joeyh at alioth.debian.org
2008-Apr-10 09:14 UTC
[Secure-testing-commits] r8505 - data/CVE
Author: joeyh
Date: 2008-04-10 09:14:27 +0000 (Thu, 10 Apr 2008)
New Revision: 8505
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-04-09 21:37:13 UTC (rev 8504)
+++ data/CVE/list 2008-04-10 09:14:27 UTC (rev 8505)
@@ -141,6 +141,7 @@
CVE-2008-1638 (Nik Sharpener Pro, possibly 2.0, uses world-writable permissions
for ...)
NOT-FOR-US: Nik Sharpener Pro
CVE-2008-1637 (PowerDNS Recursor before 3.1.5 uses insufficient randomness to
...)
+ {DSA-1544-1}
- pdns-recursor 3.1.5-1
CVE-2008-1636 (Cross-site scripting (XSS) vulnerability in index.php in JV2
Quick ...)
NOT-FOR-US: JV2 Quick Gallery
@@ -470,7 +471,7 @@
CVE-2008-1490 (Buffer overflow in a certain Aurigma ActiveX control in ...)
NOT-FOR-US: ImageUploader4
CVE-2008-1489 (Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c
for VLC ...)
- {DTSA-119-1}
+ {DSA-1543-1 DTSA-119-1}
- vlc 0.8.6.e-1.1 (medium; bug #472635)
CVE-2008-1488 (Stack-based buffer overflow in apc.c in Alternative PHP Cache
(APC) ...)
- php5-apc <itp> (bug #335404)
@@ -1661,7 +1662,7 @@
- mysql-dfsg-4.1 <removed>
- mysql-dfsg-5.0 5.0.32-1
CVE-2008-0984 (The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier,
as ...)
- {DTSA-116-1}
+ {DSA-1543-1 DTSA-116-1}
- vlc 0.8.6.e-1 (medium; bug #467652)
CVE-2008-6426
REJECTED
@@ -3213,10 +3214,10 @@
CVE-2008-0297 (PhotoKorn allows remote attackers to obtain database credentials
via a ...)
NOT-FOR-US: PhotoKorn
CVE-2008-0296 (Heap-based buffer overflow in the libaccess_realrtsp plugin in
...)
- {DTSA-111-1}
+ {DSA-1543-1 DTSA-111-1}
- vlc 0.8.6.c-6 (bug #461544; medium)
CVE-2008-0295 (Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c
in ...)
- {DTSA-111-1}
+ {DSA-1543-1 DTSA-111-1}
- vlc 0.8.6.c-6 (bug #461544; medium)
NOTE: this does not affect xine-lib itself, its just vlc that ships a really
old version of it
CVE-2008-0294 (Unspecified vulnerability in the seat-locking implementation in
...)
@@ -3787,7 +3788,7 @@
CVE-2008-0074 (Unspecified vulnerability in Microsoft Internet Information
Services ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0073 (Array index error in the sdpplin_parse function in ...)
- {DSA-1536-1 DTSA-119-1 DTSA-121-1}
+ {DSA-1543-1 DSA-1536-1 DTSA-119-1 DTSA-121-1}
- xine-lib 1.1.11-1 (medium)
- vlc 0.8.6.e-2 (medium; bug #473057)
NOTE: http://bugs.xine-project.org/show_bug.cgi?id=58
@@ -4113,14 +4114,17 @@
{DSA-1467-1}
- mantis 1.0.8-4 (low; bug #458377)
CVE-2007-6683 (The browser plugin in VideoLAN VLC 0.8.6d allows remote
attackers to ...)
+ {DSA-1543-1}
- vlc 0.8.6.c-4.1 (medium; bug #458318)
[lenny] - vlc 0.8.6.c-4.1~lenny1
NOTE: see https://trac.videolan.org/vlc/ticket/1371
CVE-2007-6682 (Format string vulnerability in the httpd_FileCallBack function
...)
+ {DSA-1543-1}
- vlc 0.8.6.c-4.1 (medium; bug #458318)
[lenny] - vlc 0.8.6.c-4.1~lenny1
NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
CVE-2007-6681 (Stack-based buffer overflow in modules/demux/subtitle.c in
VideoLAN ...)
+ {DSA-1543-1}
- vlc 0.8.6.c-4.1 (low; bug #458318)
[lenny] - vlc 0.8.6.c-4.1~lenny1
NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
@@ -7406,7 +7410,7 @@
CVE-2007-5504 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+
and ...)
NOT-FOR-US: Oracle
CVE-2007-5503 (Multiple integer overflows in Cairo before 1.4.12 might allow
remote ...)
- {DTSA-96-1}
+ {DSA-1542-1 DTSA-96-1}
- libcairo 1.4.10-1.1 (medium; bug #453686)
CVE-2007-5502 (The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1
does ...)
NOT-FOR-US: OpenSSL Fips object module