[Secure-testing-commits] r16539 - data/CVE

Mon, 18 Apr 2011 07:43:37 -0700 

Author: jmm
Date: 2011-04-18 14:43:21 +0000 (Mon, 18 Apr 2011)
New Revision: 16539

Modified:
   data/CVE/list
Log:
- new libvirt issue
- kernel-sec sync
- three new ffmpeg issues as seen in USN, mdeslaur can you please commit public 
refs to
  advisories/upstream bug or anything similar to the security tracker


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2011-04-18 14:18:34 UTC (rev 16538)
+++ data/CVE/list       2011-04-18 14:43:21 UTC (rev 16539)
@@ -545,6 +545,9 @@
        TODO: check
 CVE-2011-1486
        RESERVED
+       - libvirt <unfixed> (low; bug #623222)
+       [squeeze] - libvirt <no-dsa> (Minor issue)
+       [lenny] - libvirt <no-dsa> (Minor issue)
 CVE-2011-1485
        RESERVED
 CVE-2011-1484
@@ -559,6 +562,9 @@
        RESERVED
 CVE-2011-1479
        RESERVED
+       - linux-2.6 <unfixed>
+       [lenny] - linux-2.6 <not-affected> (Only affected 2.6.37 and 2.6.38)
+       [squeeze] - linux-2.6 <not-affected> (Only affected 2.6.37 and 2.6.38)
 CVE-2011-1478
        RESERVED
        - linux-2.6 2.6.38-1
@@ -1887,7 +1893,7 @@
        [squeeze] - openldap <no-dsa> (Minor issue)
 CVE-2011-1023
        RESERVED
-       - linux-2.6 <unfixed>
+       - linux-2.6 2.6.38-1
        [squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.35)
        [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.35)
 CVE-2011-1022 (The cgre_receive_netlink_msg function in daemon/cgrulesengd.c 
in ...)
@@ -2723,8 +2729,14 @@
        NOTE: 
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001245.html
 CVE-2011-0723
        RESERVED
+       - libav <undetermined>
+       - ffmpeg <undetermined>
+       - ffmpeg-debian <removed>
 CVE-2011-0722
        RESERVED
+       - libav <undetermined>
+       - ffmpeg <undetermined>
+       - ffmpeg-debian <removed>
 CVE-2011-0721 (Multiple CRLF injection vulnerabilities in (1) chfn and (2) 
chsh in ...)
        {DSA-2164-1}
        - shadow 1:4.1.4.2+svn3283-3
@@ -3382,9 +3394,9 @@
        - chromium-browser <not-affected> (Chrome PDF plugin)
        - webkit <not-affected> (Chrome PDF plugin)
 CVE-2011-0480 (Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder 
in ...)
-       - ffmpeg <not-affected> (webm not yet supported; bug #610550)
+       - ffmpeg <not-affected> (webm not yet supported)
        - ffmpeg-debian <not-affected> (webm not supported yet)
-       TODO: recheck newer versions (see bug)
+       - libav 4:0.6.1-1 (bug #610550)
 CVE-2011-0479 (Google Chrome before 8.0.552.237 and Chrome OS before 
8.0.552.344 do ...)
        - chromium-browser 9.0.597.45~r70550-1
        [squeeze] - chromium-browser <not-affected>
@@ -6705,8 +6717,11 @@
        NOT-FOR-US: vTiger CRM
 CVE-2010-3909 (Incomplete blacklist vulnerability in config.template.php in 
vtiger ...)
        NOT-FOR-US: vtiger CRM
-CVE-2010-3908
+CVE-2010-3908 [ffmpeg/wmv issue]
        RESERVED
+       - libav <undetermined>
+       - ffmpeg <undetermined>
+       - ffmpeg-debian <removed>
 CVE-2010-3907 (Multiple integer overflows in real.c in the Real demuxer plugin 
in ...)
        - vlc 1.1.3-1squeeze1
        [lenny] - vlc <not-affected> (Vulnerable code not present)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to