[Secure-testing-commits] r12814 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Tue Sep 15 02:26:58 UTC 2009 

Author: gilbert-guest
Date: 2009-09-15 02:26:58 +0000 (Tue, 15 Sep 2009)
New Revision: 12814

Modified:
   data/CVE/list
Log:
some embedded code copy updates

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-09-14 21:14:11 UTC (rev 12813)
+++ data/CVE/list	2009-09-15 02:26:58 UTC (rev 12814)
@@ -630,8 +630,14 @@
 	NOT-FOR-US: DB2 Monitoring Console
 CVE-2008-7129 (XySSL before 0.9 allows remote attackers to cause a denial of service ...)
 	- xyssl 0.9-1
+	- polarssl <not-affected> (fixed in xyssl before polarssl was forked from it)
+	- pdkim <itp> (bug #543150)
+	NOTE: check pdkim if/when it enters unstable (contains polarssl code copy)
 CVE-2008-7128 (The ssl_parse_client_key_exchange function in XySSL before 0.9 does ...)
 	- xyssl 0.9-1
+	- polarssl <not-affected> (fixed in xyssl before polarssl was forked from it)
+	- pdkim <itp> (bug #543150)
+	NOTE: check pdkim if/when it enters unstable (contains polarssl code copy)
 CVE-2008-7127 (osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and ...)
 	NOT-FOR-US: Borland VisiBroker Smart Agent
 CVE-2008-7126 (Integer overflow in osagent.exe in Borland VisiBroker Smart Agent ...)
@@ -6324,6 +6330,7 @@
 	NOT-FOR-US: BS.player
 CVE-2009-1274 (Integer overflow in the qt_error parse_trak_atom function in ...)
 	- xine-lib 1.1.16.3-1 (medium; bug #522811)
+	- vlc <not-affected> (affected part of xine-lib code not present)
 CVE-2009-1238 (Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and ...)
 	NOT-FOR-US: Mac OS X
 CVE-2009-1237 (Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X ...)
@@ -8331,6 +8338,7 @@
 	NOT-FOR-US: Plunet BusinessManager
 CVE-2009-0698 (Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib ...)
 	- xine-lib 1.1.16.2-1 (bug #517792; bug #523475; medium)
+	- vlc <not-affected> (affected part of xine-lib code not present)
 CVE-2009-0697
 	RESERVED
 CVE-2009-0696 (The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 ...)
@@ -12522,6 +12530,7 @@
 	NOTE: sch2eaglepos.sh only used as example script
 CVE-2008-5248 (xine-lib before 1.1.15 allows remote attackers to cause a denial of ...)
 	- xine-lib 1.1.14-3
+	- vlc <not-affected> (affected part of xine-lib code copy not present)
 CVE-2008-5247 (The real_parse_audio_specific_data function in demux_real.c in ...)
 	- xine-lib <unfixed> (unimportant; bug #508715)
 	NOTE: a devide by 0 because of a crafted media file is hardly a security issue,
@@ -12529,6 +12538,7 @@
 	NOTE: got an own identifier
 CVE-2008-5246 (Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow ...)
 	- xine-lib 1.1.14-3 (low; bug #507184; bug #498243)
+	- vlc <not-affected> (affected part of xine-lib code copy not present)
 CVE-2008-5245 (xine-lib before 1.1.15 performs V4L video frame preallocation before ...)
 	- xine-lib 1.1.14-3 (low)
 	[etch] - xine-lib <not-affected> (The version from Etch doesn't yet perform pre-allocation)
@@ -12575,12 +12585,14 @@
 	[squeeze] - xine-lib 1.1.14-4
 CVE-2008-5235 (Heap-based buffer overflow in the demux_real_send_chunk function in ...)
 	- xine-lib 1.1.14-3
+	- vlc <not-affected> (affected part of xine-lib code copy not present)
 CVE-2008-5234 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other ...)
 	- xine-lib 1.1.16-1 (medium; bug #508313; bug #498243)
 	[lenny] - xine-lib 1.1.14-4
 	[squeeze] - xine-lib 1.1.14-4
 CVE-2008-5233 (xine-lib 1.1.12, and other versions before 1.1.15, does not check for ...)
 	- xine-lib 1.1.14-3 (low)
+	- vlc <not-affected> (affected part of xine-lib code copy not present)
 CVE-2008-5232 (Buffer overflow in the CallHTMLHelp method in the Microsoft Windows ...)
 	NOT-FOR-US: Microsoft Windows Media Services
 CVE-2008-5231 (Stack-based buffer overflow in the ExecuteRequest method in the Novell ...)
@@ -54867,6 +54879,7 @@
 	NOT-FOR-US: Arab Portal
 CVE-2006-1664 (Buffer overflow in xine_list_delete_current in libxine 1.14 and ...)
 	- xine-lib <not-affected> (Not reproducible with Debian version, see bug #363127)
+	- vlc <not-affected> (affected part of xine-lib code copy not present)
 CVE-2006-1663
 	REJECTED
 CVE-2006-1662 (The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote ...)
@@ -70715,6 +70728,7 @@
 	NOT-FOR-US: PHPBB Knowledgebase Mod
 CVE-2005-1195 (Multiple heap-based buffer overflows in the code used to handle (1) ...)
 	- xine-lib 1.0.1-1
+	- mplayer <not-affected> (fixed in 1.0-pre7, which was released before etch)
 CVE-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm ...)
 	- nasm 0.98.38-1.2 (bug #309049)
 CVE-2005-1193 (The bbencode_second_pass and make_clickable functions in bbcode.php ...)
@@ -73665,9 +73679,11 @@
 	NOT-FOR-US: JRun
 CVE-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib ...)
 	- xine-lib 1-rc6
+	- vlc <not-affected> (affected part of xine-lib code copy not present)
 	- libcdio 0.69
 CVE-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 ...)
 	- xine-lib 1-rc6
+	- vlc <not-affected> (affected part of xine-lib code copy not present)
 CVE-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
 	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
 CVE-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
@@ -73709,6 +73725,7 @@
 	- cvstrac 1.1.4-1
 CVE-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and ...)
 	- xine-lib 1-rc5-1.1
+	- vlc <not-affected> (vulnerable component of xine-lib code copy not present)
 CVE-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) ...)
 	NOT-FOR-US: Cisco
 CVE-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, ...)
@@ -74959,6 +74976,7 @@
 	NOT-FOR-US: xlreader
 CVE-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for ...)
 	- xine-lib 1-rc8-1
+	- vlc <not-affected> (vulnerable component of xine-lib code copy not present)
 CVE-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum ...)
 	NOT-FOR-US: vilistextum
 CVE-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows ...)
@@ -75212,8 +75230,10 @@
 	- krb5 1.3.6-1
 CVE-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other ...)
 	- xine-lib 1-rc8-1
+	- mplayer <not-affected> (fixed in 1.0-pre5 which precedes the version included in etch)
 CVE-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine ...)
 	- xine-lib 1-rc8-1
+	- mplayer <not-affected> (fixed in 1.0-pre5 which precedes the version included in etch)
 CVE-2004-1186 (Multiple buffer overflows in enscript 1.6.3 allow remote attackers or ...)
 	{DSA-654-1}
 	- enscript 1.6.4-6
@@ -77097,6 +77117,7 @@
 CVE-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) ...)
 	- mplayer 1.0~pre6a-1
 	- xine-lib 1-rc4
+	TODO: check vlc (a problem in the xine-lib rtsp code copy.  this was likely fixed a long time ago, but i can't find a link to the relevant code anymore to compare to)
 CVE-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL ...)
 	- proftpd 1.2.9-4
 CVE-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 ...)

More information about the Secure-testing-commits mailing list