Author: gilbert-guest
Date: 2009-12-07 03:10:14 +0000 (Mon, 07 Dec 2009)
New Revision: 13473
Modified:
data/CVE/list
Log:
vlc issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-12-07 02:24:47 UTC (rev 13472)
+++ data/CVE/list 2009-12-07 03:10:14 UTC (rev 13473)
@@ -15311,8 +15311,9 @@
- mediawiki1.7 <removed>
[etch] - mediawiki <not-affected> (metapackage)
CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the
Real ...)
- - vlc <not-affected> (vulnerable code not present)
- NOTE: affected versions are >= 0.9.x (experimental)
+ - vlc 0.9.8a-1 (low)
+ [etch] - vlc <not-affected> (vulnerable code not present)
+ [lenny] - vlc <not-affected> (vulnerable code not present)
CVE-2008-XXXX [multiple vulnerabilities in phpcas]
- libphp-cas <itp> (bug #495542)
- moodle <unfixed>
@@ -16060,8 +16061,9 @@
{DSA-1819-1 DTSA-176-1}
- vlc 0.8.6.h-5 (medium; bug #504639)
CVE-2008-5036 (Stack-based buffer overflow in VideoLAN VLC media player 0.9.x
before ...)
- - vlc <not-affected> (Vulnerable code not present in 0.8.x)
- TODO: recheck if 0.9 gets uploaded to unstable
+ - vlc 1.0.3-1 (low)
+ [etch] - vlc <not-affected> (Vulnerable code not present in 0.8.x)
+ [lenny] - vlc <not-affected> (Vulnerable code not present in 0.8.x)
CVE-2008-4931 (Cross-site scripting (XSS) vulnerability in the account module
in ...)
NOT-FOR-US: firmCHANNEL Digital Signage
CVE-2008-4930 (MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an
uploaded ...)
@@ -16878,9 +16880,9 @@
- mplayer <unfixed> (low; bug #407010)
NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
CVE-2008-4654 (Stack-based buffer overflow in the parse_master function in the
Ty ...)
- - vlc <not-affected> (bug #502726)
- NOTE: code in 0.8.6.i-2 does not have this flaw, experimental version (0.9.4
is vulnerable)
- TODO: check if >= 0.9.4 is uploaded to unstable
+ - vlc 1.0.3-1 (low; bug #502726)
+ [etch] - vlc <not-affected> (introduced in 0.9.0)
+ [lenny] - vlc <not-affected> (introduced in 0.9.0)
CVE-2008-4686 (Multiple integer overflows in ty.c in the TY demux plugin (aka
the ...)
{DSA-1819-1 DTSA-175-1}
- vlc 0.8.6.h-4.1 (medium; bug #503118)
@@ -17000,9 +17002,9 @@
CVE-2008-4546 (Adobe Flash Player 9.0.45.0, 9.0.112.0, 9.0.124.0, and
10.0.12.10 ...)
NOT-FOR-US: Flash plugin
CVE-2008-4558 (Array index error in VLC media player 0.9.2 allows remote
attackers to ...)
- - vlc <not-affected> (medium; bug #502314)
- NOTE: claimed fix since 0.9.3, and i have verified that 1.0.3 (currently in
- NOTE: unstable) has the patch applied
+ - vlc 0.9.3-1 (medium; bug #502314)
+ [etch] - vlc <not-affected> (introduced in 0.9.0)
+ [lenny] - vlc <not-affected> (introduced in 0.9.0)
CVE-2008-4545 (Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and
7.x ...)
NOT-FOR-US: Cisco
CVE-2008-4544 (Unspecified vulnerability in an unspecified Microsoft API, as
used by ...)