[Secure-testing-commits] r11094 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Thu Jan 29 15:02:15 UTC 2009
Author: jmm-guest
Date: 2009-01-29 15:02:15 +0000 (Thu, 29 Jan 2009)
New Revision: 11094
Modified:
data/CVE/list
Log:
- xine updates
- sudo CVEfied
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-29 13:50:34 UTC (rev 11093)
+++ data/CVE/list 2009-01-29 15:02:15 UTC (rev 11094)
@@ -129,9 +129,6 @@
TODO: check
CVE-2008-5967 (admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not ...)
TODO: check
-CVE-2009-XXXX [sudo: privilege escalation]
- - sudo 1.6.9p17-2 (medium)
- [etch] - sudo <not-affected> (Vulnerable code not present)
CVE-2009-0278 (Sun Java System Application Server (AS) 8.1 and 8.2 allows remote ...)
NOT-FOR-US: Sun Java System Application Server (AS)
CVE-2009-0277 (Unspecified vulnerability in the kernel in OpenSolaris snv_100 through ...)
@@ -1471,8 +1468,10 @@
RESERVED
CVE-2009-0035
RESERVED
-CVE-2009-0034
+CVE-2009-0034 [sudo: privilege escalation]
RESERVED
+ - sudo 1.6.9p17-2 (medium)
+ [etch] - sudo <not-affected> (Vulnerable code not present)
CVE-2009-0033
RESERVED
CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) ...)
@@ -2470,7 +2469,8 @@
- geda-gnetlist 1:1.4.0-3 (bug #506625; unimportant)
NOTE: sch2eaglepos.sh only used as example script
CVE-2008-5248 (xine-lib before 1.1.15 allows remote attackers to cause a denial of ...)
- - xine-lib 1.1.14-3 (low)
+ - xine-lib 1.1.14-3 (unimportant)
+ NOTE: just a crasher
CVE-2008-5247 (The real_parse_audio_specific_data function in demux_real.c in ...)
- xine-lib <unfixed> (unimportant; bug #508715)
NOTE: a devide by 0 because of a crafted media file is hardly a security issue,
@@ -2481,10 +2481,11 @@
CVE-2008-5245 (xine-lib before 1.1.15 performs V4L video frame preallocation before ...)
- xine-lib 1.1.14-3 (low)
CVE-2008-5244 (Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact ...)
- - xine-lib 1.1.14-3
- - faad2 2.6.1-1
- - mplayer 1.0~rc2-20 (bug #407010)
+ - xine-lib 1.1.14-3 (unimportant)
+ - faad2 2.6.1-1 (unimportant)
+ - mplayer 1.0~rc2-20 (unimportant; bug #407010)
NOTE: overlaps with CVE-2008-4610, same aac issue
+ NOTE: just a crasher, no security implications known so far
CVE-2008-5243 (The real_parse_headers function in demux_real.c in xine-lib 1.1.12, ...)
- xine-lib 1.1.16-1 (unimportant; bug #508716)
[lenny] - xine-lib 1.1.14-4
@@ -7360,7 +7361,8 @@
CVE-2008-3232 (Unrestricted file upload vulnerability in ecrire/images.php in ...)
NOT-FOR-US: dotclear
CVE-2008-3231 (xine-lib before 1.1.15 allows remote attackers to cause a denial of ...)
- - xine-lib 1.1.14-2 (bug #492870; low)
+ - xine-lib 1.1.14-2 (bug #492870; unimportant)
+ NOTE: Only a NULL pointer deference, hardly security relevant
CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a ...)
- ffmpeg-debian 0.svn20080206-16 (unimportant; bug #498764)
- ffmpeg <removed> (unimportant)
More information about the Secure-testing-commits
mailing list