[Secure-testing-commits] r10695 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Sun Dec 14 16:29:13 UTC 2008
Author: nion
Date: 2008-12-14 16:29:13 +0000 (Sun, 14 Dec 2008)
New Revision: 10695
Modified:
data/CVE/list
Log:
CVE-2008-5247 unfixed but unimportant (xine)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-12-14 16:12:13 UTC (rev 10694)
+++ data/CVE/list 2008-12-14 16:29:13 UTC (rev 10695)
@@ -519,7 +519,10 @@
CVE-2008-5248 (xine-lib before 1.1.15 allows remote attackers to cause a denial of ...)
- xine-lib 1.1.14-3 (low)
CVE-2008-5247 (The real_parse_audio_specific_data function in demux_real.c in ...)
- TODO: check
+ - xine-lib <unfixed> (unimportant; bug #508715)
+ NOTE: a devide by 0 because of a crafted media file is hardly a security issue,
+ NOTE: the integer overflows covered by the ocert advisory in the same code snippet
+ NOTE: got an own identifier
CVE-2008-5246 (Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow ...)
- xine-lib <unfixed> (low; bug #507184; bug #498243)
CVE-2008-5245 (xine-lib before 1.1.15 performs V4L video frame preallocation before ...)
More information about the Secure-testing-commits
mailing list