[Secure-testing-commits] r11072 - in data: . CVE
white at alioth.debian.org
white at alioth.debian.org
Wed Jan 28 16:56:28 UTC 2009
Author: white
Date: 2009-01-28 16:56:28 +0000 (Wed, 28 Jan 2009)
New Revision: 11072
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
Mark unp issue as no-dsa, it is not really used as archiver by any package in stable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-28 09:14:17 UTC (rev 11071)
+++ data/CVE/list 2009-01-28 16:56:28 UTC (rev 11072)
@@ -15007,7 +15007,8 @@
[etch] - libcdio <not-affected> (Packages prior to 0.78.2 didn't build the tools into binary package)
NOTE: applications that use libcdio are not vulnerable, problem only lies in the info tool
CVE-2007-6610 (unp 1.0.12, and other versions before 1.0.14, does not properly escape ...)
- - unp 1.0.13 (bug #448437)
+ - unp 1.0.13 (bug #448437; low)
+ [etch] - unp <no-dsa> (Only used as archiver in third-party software)
CVE-2007-6609 (Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function ...)
NOT-FOR-US: CoolPlayer
CVE-2007-6608 (Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio ...)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2009-01-28 09:14:17 UTC (rev 11071)
+++ data/spu-candidates.txt 2009-01-28 16:56:28 UTC (rev 11072)
@@ -505,6 +505,11 @@
--
+unp (CVE-2007-6610)
+#448437
+
+--
+
xmcd
#496416
notified maintainer
More information about the Secure-testing-commits
mailing list