[Secure-testing-commits] r11655 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Mon Apr 20 02:09:18 UTC 2009 

Author: gilbert-guest
Date: 2009-04-20 02:09:18 +0000 (Mon, 20 Apr 2009)
New Revision: 11655

Modified:
   data/CVE/list
Log:
bugs submitted for ghostscript, mplayer, and ffmpeg issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-19 23:28:54 UTC (rev 11654)
+++ data/CVE/list	2009-04-20 02:09:18 UTC (rev 11655)
@@ -1,3 +1,5 @@
+CVE-2009-XXXX [pptp-linux: unrestrictive pptpsetup permissions]
+        - pptp-linux <unfixed> (low; bug #523476)
 CVE-2009-XXXX [slurm-llnl doesn't drop supplementary groups]
 	- slumn-llnl 1.3.15-1
 CVE-2009-1330 (Stack-based buffer overflow in Easy RM to MP3 Converter allows remote ...)
@@ -263,7 +265,7 @@
 CVE-2009-1255
 	RESERVED
 CVE-2008-6679 (Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and ...)
-	- ghostscript <unfixed>
+	- ghostscript <unfixed> (medium; bug #524803)
 CVE-2008-6678 (SQL injection vulnerability in asp/includes/contact.asp in QuickerSite ...)
 	NOT-FOR-US: QuickerSite
 CVE-2008-6677 (Unrestricted file upload vulnerability in ...)
@@ -309,7 +311,7 @@
 CVE-2008-6657 (Cross-site request forgery (CSRF) vulnerability in index.php in Simple ...)
 	NOT-FOR-US: Simple Machines Forum
 CVE-2007-6725 (The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly ...)
-	- ghostscript <unfixed>
+	- ghostscript <unfixed> (medium; bug #524803)
 CVE-2009-XXXX [roundup: insufficient access checks in web frontend]
 	- roundup <unfixed> (bug #518768)
 	[etch] - roundup 1.2.1-10+etch1
@@ -1942,7 +1944,8 @@
 	{DSA-1769-1}
 	- openjdk-6 <unfixed>
 CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color ...)
-	- argyll <unfixed> (low; bug #523427)
+	- argyll <unfixed> (low; bug #523472)
+        - ghostscript <unfixed>
 CVE-2009-0791
 	RESERVED
 CVE-2009-0790 (The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before ...)
@@ -3964,9 +3967,9 @@
 	- cyrus-sasl2 2.1.22.dfsg1-18 (bug #465561)
 	[etch] - cyrus-sasl2 <no-dsa> (Minor issue)
 CVE-2009-0385 (Integer signedness error in the fourxm_read_header function in ...)
-	- ffmpeg-debian 0.svn20080206-16
+	- ffmpeg-debian 0.svn20080206-16 (medium; bug #524799)
 	- ffmpeg <removed> 
-	- mplayer 1.0~rc2-14
+	- mplayer 1.0~rc2-14 (medium; bug #524805)
 	- xine-lib <unfixed> (medium; bug #523475)
 	NOTE: MPlayer links against libavformat since 1.0~rc2-14, etch Mplayer still needs a fix
 	NOTE: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17
@@ -4387,7 +4390,7 @@
 CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView ...)
 	NOT-FOR-US: IrfanView
 CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict function ...)
-	- ghostscript <unfixed>
+	- ghostscript <unfixed> (medium; bug #524803)
 CVE-2009-0195
 	RESERVED
 CVE-2009-0194

More information about the Secure-testing-commits mailing list