[Secure-testing-commits] r10657 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Mon Dec 8 09:05:55 UTC 2008


Author: nion
Date: 2008-12-08 09:05:54 +0000 (Mon, 08 Dec 2008)
New Revision: 10657

Modified:
   data/CVE/list
Log:
CVE-2008-5245 fixed in xine-lib 1.1.14-3
CVE-2008-5028 fixed in nagios3 3.0.6-1


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-12-07 21:14:11 UTC (rev 10656)
+++ data/CVE/list	2008-12-08 09:05:54 UTC (rev 10657)
@@ -258,7 +258,7 @@
 CVE-2008-5246 (Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow ...)
 	- xine-lib <unfixed> (low; bug #507184; bug #498243)
 CVE-2008-5245 (xine-lib before 1.1.15 performs V4L video frame preallocation before ...)
-	TODO: check
+	- xine-lib 1.1.14-3 (low)
 CVE-2008-5244 (Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact ...)
 	- xine-lib 1.1.14-3
 	- faad2 2.6.1-1
@@ -963,7 +963,7 @@
 	NOTE: the nagios process shouldnt have rights to execute important commands and non-trusted
 	NOTE: users shouldn't have access to nagios anyway
 CVE-2008-5028 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) ...)
-	- nagios3 <unfixed> (low; bug #504894)
+	- nagios3 3.0.6-1 (low; bug #504894)
 	[etch] - nagios2 <no-dsa> (CSRF can only cause DoS and needs admin's browser)
 CVE-2008-4917
 	RESERVED




More information about the Secure-testing-commits mailing list