[Secure-testing-commits] r10934 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Mon Jan 12 10:35:04 UTC 2009
Author: thijs
Date: 2009-01-12 10:35:03 +0000 (Mon, 12 Jan 2009)
New Revision: 10934
Modified:
data/CVE/list
Log:
xine uploads to sid and lenny fix all open issues :-)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-12 09:14:09 UTC (rev 10933)
+++ data/CVE/list 2009-01-12 10:35:03 UTC (rev 10934)
@@ -1754,30 +1754,38 @@
- mplayer 1.0~rc2-20 (bug #407010)
NOTE: overlaps with CVE-2008-4610, same aac issue
CVE-2008-5243 (The real_parse_headers function in demux_real.c in xine-lib 1.1.12, ...)
- - xine-lib <unfixed> (unimportant; bug #508716)
+ - xine-lib 1.1.16-1 (unimportant; bug #508716)
+ [lenny] - xine-lib 1.1.14-4
NOTE: these are just invalid reads that result in segfaults, denial of service doesnt
NOTE: apply here as xine reading a file is no service -> application bug
CVE-2008-5242 (demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, ...)
- - xine-lib <unfixed> (medium; bug #507165; bug #498243)
+ - xine-lib 1.1.16-1 (medium; bug #507165; bug #498243)
+ [lenny] - xine-lib 1.1.14-4
CVE-2008-5241 (Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 ...)
- - xine-lib <unfixed> (low; bug #509008)
+ - xine-lib 1.1.16-1 (low; bug #509008)
+ [lenny] - xine-lib 1.1.14-4
CVE-2008-5240 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an ...)
- - xine-lib <unfixed> (low; bug #509352)
+ - xine-lib 1.1.16-1 (low; bug #509352)
+ [lenny] - xine-lib 1.1.14-4
CVE-2008-5239 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not ...)
- - xine-lib <unfixed> (medium; bug #509353)
+ - xine-lib 1.1.16-1 (medium; bug #509353)
+ [lenny] - xine-lib 1.1.14-4
CVE-2008-5238 (Integer overflow in the real_parse_mdpr function in demux_real.c in ...)
- xine-lib 1.1.14-3 (low)
NOTE: code execution shouldn't work here as if 0xff will be extended to 0xffffffff
NOTE: memcpy fails for copying from the complete addressable address space long before any code is executed
NOTE: the malloc check for type_specific_data is missing, minor issue filed as #508065
CVE-2008-5237 (Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and ...)
- - xine-lib <unfixed> (bug #509265; low)
+ - xine-lib 1.1.16-1 (bug #509265; low)
+ [lenny] - xine-lib 1.1.14-4
CVE-2008-5236 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other ...)
- - xine-lib <unfixed> (bug #509521)
+ - xine-lib 1.1.16-1 (bug #509521)
+ [lenny] - xine-lib 1.1.14-4
CVE-2008-5235 (Heap-based buffer overflow in the demux_real_send_chunk function in ...)
- xine-lib 1.1.14-3
CVE-2008-5234 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other ...)
- - xine-lib <unfixed> (medium; bug #508313; bug #498243)
+ - xine-lib 1.1.16-1 (medium; bug #508313; bug #498243)
+ [lenny] - xine-lib 1.1.14-4
CVE-2008-5233 (xine-lib 1.1.12, and other versions before 1.1.15, does not check for ...)
- xine-lib 1.1.14-3 (low)
CVE-2008-5232 (Buffer overflow in the CallHTMLHelp method in the Microsoft Windows ...)
More information about the Secure-testing-commits
mailing list