[Secure-testing-commits] r20622 - data/CVE

Thu, 06 Dec 2012 23:22:03 -0800 

Author: jmm
Date: 2012-12-07 07:21:53 +0000 (Fri, 07 Dec 2012)
New Revision: 20622

Modified:
   data/CVE/list
Log:
mesa fixed
vlc tpued for wheezy, no-dsa for squeeze
libarchive fixed in wheezy


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2012-12-06 21:14:20 UTC (rev 20621)
+++ data/CVE/list       2012-12-07 07:21:53 UTC (rev 20622)
@@ -1699,6 +1699,8 @@
        [squeeze] - moodle <not-affected> (Doesn't affect 1.9)
 CVE-2012-5470 (libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote 
...)
        - vlc 2.0.4-1 (bug #692130)
+       [wheezy] - vlc 2.0.3-4
+       [squeeze] - vlc <no-dsa> (Minor issue)
 CVE-2012-5469
        RESERVED
 CVE-2012-5468
@@ -2455,7 +2457,7 @@
 CVE-2012-5130 (Skia, as used in Google Chrome before 23.0.1271.91, allows 
remote ...)
        - chromium-browser <unfixed>
 CVE-2012-5129 (Heap-based buffer overflow in the WebGL subsystem in Google 
Chrome OS ...)
-       - mesa <unfixed> (bug #695248)
+       - mesa 8.0.5-3 (bug #695248)
        [squeeze] - mesa <not-affected> (Vulnerable code not present)
 CVE-2012-5128 (Google V8 before 3.13.7.5, as used in Google Chrome before ...)
        - libv8 <unfixed> (bug #694808)
@@ -25069,8 +25071,10 @@
        RESERVED
        - linux-2.6 <not-affected> (Only affected the old Xen kernel patch from 
2.6.18/2.6.26)
 CVE-2011-1779 (Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 
2.8.5 ...)
-       - libarchive <unfixed> (bug #669197)
+       - libarchive 3.0.4-2 (bug #669197)
        [squeeze] - libarchive <not-affected> (vulnerable code not present in 
2.x series)
+       NOTE: 
http://code.google.com/p/libarchive/source/detail?r=0736e0890a8fce59e96d57340405c56f084407e7
+       NOTE: Might be fixed earlier than 3.0.4-2, but was tested against the 
Wheezy version
 CVE-2011-1778 (Buffer overflow in libarchive through 2.8.5 allows remote 
attackers to ...)
        {DSA-2413-1}
        - libarchive 2.8.5-5 (bug #651844)
@@ -29470,8 +29474,10 @@
 CVE-2010-4667 (Cross-site scripting (XSS) vulnerability in Coppermine Photo 
Gallery ...)
        NOT-FOR-US: Coppermine Photo Gallery
 CVE-2010-4666 (Buffer overflow in libarchive 3.0 pre-release code allows 
remote ...)
-       - libarchive <unfixed> (bug #669197)
+       - libarchive 3.0.4-2 (bug #669197)
        [squeeze] - libarchive <not-affected> (no cab support prior to 3.0)
+       NOTE: 
http://code.google.com/p/libarchive/source/detail?r=488ef3fb28c416285ebe4c00266268db7330466b
+       NOTE: Might be fixed earlier than 3.0.4-2, but was tested against the 
Wheezy version
 CVE-2010-4665 (Integer overflow in the ReadDirectory function in tiffdump.c in 
...)
        {DSA-2552-1}
        - tiff3 3.9.5


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to