thr3ads.net - Secure testing commits - [Secure-testing-commits] r10695

If this information is useful, please help other people find it:
Share via:

nion at alioth.debian.org

2008-Dec-14 16:29 UTC

[Secure-testing-commits] r10695 - data/CVE

Author: nion
Date: 2008-12-14 16:29:13 +0000 (Sun, 14 Dec 2008)
New Revision: 10695

Modified:
   data/CVE/list
Log:
CVE-2008-5247 unfixed but unimportant (xine)

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-12-14 16:12:13 UTC (rev 10694)
+++ data/CVE/list	2008-12-14 16:29:13 UTC (rev 10695)
@@ -519,7 +519,10 @@
 CVE-2008-5248 (xine-lib before 1.1.15 allows remote attackers to cause a denial
of ...)
 	- xine-lib 1.1.14-3 (low)
 CVE-2008-5247 (The real_parse_audio_specific_data function in demux_real.c in
...)
-	TODO: check
+	- xine-lib <unfixed> (unimportant; bug #508715)
+	NOTE: a devide by 0 because of a crafted media file is hardly a security
issue,
+	NOTE: the integer overflows covered by the ocert advisory in the same code
snippet
+	NOTE: got an own identifier
 CVE-2008-5246 (Multiple heap-based buffer overflows in xine-lib before 1.1.15
allow ...)
 	- xine-lib <unfixed> (low; bug #507184; bug #498243)
 CVE-2008-5245 (xine-lib before 1.1.15 performs V4L video frame preallocation
before ...)

Secure testing commits - Dec 2008 - r10695 - data/CVE

[Secure-testing-commits] r10695 - data/CVE