Secure testing commits - Jan 2012 - r18018 - data/CVE

Author: gilbert-guest
Date: 2012-01-04 00:42:56 +0000 (Wed, 04 Jan 2012)
New Revision: 18018

Modified:
   data/CVE/list
Log:
libav/ffmpeg are affected by chromium issues

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-01-03 22:15:27 UTC (rev 18017)
+++ data/CVE/list	2012-01-04 00:42:56 UTC (rev 18018)
@@ -1,3 +1,5 @@
+CVE-2012-XXXX [inkscape files unexpectedly read from /tmp]
+	- inkscape <unfixed> (low; bug #654341)
 CVE-2012-0286
 	RESERVED
 CVE-2012-0285
@@ -3838,9 +3840,8 @@
 CVE-2011-3895 (Heap-based buffer overflow in the Vorbis decoder in Google
Chrome ...)
 	- chromium-browser 15.0.874.121~r109964-1
 	- webkit <not-affected> (Chrome issue)
-	- ffmpeg <undetermined>
-	- libav <unfixed>
-	TODO: file buf for ffmpeg/libav :
http://src.chromium.org/viewvc/chrome?view=rev&revision=107826
+	- ffmpeg <removed>
+	- libav <unfixed> (bug #654534)
 CVE-2011-3894 (Google Chrome before 15.0.874.120 does not properly perform VP8
...)
 	- chromium-browser 15.0.874.121~r109964-1
 	- webkit <not-affected> (Chrome issue)
@@ -3848,9 +3849,9 @@
 CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement
the MKV ...)
 	- chromium-browser 15.0.874.121~r109964-1
 	- webkit <not-affected> (Chrome issue)
-	- libav <unfixed>
+	- libav <unfixed> (bug #654534)
+        - ffmpeg <removed>
 	[squeeze] - chromium-browser <not-affected>
-	TODO: might affect libtheora or libav
 	NOTE: this is due to http://llvm.org/bugs/show_bug.cgi?id=7554 
 	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106599
 	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106621
@@ -3858,9 +3859,9 @@
 	- chromium-browser 15.0.874.121~r109964-1
 	- webkit <not-affected> (Chrome issue)
 	[squeeze] - chromium-browser <not-affected>
-	- libav <unfixed>
+	- libav <unfixed> (bug #654534)
+        - ffmpeg <removed>
 	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=107489
-	TODO: might affect libtheora or libav
 CVE-2011-3891 (Google Chrome before 15.0.874.102 does not properly restrict
access to ...)
 	- chromium-browser 15.0.874.106~r107270-1
 	- webkit <not-affected> (Chrome issue)
@@ -6588,6 +6589,7 @@
 	- rails 2.3.14    
 CVE-2011-2929 (The template selection functionality in ...)
 	- rails <not-affected> (Only affects RoR 3.0 and above)
+	TODO: recheck when rails > 3.0 gets uploaded
 CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux
...)
 	{DSA-2310-1 DSA-2303-1}
 	- linux-2.6 3.0.0-2