joeyh at alioth.debian.org
2009-Mar-08 09:14 UTC
[Secure-testing-commits] r11361 - data/CVE
Author: joeyh
Date: 2009-03-08 09:14:13 +0000 (Sun, 08 Mar 2009)
New Revision: 11361
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-03-08 02:45:18 UTC (rev 11360)
+++ data/CVE/list 2009-03-08 09:14:13 UTC (rev 11361)
@@ -2082,7 +2082,7 @@
CVE-2009-0316 (Untrusted search path vulnerability in src/if_python.c in the
Python ...)
- vim 2:7.2.025-2 (low; bug #493937)
[lenny] - vim 1:7.1.314-3+lenny2
- [squeeze] - vim 1:7.1.314-3+lenny2
+ [squeeze] - vim 1:7.1.314-3+lenny2
[etch] - vim <no-dsa> (Minor issue)
NOTE: Not included in this round, could be fixed via next DSA with other
issues
CVE-2009-0315 (Untrusted search path vulnerability in the Python module in
xchat ...)
@@ -4578,25 +4578,25 @@
CVE-2008-5243 (The real_parse_headers function in demux_real.c in xine-lib
1.1.12, ...)
- xine-lib 1.1.16-1 (unimportant; bug #508716)
[lenny] - xine-lib 1.1.14-4
- [squeeze] - xine-lib 1.1.14-4
+ [squeeze] - xine-lib 1.1.14-4
NOTE: these are just invalid reads that result in segfaults, denial of service
doesnt
NOTE: apply here as xine reading a file is no service -> application bug
CVE-2008-5242 (demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier
versions, ...)
- xine-lib 1.1.16-1 (medium; bug #507165; bug #498243)
[lenny] - xine-lib 1.1.14-4
- [squeeze] - xine-lib 1.1.14-4
+ [squeeze] - xine-lib 1.1.14-4
CVE-2008-5241 (Integer underflow in demux_qt.c in xine-lib 1.1.12, and other
1.1.15 ...)
- xine-lib 1.1.16-1 (low; bug #509008)
[lenny] - xine-lib 1.1.14-4
- [squeeze] - xine-lib 1.1.14-4
+ [squeeze] - xine-lib 1.1.14-4
CVE-2008-5240 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies
on an ...)
- xine-lib 1.1.16-2 (low; bug #509352)
[lenny] - xine-lib 1.1.14-5
- [squeeze] - xine-lib 1.1.14-5
+ [squeeze] - xine-lib 1.1.14-5
CVE-2008-5239 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not
...)
- xine-lib 1.1.16-2 (medium; bug #509353)
[lenny] - xine-lib 1.1.14-5
- [squeeze] - xine-lib 1.1.14-5
+ [squeeze] - xine-lib 1.1.14-5
CVE-2008-5238 (Integer overflow in the real_parse_mdpr function in demux_real.c
in ...)
- xine-lib 1.1.14-3 (low)
NOTE: code execution shouldn''t work here as if 0xff will be extended
to 0xffffffff
@@ -4605,17 +4605,17 @@
CVE-2008-5237 (Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15
and ...)
- xine-lib 1.1.16-1 (bug #509265; low)
[lenny] - xine-lib 1.1.14-4
- [squeeze] - xine-lib 1.1.14-4
+ [squeeze] - xine-lib 1.1.14-4
CVE-2008-5236 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and
other ...)
- xine-lib 1.1.16-1 (bug #509521)
[lenny] - xine-lib 1.1.14-4
- [squeeze] - xine-lib 1.1.14-4
+ [squeeze] - xine-lib 1.1.14-4
CVE-2008-5235 (Heap-based buffer overflow in the demux_real_send_chunk function
in ...)
- xine-lib 1.1.14-3
CVE-2008-5234 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and
other ...)
- xine-lib 1.1.16-1 (medium; bug #508313; bug #498243)
[lenny] - xine-lib 1.1.14-4
- [squeeze] - xine-lib 1.1.14-4
+ [squeeze] - xine-lib 1.1.14-4
CVE-2008-5233 (xine-lib 1.1.12, and other versions before 1.1.15, does not
check for ...)
- xine-lib 1.1.14-3 (low)
CVE-2008-5232 (Buffer overflow in the CallHTMLHelp method in the Microsoft
Windows ...)
@@ -7270,7 +7270,7 @@
{DSA-1662-1}
- mysql-dfsg-5.0 5.0.67-1
[lenny] - mysql-dfsg-5.0 5.0.51a-18
- [squeeze] - mysql-dfsg-5.0 5.0.51a-18
+ [squeeze] - mysql-dfsg-5.0 5.0.51a-18
CVE-2008-4097 (MySQL 5.0.51a allows local users to bypass certain privilege
checks by ...)
{DSA-1608-1}
- mysql-dfsg-5.0 5.0.51a-10
@@ -16752,7 +16752,7 @@
{DSA-1576-1 DSA-1571-1}
- openssl 0.9.8g-9 (high)
[sarge] - openssl <not-affected> (Vulnerable code not present)
- - openssh 4.7p1-9 (high)
+ - openssh 4.7p1-9 (high)
NOTE: http://www.debian.org/security/key-rollover/
CVE-2008-0165 (Cross-site request forgery (CSRF) vulnerability in Ikiwiki
before 2.42 ...)
{DSA-1553-1}