[Secure-testing-commits] r12971 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Sat Oct 10 05:34:06 UTC 2009 

Author: gilbert-guest
Date: 2009-10-10 05:34:03 +0000 (Sat, 10 Oct 2009)
New Revision: 12971

Modified:
   data/CVE/list
Log:
- bug submitted for ffmpeg issue
- track ffmpeg code copy in xmovie

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-10-10 04:41:15 UTC (rev 12970)
+++ data/CVE/list	2009-10-10 05:34:03 UTC (rev 12971)
@@ -312,9 +312,9 @@
 CVE-2009-3447 (Unrestricted file upload vulnerability in RADactive I-Load before ...)
 	NOT-FOR-US: RADactive I-Load
 CVE-2009-XXXX [ffmpeg missing input sanitization/crashes]
-	- ffmpeg <unfixed>
+	- ffmpeg <unfixed> (medium; bug #550442)
+	- xmovie <removed>
 	- ffmpeg-debian <removed>
-	TODO: file bug
 	NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240
 	NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245
 CVE-2009-XXXX [xen-tools: world readable disk image files]
@@ -10984,6 +10984,7 @@
 	{DSA-1782-1 DSA-1781-1}
 	- ffmpeg-debian 0.svn20080206-16 (medium; bug #524799)
 	- ffmpeg 0.svn20080206-16
+	- xmovie <removed>
 	- mplayer 1.0~rc2-14 (medium; bug #524805)
 	NOTE: MPlayer links against libavformat since 1.0~rc2-14, etch Mplayer still needs a fix
 	NOTE: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17
@@ -15083,6 +15084,7 @@
 	NOTE: the ogm issue is a problem in ffmpeg
 	- ffmpeg-debian <unfixed> (unimportant; bug #509616)
 	- ffmpeg <unfixed> (unimportant)
+	- xmovie <removed> (unimportant)
 	NOTE: just a crasher, no security implications known so far
 	NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
 CVE-2008-4609 (The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ...)
@@ -18512,6 +18514,7 @@
 CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a ...)
 	- ffmpeg-debian 0.svn20080206-16 (unimportant; bug #498764; bug #498766)
 	- ffmpeg 0.svn20080206-16 (unimportant)
+	- xmovie <removed> (unimportant)
 	NOTE: Only a NULL pointer deference, hardly security relevant
 CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply certain ...)
 	NOT-FOR-US: Joomla
@@ -18678,7 +18681,7 @@
 	{DSA-1781-1}
 	- ffmpeg-debian 0.svn20080206-10 (bug #489965; low)
 	- ffmpeg 0.svn20080206-10
-	TODO: Check the various embedders in Etch, horray for librification in Lenny
+	- xmovie <removed>
 CVE-2008-3161 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: IBM Maximo
 CVE-2008-3160 (Multiple unspecified vulnerabilities in IBM Data ONTAP 7.1 before ...)
@@ -38997,8 +39000,10 @@
 	- kdelibs 4:3.5.5a.dfsg.1-8
 CVE-2007-XXXX [double-free vulnerability in the Real Media demuxer]
 	- ffmpeg 0.cvs20060823-8 (low; bug #379922)
+	- xmovie <not-affected> (this is not an issue in the avformat ffmpeg code copy)
 CVE-2007-XXXX [various crashes and infinite loops in ffmpeg]
 	- ffmpeg 0.cvs20060823-8 (low; bug #407003)
+	- xmovie <removed>
 CVE-2007-1782 (CruiseWorks 1.09e and earlier does not properly restrict user access ...)
 	NOT-FOR-US: CruiseWorks
 CVE-2007-1781 (Minna De Office 1.x and 2.x does not properly restrict user access to ...)
@@ -42645,6 +42650,7 @@
 	- gst-ffmpeg 0.8.7-10
 	[etch] - ffmpeg 0.cvs20060823-5
 	- ffmpeg 0.cvs20060823-6
+	- xmovie <not-affected> (this is not an issue in the avformat ffmpeg code copy)
 	- mplayer 1.0~rc1-12
 CVE-2007-0471 (sre/params.php in the Integrity Clientless Security (ICS) component in ...)
 	NOT-FOR-US: Check Point
@@ -42906,6 +42912,7 @@
 	- mplayer 1.0~rc1-12
 	[etch] - ffmpeg 0.cvs20060823-5
 	- ffmpeg 0.cvs20060823-6
+	- xmovie <not-affected> (this is not an issue in the avformat ffmpeg code copy)
 CVE-2007-XXXX [netpbm heap corruption]
 	- netpbm-free 2:10.0-11 (bug #407605)
 CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) ...)
@@ -48536,6 +48543,7 @@
 CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before ...)
 	{DSA-1215}
 	- ffmpeg 0.cvs20060329-1
+	- xmovie <removed>
 	- xine-lib 1.1.2-1
 	- gst-ffmpeg 0.8.7-7 (medium; bug #401304)
 	- gstreamer0.10-ffmpeg 0.10.1-3 (medium; bug #401311)
@@ -61292,6 +61300,7 @@
 CVE-2005-4048 (Heap-based buffer overflow in the avcodec_default_get_buffer function ...)
 	{DSA-1005-1 DSA-1004-1 DSA-992-1}
 	- ffmpeg 0.cvs20050918-5.1 (bug #342207; medium)
+	- xmovie <removed>
 	- xine-lib 1.0.1-1.5 (bug #342208; medium)
 	- mplayer <not-affected> (Fixed before initial upload)
 	- gst-ffmpeg 0.8.7-5 (bug #343503; medium)
@@ -67090,6 +67099,7 @@
 	NOT-FOR-US: AppWeb HTTP server
 CVE-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding]
 	- ffmpeg 0.cvs20050811-1 (bug #320150; medium)
+	- xmovie <removed>
 CVE-2005-XXXX [xgalaga score file segfault]
 	- xgalaga 2.0.34-31 (bug #319686; low)
 	[sarge] - xgalaga <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list