[Secure-testing-commits] r8009 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Tue Jan 22 00:13:34 UTC 2008 

Author: jmm-guest
Date: 2008-01-22 00:13:33 +0000 (Tue, 22 Jan 2008)
New Revision: 8009

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
turned out that etch and sarge don't ship the affected tool
   in the libcdio binary packages


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-01-21 23:55:14 UTC (rev 8008)
+++ data/CVE/list	2008-01-22 00:13:33 UTC (rev 8009)
@@ -865,8 +865,8 @@
 	NOT-FOR-US: Agares Media phpAutoVideo
 CVE-2007-6613 (Stack-based buffer overflow in the print_iso9660_recurse function in ...)
 	- libcdio 0.78.2+dfsg1-2 (low; bug #459129)
-	[sarge] - libcdio <no-dsa> (Minor issue)
-	[etch] - libcdio <no-dsa> (Minor issue)
+	[sarge] - libcdio <not-affected> (Packages prior to 0.78.2 didn't build the tools into binary package)
+	[etch] - libcdio <not-affected> (Packages prior to 0.78.2 didn't build the tools into binary package)
 	NOTE: applications that use libcdio are not vulnerable, problem only lies in the info tool
 CVE-2007-6610 (unp 1.0.12, and other versions before 1.0.14, does not properly escape ...)
 	- unp 1.0.13 (bug #448437)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-01-21 23:55:14 UTC (rev 8008)
+++ data/spu-candidates.txt	2008-01-22 00:13:33 UTC (rev 8009)
@@ -39,18 +39,6 @@
 
 --
 
-libcdio (CVE-2007-6613)
-https://bugs.gentoo.org/show_bug.cgi?id=203777
-http://savannah.gnu.org/bugs/?21910
-http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.html
-http://cvs.savannah.gnu.org/viewvc/libcdio/src/iso-info.c?root=libcdio&r1=1.35&r2=1.36
-http://cvs.savannah.gnu.org/viewvc/libcdio/src/cd-info.c?root=libcdio&r1=1.149&r2=1.150
-http://cvs.savannah.gnu.org/viewvc/libcdio/src/iso-info.c?root=libcdio&r1=1.36&r2=1.37
-http://cvs.savannah.gnu.org/viewvc/libcdio/src/cd-info.c?root=libcdio&r1=1.150&r2=1.151
-notified maintainer
-
---
-
 libpam-ssh (CVE-2007-0844)
 #410236
 notified maintainer

More information about the Secure-testing-commits mailing list