[Secure-testing-commits] r25495 - in data: . CVE
Raphael Geissert
atomo64-guest at moszumanska.debian.org
Mon Feb 3 10:52:59 UTC 2014
Author: atomo64-guest
Date: 2014-02-03 10:52:59 +0000 (Mon, 03 Feb 2014)
New Revision: 25495
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
mplayer2 also uses livemedia
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-02-03 08:59:21 UTC (rev 25494)
+++ data/CVE/list 2014-02-03 10:52:59 UTC (rev 25495)
@@ -3926,6 +3926,7 @@
- liblivemedia <not-affected> (incomplete patch never applied)
- vlc <not-affected> (never built against liblivemedia with incomplete patch)
- mplayer <not-affected> (never built against liblivemedia with incomplete patch)
+ - mplayer2 <not-affected> (never built against liblivemedia with incomplete patch)
CVE-2013-6933 (The parseRTSPRequestString function in Live Networks Live555 Streaming ...)
- liblivemedia 2014.01.13-1
[squeeze] - liblivemedia <not-affected> (vuln. code introduced in 2011.08.13)
@@ -3933,8 +3934,9 @@
[squeeze] - vlc <not-affected> (not built against vuln. liblivemedia)
- mplayer <unfixed>
[squeeze] - mplayer <not-affected> (not built against vuln. liblivemedia)
+ - mplayer2 <unfixed>
NOTE: vlc fixed by the binnmu - recording it even if it's not a source pkg version
- TODO: check other packages b-d'ing on liblivemedia-dev
+ TODO: request binnmus
CVE-2013-6932 (Buffer overflow in IrfanView before 4.37, when a multibyte-character ...)
NOT-FOR-US: IrfanView
CVE-2013-6931 (SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before ...)
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2014-02-03 08:59:21 UTC (rev 25494)
+++ data/dsa-needed.txt 2014-02-03 10:52:59 UTC (rev 25495)
@@ -33,6 +33,8 @@
--
ffmpeg/oldstable (geissert)
--
+liblivemedia/stable
+--
libmarc-xml-perl (carnil)
--
libplrpc-perl
More information about the Secure-testing-commits
mailing list