Secure testing commits - Jan 2009 - r11094 - data/CVE

Author: jmm-guest
Date: 2009-01-29 15:02:15 +0000 (Thu, 29 Jan 2009)
New Revision: 11094

Modified:
   data/CVE/list
Log:
- xine updates
- sudo CVEfied


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-01-29 13:50:34 UTC (rev 11093)
+++ data/CVE/list	2009-01-29 15:02:15 UTC (rev 11094)
@@ -129,9 +129,6 @@
 	TODO: check
 CVE-2008-5967 (admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does
not ...)
 	TODO: check
-CVE-2009-XXXX [sudo: privilege escalation]
-	- sudo 1.6.9p17-2 (medium)
-	[etch] - sudo <not-affected> (Vulnerable code not present)
 CVE-2009-0278 (Sun Java System Application Server (AS) 8.1 and 8.2 allows
remote ...)
 	NOT-FOR-US: Sun Java System Application Server (AS)
 CVE-2009-0277 (Unspecified vulnerability in the kernel in OpenSolaris snv_100
through ...)
@@ -1471,8 +1468,10 @@
 	RESERVED
 CVE-2009-0035
 	RESERVED
-CVE-2009-0034
+CVE-2009-0034 [sudo: privilege escalation]
 	RESERVED
+	- sudo 1.6.9p17-2 (medium)
+	[etch] - sudo <not-affected> (Vulnerable code not present)
 CVE-2009-0033
 	RESERVED
 CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server
(CS) ...)
@@ -2470,7 +2469,8 @@
 	- geda-gnetlist 1:1.4.0-3 (bug #506625; unimportant)
 	NOTE: sch2eaglepos.sh only used as example script
 CVE-2008-5248 (xine-lib before 1.1.15 allows remote attackers to cause a denial
of ...)
-	- xine-lib 1.1.14-3 (low)
+	- xine-lib 1.1.14-3 (unimportant)
+	NOTE: just a crasher
 CVE-2008-5247 (The real_parse_audio_specific_data function in demux_real.c in
...)
 	- xine-lib <unfixed> (unimportant; bug #508715)
 	NOTE: a devide by 0 because of a crafted media file is hardly a security
issue,
@@ -2481,10 +2481,11 @@
 CVE-2008-5245 (xine-lib before 1.1.15 performs V4L video frame preallocation
before ...)
 	- xine-lib 1.1.14-3 (low)
 CVE-2008-5244 (Unspecified vulnerability in xine-lib before 1.1.15 has unknown
impact ...)
-	- xine-lib 1.1.14-3
-	- faad2 2.6.1-1
-	- mplayer 1.0~rc2-20 (bug #407010)
+	- xine-lib 1.1.14-3 (unimportant)
+	- faad2 2.6.1-1 (unimportant)
+	- mplayer 1.0~rc2-20 (unimportant; bug #407010)
 	NOTE: overlaps with CVE-2008-4610, same aac issue
+	NOTE: just a crasher, no security implications known so far
 CVE-2008-5243 (The real_parse_headers function in demux_real.c in xine-lib
1.1.12, ...)
 	- xine-lib 1.1.16-1 (unimportant; bug #508716)
 	[lenny] - xine-lib 1.1.14-4
@@ -7360,7 +7361,8 @@
 CVE-2008-3232 (Unrestricted file upload vulnerability in ecrire/images.php in
...)
 	NOT-FOR-US: dotclear
 CVE-2008-3231 (xine-lib before 1.1.15 allows remote attackers to cause a denial
of ...)
-	- xine-lib 1.1.14-2 (bug #492870; low)
+	- xine-lib 1.1.14-2 (bug #492870; unimportant)
+	NOTE: Only a NULL pointer deference, hardly security relevant
 CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause
a ...)
 	- ffmpeg-debian 0.svn20080206-16 (unimportant; bug #498764)
 	- ffmpeg <removed> (unimportant)