[Secure-testing-commits] r14183 - in data: CVE DSA

Michael Gilbert gilbert-guest at alioth.debian.org
Thu Mar 4 04:02:07 UTC 2010 

Author: gilbert-guest
Date: 2010-03-04 04:02:05 +0000 (Thu, 04 Mar 2010)
New Revision: 14183

Modified:
   data/CVE/list
   data/DSA/list
Log:
fix a few latently vulnerable issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-04 03:26:12 UTC (rev 14182)
+++ data/CVE/list	2010-03-04 04:02:05 UTC (rev 14183)
@@ -14742,6 +14742,7 @@
 CVE-2009-0688 (Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 ...)
 	{DSA-1807-1 DTSA-200-1 DTSA-201-1}
 	- cyrus-sasl2 2.1.23.dfsg1-1 (bug #528749)
+	- cyrus-sasl2-heimdal 2.1.23.dfsg1-1
 	NOTE: VU#238019
 CVE-2009-0687 (The pf_test_rule function in OpenBSD Packet Filter (PF), as used in ...)
 	NOT-FOR-US: OpenBSD Packet Filter
@@ -19826,6 +19827,7 @@
 	[etch] - kino <not-affected> (Does not ship ffmpeg)
 	- gstreamer0.10-ffmpeg 0.10.3-2
 CVE-2008-4868 (Unspecified vulnerability in the avcodec_close function in ...)
+	- ffmpeg <not-affected> (Vulnerable code not present) 
 	- ffmpeg-debian <not-affected> (Vulnerable code not present)
 	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
 	- mplayer 1.0~rc2-14
@@ -19835,6 +19837,7 @@
 	- gstreamer0.10-ffmpeg 0.10.3-2
 	[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2008-4867 (Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as ...)
+	- ffmpeg 0.svn20080206-14
 	- ffmpeg-debian 0.svn20080206-14 (bug #504977)
 	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
 	- mplayer 1.0~rc2-14
@@ -19845,6 +19848,7 @@
 	[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2008-4866 (Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 ...)
 	{DSA-1782-1}
+	- ffmpeg 0.svn20080206-14
 	- ffmpeg-debian 0.svn20080206-14 (bug #504977)
 	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
 	- mplayer 1.0~rc2-14
@@ -19973,13 +19977,13 @@
 	[lenny] - smarty <no-dsa> (Minor issue, fix will change behaviour)
 	[etch] - smarty <no-dsa> (Minor issue, fix will change behaviour)
 	- moodle 1.8.2-2 (bug #504345)
-	[etch] - gallery2 <unfixed>
+	- gallery2 2.2.5-2
 	NOTE: This attack vector is *not* fixed in r2797
 CVE-2008-4810 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...)
 	{DSA-1919-1 DSA-1691-1}
 	- smarty 2.6.26-0.1 (bug #504328)
 	- moodle 1.8.2-2 (bug #504345)
-	[etch] - gallery2 <unfixed>
+	- gallery2 2.2.5-2
 	NOTE: This attack vector is fixed in r2797
 CVE-2008-4809 (Multiple unspecified vulnerabilities in the Profiles search pages in ...)
 	NOT-FOR-US: IBM Lotus Connections
@@ -40891,6 +40895,7 @@
 	NOT-FOR-US: Calendarix
 CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for Evolution Data ...)
 	{DSA-1325-1 DSA-1321-1}
+	- evolution 2.12.0-1
 	- evolution-data-server 1.10.2-2 (bug #429876)
 	[sarge] - evolution-data-server <not-affected> (Vulnerable code present in a different source package)
 CVE-2007-3256 (Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2010-03-04 03:26:12 UTC (rev 14182)
+++ data/DSA/list	2010-03-04 04:02:05 UTC (rev 14183)
@@ -47,7 +47,7 @@
 	{CVE-2010-0438}
 	[lenny] - otrs2 2.2.7-2lenny3
 [04 Feb 2010] DSA-1992-1 chrony - denial of service
-	{CVE-2009-3563 CVE-2010-0292 CVE-2010-0293 CVE-2010-0294}
+	{CVE-2010-0292 CVE-2010-0293 CVE-2010-0294}
 	[etch] - chrony 1.21z-5+etch1
 	[lenny] - chrony 1.23-6+lenny1
 [04 Feb 2010] DSA-1991-1 squid squid3 - denial of service

More information about the Secure-testing-commits mailing list