On Mon, 31 Aug 2009 00:23:00 +0200 Nico Golde wrote: > Hi, > * Michael Gilbert <[email protected]> [2009-08-30 19:06]: > > Author: gilbert-guest > > Date: 2009-08-30 17:09:16 +0000 (Sun, 30 Aug 2009) > > New Revision: 12708 > > > > Modified: > > data/CVE/list > > Log: > > beginning of embedded code copies triage (5 down 395 to go) > > > > Modified: data/CVE/list > > =================================================================== > > --- data/CVE/list 2009-08-30 03:00:07 UTC (rev 12707) > > +++ data/CVE/list 2009-08-30 17:09:16 UTC (rev 12708) > > @@ -1286,6 +1286,7 @@ > > CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow > > ...) > > {DSA-1857-1} > > - camlimages 1:3.0.1-3 (medium; bug #540146) > > + - advi <not-affected> (affected code section not present in advi code > > copy of camlimages) > > CVE-2009-2657 (nilfs-utils before 2.0.14 installs multiple programs with > > unnecessary ...) > > - nilfs2-tools <not-affected> (dh_fixperms removes the setuid and > > setgid bits from all files) > > CVE-2009-2656 (Unspecified vulnerability in the com.android.phone process > > in Android ...) > > @@ -1303,6 +1304,8 @@ > > CVE-2009-XXXX [VLC: integer underflow in Real RTSP] > > - vlc 1.0.1-1 > > - mplayer <unfixed> > > + - xine-lib <unfixed> > > + NOTE: affected mplayer code copy present in xine-lib > > Did you only check if the code is present or also if it's > used?
yes, i only checked that the embedded code is present. after further review of the full disclosure posting, it is clear that xine-lib is not affected because it has additional an additional check. mike _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
