CVE/list
Log:
* arts/ltdl not affected
* ffmpeg fixed in experimental


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-01-07 21:35:07 UTC (rev 13756)
+++ data/CVE/list       2010-01-07 22:53:06 UTC (rev 13757)
@@ -2535,9 +2535,7 @@
 CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 
2.2.6b, ...)
        {DSA-1958-1}
        - libtool 2.2.6b-1 (low; bug #559797)
-       - arts <unfixed> (low; bug #559798)
-       [lenny] - arts <no-dsa> (Minor issue)
-       [etch] - arts <no-dsa> (Minor issue)
+       - arts <not-affected> (Uses absolute path to the sound backend)
        - bochs <not-affected> (additional hardening in this package prevents 
this type of attack; bug #559799)
        - camserv <unfixed> (low; bug #559800)
        [lenny] - camserv <no-dsa> (Minor issue)
@@ -3528,9 +3526,10 @@
 CVE-2009-3447 (Unrestricted file upload vulnerability in RADactive I-Load 
before ...)
        NOT-FOR-US: RADactive I-Load
 CVE-2009-XXXX [ffmpeg missing input sanitization/crashes]
-       - ffmpeg <unfixed> (medium; bug #550442)
+       - ffmpeg  (medium; bug #550442)
        - xmovie <removed> (medium)
        - ffmpeg-debian <removed> (medium)
+       NOTE: Fixed in experimental in 4:0.5+svn20090706-3
        NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240
        NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245
 CVE-2009-XXXX [xen-tools: world readable disk image files]


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to