Author: jmm-guest
Date: 2010-06-04 21:27:03 +0000 (Fri, 04 Jun 2010)
New Revision: 14800

Modified:
   data/CVE/list
   data/DSA/list
Log:
mplayer/vlc CVEfied
bugnums



Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-06-04 21:14:47 UTC (rev 14799)
+++ data/CVE/list       2010-06-04 21:27:03 UTC (rev 14800)
@@ -222,8 +222,16 @@
        RESERVED
 CVE-2010-2063
        RESERVED
-CVE-2010-2062
+CVE-2010-2062 [VLC: integer underflow in Real RTSP]
        RESERVED
+       - vlc 1.0.1-1
+       [lenny] - vlc 0.8.6.h-4+lenny2.3 
+       - mplayer 2:1.0~rc3+svn20100502-3 (medium; bug #581245)
+       [lenny] - mplayer 1.0~rc2-17+lenny3.2
+       - xine-lib <not-affected> (immune due to additional check in 
xio_rw_abbort())
+       NOTE: 
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca
+       NOTE: 
http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
+       NOTE: DSA-2043 and DSA-2044
 CVE-2010-2061
        RESERVED
 CVE-2010-2060
@@ -2659,7 +2667,7 @@
 CVE-2009-4739 (PHP remote file inclusion vulnerability in index.php in SkaDate 
Dating ...)
        NOT-FOR-US: SkaDate Dating
 CVE-2010-XXXX [freeciv lua]
-       - freeciv <unfixed> (low)
+       - freeciv <unfixed> (low; bug #584589)
        [lenny] - freeciv <no-dsa> (Minor issue)
        NOTE: http://gna.org/bugs/?15624
 CVE-2010-XXXX [Rbot Owner Reaction Command Execution]
@@ -4856,7 +4864,7 @@
        [lenny] - bozohttpd <no-dsa> (Minor issue)
        [etch] - bozohttpd <no-dsa> (Minor issue)
 CVE-2010-XXXX [maradns null pointer dereference]
-       - maradns <unfixed> (low)
+       - maradns <unfixed> (low; bug #584587)
        [lenny] - maradns <no-dsa> (minor issue)
        [etch] - maradns <not-affected> (vulnerable code introduced in 1.3.03)
        NOTE: http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
@@ -4869,7 +4877,7 @@
        NOTE: http://lists.debian.org/debian-release/2010/01/msg00181.html
 CVE-2010-XXXX [sudosh3: many security weaknesses]
        - sudosh3 <unfixed> (high; bug #566142)
-       NOTE: package is likely to be removed
+       NOTE: Removal requested
 CVE-2010-XXXX [phpbb: many issues]
        - phpbb3 3.0.7-PL1-1
        - phpbb2 <removed>

Modified: data/DSA/list
===================================================================
--- data/DSA/list       2010-06-04 21:14:47 UTC (rev 14799)
+++ data/DSA/list       2010-06-04 21:27:03 UTC (rev 14800)
@@ -29,8 +29,10 @@
        {CVE-2009-3389}
        [lenny] - libtheora 1.0~beta3-1+lenny1
 [11 May 2010] DSA-2044-1 mplayer - arbitrary code execution
+       {CVE-2010-2062}
        [lenny] - mplayer 1.0~rc2-17+lenny3.2
 [11 May 2010] DSA-2043-1 vlc - arbitrary code execution
+       {CVE-2010-2062}
        [lenny] - vlc 0.8.6.h-4+lenny2.3
 [05 May 2010] DSA-2042-1 iscsitarget - arbitrary code execution
        {CVE-2010-0743}


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to