[Git][security-tracker-team/security-tracker][master] Documented a few fixed CVEs in vorbis-tools for Wheezy.

Petter Reinholdtsen (@pere) pere at debian.org
Wed Feb 1 08:24:46 GMT 2023 


Petter Reinholdtsen pushed to branch master at Debian Security Tracker / security-tracker


Commits:
93b93c5b by Petter Reinholdtsen at 2023-02-01T09:24:26+01:00
Documented a few fixed CVEs in vorbis-tools for Wheezy.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -440512,6 +440512,7 @@ CVE-2015-6749 (Buffer overflow in the aiff_open function in oggenc/audio.c in vo
 	{DLA-1010-1 DLA-317-1}
 	- vorbis-tools 1.4.0-7 (bug #797461)
 	[jessie] - vorbis-tools 1.4.0-6+deb8u1
+	[wheezy] - vorbis-tools 1.4.0-1+deb7u1 (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2015/08/29/1
 	NOTE: https://trac.xiph.org/ticket/2212
 CVE-2015-6741
@@ -456912,6 +456913,7 @@ CVE-2014-9638 (oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a d
 	{DLA-1010-1 DLA-317-1}
 	- vorbis-tools 1.4.0-7 (unimportant; bug #776086)
 	[jessie] - vorbis-tools 1.4.0-6+deb8u1
+	[wheezy] - vorbis-tools 1.4.0-1+deb7u1
 	- opus-tools 0.1.10-1 (unimportant; bug #780160)
 	NOTE: https://trac.xiph.org/ticket/2137
 	NOTE: Fixed by: https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e
@@ -456932,6 +456934,7 @@ CVE-2014-9640 (oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to
 	{DLA-1010-1 DLA-317-1}
 	- vorbis-tools 1.4.0-6 (bug #771363)
 	[squeeze] - vorbis-tools <no-dsa> (Minor issue)
+	[wheezy] - vorbis-tools 1.4.0-1+deb7u1
 	NOTE: https://trac.xiph.org/ticket/2009
 	NOTE: Upstream fix: https://trac.xiph.org/changeset/19117
 CVE-2014-9649 (Cross-site scripting (XSS) vulnerability in the management plugin in R ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93b93c5b6bb15ba3ab002b9c5d36c17807b5571d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93b93c5b6bb15ba3ab002b9c5d36c17807b5571d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230201/29487c2f/attachment.htm>

More information about the debian-security-tracker-commits mailing list