[Secure-testing-commits] r5617 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2007-04-03 21:47:23 +0000 (Tue, 03 Apr 2007)
New Revision: 5617

Modified:
   data/CVE/list
   data/mopb.txt
Log:
update on MOPB issue
xine-lib no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-04-03 21:41:32 UTC (rev 5616)
+++ data/CVE/list	2007-04-03 21:47:23 UTC (rev 5617)
@@ -1028,8 +1028,10 @@
 CVE-2007-1388 (The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux ...)
 	- linux-2.6 2.6.18.dfsg.1-12
 CVE-2007-1387 (The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer ...)
-	- mplayer 1.0~rc1-13 (bug #414075; medium)
-	- xine-lib 1.1.2+dfsg-3 (bug #414072; medium)
+	- mplayer 1.0~rc1-13 (bug #414075; low)
+	- xine-lib 1.1.2+dfsg-3 (bug #414072; low)
+	[etch] - mplayer 1.0~rc1-12etch
+	[sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons)
 CVE-2007-1386
 	RESERVED
 CVE-2007-1385 (chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to ...)
@@ -1449,6 +1451,7 @@
 	- mplayer 1.0~rc1-13 (bug #414075; medium)
 	- xine-lib 1.1.2+dfsg-3 (bug #414072; medium)
 	[etch] - mplayer 1.0~rc1-12etch
+	[sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons)
 	NOTE: vlc checked, and is not affected.
 CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of service ...)
 	NOT-FOR-US: IrfanView

Modified: data/mopb.txt
===================================================================
--- data/mopb.txt	2007-04-03 21:41:32 UTC (rev 5616)
+++ data/mopb.txt	2007-04-03 21:47:23 UTC (rev 5617)
@@ -17,7 +17,8 @@
 TODO
 
 38  PHP printf() Family 64 Bit Casting Vulnerabilities
-TODO
+TODO, this smells like it can only be triggerable through malicious script, but please
+double-check someone
 
 37  PHP iptcembed() Interruption Information Leak Vulnerability
 N/A Only triggerable by malicious script