Author: mgilbert
Date: 2012-04-18 03:26:02 +0000 (Wed, 18 Apr 2012)
New Revision: 18991
Modified:
data/CVE/list
Log:
a bunch of libvorbisidec issues and a libvorbis nmu
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-04-18 01:58:21 UTC (rev 18990)
+++ data/CVE/list 2012-04-18 03:26:02 UTC (rev 18991)
@@ -4325,8 +4325,8 @@
- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2012-0444 (Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird
before ...)
{DSA-2412-1 DSA-2406-1 DSA-2402-1 DSA-2400-1}
- - libvorbisidec <unfixed>
- - libvorbis <unfixed>
+ - libvorbisidec <unfixed> (bug #669196)
+ - libvorbis 1.3.2-1.2 (bug #664197)
- icedove <unfixed>
[lenny] - icedove <not-affected> (Vulnerable code not present)
- xulrunner <not-affected> (Vulnerable code not present)
@@ -37433,6 +37433,7 @@
[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no
longer covered by security support)
CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in
Mozilla ...)
{DSA-1939-1}
+ - libvorbisidec <unfixed> (bug #669196)
- libvorbis 1.2.3-1 (medium)
- xulrunner 1.9.1.4-1
[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
@@ -40173,6 +40174,7 @@
[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no
longer covered by security support)
CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox 3.5.x before
3.5.2 ...)
{DSA-1939-1}
+ - libvorbisidec <unfixed> (bug #669196)
- libvorbis 1.2.0.dfsg-6 (medium; bug #540958)
- xulrunner 1.9.1.2-1 (medium; bug #540961)
[etch] - xulrunner <not-affected> (vulnerability introduced in 1.9.1.0)
@@ -58827,6 +58829,7 @@
CVE-2008-2010 (Unspecified vulnerability in Apple QuickTime Player on Windows
XP SP2 ...)
NOT-FOR-US: Windows
CVE-2008-2009 (Xiph.org libvorbis before 1.0 does not properly check for ...)
+ - libvorbisidec <unfixed> (bug #669196)
- libvorbis 1.2.0.dfsg-4 (bug #482039)
[etch] - libvorbis <not-affected> (actual vulnerability fixed pre-1.0)
[lenny] - libvorbis <not-affected> (actual vulnerability fixed pre-1.0)
@@ -60231,6 +60234,7 @@
RESERVED
CVE-2008-1423 (Integer overflow in a certain quantvals and quantlist
calculation in ...)
{DSA-1591-1}
+ - libvorbisidec <unfixed> (bug #669196)
- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1422
RESERVED
@@ -60238,9 +60242,11 @@
RESERVED
CVE-2008-1420 (Integer overflow in residue partition value (aka partvals)
evaluation ...)
{DSA-1591-1}
+ - libvorbisidec <unfixed> (bug #669196)
- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1419 (Xiph.org libvorbis 1.2.0 and earlier does not properly handle a
zero ...)
{DSA-1591-1}
+ - libvorbisidec <unfixed> (bug #669196)
- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1418
RESERVED
@@ -70969,10 +70975,12 @@
NOT-FOR-US: Clever Internet ActiveX Suite
CVE-2007-4066 (Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0
allow ...)
{DSA-1471-1}
+ - libvorbisidec <unfixed> (bug #669196)
- libvorbis 1.2.0.dfsg-1
NOTE: svn revisionsions fixing this:
https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4065 (lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before
1.2.0 ...)
{DSA-1471-1}
+ - libvorbisidec <unfixed> (bug #669196)
- libvorbis 1.2.0.dfsg-1
NOTE: Just an infinite loop in an enduser multimedia libarary, not treated as
a vulnerability
NOTE: svn revisionions fixing this:
https://bugzilla.redhat.com/show_bug.cgi?id=249780
@@ -71065,6 +71073,7 @@
RESERVED
CVE-2007-4029 (libvorbis 1.1.2, and possibly other versions before 1.2.0,
allows ...)
{DSA-1471-1}
+ - libvorbisidec <unfixed> (bug #669196)
- libvorbis 1.2.0.dfsg-1 (medium; bug #437916)
NOTE: svn revisions fixing this
https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4028 (Absolute path traversal vulnerability in index.php in Webspell
4.01.02 ...)
@@ -73375,6 +73384,7 @@
NOTE: in Linus'' tree.
CVE-2007-3106 (lib/info.c in libvorbis 1.1.2, and possibly other versions
before ...)
{DSA-1471-1}
+ - libvorbisidec <unfixed> (bug #669196)
- libvorbis 1.2.0.dfsg-1 (medium)
CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG)
...)
{DSA-1504-1 DSA-1363-1}