gilbert-guest at alioth.debian.org
2009-Mar-07 22:27 UTC
[Secure-testing-commits] r11357 - data/CVE
Author: gilbert-guest
Date: 2009-03-07 22:27:52 +0000 (Sat, 07 Mar 2009)
New Revision: 11357
Modified:
data/CVE/list
Log:
fixing "squeeze-is-born" issues. see debian-security-tracker mailing
list.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-03-07 21:55:06 UTC (rev 11356)
+++ data/CVE/list 2009-03-07 22:27:52 UTC (rev 11357)
@@ -2080,6 +2080,7 @@
CVE-2009-0316 (Untrusted search path vulnerability in src/if_python.c in the
Python ...)
- vim 2:7.2.025-2 (low; bug #493937)
[lenny] - vim 1:7.1.314-3+lenny2
+ [squeeze] - vim 1:7.1.314-3+lenny2
[etch] - vim <no-dsa> (Minor issue)
NOTE: Not included in this round, could be fixed via next DSA with other
issues
CVE-2009-0315 (Untrusted search path vulnerability in the Python module in
xchat ...)
@@ -4575,20 +4576,25 @@
CVE-2008-5243 (The real_parse_headers function in demux_real.c in xine-lib
1.1.12, ...)
- xine-lib 1.1.16-1 (unimportant; bug #508716)
[lenny] - xine-lib 1.1.14-4
+ [squeeze] - xine-lib 1.1.14-4
NOTE: these are just invalid reads that result in segfaults, denial of service
doesnt
NOTE: apply here as xine reading a file is no service -> application bug
CVE-2008-5242 (demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier
versions, ...)
- xine-lib 1.1.16-1 (medium; bug #507165; bug #498243)
[lenny] - xine-lib 1.1.14-4
+ [squeeze] - xine-lib 1.1.14-4
CVE-2008-5241 (Integer underflow in demux_qt.c in xine-lib 1.1.12, and other
1.1.15 ...)
- xine-lib 1.1.16-1 (low; bug #509008)
[lenny] - xine-lib 1.1.14-4
+ [squeeze] - xine-lib 1.1.14-4
CVE-2008-5240 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies
on an ...)
- xine-lib 1.1.16-2 (low; bug #509352)
[lenny] - xine-lib 1.1.14-5
+ [squeeze] - xine-lib 1.1.14-5
CVE-2008-5239 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not
...)
- xine-lib 1.1.16-2 (medium; bug #509353)
[lenny] - xine-lib 1.1.14-5
+ [squeeze] - xine-lib 1.1.14-5
CVE-2008-5238 (Integer overflow in the real_parse_mdpr function in demux_real.c
in ...)
- xine-lib 1.1.14-3 (low)
NOTE: code execution shouldn''t work here as if 0xff will be extended
to 0xffffffff
@@ -4597,14 +4603,17 @@
CVE-2008-5237 (Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15
and ...)
- xine-lib 1.1.16-1 (bug #509265; low)
[lenny] - xine-lib 1.1.14-4
+ [squeeze] - xine-lib 1.1.14-4
CVE-2008-5236 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and
other ...)
- xine-lib 1.1.16-1 (bug #509521)
[lenny] - xine-lib 1.1.14-4
+ [squeeze] - xine-lib 1.1.14-4
CVE-2008-5235 (Heap-based buffer overflow in the demux_real_send_chunk function
in ...)
- xine-lib 1.1.14-3
CVE-2008-5234 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and
other ...)
- xine-lib 1.1.16-1 (medium; bug #508313; bug #498243)
[lenny] - xine-lib 1.1.14-4
+ [squeeze] - xine-lib 1.1.14-4
CVE-2008-5233 (xine-lib 1.1.12, and other versions before 1.1.15, does not
check for ...)
- xine-lib 1.1.14-3 (low)
CVE-2008-5232 (Buffer overflow in the CallHTMLHelp method in the Microsoft
Windows ...)
@@ -7259,6 +7268,7 @@
{DSA-1662-1}
- mysql-dfsg-5.0 5.0.67-1
[lenny] - mysql-dfsg-5.0 5.0.51a-18
+ [squeeze] - mysql-dfsg-5.0 5.0.51a-18
CVE-2008-4097 (MySQL 5.0.51a allows local users to bypass certain privilege
checks by ...)
{DSA-1608-1}
- mysql-dfsg-5.0 5.0.51a-10