[Secure-testing-commits] r25494 - data/CVE

Raphael Geissert atomo64-guest at moszumanska.debian.org
Mon Feb 3 08:59:21 UTC 2014


Author: atomo64-guest
Date: 2014-02-03 08:59:21 +0000 (Mon, 03 Feb 2014)
New Revision: 25494

Modified:
   data/CVE/list
Log:
livemedia issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-02-03 08:19:10 UTC (rev 25493)
+++ data/CVE/list	2014-02-03 08:59:21 UTC (rev 25494)
@@ -3923,11 +3923,18 @@
 CVE-2013-6935 (Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows ...)
 	NOT-FOR-US: VideoCharge
 CVE-2013-6934 (The parseRTSPRequestString function in Live Networks Live555 Streaming ...)
-	- vlc <undetermined>
-	TODO: check
+	- liblivemedia <not-affected> (incomplete patch never applied)
+	- vlc <not-affected> (never built against liblivemedia with incomplete patch)
+	- mplayer <not-affected> (never built against liblivemedia with incomplete patch)
 CVE-2013-6933 (The parseRTSPRequestString function in Live Networks Live555 Streaming ...)
-	- vlc <undetermined>
-	TODO: check
+	- liblivemedia 2014.01.13-1
+	[squeeze] - liblivemedia <not-affected> (vuln. code introduced in 2011.08.13)
+	- vlc 2.1.2-2+b1
+	[squeeze] - vlc <not-affected> (not built against vuln. liblivemedia)
+	- mplayer <unfixed>
+	[squeeze] - mplayer <not-affected> (not built against vuln. liblivemedia)
+	NOTE: vlc fixed by the binnmu - recording it even if it's not a source pkg version
+	TODO: check other packages b-d'ing on liblivemedia-dev
 CVE-2013-6932 (Buffer overflow in IrfanView before 4.37, when a multibyte-character ...)
 	NOT-FOR-US: IrfanView
 CVE-2013-6931 (SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before ...)




More information about the Secure-testing-commits mailing list