[Secure-testing-commits] r27024 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2014-05-23 10:44:21 +0000 (Fri, 23 May 2014)
New Revision: 27024

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
vlc n/a
qemu fixed
I'll deal with some DSAs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-05-23 09:14:10 UTC (rev 27023)
+++ data/CVE/list	2014-05-23 10:44:21 UTC (rev 27024)
@@ -870,7 +870,7 @@
 CVE-2014-3442
 	RESERVED
 CVE-2014-3441 (codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows ...)
-	- vlc <undetermined>
+	- vlc <not-affected> (VLC in Debian uses the system version of libpng which handles the malformed file correctly as invalid)
 	NOTE: http://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html
 CVE-2014-3440
 	RESERVED
@@ -9459,16 +9459,14 @@
 	RESERVED
 CVE-2014-0223 [qcow1: Validate image size]
 	RESERVED
-	- qemu <unfixed>
+	- qemu 2.0.0+dfsg-6
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html
-	TODO: check
 CVE-2014-0222 [qcow1: Validate L2 table size]
 	RESERVED
-	- qemu <unfixed>
+	- qemu 2.0.0+dfsg-6
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
-	TODO: check
 CVE-2014-0221
 	RESERVED
 CVE-2014-0220

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2014-05-23 09:14:10 UTC (rev 27023)
+++ data/dsa-needed.txt	2014-05-23 10:44:21 UTC (rev 27024)
@@ -41,15 +41,15 @@
 --
 libxstream-java
 --
-lxml
+lxml (jmm)
 --
 mantis
 --
-mupdf
+mupdf (jmm)
 --
 modsecurity-apache/stable
 --
-mod-wsgi
+mod-wsgi (jmm)
 --
 moodle/oldstable
 --
@@ -63,9 +63,9 @@
 --
 python2.6
 --
-python-gnupg
+python-gnupg (jmm)
 --
-qemu-kvm
+qemu-kvm (jmm)
 --
 qt4-x11/oldstable
 --