[Secure-testing-commits] r8075 - in data: . CVE
stef-guest at alioth.debian.org
stef-guest at alioth.debian.org
Mon Feb 4 22:41:35 UTC 2008
Author: stef-guest
Date: 2008-02-04 22:41:34 +0000 (Mon, 04 Feb 2008)
New Revision: 8075
Modified:
data/CVE/list
data/embedded-code-copies
Log:
- new mplayer/xine-lib issues
- CVE-2006-4484 affects tk and netpbm
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-02-04 21:30:04 UTC (rev 8074)
+++ data/CVE/list 2008-02-04 22:41:34 UTC (rev 8075)
@@ -34,10 +34,15 @@
NOT-FOR-US: VB Marketing
CVE-2008-0487 (Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect ...)
NOT-FOR-US: ASPired2Protect
-CVE-2008-0486
+CVE-2008-0486 [MPlayer and Xine Buffer overflow in libmpdemux/flac]
RESERVED
-CVE-2008-0485
+ - mplayer <unfixed> (bug #464060)
+ - xine-lib <unfixed>
+ TODO: check embedded code in other packages
+CVE-2008-0485 [MPlayer arbitrary code execution in libmpdemux/mov]
RESERVED
+ - mplayer <unfixed> (bug #464060)
+ TODO: check embedded code in other packages
CVE-2008-0484
RESERVED
CVE-2008-0483
@@ -24012,6 +24017,10 @@
CVE-2006-4484 (Buffer overflow in the LWZReadByte_ function in ...)
- libgd2 2.0.33-5.1 (medium; bug #384838)
- xloadimage <unfixed> (unimportant; bug #384841)
+ - tk8.5 8.5.0-3
+ - tk8.4 8.4.17-2
+ - tk8.3 8.3.5-12
+ - netpbm <unfixed> (bug #464056)
NOTE: xloadimage is a crasher only, not a security problem
CVE-2006-4483 (The cURL extension files (1) ext/curl/interface.c and (2) ...)
- php5 5.1.6-1 (unimportant)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2008-02-04 21:30:04 UTC (rev 8074)
+++ data/embedded-code-copies 2008-02-04 22:41:34 UTC (rev 8075)
@@ -419,3 +419,9 @@
xine-lib
- vlc <unfixed> (embed)
NOTE: only parts included in modules/access/rtsp
+
+netpbm
+ - tcl8.3 <unfixed> (embed)
+ - tcl8.4 <unfixed> (embed)
+ - tcl8.5 <unfixed> (embed)
+ NOTE: generic/tkImgGIF.c
More information about the Secure-testing-commits
mailing list