[Secure-testing-commits] r17842 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Wed Dec 21 17:15:48 UTC 2011
Author: jmm
Date: 2011-12-21 17:15:48 +0000 (Wed, 21 Dec 2011)
New Revision: 17842
Modified:
data/CVE/list
Log:
pure-ftpd updates
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-12-21 12:10:04 UTC (rev 17841)
+++ data/CVE/list 2011-12-21 17:15:48 UTC (rev 17842)
@@ -1699,10 +1699,10 @@
- ffmpeg <removed>
- ffmpeg-debian <end-of-life>
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=67a7ed6
- NOTE: hhttp://git.libav.org/?p=libav.git;a=commitdiff;h=c76505e
- NOTE: hhttp://git.libav.org/?p=libav.git;a=commitdiff;h=30c08e2
- NOTE: hhttp://git.libav.org/?p=libav.git;a=commitdiff;h=7367cbe
- NOTE: hhttp://git.libav.org/?p=libav.git;a=commitdiff;h=28acce2
+ NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=c76505e
+ NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=30c08e2
+ NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=7367cbe
+ NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=28acce2
CVE-2011-4352 [VP3 integer overflow]
RESERVED
- libav <unfixed>
@@ -9731,8 +9731,9 @@
[lenny] - linux-2.6 <not-affected> (Code not present)
NOTE: "...code path in question is no longer reachable..." not sure when this was fixed
CVE-2011-1575 (The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 ...)
- - pure-ftpd 1.0.30-1
- NOTE: http://www.pureftpd.org/project/pure-ftpd/news
+ - pure-ftpd 1.0.30-1 (low)
+ [squeeze] - pure-ftpd <no-dsa> (Will be fixed in stable point update)
+ [lenny] - pure-ftpd <no-dsa> (Minor issue)
CVE-2011-1574 (Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in ...)
{DSA-2226-1}
- libmodplug 1:0.8.8.2-1 (low; bug #622091)
@@ -13231,7 +13232,9 @@
{DSA-2237-2}
- apr 1.4.4-1 (low)
CVE-2011-0418 (The glob implementation in Pure-FTPd before 1.0.32, and in libc in ...)
- - pure-ftpd 1.0.32-1
+ - pure-ftpd 1.0.32-1 (unimportant)
+ NOTE: The attack could not be reproduced on Linux. The upstream change from 1.0.32
+ NOTE: only disables GLOB_BRACE, possibly to protect installations with a vulnerable libc
CVE-2011-0417
RESERVED
CVE-2011-0416
More information about the Secure-testing-commits
mailing list