[Secure-testing-commits] r14800 - in data: CVE DSA
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Fri Jun 4 21:27:14 UTC 2010
Author: jmm-guest
Date: 2010-06-04 21:27:03 +0000 (Fri, 04 Jun 2010)
New Revision: 14800
Modified:
data/CVE/list
data/DSA/list
Log:
mplayer/vlc CVEfied
bugnums
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-06-04 21:14:47 UTC (rev 14799)
+++ data/CVE/list 2010-06-04 21:27:03 UTC (rev 14800)
@@ -222,8 +222,16 @@
RESERVED
CVE-2010-2063
RESERVED
-CVE-2010-2062
+CVE-2010-2062 [VLC: integer underflow in Real RTSP]
RESERVED
+ - vlc 1.0.1-1
+ [lenny] - vlc 0.8.6.h-4+lenny2.3
+ - mplayer 2:1.0~rc3+svn20100502-3 (medium; bug #581245)
+ [lenny] - mplayer 1.0~rc2-17+lenny3.2
+ - xine-lib <not-affected> (immune due to additional check in xio_rw_abbort())
+ NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca
+ NOTE: http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
+ NOTE: DSA-2043 and DSA-2044
CVE-2010-2061
RESERVED
CVE-2010-2060
@@ -2659,7 +2667,7 @@
CVE-2009-4739 (PHP remote file inclusion vulnerability in index.php in SkaDate Dating ...)
NOT-FOR-US: SkaDate Dating
CVE-2010-XXXX [freeciv lua]
- - freeciv <unfixed> (low)
+ - freeciv <unfixed> (low; bug #584589)
[lenny] - freeciv <no-dsa> (Minor issue)
NOTE: http://gna.org/bugs/?15624
CVE-2010-XXXX [Rbot Owner Reaction Command Execution]
@@ -4856,7 +4864,7 @@
[lenny] - bozohttpd <no-dsa> (Minor issue)
[etch] - bozohttpd <no-dsa> (Minor issue)
CVE-2010-XXXX [maradns null pointer dereference]
- - maradns <unfixed> (low)
+ - maradns <unfixed> (low; bug #584587)
[lenny] - maradns <no-dsa> (minor issue)
[etch] - maradns <not-affected> (vulnerable code introduced in 1.3.03)
NOTE: http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
@@ -4869,7 +4877,7 @@
NOTE: http://lists.debian.org/debian-release/2010/01/msg00181.html
CVE-2010-XXXX [sudosh3: many security weaknesses]
- sudosh3 <unfixed> (high; bug #566142)
- NOTE: package is likely to be removed
+ NOTE: Removal requested
CVE-2010-XXXX [phpbb: many issues]
- phpbb3 3.0.7-PL1-1
- phpbb2 <removed>
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2010-06-04 21:14:47 UTC (rev 14799)
+++ data/DSA/list 2010-06-04 21:27:03 UTC (rev 14800)
@@ -29,8 +29,10 @@
{CVE-2009-3389}
[lenny] - libtheora 1.0~beta3-1+lenny1
[11 May 2010] DSA-2044-1 mplayer - arbitrary code execution
+ {CVE-2010-2062}
[lenny] - mplayer 1.0~rc2-17+lenny3.2
[11 May 2010] DSA-2043-1 vlc - arbitrary code execution
+ {CVE-2010-2062}
[lenny] - vlc 0.8.6.h-4+lenny2.3
[05 May 2010] DSA-2042-1 iscsitarget - arbitrary code execution
{CVE-2010-0743}
More information about the Secure-testing-commits
mailing list