[Secure-testing-commits] r31576 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Jan 21 15:21:48 UTC 2015
Author: carnil
Date: 2015-01-21 15:21:48 +0000 (Wed, 21 Jan 2015)
New Revision: 31576
Modified:
data/CVE/list
Log:
Add three new vorbis-tools issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-21 15:17:17 UTC (rev 31575)
+++ data/CVE/list 2015-01-21 15:21:48 UTC (rev 31576)
@@ -1,3 +1,16 @@
+CVE-2015-XXXX [Oggenc division by zero issue]
+ - vorbis-tools <unfixed>
+ NOTE: https://trac.xiph.org/ticket/2137
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/21/5
+CVE-2015-XXXX [Oggenc channel integer overflow]
+ - vorbis-tools <unfixed>
+ NOTE: https://trac.xiph.org/ticket/2136
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/21/5
+CVE-2014-XXXX [segfault when trying to encode trivial raw input]
+ - vorbis-tools <unfixed>
+ NOTE: https://trac.xiph.org/ticket/2009
+ NOTE: Upstream fix: https://trac.xiph.org/changeset/19117
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/21/6
CVE-2015-XXXX [(another) directory traversal via symlinks -- incomplete fix for CVE-2015-1196]
- patch <unfixed> (bug #775901)
[wheezy] - patch <not-affected> (Not affected by CVE-2015-1196 and no incomplete fix applied)
More information about the Secure-testing-commits
mailing list