Hi, * Michael S Gilbert <[email protected]> [2009-08-31 02:29]: > On Mon, 31 Aug 2009 00:23:00 +0200 Nico Golde wrote: > > > * Michael Gilbert <[email protected]> [2009-08-30 19:06]: > > > Author: gilbert-guest > > > Date: 2009-08-30 17:09:16 +0000 (Sun, 30 Aug 2009) > > > New Revision: 12708 > > > > > > Modified: > > > data/CVE/list > > > Log: > > > beginning of embedded code copies triage (5 down 395 to go) > > > > > > Modified: data/CVE/list > > > =================================================================== > > > --- data/CVE/list 2009-08-30 03:00:07 UTC (rev 12707) > > > +++ data/CVE/list 2009-08-30 17:09:16 UTC (rev 12708) > > > @@ -1286,6 +1286,7 @@ > > > CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow > > > ...) > > > {DSA-1857-1} > > > - camlimages 1:3.0.1-3 (medium; bug #540146) > > > + - advi <not-affected> (affected code section not present in advi code > > > copy of camlimages) > > > CVE-2009-2657 (nilfs-utils before 2.0.14 installs multiple programs with > > > unnecessary ...) > > > - nilfs2-tools <not-affected> (dh_fixperms removes the setuid and > > > setgid bits from all files) > > > CVE-2009-2656 (Unspecified vulnerability in the com.android.phone > > > process in Android ...) > > > @@ -1303,6 +1304,8 @@ > > > CVE-2009-XXXX [VLC: integer underflow in Real RTSP] > > > - vlc 1.0.1-1 > > > - mplayer <unfixed> > > > + - xine-lib <unfixed> > > > + NOTE: affected mplayer code copy present in xine-lib > > > > Did you only check if the code is present or also if it's > > used? > > yes, i only checked that the embedded code is present. after further > review of the full disclosure posting, it is clear that xine-lib is not > affected because it has additional an additional check.
I wasn't talking about this issue in specific, just noticed it in this commit. If you didn't do that yet please do so to avoid lots of false-positives and someone needs to do the work anyway. Cheers Nico -- Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
pgpUjogeGMbsd.pgp
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
