[Secure-testing-commits] r11816 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Wed May 6 15:04:45 UTC 2009
Author: derevko-guest
Date: 2009-05-06 15:04:45 +0000 (Wed, 06 May 2009)
New Revision: 11816
Modified:
data/CVE/list
Log:
CVE-2009-1513: cve id assigned to libmodplug
CVE-2009-1438: gst-plugins-bad0.10 is vulnerable only in stable and oldstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-05-06 14:23:26 UTC (rev 11815)
+++ data/CVE/list 2009-05-06 15:04:45 UTC (rev 11816)
@@ -5,7 +5,10 @@
NOTE: http://hg.moinmo.in/moin/1.8/rev/269a1fbc3ed7
NOTE: CVE id requested
CVE-2009-1513 (Buffer overflow in the PATinst function in src/load_pat.cpp in ...)
- TODO: check
+ - libmodplug <unfixed> (medium; bug #526084)
+ - gst-plugins-bad0.10 <not-affected> (Vulnerable code not present; bug #527077)
+ [etch] - libmodplug <not-affected> (Vulnerable code not present)
+ NOTE: gst-plugins-bad0.10 in testing and unstable builds against an external libmodplug.
CVE-2009-XXXX [unsafe temp file in coccinelle]
- coccinelle 0.1.7.deb-3 (low)
[lenny] - coccinelle <no-dsa> (Minor issue)
@@ -34,12 +37,6 @@
[etch] - xorg-server <no-dsa> (minor issue)
[lenny] - xorg-server <no-dsa> (minor issue)
NOTE: CVE id requested
-CVE-2009-XXXX [libmodplug buffer overflow in PAT sampler]
- - libmodplug <unfixed> (medium; bug #526084)
- - gst-plugins-bad0.10 <not-affected> (Vulnerable code not present; bug #527077)
- [etch] - libmodplug <not-affected> (Vulnerable code not present)
- NOTE: CVE id requested on oss-sec
- NOTE: gst-plugins-bad0.10 in testing and unstable builds against an external libmodplug.
CVE-2009-XXXX [clamav milter init script "typo"]
- clamav <not-affected> (Vulnerable code not present)
NOTE: from what I see this code was never uploaded to the debian archive
@@ -277,7 +274,9 @@
- linux-2.6.24 <removed>
CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...)
- libmodplug <unfixed> (low; bug #526657; bug #527076)
- - gst-plugins-bad0.10 <unfixed> (low; bug #527075)
+ - gst-plugins-bad0.10 <not-affected> (it builds against an external libmodplug; bug #527075)
+ [etch] - gst-plugins-bad0.10 <unfixed> (low; bug #527075)
+ [lenny] - gst-plugins-bad0.10 <unfixed> (low; bug #527075)
CVE-2009-1437 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka ...)
NOT-FOR-US: CoolPlayer
CVE-2009-1436 (The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and ...)
More information about the Secure-testing-commits
mailing list