[Secure-testing-commits] r17330 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Sep 29 10:39:27 UTC 2011 

Author: jmm
Date: 2011-09-29 10:39:27 +0000 (Thu, 29 Sep 2011)
New Revision: 17330

Modified:
   data/CVE/list
Log:
ffmpeg updates
"new" roundcube XSS


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-09-29 10:22:30 UTC (rev 17329)
+++ data/CVE/list	2011-09-29 10:39:27 UTC (rev 17330)
@@ -2301,7 +2301,7 @@
 	[squeeze] - mantis <not-affected> (Only affects Mantis 1.1)
 	[lenny] - mantis <not-affected> (Only affects Mantis 1.1)
 CVE-2011-2937 (Cross-site scripting (XSS) vulnerability in the UI messages ...)
-	TODO: check
+	- roundcube 0.5.4+dfsg-1 (bug #641996)
 CVE-2011-2936
 	RESERVED
 CVE-2011-2935
@@ -2417,7 +2417,7 @@
 	RESERVED
 CVE-2011-2896 (The LZW decompressor in the LWZReadByte function in giftoppm.c in the ...)
 	- cups 1.5.0-8
-	- gimp <unfixed> (bug filed)
+	- gimp <unfixed> (bug #643753)
 	TODO: There's more: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2896
 CVE-2011-2895 (The LZW decompressor in (1) the BufCompressedFill function in ...)
 	{DSA-2293-1}
@@ -5006,10 +5006,8 @@
 	[lenny] - widelands <no-dsa> (Minor issue)
 CVE-2011-1931 (sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg ...)
 	- libav 4:0.6.2-3 (bug #624339)
-	- ffmpeg <removed>
-	[squeeze] - ffmpeg <not-affected> (vulnerability introduced in 0.6)
-	- ffmpeg-debian <end-of-life>
-	[lenny] - ffmpeg-debian <not-affected> (vulnerability introduced in 0.6)
+	- ffmpeg <not-affected> (vulnerability introduced in 0.6)
+	- ffmpeg-debian <not-affected> (vulnerability introduced in 0.6)
 CVE-2011-1930
 	RESERVED
 	- klibc 1.5.22-1 (low)
@@ -7136,7 +7134,8 @@
 	[squeeze] - chromium-browser <not-affected>
 	[wheezy] - chromium-browser <not-affected>
 	- libav 4:0.7.1-1
-	NOTE: Info from maintainer: the patch does not apply 0.5, and I failed to reproduce
+	- ffmpeg-debian <not-affected> (Info from maintainer: the patch does not apply 0.5, and I failed to reproduce)
+	- ffmpeg <not-affected> (Info from maintainer: the patch does not apply 0.5, and I failed to reproduce)
 CVE-2011-1195 (Use-after-free vulnerability in Google Chrome before 10.0.648.127 ...)
 	- chromium-browser 10.0.648.127~r76697-1
 	[squeeze] - chromium-browser <not-affected>

More information about the Secure-testing-commits mailing list