[Secure-testing-commits] r11665 - data/CVE
Steffen Joeris
white at alioth.debian.org
Mon Apr 20 10:05:38 UTC 2009
Author: white
Date: 2009-04-20 10:05:38 +0000 (Mon, 20 Apr 2009)
New Revision: 11665
Modified:
data/CVE/list
Log:
mpg123 issue CVEified
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-20 09:29:38 UTC (rev 11664)
+++ data/CVE/list 2009-04-20 10:05:38 UTC (rev 11665)
@@ -66,7 +66,10 @@
CVE-2009-1302
RESERVED
CVE-2009-1301 (Integer signedness error in the store_id3_text function in the ID3v2 ...)
- TODO: check
+ - mpg123 1.7.2-1 (low)
+ NOTE: http://secunia.com/advisories/34587/3/
+ NOTE: unlike secunia states I can't see that this allows code execution but is just an invalid read
+ NOTE: crashing the application
CVE-2009-1300 (apt 0.7.20 does not check when the date command returns an "invalid ...)
- apt 0.7.21 (bug #523213)
CVE-2008-6726 (Multiple directory traversal vulnerabilities in CMScout 2.06, when ...)
@@ -197,11 +200,6 @@
NOT-FOR-US: Apartment Search Script
CVE-2008-6683 (Cross-site scripting (XSS) vulnerability in listtest.php in Apartment ...)
NOT-FOR-US: Apartment Search Script
-CVE-2009-XXXX [mpg123 possible invalid read]
- - mpg123 1.7.2-1 (low)
- NOTE: http://secunia.com/advisories/34587/3/
- NOTE: unlike secunia states I can't see that this allows code execution but is just an invalid read
- NOTE: crashing the application
CVE-2009-1284 (Buffer overflow in BibTeX 0.99 allows context-dependent attackers to ...)
- texlive-bin <unfixed> (bug #520920)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=492136
More information about the Secure-testing-commits
mailing list