white at alioth.debian.org
2008-Nov-08 09:09 UTC
[Secure-testing-commits] r10342 - data/CVE
Author: white Date: 2008-11-08 09:09:46 +0000 (Sat, 08 Nov 2008) New Revision: 10342 Modified: data/CVE/list Log: kino uses ffmpeg in lenny; doesn''t ship ffmpeg in etch Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-08 08:58:09 UTC (rev 10341) +++ data/CVE/list 2008-11-08 09:09:46 UTC (rev 10342) @@ -183,23 +183,31 @@ NOTE: changing this should ensure on its own that the mode is secure CVE-2008-4869 (FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers ...) - ffmpeg-debian <unfixed> (bug #504977) + - kino 1.0.0-1 + [etch] - kino <not-affected> (Does not ship ffmpeg) TODO: check other code copies CVE-2008-4868 (Unspecified vulnerability in the avcodec_close function in ...) - ffmpeg-debian <not-affected> (Vulnerable code not present) [etch] - ffmpeg <not-affected> (Vulnerable code not present) - mplayer 1.0~rc2-14 [etch] - mplayer <not-affected> (Vulnerable code not present) + - kino 1.0.0-1 + [etch] - kino <not-affected> (Does not ship ffmpeg) TODO: check other code copies CVE-2008-4867 (Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as ...) - ffmpeg-debian 0.svn20080206-14 (bug #504977) + [etch] - ffmpeg <not-affected> (Vulnerable code not present) - mplayer 1.0~rc2-14 - [etch] - ffmpeg <not-affected> (Vulnerable code not present) [etch] - mplayer <not-affected> (Vulnerable code not present) + - kino 1.0.0-1 + [etch] - kino <not-affected> (Does not ship ffmpeg) TODO: check other code copies CVE-2008-4866 (Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 ...) - ffmpeg-debian 0.svn20080206-14 (bug #504977) + [etch] - ffmpeg <not-affected> (Vulnerable code not present) - mplayer 1.0~rc2-14 - [etch] - ffmpeg <not-affected> (Vulnerable code not present) + - kino 1.0.0-1 + [etch] - kino <not-affected> (Does not ship ffmpeg) TODO: check other code copies CVE-2008-4865 (Untrusted search path vulnerability in valgrind allows local users to ...) TODO: check