[Secure-testing-commits] r11093 - data/CVE

[jmm-guest at alioth.debian.org]

Author: jmm-guest
Date: 2009-01-29 13:50:34 +0000 (Thu, 29 Jan 2009)
New Revision: 11093

Modified:
   data/CVE/list
Log:
- ffmpeg fixed, affects mplayer and ffmpeg in etch


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-01-29 09:14:17 UTC (rev 11092)
+++ data/CVE/list	2009-01-29 13:50:34 UTC (rev 11093)
@@ -1,3 +1,9 @@
+CVE-2009-XXXX [ffmpeg 4x issue]
+	- ffmpeg-debian 0.svn20080206-16
+	- ffmpeg <removed> 
+	- mplayer 1.0~rc2-14
+	NOTE: MPlayer links against libavformat since 1.0~rc2-14, etch Mplayer still needs a fix
+	NOTE: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17
 CVE-2009-XXXX [file inclusion vuln in util/barcode.php and XSS in horde3]
 	- horde3 3.2.2+debian0-2 (bug #513265)
 CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python interpreter ...)
@@ -2461,7 +2467,7 @@
 	{DSA-1677-1}
 	- cups 1.3.8-1lenny4 (bug #507183; medium)
 CVE-2008-XXXX [geda-gnetlist: sch2eaglepos.sh has insecure temp file handling ]
-	- geda-gnetlist <unfixed> (bug #506625; unimportant)
+	- geda-gnetlist 1:1.4.0-3 (bug #506625; unimportant)
 	NOTE: sch2eaglepos.sh only used as example script
 CVE-2008-5248 (xine-lib before 1.1.15 allows remote attackers to cause a denial of ...)
 	- xine-lib 1.1.14-3 (low)
@@ -7356,7 +7362,7 @@
 CVE-2008-3231 (xine-lib before 1.1.15 allows remote attackers to cause a denial of ...)
 	- xine-lib 1.1.14-2 (bug #492870; low)
 CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a ...)
-	- ffmpeg-debian <unfixed> (unimportant; bug #498764)
+	- ffmpeg-debian 0.svn20080206-16 (unimportant; bug #498764)
 	- ffmpeg <removed> (unimportant)
 	NOTE: Only a NULL pointer deference, hardly security relevant
 CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply certain ...)