[Secure-testing-commits] r17016 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Jul 28 07:48:29 UTC 2011


Author: jmm
Date: 2011-07-28 07:48:29 +0000 (Thu, 28 Jul 2011)
New Revision: 17016

Modified:
   data/CVE/list
Log:
- new libsndfile issue (DSA in preparation)
- also squashed a CVE-less duped entry for libsndfile


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-07-28 05:08:01 UTC (rev 17015)
+++ data/CVE/list	2011-07-28 07:48:29 UTC (rev 17016)
@@ -280,9 +280,9 @@
 CVE-2011-2746
 	RESERVED
 CVE-2011-2745 (upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier ...)
-	TODO: check
+ 	NOT-FOR-US: Chyrp
 CVE-2011-2744 (Directory traversal vulnerability in Chyrp 2.1 and earlier allows ...)
-	NOT-FOR-US: Chyrp
+ 	NOT-FOR-US: Chyrp
 CVE-2011-2743 (Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and ...)
 	NOT-FOR-US: Chyrp
 CVE-2011-2742
@@ -403,7 +403,7 @@
 	RESERVED
 	- hplip <unfixed> (bug #635549; medium)
 CVE-2011-2696 (Integer overflow in libsndfile before 1.0.25 allows remote attackers ...)
-	TODO: check
+	- libsndfile 1.0.25-1 
 CVE-2011-2695
 	RESERVED
 CVE-2011-2694 [Samba SWAT XSS]
@@ -28721,9 +28721,6 @@
 	- libdkim 1:1.0.19-4 (unimportant; bug #532740)
 	NOTE: This is mostly a missing feature, it's unlikely that any threaded application
 	NOTE: is using libdkim in the current state, so the practical impact is none
-CVE-2009-XXXX [libsndfile: potential dos via crafted input]
-	- libsndfile <unfixed> (unimportant; bug #530831)
-	NOTE: Just a crasher, no code injection
 CVE-2009-XXXX [mimedecode: potential dos/crash due to invalid input]
 	- mimedecode <removed> (low; bug #530430)
 	[etch] - mimedecode <no-dsa> (minor issue)




More information about the Secure-testing-commits mailing list