[Secure-testing-commits] r15967 - in data: . CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Jan 25 21:49:19 UTC 2011
Author: jmm
Date: 2011-01-25 21:49:15 +0000 (Tue, 25 Jan 2011)
New Revision: 15967
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
NFUs
new minor pam issues
two ffmpeg issues (probably related to CVE-2010-0480)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-01-25 21:35:04 UTC (rev 15966)
+++ data/CVE/list 2011-01-25 21:49:15 UTC (rev 15967)
@@ -1,25 +1,33 @@
CVE-2011-0640 (The default configuration of udev on Linux does not warn the user ...)
TODO: check
CVE-2011-0639 (Apple Mac OS X does not properly warn the user before enabling ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2011-0638 (Microsoft Windows does not properly warn the user before enabling ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2011-0637 (The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2011-0636 (The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA ...)
- TODO: check
+ NOT-FOR-US: NVIDIA CUDA Toolkit
CVE-2011-0635 (Static code injection vulnerability in Simploo CMS 1.7.1 and earlier ...)
- TODO: check
+ NOT-FOR-US: Simploo
CVE-2010-4708 (The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the ...)
- TODO: check
+ - pam <unfixed>
+ [lenny] - pam <no-dsa> (Minor issue)
+ [squeeze] - pam <no-dsa> (Minor issue)
CVE-2010-4707 (The check_acl function in pam_xauth.c in the pam_xauth module in ...)
- TODO: check
+ - pam <unfixed>
+ [lenny] - pam <no-dsa> (Minor issue)
+ [squeeze] - pam <no-dsa> (Minor issue)
CVE-2010-4706 (The pam_sm_close_session function in pam_xauth.c in the pam_xauth ...)
- TODO: check
+ - pam <unfixed>
+ [lenny] - pam <no-dsa> (Minor issue)
+ [squeeze] - pam <no-dsa> (Minor issue)
CVE-2010-4705 (Integer overflow in the vorbis_residue_decode_internal function in ...)
- TODO: check
+ - ffmpeg <unfixed> (bug #610550)
+ - ffmpeg-debian <removed>
CVE-2010-4704 (libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and ...)
- TODO: check
+ - ffmpeg <unfixed> (bug #610550)
+ - ffmpeg-debian <removed>
CVE-2011-XXXX [xmlTextWriterWriteAttribute heap disclosure]
- libxml2 <unfixed>
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=631551
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2011-01-25 21:35:04 UTC (rev 15966)
+++ data/spu-candidates.txt 2011-01-25 21:49:15 UTC (rev 15967)
@@ -508,6 +508,8 @@
#514437
asked maintainer in mail
+CVE-2010-4708/CVE-2010-4707/CVE-2010-4706
+
--
pidgin (CVE-2009-1889, CVE-2009-3085)
More information about the Secure-testing-commits
mailing list