[Secure-testing-commits] r14080 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Fri Feb 12 04:00:43 UTC 2010 

Author: geissert
Date: 2010-02-12 04:00:33 +0000 (Fri, 12 Feb 2010)
New Revision: 14080

Modified:
   data/CVE/list
Log:
NFUs, ffmpeg issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-02-12 03:55:32 UTC (rev 14079)
+++ data/CVE/list	2010-02-12 04:00:33 UTC (rev 14080)
@@ -7,29 +7,49 @@
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <removed>
 CVE-2010-0564 (Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro URL Filtering Engine
 CVE-2009-4640 (Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote ...)
+	- ffmpeg <unfixed>
+	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4639 (The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows ...)
+	- ffmpeg <unfixed>
+	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4638 (Integer overflow in FFmpeg 0.5 allows remote attackers to cause a ...)
+	- ffmpeg <unfixed>
+	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4637 (FFmpeg 0.5 allows remote attackers to cause a denial of service ...)
+	- ffmpeg <unfixed>
+	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4636 (FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) ...)
+	- ffmpeg <unfixed>
+	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4635 (FFmpeg 0.5 allows remote attackers to cause a denial of service and ...)
+	- ffmpeg <unfixed>
+	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4634 (Multiple integer underflows in FFmpeg 0.5 allow remote attackers to ...)
+	- ffmpeg <unfixed>
+	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4633 (vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a ...)
+	- ffmpeg <unfixed>
+	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4632 (oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain ...)
+	- ffmpeg <unfixed>
+	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4631 (Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows ...)
+	- ffmpeg <unfixed>
+	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2010-0563 (The Single Sign-on (SSO) functionality in IBM WebSphere Application ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application
 CVE-2010-0562 (The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, ...)
 	- fetchmail 6.3.13-2 (low)
 	NOTE: the conditions so that this is exploitable are rather obscure
@@ -38,7 +58,7 @@
 CVE-2010-0560 (Unspecified vulnerability in the BIOS in Intel Desktop Board DB, DG, ...)
 	TODO: check
 CVE-2003-1588 (Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, ...)
-	TODO: check
+	NOT-FOR-US: Sun Cluster
 CVE-2010-0559 (The default configuration of Oracle OpenSolaris snv_91 through snv_131 ...)
 	NOT-FOR-US: Oracle OpenSolaris
 CVE-2010-0558 (The default configuration of Oracle OpenSolaris snv_77 through snv_131 ...)

More information about the Secure-testing-commits mailing list