[Secure-testing-commits] r17230 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Sep 13 19:36:18 UTC 2011 

Author: jmm
Date: 2011-09-13 19:36:17 +0000 (Tue, 13 Sep 2011)
New Revision: 17230

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- eds3 bugnum
- foomatic issue also affects system-config-printer, no-dsa
- openvas no-dsa
- new libav/ffmpeg issue (CVE ID requested)
- mark ffmpeg from Lenny as end-of-lifed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-09-13 17:11:39 UTC (rev 17229)
+++ data/CVE/list	2011-09-13 19:36:17 UTC (rev 17230)
@@ -1,3 +1,9 @@
+CVE-2011-XXXX [libavcodec insufficient boundary check in CAVS]
+	- libav 4:0.6-1 (bug #641478)
+	- ffmpeg <removed>
+	- ffmpeg-debian <end-of-life>
+	NOTE: http://www.ocert.org/advisories/ocert-2011-002.html
+	NOTE: CVE ID requested
 CVE-2011-XXXX [BackupPC XSS in Browse.pm]
 	- backuppc <unfixed> (bug #641450)
 	NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=f1f1ef74-716d-4af8-b1bf-c1ba6d9a98a1%40SC1EXHC-02.global.atheros.com&forum_name=backuppc-devel
@@ -202,7 +208,7 @@
 	[lenny] - mantis <not-affected> (Vulnerable code not present)
 CVE-2011-3355
 	RESERVED
-	- evolution-data-server3 <unfixed>
+	- evolution-data-server3 <unfixed> (bug #641052)
 CVE-2011-3353
 	RESERVED
 	- linux-2.6 <unfixed> (low)
@@ -211,6 +217,7 @@
 CVE-2011-3351
 	RESERVED
 	- openvas-scanner <unfixed> (bug #641327; low)
+	[squeeze] - openvas-scanner <no-dsa> (Minor issue)
 CVE-2011-3349 [lightdm denial of service]
 	RESERVED
 	- lightdm <unfixed> (bug #639151)
@@ -1357,6 +1364,9 @@
 	NOT-FOR-US: Mongoose
 CVE-2011-2899 (pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in ...)
 	- foomatic-gui 0.7.9.5 (low)
+	- system-config-printer <unfixed> (low; bug #639243)
+	[squeeze] - system-config-printer <no-dsa> (Minor issue)
+	[lenny] - system-config-printer <no-dsa> (Minor issue)
 CVE-2011-2898
 	RESERVED
 	- linux-2.6 3.0.0-1
@@ -3326,17 +3336,17 @@
 CVE-2011-2162 (Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as ...)
 	- libav 4:0.6-1 (bug #628448)
 	- ffmpeg <removed>
-	- ffmpeg-debian <removed>
+	- ffmpeg-debian <end-of-life>
 	NOTE: duplicate of CVE-2011-1198
 CVE-2011-2161 (The ape_read_header function in ape.c in libavformat in FFmpeg before ...)
 	{DSA-2306-1}
 	- libav 4:0.6-1 (bug #628448)
 	- ffmpeg <removed>
-	- ffmpeg-debian <removed>
+	- ffmpeg-debian <end-of-life>
 CVE-2011-2160 (The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in ...)
 	- libav 4:0.6-1 (bug #628448)
 	- ffmpeg <removed>
-	- ffmpeg-debian <removed>
+	- ffmpeg-debian <end-of-life>
 	NOTE: duplicate of CVE-2011-0723
 CVE-2011-2159 (The SmarterTools SmarterStats 6.0 web server omits the Content-Type ...)
 	NOT-FOR-US: SmarterStats
@@ -3880,7 +3890,7 @@
 	- libav 4:0.6.2-3 (bug #624339)
 	- ffmpeg <removed>
 	[squeeze] - ffmpeg <not-affected> (vulnerability introduced in 0.6)
-	- ffmpeg-debian <removed>
+	- ffmpeg-debian <end-of-life>
 	[lenny] - ffmpeg-debian <not-affected> (vulnerability introduced in 0.6)
 CVE-2011-1930
 	RESERVED
@@ -7531,12 +7541,12 @@
 	{DSA-2306-1}
 	- libav 4:0.6-1
 	- ffmpeg <removed>
-	- ffmpeg-debian <removed>
+	- ffmpeg-debian <end-of-life>
 CVE-2011-0722 (FFmpeg before 0.5.4, as used in MPlayer and other products, allows ...)
 	{DSA-2306-1}
 	- libav 4:0.6-1 
 	- ffmpeg <removed>
-	- ffmpeg-debian <removed>
+	- ffmpeg-debian <end-of-life>
 CVE-2011-0721 (Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in ...)
 	{DSA-2164-1}
 	- shadow 1:4.1.4.2+svn3283-3
@@ -7805,7 +7815,7 @@
 	{DSA-2306-1 DSA-2165-1}
 	- libav 4:0.6.2-1 (low; bug #611495)
 	- ffmpeg <removed> (low; bug #611495)
-	- ffmpeg-debian <removed> (low)
+	- ffmpeg-debian <end-of-life> 
 	NOTE: this is a crash found by fuzzing and not clearly exploitable (can be combined with other fixes so low urgency)
 CVE-2010-XXXX
 	- redmine 1.0.5-1 (bug #608397)
@@ -11676,7 +11686,7 @@
 	{DSA-2306-1}
 	- libav 4:0.6-1
 	- ffmpeg <removed>
-	- ffmpeg-debian <removed>
+	- ffmpeg-debian <end-of-life> 
 CVE-2010-3907 (Multiple integer overflows in real.c in the Real demuxer plugin in ...)
 	- vlc 1.1.3-1squeeze1
 	[lenny] - vlc <not-affected> (Vulnerable code not present)
@@ -13064,7 +13074,7 @@
 CVE-2010-3429 (flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in ...)
 	{DSA-2165-1}
 	- ffmpeg 4:0.5.2-6 (bug #598590)
-	- ffmpeg-debian <removed>
+	- ffmpeg-debian <removed> 
 	NOTE: http://www.ocert.org/advisories/ocert-2010-004.html
 CVE-2010-XXXX [mingetty directory traversal]
 	- mingetty 1.07-2 (low; bug #597382)
@@ -21155,7 +21165,7 @@
 	NOT-FOR-US: Juniper Installer Service
 CVE-2009-XXXX [ffmpeg potentially remaining vulnerabilities after DSA 2000]
 	- ffmpeg 4:0.5.1-1 (medium; bug #570713)
-	- ffmpeg-debian <removed> (medium)
+	- ffmpeg-debian <end-of-life> 
 CVE-2010-XXXX [dillo improper restriction of path in cookies]
 	- dillo <removed>
 	NOTE: http://hg.dillo.org/dillo/file/tip/ChangeLog

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-09-13 17:11:39 UTC (rev 17229)
+++ data/spu-candidates.txt	2011-09-13 19:36:17 UTC (rev 17230)
@@ -54,6 +54,12 @@
 
 --
 
+openvas-scanner (CVE-2011-3351)
+#641327
+maintainer notified through bugreport
+
+--
+
 pidgin (CVE-2011-XXXX, CVE-2011-1091)
 http://www.pidgin.im/news/security/?id=50
 
@@ -117,6 +123,11 @@
 
 --
 
+system-config-printer (CVE-2011-2899)
+#639243
+
+--
+
 cherokee (CVE-2011-2190)
 
 --

More information about the Secure-testing-commits mailing list