[Secure-testing-commits] r18991 - data/CVE

Michael Gilbert mgilbert at alioth.debian.org
Wed Apr 18 03:26:02 UTC 2012 

Author: mgilbert
Date: 2012-04-18 03:26:02 +0000 (Wed, 18 Apr 2012)
New Revision: 18991

Modified:
   data/CVE/list
Log:
a bunch of libvorbisidec issues and a libvorbis nmu

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-04-18 01:58:21 UTC (rev 18990)
+++ data/CVE/list	2012-04-18 03:26:02 UTC (rev 18991)
@@ -4325,8 +4325,8 @@
 	- iceape <not-affected> (Only affects Firefox >= 4)
 CVE-2012-0444 (Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before ...)
 	{DSA-2412-1 DSA-2406-1 DSA-2402-1 DSA-2400-1}
-	- libvorbisidec <unfixed>
-	- libvorbis <unfixed>
+	- libvorbisidec <unfixed> (bug #669196)
+	- libvorbis 1.3.2-1.2 (bug #664197)
 	- icedove <unfixed>
 	[lenny] - icedove <not-affected> (Vulnerable code not present)
 	- xulrunner <not-affected> (Vulnerable code not present)
@@ -37433,6 +37433,7 @@
 	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla ...)
 	{DSA-1939-1}
+	- libvorbisidec <unfixed> (bug #669196)
 	- libvorbis 1.2.3-1 (medium)
 	- xulrunner 1.9.1.4-1
 	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
@@ -40173,6 +40174,7 @@
 	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 ...)
 	{DSA-1939-1}
+	- libvorbisidec <unfixed> (bug #669196)
 	- libvorbis 1.2.0.dfsg-6 (medium; bug #540958)
 	- xulrunner 1.9.1.2-1 (medium; bug #540961)
 	[etch] - xulrunner <not-affected> (vulnerability introduced in 1.9.1.0)
@@ -58827,6 +58829,7 @@
 CVE-2008-2010 (Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 ...)
 	NOT-FOR-US: Windows
 CVE-2008-2009 (Xiph.org libvorbis before 1.0 does not properly check for ...)
+	- libvorbisidec <unfixed> (bug #669196)
 	- libvorbis 1.2.0.dfsg-4 (bug #482039)
 	[etch] - libvorbis <not-affected> (actual vulnerability fixed pre-1.0)
 	[lenny] - libvorbis <not-affected> (actual vulnerability fixed pre-1.0)
@@ -60231,6 +60234,7 @@
 	RESERVED
 CVE-2008-1423 (Integer overflow in a certain quantvals and quantlist calculation in ...)
 	{DSA-1591-1}
+	- libvorbisidec <unfixed> (bug #669196)
 	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
 CVE-2008-1422
 	RESERVED
@@ -60238,9 +60242,11 @@
 	RESERVED
 CVE-2008-1420 (Integer overflow in residue partition value (aka partvals) evaluation ...)
 	{DSA-1591-1}
+	- libvorbisidec <unfixed> (bug #669196)
 	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
 CVE-2008-1419 (Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero ...)
 	{DSA-1591-1}
+	- libvorbisidec <unfixed> (bug #669196)
 	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
 CVE-2008-1418
 	RESERVED
@@ -70969,10 +70975,12 @@
 	NOT-FOR-US: Clever Internet ActiveX Suite
 CVE-2007-4066 (Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow ...)
 	{DSA-1471-1}
+	- libvorbisidec <unfixed> (bug #669196)
 	- libvorbis 1.2.0.dfsg-1
 	NOTE: svn revisionsions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
 CVE-2007-4065 (lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 ...)
 	{DSA-1471-1}
+	- libvorbisidec <unfixed> (bug #669196)
 	- libvorbis 1.2.0.dfsg-1
 	NOTE: Just an infinite loop in an enduser multimedia libarary, not treated as a vulnerability
 	NOTE: svn revisionions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
@@ -71065,6 +71073,7 @@
 	RESERVED
 CVE-2007-4029 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...)
 	{DSA-1471-1}
+	- libvorbisidec <unfixed> (bug #669196)
 	- libvorbis 1.2.0.dfsg-1 (medium; bug #437916)
 	NOTE: svn revisions fixing this https://bugzilla.redhat.com/show_bug.cgi?id=249780
 CVE-2007-4028 (Absolute path traversal vulnerability in index.php in Webspell 4.01.02 ...)
@@ -73375,6 +73384,7 @@
 	NOTE: in Linus' tree.
 CVE-2007-3106 (lib/info.c in libvorbis 1.1.2, and possibly other versions before ...)
 	{DSA-1471-1}
+	- libvorbisidec <unfixed> (bug #669196)
 	- libvorbis 1.2.0.dfsg-1 (medium)
 CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG) ...)
 	{DSA-1504-1 DSA-1363-1}

More information about the Secure-testing-commits mailing list