[Secure-testing-commits] r5808 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue May 8 21:59:21 UTC 2007


Author: jmm-guest
Date: 2007-05-08 21:59:17 +0000 (Tue, 08 May 2007)
New Revision: 5808

Modified:
   data/CVE/list
Log:
checked one old xine issue
minor tcc codegen issue fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-05-08 18:04:52 UTC (rev 5807)
+++ data/CVE/list	2007-05-08 21:59:17 UTC (rev 5808)
@@ -5557,7 +5557,8 @@
 CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of ...)
 	- vlc <unfixed> (unimportant; bug #407290)
 CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of ...)
-	- xine-ui <unfixed> (low)
+	NOTE: I've been looking into this, but I can't find a copy of the VLC code anywhere
+	NOTE: This appears to be a generic crash
 CVE-2007-0254 (Format string vulnerability in the errors_create_window function in ...)
 	- xine-ui 0.99.4+dfsg+cvs20061111-2 (low; bug #407369)
 CVE-2007-0253 (** DISPUTED ** ...)
@@ -20781,10 +20782,9 @@
 CVE-2006-0636 (desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the ...)
 	NOT-FOR-US: eyeOS
 CVE-2006-0635 (Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the ...)
-	- tcc 0.9.23-3 (bug #352202; low)
+	- tcc 0.9.24~cvs20070502-1 (bug #352202; low)
 	[sarge] - tcc <no-dsa> (Only incorrect code gen, hardly any production use)
-	NOTE: Proper protection against integer overflows still need to be done inside
-	NOTE: the application compiled with TCC, the version above documents the behaviour
+	[etch] - tcc <no-dsa> (Documented as insecure; only incorrect code gen, hardly any production use)
 CVE-2006-0634 (Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition ...)
 	NOT-FOR-US: Borland C++Builder
 CVE-2006-0633 (The make_password function in ipsclass.php in Invision Power Board ...)




More information about the Secure-testing-commits mailing list