[Secure-testing-commits] r25494 - data/CVE
Raphael Geissert
atomo64-guest at moszumanska.debian.org
Mon Feb 3 08:59:21 UTC 2014
Author: atomo64-guest
Date: 2014-02-03 08:59:21 +0000 (Mon, 03 Feb 2014)
New Revision: 25494
Modified:
data/CVE/list
Log:
livemedia issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-02-03 08:19:10 UTC (rev 25493)
+++ data/CVE/list 2014-02-03 08:59:21 UTC (rev 25494)
@@ -3923,11 +3923,18 @@
CVE-2013-6935 (Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows ...)
NOT-FOR-US: VideoCharge
CVE-2013-6934 (The parseRTSPRequestString function in Live Networks Live555 Streaming ...)
- - vlc <undetermined>
- TODO: check
+ - liblivemedia <not-affected> (incomplete patch never applied)
+ - vlc <not-affected> (never built against liblivemedia with incomplete patch)
+ - mplayer <not-affected> (never built against liblivemedia with incomplete patch)
CVE-2013-6933 (The parseRTSPRequestString function in Live Networks Live555 Streaming ...)
- - vlc <undetermined>
- TODO: check
+ - liblivemedia 2014.01.13-1
+ [squeeze] - liblivemedia <not-affected> (vuln. code introduced in 2011.08.13)
+ - vlc 2.1.2-2+b1
+ [squeeze] - vlc <not-affected> (not built against vuln. liblivemedia)
+ - mplayer <unfixed>
+ [squeeze] - mplayer <not-affected> (not built against vuln. liblivemedia)
+ NOTE: vlc fixed by the binnmu - recording it even if it's not a source pkg version
+ TODO: check other packages b-d'ing on liblivemedia-dev
CVE-2013-6932 (Buffer overflow in IrfanView before 4.37, when a multibyte-character ...)
NOT-FOR-US: IrfanView
CVE-2013-6931 (SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before ...)
More information about the Secure-testing-commits
mailing list