[Secure-testing-commits] r31690 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Jan 26 12:08:03 UTC 2015
Author: jmm
Date: 2015-01-26 12:08:03 +0000 (Mon, 26 Jan 2015)
New Revision: 31690
Modified:
data/CVE/list
Log:
vorbis-tools no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-26 11:53:32 UTC (rev 31689)
+++ data/CVE/list 2015-01-26 12:08:03 UTC (rev 31690)
@@ -301,15 +301,21 @@
- xymon <unfixed> (bug #776007)
TODO: check
CVE-2014-9638 [Oggenc division by zero issue]
- - vorbis-tools <unfixed> (bug #776086)
- - opus-tools <unfixed>
+ - vorbis-tools <unfixed> (unimportant; bug #776086)
+ - opus-tools <unfixed> (unimportant)
NOTE: https://trac.xiph.org/ticket/2137
+ NOTE: No security impact
CVE-2014-9639 [Oggenc channel integer overflow]
- - vorbis-tools <unfixed> (bug #776086)
+ - vorbis-tools <unfixed> (low; bug #776086)
+ [wheezy] - vorbis-tools <no-dsa> (Minor issue)
+ [squeeze] - vorbis-tools <no-dsa> (Minor issue)
- opus-tools <unfixed>
+ [wheezy] - opus-tools <no-dsa> (Minor issue)
NOTE: https://trac.xiph.org/ticket/2136
CVE-2014-9640 [segfault when trying to encode trivial raw input]
- vorbis-tools 1.4.0-6 (bug #771363)
+ [wheezy] - vorbis-tools <no-dsa> (Minor issue)
+ [squeeze] - vorbis-tools <no-dsa> (Minor issue)
NOTE: https://trac.xiph.org/ticket/2009
NOTE: Upstream fix: https://trac.xiph.org/changeset/19117
CVE-2014-XXXX [Bug 26437 - prevent /api/* from returning text/html error messages which could act as an XSS vector]
More information about the Secure-testing-commits
mailing list