white at alioth.debian.org
2009-Feb-28 03:39 UTC
[Secure-testing-commits] r11282 - data/CVE
Author: white Date: 2009-02-28 03:39:32 +0000 (Sat, 28 Feb 2009) New Revision: 11282 Modified: data/CVE/list Log: libvorbis and dovecot fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-02-27 21:14:16 UTC (rev 11281) +++ data/CVE/list 2009-02-28 03:39:32 UTC (rev 11282) @@ -5642,7 +5642,7 @@ [lenny] - redhat-cluster 2.20080801-4+lenny1 [etch] - redhat-cluster <no-dsa> (Minor issue) CVE-2008-4578 (The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass ...) - - dovecot <unfixed> (low; bug #502967) + - dovecot 1:1.1.9-1 (low; bug #502967) [etch] - dovecot <no-dsa> (Minor issue) [lenny] - dovecot <no-dsa> (Minor issue) CVE-2008-4577 (The ACL plugin in Dovecot before 1.1.4 treats negative access rights ...) @@ -11809,9 +11809,7 @@ CVE-2008-2010 (Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 ...) NOT-FOR-US: Windows CVE-2008-2009 (Xiph.org libvorbis before 1.0 does not properly check for ...) - NOTE: #482039 has information to inform maintainer about new upstream code and problem - NOTE: however, it is not clear that the version is vulnerable - TODO: check vulnerability of debian packages and value of upstream patch + - libvorbis 1.2.0.dfsg-4 (bug #482039) CVE-2008-2008 (Buffer overflow in the Display Names message feature in Cerulean ...) NOT-FOR-US: Cerulean Studios Trillian Basic CVE-2008-2007