[Secure-testing-commits] r20622 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Dec 7 07:21:53 UTC 2012 

Author: jmm
Date: 2012-12-07 07:21:53 +0000 (Fri, 07 Dec 2012)
New Revision: 20622

Modified:
   data/CVE/list
Log:
mesa fixed
vlc tpued for wheezy, no-dsa for squeeze
libarchive fixed in wheezy


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-12-06 21:14:20 UTC (rev 20621)
+++ data/CVE/list	2012-12-07 07:21:53 UTC (rev 20622)
@@ -1699,6 +1699,8 @@
 	[squeeze] - moodle <not-affected> (Doesn't affect 1.9)
 CVE-2012-5470 (libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote ...)
 	- vlc 2.0.4-1 (bug #692130)
+	[wheezy] - vlc 2.0.3-4
+	[squeeze] - vlc <no-dsa> (Minor issue)
 CVE-2012-5469
 	RESERVED
 CVE-2012-5468
@@ -2455,7 +2457,7 @@
 CVE-2012-5130 (Skia, as used in Google Chrome before 23.0.1271.91, allows remote ...)
 	- chromium-browser <unfixed>
 CVE-2012-5129 (Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS ...)
-	- mesa <unfixed> (bug #695248)
+	- mesa 8.0.5-3 (bug #695248)
 	[squeeze] - mesa <not-affected> (Vulnerable code not present)
 CVE-2012-5128 (Google V8 before 3.13.7.5, as used in Google Chrome before ...)
 	- libv8 <unfixed> (bug #694808)
@@ -25069,8 +25071,10 @@
 	RESERVED
 	- linux-2.6 <not-affected> (Only affected the old Xen kernel patch from 2.6.18/2.6.26)
 CVE-2011-1779 (Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 ...)
-	- libarchive <unfixed> (bug #669197)
+	- libarchive 3.0.4-2 (bug #669197)
 	[squeeze] - libarchive <not-affected> (vulnerable code not present in 2.x series)
+	NOTE: http://code.google.com/p/libarchive/source/detail?r=0736e0890a8fce59e96d57340405c56f084407e7
+	NOTE: Might be fixed earlier than 3.0.4-2, but was tested against the Wheezy version
 CVE-2011-1778 (Buffer overflow in libarchive through 2.8.5 allows remote attackers to ...)
 	{DSA-2413-1}
 	- libarchive 2.8.5-5 (bug #651844)
@@ -29470,8 +29474,10 @@
 CVE-2010-4667 (Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery ...)
 	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2010-4666 (Buffer overflow in libarchive 3.0 pre-release code allows remote ...)
-	- libarchive <unfixed> (bug #669197)
+	- libarchive 3.0.4-2 (bug #669197)
 	[squeeze] - libarchive <not-affected> (no cab support prior to 3.0)
+	NOTE: http://code.google.com/p/libarchive/source/detail?r=488ef3fb28c416285ebe4c00266268db7330466b
+	NOTE: Might be fixed earlier than 3.0.4-2, but was tested against the Wheezy version
 CVE-2010-4665 (Integer overflow in the ReadDirectory function in tiffdump.c in ...)
 	{DSA-2552-1}
 	- tiff3 3.9.5

More information about the Secure-testing-commits mailing list