[Secure-testing-commits] r8505 - data/CVE

Thu Apr 10 09:14:29 UTC 2008

Author: joeyh
Date: 2008-04-10 09:14:27 +0000 (Thu, 10 Apr 2008)
New Revision: 8505

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2008-04-09 21:37:13 UTC (rev 8504)
+++ data/CVE/list	2008-04-10 09:14:27 UTC (rev 8505)
@@ -141,6 +141,7 @@
 CVE-2008-1638 (Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for ...)
 	NOT-FOR-US: Nik Sharpener Pro
 CVE-2008-1637 (PowerDNS Recursor before 3.1.5 uses insufficient randomness to ...)
+	{DSA-1544-1}
 	- pdns-recursor 3.1.5-1
 CVE-2008-1636 (Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick ...)
 	NOT-FOR-US: JV2 Quick Gallery
@@ -470,7 +471,7 @@
 CVE-2008-1490 (Buffer overflow in a certain Aurigma ActiveX control in ...)
 	NOT-FOR-US: ImageUploader4
 CVE-2008-1489 (Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC ...)
-	{DTSA-119-1}
+	{DSA-1543-1 DTSA-119-1}
 	- vlc 0.8.6.e-1.1 (medium; bug #472635)
 CVE-2008-1488 (Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) ...)
 	- php5-apc <itp> (bug #335404)
@@ -1661,7 +1662,7 @@
 	- mysql-dfsg-4.1 <removed>
 	- mysql-dfsg-5.0 5.0.32-1
 CVE-2008-0984 (The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as ...)
-	{DTSA-116-1}
+	{DSA-1543-1 DTSA-116-1}
 	- vlc 0.8.6.e-1 (medium; bug #467652)
 CVE-2008-6426
 	REJECTED
@@ -3213,10 +3214,10 @@
 CVE-2008-0297 (PhotoKorn allows remote attackers to obtain database credentials via a ...)
 	NOT-FOR-US: PhotoKorn
 CVE-2008-0296 (Heap-based buffer overflow in the libaccess_realrtsp plugin in ...)
-	{DTSA-111-1}
+	{DSA-1543-1 DTSA-111-1}
 	- vlc 0.8.6.c-6 (bug #461544; medium)
 CVE-2008-0295 (Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in ...)
-	{DTSA-111-1}
+	{DSA-1543-1 DTSA-111-1}
 	- vlc 0.8.6.c-6 (bug #461544; medium)
 	NOTE: this does not affect xine-lib itself, its just vlc that ships a really old version of it
 CVE-2008-0294 (Unspecified vulnerability in the seat-locking implementation in ...)
@@ -3787,7 +3788,7 @@
 CVE-2008-0074 (Unspecified vulnerability in Microsoft Internet Information Services ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-0073 (Array index error in the sdpplin_parse function in ...)
-	{DSA-1536-1 DTSA-119-1 DTSA-121-1}
+	{DSA-1543-1 DSA-1536-1 DTSA-119-1 DTSA-121-1}
 	- xine-lib 1.1.11-1 (medium)
 	- vlc 0.8.6.e-2 (medium; bug #473057)
 	NOTE: http://bugs.xine-project.org/show_bug.cgi?id=58
@@ -4113,14 +4114,17 @@
 	{DSA-1467-1}
 	- mantis 1.0.8-4 (low; bug #458377)
 CVE-2007-6683 (The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to ...)
+	{DSA-1543-1}
 	- vlc 0.8.6.c-4.1 (medium; bug #458318)
 	[lenny] - vlc 0.8.6.c-4.1~lenny1
 	NOTE: see https://trac.videolan.org/vlc/ticket/1371
 CVE-2007-6682 (Format string vulnerability in the httpd_FileCallBack function ...)
+	{DSA-1543-1}
 	- vlc 0.8.6.c-4.1 (medium; bug #458318)
 	[lenny] - vlc 0.8.6.c-4.1~lenny1
 	NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
 CVE-2007-6681 (Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN ...)
+	{DSA-1543-1}
 	- vlc 0.8.6.c-4.1 (low; bug #458318)
 	[lenny] - vlc 0.8.6.c-4.1~lenny1
 	NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
@@ -7406,7 +7410,7 @@
 CVE-2007-5504 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and ...)
 	NOT-FOR-US: Oracle
 CVE-2007-5503 (Multiple integer overflows in Cairo before 1.4.12 might allow remote ...)
-	{DTSA-96-1}
+	{DSA-1542-1 DTSA-96-1}
 	- libcairo 1.4.10-1.1 (medium; bug #453686)
 CVE-2007-5502 (The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does ...)
 	NOT-FOR-US: OpenSSL Fips object module


