[Secure-testing-commits] r8075 - in data: . CVE

Mon Feb 4 22:41:35 UTC 2008

Author: stef-guest
Date: 2008-02-04 22:41:34 +0000 (Mon, 04 Feb 2008)
New Revision: 8075

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
- new mplayer/xine-lib issues
- CVE-2006-4484 affects tk and netpbm


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2008-02-04 21:30:04 UTC (rev 8074)
+++ data/CVE/list	2008-02-04 22:41:34 UTC (rev 8075)
@@ -34,10 +34,15 @@
 	NOT-FOR-US: VB Marketing
 CVE-2008-0487 (Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect ...)
 	NOT-FOR-US: ASPired2Protect
-CVE-2008-0486
+CVE-2008-0486 [MPlayer and Xine Buffer overflow in libmpdemux/flac]
 	RESERVED
-CVE-2008-0485
+	- mplayer <unfixed> (bug #464060)
+	- xine-lib <unfixed>
+	TODO: check embedded code in other packages
+CVE-2008-0485 [MPlayer arbitrary code execution in libmpdemux/mov]
 	RESERVED
+	- mplayer <unfixed> (bug #464060)
+	TODO: check embedded code in other packages
 CVE-2008-0484
 	RESERVED
 CVE-2008-0483
@@ -24012,6 +24017,10 @@
 CVE-2006-4484 (Buffer overflow in the LWZReadByte_ function in ...)
 	- libgd2 2.0.33-5.1 (medium; bug #384838)
 	- xloadimage <unfixed> (unimportant; bug #384841)
+	- tk8.5 8.5.0-3
+	- tk8.4 8.4.17-2
+	- tk8.3 8.3.5-12
+	- netpbm <unfixed> (bug #464056)
 	NOTE: xloadimage is a crasher only, not a security problem
 CVE-2006-4483 (The cURL extension files (1) ext/curl/interface.c and (2) ...)
 	- php5 5.1.6-1 (unimportant)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2008-02-04 21:30:04 UTC (rev 8074)
+++ data/embedded-code-copies	2008-02-04 22:41:34 UTC (rev 8075)
@@ -419,3 +419,9 @@
 xine-lib
 	- vlc <unfixed> (embed)
 	NOTE: only parts included in modules/access/rtsp
+
+netpbm
+	- tcl8.3 <unfixed> (embed)
+	- tcl8.4 <unfixed> (embed)
+	- tcl8.5 <unfixed> (embed)
+	NOTE: generic/tkImgGIF.c


