[Secure-testing-commits] r12468 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Mon Aug 3 22:07:13 UTC 2009
Author: jmm-guest
Date: 2009-08-03 22:07:13 +0000 (Mon, 03 Aug 2009)
New Revision: 12468
Modified:
data/CVE/list
Log:
- new vlc issue likely affecting ffmpeg or mplayer
- asterisk already tracked
- revised mapserver fix
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-03 21:14:35 UTC (rev 12467)
+++ data/CVE/list 2009-08-03 22:07:13 UTC (rev 12468)
@@ -1,3 +1,7 @@
+CVE-2009-XXXX [VLC: integer underflow in Real RTSP]
+ - vlc 1.0.1-1
+ NOTE: Posting on full-disclosure contains details
+ TODO: Seems to affect Mplayer as well, so likely in ffmpeg-debian, needs to be checked
CVE-2009-2655 (mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 ...)
TODO: check
CVE-2009-2654 (Mozilla Firefox 3.5.1 and earlier allows remote attackers to spoof the ...)
@@ -22,12 +26,6 @@
TODO: check
CVE-2008-6884 (Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when ...)
TODO: check
-CVE-2009-XXXX [asterisk DoS]
- - asterisk <unfixed>
- [lenny] - asterisk <not-affected> (Vulnerable code introduced in 1.6)
- [etch] - asterisk <not-affected> (Vulnerable code introduced in 1.6)
- TODO: report bug
- NOTE: AST-2009-004
CVE-2009-XXXX [poppler: buffer overflow in abiword backend]
- poppler <unfixed> (low; bug #534680)
CVE-2009-XXXX [openssl: certificate spoofing via null characters]
@@ -39,6 +37,7 @@
[etch] - asterisk <not-affected> (Vulnerable code not present)
[lenny] - asterisk <not-affected> (Vulnerable code not present)
[squeeze] - asterisk <not-affected> (Vulnerable code not present)
+ NOTE: AST-2009-004
CVE-2009-2650 (Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 ...)
NOT-FOR-US: Sorcerer Software MultiMedia Jukebox
CVE-2009-2649 (The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev ...)
@@ -51,7 +50,6 @@
NOT-FOR-US: Research In Motion (RIM) BlackBerry Enterprise Server (BES)
CVE-2009-2645
REJECTED
- NOT-FOR-US: ** REJECT **
CVE-2009-2644 (Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and ...)
NOT-FOR-US: Sun Solaris
CVE-2008-6883 (SQL injection vulnerability in the Live Chat (com_livechat) component ...)
@@ -434,8 +432,8 @@
- vlc <not-affected> (The vulnerability affects Windows builds only)
CVE-2009-2479 (Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote ...)
- xulrunner <not-affected>
- NOTE: Affected version only available in experimental, only Firefox 3.5
- TODO: check when 3.5 gets uploaded to unstable
+ NOTE: Affected version only available in experimental, only Firefox 3.5,
+ NOTE: Fixed in experimental in 1.9.1.1-1
CVE-2009-2478 (Mozilla Firefox 3.5 allows remote attackers to cause a denial of ...)
- xulrunner <not-affected> (unimportant)
NOTE: browser crashes not treated as security issues
@@ -5493,8 +5491,8 @@
- mapserver 5.2.2-1 (unimportant; bug #523027)
NOTE: this doesn't work under linux as the root from the directory traversal needs to exist
CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in cgiutil.c ...)
- - mapserver 5.2.2-1 (medium; bug #523027)
- NOTE: http://www.openwall.com/lists/oss-security/2009/06/22/2
+ - mapserver 5.4.2-1 (medium; bug #523027)
+ NOTE: Initial fix was incomplete
CVE-2009-0839 (Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x ...)
- mapserver 5.2.2-1 (medium; bug #523027)
CVE-2009-0838 (The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris ...)
More information about the Secure-testing-commits
mailing list