[Secure-testing-commits] r14047 - in data: . CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sat Feb 6 22:20:28 UTC 2010
Author: gilbert-guest
Date: 2010-02-06 22:20:23 +0000 (Sat, 06 Feb 2010)
New Revision: 14047
Modified:
data/CVE/list
data/embedded-code-copies
Log:
gnash uses system libtool; flash player issues should not be NFU as long as flashplugin-nonfree is still in the archive
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-02-06 18:51:16 UTC (rev 14046)
+++ data/CVE/list 2010-02-06 22:20:23 UTC (rev 14047)
@@ -462,7 +462,7 @@
CVE-2010-0379 (Multiple unspecified vuilnerabilities in the Macromedia Flash ActiveX ...)
NOT-FOR-US: Macromedia Flash ActiveX
CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2010-0377 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...)
NOT-FOR-US: PHP MySpace Gold Edition
CVE-2010-0376 (Cross-site scripting (XSS) vulnerability in product_list.php in ...)
@@ -3464,19 +3464,19 @@
NOTE: but the "fixes" linked from the advisory only change code in kdelibs
NOTE: more info at oss-sec threads
CVE-2009-3800 (Multiple unspecified vulnerabilities in Adobe Flash Player before ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-3799 (Integer overflow in the Verifier::parseExceptionHandlers function in ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-3798 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-3797 (Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-3796 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-3795
RESERVED
CVE-2009-3794 (Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-3793
RESERVED
CVE-2009-3792 (Directory traversal vulnerability in Adobe Flash Media Server (FMS) ...)
@@ -3624,8 +3624,7 @@
- ggobi 2.1.9~20091212-1 (low; bug #559806)
[etch] - ggobi <no-dsa> (Minor issue)
[lenny] - ggobi <no-dsa> (Minor issue)
- - gnash <unfixed> (low; bug #559808)
- [lenny] - gnash <no-dsa> (Minor issue)
+ - gnash 0.7.2+cvs20070428.1515-1 (low; bug #559808)
- gnu-smalltalk 3.1-2 (low; bug #559809)
[lenny] - gnu-smalltalk <no-dsa> (Minor issue)
[etch] - gnu-smalltalk <no-dsa> (Minor issue)
@@ -9699,23 +9698,23 @@
CVE-2009-1871
RESERVED
CVE-2009-1870 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-1869 (Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-1868 (Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-1867 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-1866 (Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-1865 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-1864 (Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-1863 (Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-1862 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x through ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-1861 (Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 ...)
NOT-FOR-US: Adobe Reader
CVE-2009-1860 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 ...)
@@ -14764,13 +14763,13 @@
CVE-2009-0523 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 ...)
NOT-FOR-US: Adobe RoboHelp
CVE-2009-0522 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-0521 (Untrusted search path vulnerability in Adobe Flash Player 9.x before ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-0520 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-0519 (Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2009-0518 (VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 ...)
NOT-FOR-US: VMware
CVE-2009-0517 (Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and ...)
@@ -17461,7 +17460,7 @@
- iceape 1.1.14-1
- xulrunner 1.9.0.5-1
CVE-2008-5499 (Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, ...)
- NOT-FOR-US: Adobe Flash Player for Linux
+ - flashplugin-nonfree <undetermined>
CVE-2008-5498 (Array index error in the imageRotate function in PHP 5.2.8 and earlier ...)
- php5 <not-affected> (php5 links to the shared lib)
- libgd2 <not-affected> (code is specific to php's libgd)
@@ -17774,11 +17773,11 @@
CVE-2008-5364 (Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx ...)
NOT-FOR-US: getPlus
CVE-2008-5363 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x before ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2008-5362 (The DefineConstantPool action in the ActionScript 2 virtual machine in ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2008-5361 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x before ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2008-5617 (The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does ...)
- rsyslog 3.18.6-1 (bug #508027)
CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid and ...)
@@ -19158,17 +19157,17 @@
CVE-2008-4824 (Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2008-4823 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2008-4822 (Adobe Flash Player 9.0.124.0 and earlier does not properly interpret ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2008-4821 (Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2008-4820 (Unspecified vulnerability in the Flash Player ActiveX control in Adobe ...)
- NOT-FOR-US: Flash Player ActiveX control
+ - flashplugin-nonfree <undetermined>
CVE-2008-4819 (Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2008-4818 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2008-4817 (The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 ...)
NOT-FOR-US: Adobe Acrobat
CVE-2008-4816 (Unspecified vulnerability in the Download Manager in Adobe Reader ...)
@@ -19828,7 +19827,7 @@
CVE-2008-4547 (Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control ...)
NOT-FOR-US: DVRHOST Web CMS
CVE-2008-4546 (Adobe Flash Player 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 ...)
- NOT-FOR-US: Flash plugin
+ - flashplugin-nonfree <undetermined>
CVE-2008-4558 (Array index error in VLC media player 0.9.2 allows remote attackers to ...)
- vlc 0.9.3-1 (medium; bug #502314)
[etch] - vlc <not-affected> (introduced in 0.9.0)
@@ -19925,7 +19924,7 @@
CVE-2008-4504 (Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero DVD ...)
NOT-FOR-US: Herosoft Inc. Hero DVD Player
CVE-2008-4503 (The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier ...)
- NOT-FOR-US: Adobe Flash Player
+ - flashplugin-nonfree <undetermined>
CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows context-dependent ...)
- xerces-c2 <unfixed> (unimportant; bug #502102)
NOTE: Hardly a security issue, anyone who's concerned about this should use Xerces 3
@@ -21468,8 +21467,7 @@
CVE-2008-3874 (Cross-site scripting (XSS) vulnerability in account.php in Lussumo ...)
NOT-FOR-US: Lussumo Vanilla
CVE-2008-3873 (The System.setClipboard method in ActionScript in Adobe Flash Player ...)
- NOT-FOR-US: Adobe Flash Player
- NOTE: System.setClipboard is not implemented (yet?) in gnash 0.8.3 and swfdec0.6 0.6.8
+ - flashplugin-nonfree <undetermined>
CVE-2008-3872 (Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, ...)
- flashplugin-nonfree 1:1.4
[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2010-02-06 18:51:16 UTC (rev 14046)
+++ data/embedded-code-copies 2010-02-06 22:20:23 UTC (rev 14047)
@@ -1583,7 +1583,7 @@
- ggobi 2.1.9~20091212-1 (embed)
- glame 2.0.1-4 (embed)
NOTE: The etch version of glame was the earliest version checked, might be fixed earlier
- - gnash <unfixed> (embed)
+ - gnash 0.7.2+cvs20070428.1515-1 (embed)
- gnu-smalltalk <unfixed> (embed; bug #566777)
- google-gadgets 0.10.5-0.3 (embed)
NOTE: 0.10.5-0.3 was the earliest version checked, was fixed earlier
More information about the Secure-testing-commits
mailing list