[Secure-testing-commits] r15400 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Sep 30 10:15:36 UTC 2010 

Author: jmm-guest
Date: 2010-09-30 10:15:34 +0000 (Thu, 30 Sep 2010)
New Revision: 15400

Modified:
   data/CVE/list
Log:
update ffmpeg status


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-09-30 09:53:31 UTC (rev 15399)
+++ data/CVE/list	2010-09-30 10:15:34 UTC (rev 15400)
@@ -635,9 +635,8 @@
 	NOTE: 20100924164823.GA21584 at openwall.com
 CVE-2010-3429
 	RESERVED
-	- ffmpeg <unfixed>
+	- ffmpeg <unfixed> (bug #598590)
 	- ffmpeg-debian <removed>
-	TODO: check
 	NOTE: http://www.ocert.org/advisories/ocert-2010-004.html
 CVE-2010-XXXX [mingetty directory traversal]
 	- mingetty 1.07-2 (medium; bug #597382)
@@ -8563,8 +8562,8 @@
 	- webcalendar <undetermined> (bug #572557)
 CVE-2009-4643 (Stack-based buffer overflow in dsInstallerService.dll in the Juniper ...)
 	NOT-FOR-US: Juniper Installer Service
-CVE-2009-XXXX [ffmpeg vulnerabilities]
-	- ffmpeg 4:0.5.1-1 (medium; bug #570713; bug #550442)
+CVE-2009-XXXX [ffmpeg potentially remaining vulnerabilities after DSA 2000]
+	- ffmpeg 4:0.5.1-1 (medium; bug #570713)
 	- ffmpeg-debian <removed> (medium)
 CVE-2010-XXXX [dillo improper restriction of path in cookies]
 	- dillo <removed>
@@ -8752,43 +8751,43 @@
 	NOT-FOR-US: Trend Micro URL Filtering Engine
 CVE-2009-4640 (Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote ...)
 	{DSA-2000-1}
-	- ffmpeg 4:0.5+svn20090706-3
+	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
 	- ffmpeg-debian <removed>
 CVE-2009-4639 (The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows ...)
-	- ffmpeg <unfixed> (unimportant)
+	- ffmpeg <unfixed> (unimportant; bug #550442)
 	- ffmpeg-debian <removed> (unimportant)
 	NOTE: denial-of-service only, so not worth worrying about
 CVE-2009-4638 (Integer overflow in FFmpeg 0.5 allows remote attackers to cause a ...)
 	{DSA-2000-1}
-	- ffmpeg 4:0.5+svn20090706-3
+	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
 	- ffmpeg-debian <removed>
 CVE-2009-4637 (FFmpeg 0.5 allows remote attackers to cause a denial of service ...)
 	{DSA-2000-1}
-	- ffmpeg 4:0.5+svn20090706-3
+	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
 	- ffmpeg-debian <removed>
 CVE-2009-4636 (FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) ...)
 	{DSA-2000-1}
-	- ffmpeg 4:0.5+svn20090706-3
+	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
 	- ffmpeg-debian <removed>
 CVE-2009-4635 (FFmpeg 0.5 allows remote attackers to cause a denial of service and ...)
 	{DSA-2000-1}
-	- ffmpeg 4:0.5+svn20090706-3
+	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
 	- ffmpeg-debian <removed>
 CVE-2009-4634 (Multiple integer underflows in FFmpeg 0.5 allow remote attackers to ...)
 	{DSA-2000-1}
-	- ffmpeg 4:0.5+svn20090706-3
+	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
 	- ffmpeg-debian <removed>
 CVE-2009-4633 (vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a ...)
 	{DSA-2000-1}
-	- ffmpeg 4:0.5+svn20090706-3
+	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
 	- ffmpeg-debian <removed>
 CVE-2009-4632 (oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain ...)
 	{DSA-2000-1}
-	- ffmpeg 4:0.5+svn20090706-3
+	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
 	- ffmpeg-debian <removed>
 CVE-2009-4631 (Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows ...)
 	{DSA-2000-1}
-	- ffmpeg 4:0.5+svn20090706-3
+	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
 	- ffmpeg-debian <removed>
 CVE-2010-0563 (The Single Sign-on (SSO) functionality in IBM WebSphere Application ...)
 	NOT-FOR-US: IBM WebSphere Application

More information about the Secure-testing-commits mailing list