Author: jmm-guest Date: 2007-04-03 21:47:23 +0000 (Tue, 03 Apr 2007) New Revision: 5617 Modified: data/CVE/list data/mopb.txt Log: update on MOPB issue xine-lib no-dsa Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-04-03 21:41:32 UTC (rev 5616) +++ data/CVE/list 2007-04-03 21:47:23 UTC (rev 5617) @@ -1028,8 +1028,10 @@ CVE-2007-1388 (The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux ...) - linux-2.6 2.6.18.dfsg.1-12 CVE-2007-1387 (The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer ...) - - mplayer 1.0~rc1-13 (bug #414075; medium) - - xine-lib 1.1.2+dfsg-3 (bug #414072; medium) + - mplayer 1.0~rc1-13 (bug #414075; low) + - xine-lib 1.1.2+dfsg-3 (bug #414072; low) + [etch] - mplayer 1.0~rc1-12etch + [sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons) CVE-2007-1386 RESERVED CVE-2007-1385 (chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to ...) @@ -1449,6 +1451,7 @@ - mplayer 1.0~rc1-13 (bug #414075; medium) - xine-lib 1.1.2+dfsg-3 (bug #414072; medium) [etch] - mplayer 1.0~rc1-12etch + [sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons) NOTE: vlc checked, and is not affected. CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of service ...) NOT-FOR-US: IrfanView Modified: data/mopb.txt ==================================================================--- data/mopb.txt 2007-04-03 21:41:32 UTC (rev 5616) +++ data/mopb.txt 2007-04-03 21:47:23 UTC (rev 5617) @@ -17,7 +17,8 @@ TODO 38 PHP printf() Family 64 Bit Casting Vulnerabilities -TODO +TODO, this smells like it can only be triggerable through malicious script, but please +double-check someone 37 PHP iptcembed() Interruption Information Leak Vulnerability N/A Only triggerable by malicious script