[Secure-testing-commits] r14678 - in data: CVE DSA

Tue May 11 22:31:13 UTC 2010

Author: gilbert-guest
Date: 2010-05-11 22:31:12 +0000 (Tue, 11 May 2010)
New Revision: 14678

Modified:
   data/CVE/list
   data/DSA/list
Log:
fix theora dsa; mark vlc/mplayer issues as fixed

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-05-11 21:14:36 UTC (rev 14677)
+++ data/CVE/list	2010-05-11 22:31:12 UTC (rev 14678)
@@ -11428,12 +11428,14 @@
 CVE-2008-6892 (SQL injection vulnerability in lire/index.php in Peel 3.1 allows ...)
 	NOT-FOR-US: Peel
 CVE-2009-XXXX [VLC: integer underflow in Real RTSP]
-	- vlc <unfixed>
-	- mplayer <unfixed>
+	- vlc 1.0.1-1
+	[lenny] - vlc 0.8.6.h-4+lenny2.3 
+	- mplayer <unfixed> (medium; bug #581245)
+	[lenny] - mplayer 1.0~rc2-17+lenny3.2
 	- xine-lib <not-affected> (immune due to additional check in xio_rw_abbort())
-	TODO: File bugs
 	NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca
 	NOTE: http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
+	NOTE: DSA-2043 and DSA-2044
 CVE-2009-2655 (mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote ...)
@@ -23781,7 +23783,7 @@
 CVE-2008-4593 (Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled ...)
 	NOT-FOR-US: Apple iPhone 2.1 with firmware 5F136
 CVE-2007-6718 (MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of ...)
-	- mplayer <unfixed> (low; bug #407010)
+	- mplayer 1.0~rc3+svn20100502-1 (low; bug #407010)
 	[lenny] - mplayer <no-dsa> (Some have been fixed in Lenny/libavcodec, some crashers left)
 	NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
 CVE-2008-4654 (Stack-based buffer overflow in the parse_master function in the Ty ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2010-05-11 21:14:36 UTC (rev 14677)
+++ data/DSA/list	2010-05-11 22:31:12 UTC (rev 14678)
@@ -1,5 +1,6 @@
 [11 May 2010] DSA-2045-1  - arbitrary code execution
 	{CVE-2009-3389}
+	[lenny] - libtheora 1.0~beta3-1+lenny1
 [11 May 2010] DSA-2044-1 mplayer - arbitrary code execution
 	[lenny] - mplayer 1.0~rc2-17+lenny3.2
 [11 May 2010] DSA-2043-1 vlc - arbitrary code execution


