[Secure-testing-commits] r22792 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Fri Jun 28 15:02:44 UTC 2013
Author: jmm
Date: 2013-06-28 15:02:44 +0000 (Fri, 28 Jun 2013)
New Revision: 22792
Modified:
data/CVE/list
Log:
two ffmpeg issues don't affect libav, these affect ffmpeg-specific changes post-fork
one ffmpeg issue confirmed in libav
clarify some ffmpeg issues where the codec isn't present in squeeze
libarchive not-affected in squeeze
no-dsa for squeeze: piwigo, serendipity, wireshark, udisks, dpm
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-06-28 13:22:10 UTC (rev 22791)
+++ data/CVE/list 2013-06-28 15:02:44 UTC (rev 22792)
@@ -1294,6 +1294,7 @@
CVE-2013-4083 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the ...)
{DSA-2709-1}
- wireshark 1.10.0-1 (bug #711918)
+ [squeeze] - wireshark <no-dsa> (Minor issue, can be fixed along with future Wireshark DSAs fo Squeeze)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8717
CVE-2013-4082 (The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file ...)
{DSA-2709-1}
@@ -5600,7 +5601,6 @@
CVE-2013-2211 [libxl allows guest write access to sensitive console related xenstore keys]
RESERVED
- xen <unfixed>
- TODO: check
CVE-2013-2210 [heap overflow during XPointer evaluation]
RESERVED
{DSA-2717-1}
@@ -8094,9 +8094,11 @@
NOT-FOR-US: Geeklog
CVE-2013-1469 (Directory traversal vulnerability in install.php in Piwigo before ...)
- piwigo <removed>
+ [squeeze] - piwigo <no-dsa> (Minor issue)
NOTE: https://www.htbridge.com/advisory/HTB23144
CVE-2013-1468 (Cross-site request forgery (CSRF) vulnerability in the LocalFiles ...)
- piwigo <removed>
+ [squeeze] - piwigo <no-dsa> (Minor issue)
NOTE: https://www.htbridge.com/advisory/HTB23144
CVE-2013-1467
RESERVED
@@ -9423,9 +9425,8 @@
[squeeze] - chromium-browser <end-of-life>
CVE-2013-0878 [libavcodec/targa.c out of array accesses]
RESERVED
- - ffmpeg <removed>
- - libav <unfixed>
- TODO: check
+ - ffmpeg <not-affected> (Affected code not present in 0.5 ffmpeg)
+ - libav <not-affected> (Affected code not present in libav)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=796012af6c780b5b13ebca39a491f215515a18fe
CVE-2013-0877 [libavcodec/sanm.c out of array accesses]
RESERVED
@@ -9439,9 +9440,8 @@
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5260edee7e5bd975837696c8c8c1a80eb2fbd7c1
CVE-2013-0875 [libavcodec/pngdec.c dont access out array elements]
RESERVED
- - ffmpeg <removed>
- - libav <unfixed>
- TODO: check
+ - ffmpeg <not-affected> (Affected code not present in 0.5 ffmpeg)
+ - libav <not-affected> (Affected code not present in libav)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1ac0fa50eff30d413206cffa5f47f7fe6d4849b1
CVE-2013-0874 [libavcodec/tiff.c out of array accesses]
RESERVED
@@ -9455,7 +9455,7 @@
RESERVED
- ffmpeg <removed>
- libav <unfixed>
- TODO: check
+ NOTE: Commit in libav: http://git.libav.org/?p=libav.git;a=commit;h=c10da30d8426a1f681d99a780b6e311f7fb4e5c5
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25
CVE-2013-0872 [libswresample/swresample.c out of array accesses]
RESERVED
@@ -9578,15 +9578,13 @@
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a
CVE-2013-0852 [libavcodec/pgssubdec.c out of array accesses]
RESERVED
- - ffmpeg <removed>
- [squeeze] - ffmpeg <not-affected> (codec not built)
+ - ffmpeg <not-affected> (PGS subtitle decoder not present)
- libav <unfixed>
- TODO: check
+ NOTE: That change seems needed in libav
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061
CVE-2013-0851 [libavcodec/eamad.c out of array accesses]
RESERVED
- - ffmpeg <removed>
- [squeeze] - ffmpeg <not-affected> (codec not built)
+ - ffmpeg <not-affected> (Electronic Arts Madcow Video decoder not present in ffmpeg 0.5)
- libav <unfixed>
TODO: check
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d
@@ -11715,6 +11713,7 @@
CVE-2013-0211
RESERVED
- libarchive 3.0.4-3 (bug #703957)
+ [squeeze] - libarchive <not-affected> (Vulnerable code not present)
CVE-2013-0210
RESERVED
CVE-2013-0209 (lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x ...)
@@ -19702,6 +19701,7 @@
RESERVED
CVE-2012-3549 (The SCTP implementation in FreeBSD 8.2 allows remote attackers to ...)
- kfreebsd-8 8.3-5 (bug #686961)
+ [squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
- kfreebsd-9 9.0-7 (bug #686962)
- kfreebsd-10 10.0~svn242489-1 (bug #686963)
NOTE: http://www.exploit-db.com/exploits/20226/
@@ -22933,7 +22933,8 @@
NOTE: http://seclists.org/oss-sec/2012/q2/299
NOTE: http://www.openssl.org/news/secadv_20120510.txt
CVE-2012-2332 (SQL injection vulnerability in serendipity/serendipity_admin.php in ...)
- - serendipity <removed> (bug #671937; medium)
+ - serendipity <removed> (bug #671937; low)
+ [squeeze] - serendipity <no-dsa> (Minor issue)
NOTE: http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt
NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html
NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276
@@ -23257,8 +23258,10 @@
NOT-FOR-US: Sony Bravia
CVE-2012-2209 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...)
- piwigo <removed> (bug #685364)
+ [squeeze] - piwigo <no-dsa> (Minor issue)
CVE-2012-2208 (Directory traversal vulnerability in upgrade.php in Piwigo before ...)
- piwigo <removed> (bug #685364)
+ [squeeze] - piwigo <no-dsa> (Minor issue)
CVE-2012-2207
RESERVED
CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer Edition ...)
@@ -28369,6 +28372,7 @@
- lcgdm 1.8.6-1 (low; bug #702895)
[wheezy] - lcgdm <no-dsa> (Minor issue)
- dpm <removed>
+ [squeeze] - dpm <no-dsa> (Minor issue)
CVE-2011-4969 (Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when ...)
- jquery 1.6.4-1 (bug #699482)
NOTE: http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/
@@ -31508,6 +31512,7 @@
CVE-2011-4090 [serendipity before 1.6 backend XSS in karma plugin]
RESERVED
- serendipity <removed> (bug #650937)
+ [squeeze] - serendipity <no-dsa> (Minor issue)
NOTE: http://seclists.org/oss-sec/2011/q4/192
CVE-2011-4089
RESERVED
@@ -40881,6 +40886,7 @@
RESERVED
- serendipity <removed> (bug #611661)
[lenny] - serendipity <not-affected> (Xinha not yet included)
+ [squeeze] - serendipity <no-dsa> (Minor issue)
- openacs <not-affected> (PHP bindings not used)
- dotlrn <not-affected> (PHP bindings not used)
NOTE: http://secunia.com/advisories/40669/
@@ -40888,6 +40894,7 @@
RESERVED
- serendipity <removed> (bug #611661)
[lenny] - serendipity <not-affected> (Xinha not yet included)
+ [squeeze] - serendipity <no-dsa> (Minor issue)
- openacs <not-affected> (PHP bindings not used)
- dotlrn <not-affected> (PHP bindings not used)
NOTE: http://secunia.com/advisories/40669/
@@ -40895,6 +40902,7 @@
RESERVED
- serendipity <removed> (bug #611661)
[lenny] - serendipity <not-affected> (Xinha not yet included)
+ [squeeze] - serendipity <no-dsa> (Minor issue)
- openacs <not-affected> (PHP bindings not used)
- dotlrn <not-affected> (PHP bindings not used)
NOTE: http://secunia.com/advisories/40669/
@@ -42877,6 +42885,7 @@
CVE-2010-4661 [arbitrary kernel module loading]
RESERVED
- udisks 1.0.3-1
+ [squeeze] - udisks <no-dsa> (Minor issue)
NOTE: upstream bug https://bugs.freedesktop.org/show_bug.cgi?id=32232
NOTE: fixed by http://cgit.freedesktop.org/udisks/commit/?id=c933a929f07421ec747cebb24d5e620fc2b97037
CVE-2010-4660
More information about the Secure-testing-commits
mailing list