[Secure-testing-commits] r13473 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Mon Dec 7 03:10:14 UTC 2009 

Author: gilbert-guest
Date: 2009-12-07 03:10:14 +0000 (Mon, 07 Dec 2009)
New Revision: 13473

Modified:
   data/CVE/list
Log:
vlc issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-07 02:24:47 UTC (rev 13472)
+++ data/CVE/list	2009-12-07 03:10:14 UTC (rev 13473)
@@ -15311,8 +15311,9 @@
 	- mediawiki1.7 <removed>
 	[etch] - mediawiki <not-affected> (metapackage)
 CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the Real ...)
-	- vlc <not-affected> (vulnerable code not present)
-	NOTE: affected versions are >= 0.9.x (experimental)
+	- vlc 0.9.8a-1 (low)
+	[etch] - vlc <not-affected> (vulnerable code not present)
+	[lenny] - vlc <not-affected> (vulnerable code not present)
 CVE-2008-XXXX [multiple vulnerabilities in phpcas]
 	- libphp-cas <itp> (bug #495542)
 	- moodle <unfixed>
@@ -16060,8 +16061,9 @@
 	{DSA-1819-1 DTSA-176-1}
 	- vlc 0.8.6.h-5 (medium; bug #504639)
 CVE-2008-5036 (Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before ...)
-	- vlc <not-affected> (Vulnerable code not present in 0.8.x)
-	TODO: recheck if 0.9 gets uploaded to unstable
+	- vlc 1.0.3-1 (low)
+	[etch] - vlc <not-affected> (Vulnerable code not present in 0.8.x)
+	[lenny] - vlc <not-affected> (Vulnerable code not present in 0.8.x)
 CVE-2008-4931 (Cross-site scripting (XSS) vulnerability in the account module in ...)
 	NOT-FOR-US: firmCHANNEL Digital Signage
 CVE-2008-4930 (MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded ...)
@@ -16878,9 +16880,9 @@
 	- mplayer <unfixed> (low; bug #407010)
 	NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
 CVE-2008-4654 (Stack-based buffer overflow in the parse_master function in the Ty ...)
-	- vlc <not-affected> (bug #502726)
-	NOTE: code in 0.8.6.i-2 does not have this flaw, experimental version (0.9.4 is vulnerable)
-	TODO: check if >= 0.9.4 is uploaded to unstable
+	- vlc 1.0.3-1 (low; bug #502726)
+	[etch] - vlc <not-affected> (introduced in 0.9.0)
+	[lenny] - vlc <not-affected> (introduced in 0.9.0)
 CVE-2008-4686 (Multiple integer overflows in ty.c in the TY demux plugin (aka the ...)
 	{DSA-1819-1 DTSA-175-1}
 	- vlc 0.8.6.h-4.1 (medium; bug #503118)
@@ -17000,9 +17002,9 @@
 CVE-2008-4546 (Adobe Flash Player 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 ...)
 	NOT-FOR-US: Flash plugin
 CVE-2008-4558 (Array index error in VLC media player 0.9.2 allows remote attackers to ...)
-	- vlc <not-affected> (medium; bug #502314)
-	NOTE: claimed fix since 0.9.3, and i have verified that 1.0.3 (currently in
-	NOTE: unstable) has the patch applied
+	- vlc 0.9.3-1 (medium; bug #502314)
+	[etch] - vlc <not-affected> (introduced in 0.9.0)
+	[lenny] - vlc <not-affected> (introduced in 0.9.0)
 CVE-2008-4545 (Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x ...)
 	NOT-FOR-US: Cisco
 CVE-2008-4544 (Unspecified vulnerability in an unspecified Microsoft API, as used by ...)

More information about the Secure-testing-commits mailing list