[Secure-testing-commits] r14678 - in data: CVE DSA

Tue, 11 May 2010 15:34:01 -0700 

Author: gilbert-guest
Date: 2010-05-11 22:31:12 +0000 (Tue, 11 May 2010)
New Revision: 14678

Modified:
   data/CVE/list
   data/DSA/list
Log:
fix theora dsa; mark vlc/mplayer issues as fixed

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-05-11 21:14:36 UTC (rev 14677)
+++ data/CVE/list       2010-05-11 22:31:12 UTC (rev 14678)
@@ -11428,12 +11428,14 @@
 CVE-2008-6892 (SQL injection vulnerability in lire/index.php in Peel 3.1 
allows ...)
        NOT-FOR-US: Peel
 CVE-2009-XXXX [VLC: integer underflow in Real RTSP]
-       - vlc <unfixed>
-       - mplayer <unfixed>
+       - vlc 1.0.1-1
+       [lenny] - vlc 0.8.6.h-4+lenny2.3 
+       - mplayer <unfixed> (medium; bug #581245)
+       [lenny] - mplayer 1.0~rc2-17+lenny3.2
        - xine-lib <not-affected> (immune due to additional check in 
xio_rw_abbort())
-       TODO: File bugs
        NOTE: 
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca
        NOTE: 
http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
+       NOTE: DSA-2043 and DSA-2044
 CVE-2009-2655 (mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP 
SP3 ...)
        NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows 
remote ...)
@@ -23781,7 +23783,7 @@
 CVE-2008-4593 (Apple iPhone 2.1 with firmware 5F136, when Require Passcode is 
enabled ...)
        NOT-FOR-US: Apple iPhone 2.1 with firmware 5F136
 CVE-2007-6718 (MPlayer, possibly 1.0rc1, allows remote attackers to cause a 
denial of ...)
-       - mplayer <unfixed> (low; bug #407010)
+       - mplayer 1.0~rc3+svn20100502-1 (low; bug #407010)
        [lenny] - mplayer <no-dsa> (Some have been fixed in Lenny/libavcodec, 
some crashers left)
        NOTE: 
http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
 CVE-2008-4654 (Stack-based buffer overflow in the parse_master function in the 
Ty ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list       2010-05-11 21:14:36 UTC (rev 14677)
+++ data/DSA/list       2010-05-11 22:31:12 UTC (rev 14678)
@@ -1,5 +1,6 @@
 [11 May 2010] DSA-2045-1  - arbitrary code execution
        {CVE-2009-3389}
+       [lenny] - libtheora 1.0~beta3-1+lenny1
 [11 May 2010] DSA-2044-1 mplayer - arbitrary code execution
        [lenny] - mplayer 1.0~rc2-17+lenny3.2
 [11 May 2010] DSA-2043-1 vlc - arbitrary code execution


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to