Author: gilbert-guest Date: 2011-02-01 03:59:48 +0000 (Tue, 01 Feb 2011) New Revision: 16022 Modified: data/CVE/list Log: current ffmpeg not affected; poppler is vulnerable to new issues; xpdf uses poppler Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-01-31 23:11:23 UTC (rev 16021) +++ data/CVE/list 2011-02-01 03:59:48 UTC (rev 16022) @@ -470,8 +470,9 @@ - chromium-browser <not-affected> (Chrome PDF plugin) - webkit <not-affected> (Chrome PDF plugin) CVE-2011-0480 (Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in ...) - - ffmpeg <unfixed> (bug #610550) - - ffmpeg-debian <removed> + - ffmpeg <not-affected> (webm not yet supported; bug #610550) + - ffmpeg-debian <not-affected> (webm not supported yet) + TODO: recheck newer versions (see bug) CVE-2011-0479 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...) - chromium-browser 9.0.597.45~r70550-1 [squeeze] - chromium-browser <not-affected> @@ -1032,17 +1033,15 @@ CVE-2010-4654 RESERVED - kdegraphics 4.0 - - xpdf <unfixed> - - poppler <undetermined> + - xpdf 3.02-9 + - poppler <unfixed> NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=8284008aa8230a92ba08d547864353d3290e9bf9 - TODO: check CVE-2010-4653 RESERVED - kdegraphics 4.0 - - xpdf <unfixed> + - xpdf 3.02-9 - poppler <unfixed> NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=cad66a7d25abdb6aa15f3aa94a35737b119b2659 - TODO: check CVE-2010-4652 [buffer overflow when preparing SQL queries] RESERVED - proftpd-dfsg 1.3.3a-6