[Secure-testing-commits] r17016 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Jul 28 07:48:29 UTC 2011
Author: jmm
Date: 2011-07-28 07:48:29 +0000 (Thu, 28 Jul 2011)
New Revision: 17016
Modified:
data/CVE/list
Log:
- new libsndfile issue (DSA in preparation)
- also squashed a CVE-less duped entry for libsndfile
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-07-28 05:08:01 UTC (rev 17015)
+++ data/CVE/list 2011-07-28 07:48:29 UTC (rev 17016)
@@ -280,9 +280,9 @@
CVE-2011-2746
RESERVED
CVE-2011-2745 (upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier ...)
- TODO: check
+ NOT-FOR-US: Chyrp
CVE-2011-2744 (Directory traversal vulnerability in Chyrp 2.1 and earlier allows ...)
- NOT-FOR-US: Chyrp
+ NOT-FOR-US: Chyrp
CVE-2011-2743 (Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and ...)
NOT-FOR-US: Chyrp
CVE-2011-2742
@@ -403,7 +403,7 @@
RESERVED
- hplip <unfixed> (bug #635549; medium)
CVE-2011-2696 (Integer overflow in libsndfile before 1.0.25 allows remote attackers ...)
- TODO: check
+ - libsndfile 1.0.25-1
CVE-2011-2695
RESERVED
CVE-2011-2694 [Samba SWAT XSS]
@@ -28721,9 +28721,6 @@
- libdkim 1:1.0.19-4 (unimportant; bug #532740)
NOTE: This is mostly a missing feature, it's unlikely that any threaded application
NOTE: is using libdkim in the current state, so the practical impact is none
-CVE-2009-XXXX [libsndfile: potential dos via crafted input]
- - libsndfile <unfixed> (unimportant; bug #530831)
- NOTE: Just a crasher, no code injection
CVE-2009-XXXX [mimedecode: potential dos/crash due to invalid input]
- mimedecode <removed> (low; bug #530430)
[etch] - mimedecode <no-dsa> (minor issue)
More information about the Secure-testing-commits
mailing list