Author: white Date: 2009-04-20 10:05:38 +0000 (Mon, 20 Apr 2009) New Revision: 11665 Modified: data/CVE/list Log: mpg123 issue CVEified Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-04-20 09:29:38 UTC (rev 11664) +++ data/CVE/list 2009-04-20 10:05:38 UTC (rev 11665) @@ -66,7 +66,10 @@ CVE-2009-1302 RESERVED CVE-2009-1301 (Integer signedness error in the store_id3_text function in the ID3v2 ...) - TODO: check + - mpg123 1.7.2-1 (low) + NOTE: http://secunia.com/advisories/34587/3/ + NOTE: unlike secunia states I can''t see that this allows code execution but is just an invalid read + NOTE: crashing the application CVE-2009-1300 (apt 0.7.20 does not check when the date command returns an "invalid ...) - apt 0.7.21 (bug #523213) CVE-2008-6726 (Multiple directory traversal vulnerabilities in CMScout 2.06, when ...) @@ -197,11 +200,6 @@ NOT-FOR-US: Apartment Search Script CVE-2008-6683 (Cross-site scripting (XSS) vulnerability in listtest.php in Apartment ...) NOT-FOR-US: Apartment Search Script -CVE-2009-XXXX [mpg123 possible invalid read] - - mpg123 1.7.2-1 (low) - NOTE: http://secunia.com/advisories/34587/3/ - NOTE: unlike secunia states I can''t see that this allows code execution but is just an invalid read - NOTE: crashing the application CVE-2009-1284 (Buffer overflow in BibTeX 0.99 allows context-dependent attackers to ...) - texlive-bin <unfixed> (bug #520920) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=492136