jmm-guest at alioth.debian.org
2008-Jan-22 00:13 UTC
[Secure-testing-commits] r8009 - in data: . CVE
Author: jmm-guest Date: 2008-01-22 00:13:33 +0000 (Tue, 22 Jan 2008) New Revision: 8009 Modified: data/CVE/list data/spu-candidates.txt Log: turned out that etch and sarge don''t ship the affected tool in the libcdio binary packages Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-01-21 23:55:14 UTC (rev 8008) +++ data/CVE/list 2008-01-22 00:13:33 UTC (rev 8009) @@ -865,8 +865,8 @@ NOT-FOR-US: Agares Media phpAutoVideo CVE-2007-6613 (Stack-based buffer overflow in the print_iso9660_recurse function in ...) - libcdio 0.78.2+dfsg1-2 (low; bug #459129) - [sarge] - libcdio <no-dsa> (Minor issue) - [etch] - libcdio <no-dsa> (Minor issue) + [sarge] - libcdio <not-affected> (Packages prior to 0.78.2 didn''t build the tools into binary package) + [etch] - libcdio <not-affected> (Packages prior to 0.78.2 didn''t build the tools into binary package) NOTE: applications that use libcdio are not vulnerable, problem only lies in the info tool CVE-2007-6610 (unp 1.0.12, and other versions before 1.0.14, does not properly escape ...) - unp 1.0.13 (bug #448437) Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2008-01-21 23:55:14 UTC (rev 8008) +++ data/spu-candidates.txt 2008-01-22 00:13:33 UTC (rev 8009) @@ -39,18 +39,6 @@ -- -libcdio (CVE-2007-6613) -https://bugs.gentoo.org/show_bug.cgi?id=203777 -http://savannah.gnu.org/bugs/?21910 -http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.html -http://cvs.savannah.gnu.org/viewvc/libcdio/src/iso-info.c?root=libcdio&r1=1.35&r2=1.36 -http://cvs.savannah.gnu.org/viewvc/libcdio/src/cd-info.c?root=libcdio&r1=1.149&r2=1.150 -http://cvs.savannah.gnu.org/viewvc/libcdio/src/iso-info.c?root=libcdio&r1=1.36&r2=1.37 -http://cvs.savannah.gnu.org/viewvc/libcdio/src/cd-info.c?root=libcdio&r1=1.150&r2=1.151 -notified maintainer - --- - libpam-ssh (CVE-2007-0844) #410236 notified maintainer