[Secure-testing-commits] r4764 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Mon Sep 25 18:19:54 UTC 2006
Author: stef-guest
Date: 2006-09-25 18:19:51 +0000 (Mon, 25 Sep 2006)
New Revision: 4764
Modified:
data/CVE/list
Log:
- CVE-2006-4799, -4800: Already fixed in some packages,
other packages embedding ffmpeg code still need to be checked.
- libmodplug fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-25 09:14:29 UTC (rev 4763)
+++ data/CVE/list 2006-09-25 18:19:51 UTC (rev 4764)
@@ -363,9 +363,13 @@
CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and ...)
NOT-FOR-US: Roxio Toast
CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before ...)
- TODO: check
+ - ffmpeg 0.cvs20060329-1
+ NOTE: fixed in sid+etch according to jmm
+ TODO: check other packages embedding ffmpeg code
CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow ...)
- TODO: check
+ - xine-lib 1.1.2-1
+ NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg
+ TODO: check ffmpeg
CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string, which ...)
- sql-ledger 2.4.5-1
CVE-2006-4797 (Cross-site scripting (XSS) vulnerability in tag.php in CloudNine ...)
@@ -1755,7 +1759,7 @@
CVE-2006-4193 (Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows ...)
NOT-FOR-US: MS IE
CVE-2006-4192 (Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and ...)
- - libmodplug <unfixed> (medium; bug #383574)
+ - libmodplug 1:0.7-5.2 (medium; bug #383574)
CVE-2006-4191 (Directory traversal vulnerability in memcp.php in XMB (Extreme Message ...)
NOT-FOR-US: XMB
CVE-2006-4190 (Directory traversal vulnerability in autohtml.php in the AutoHTML ...)
More information about the Secure-testing-commits
mailing list