Author: gilbert-guest
Date: 2009-04-20 02:09:18 +0000 (Mon, 20 Apr 2009)
New Revision: 11655
Modified:
data/CVE/list
Log:
bugs submitted for ghostscript, mplayer, and ffmpeg issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-04-19 23:28:54 UTC (rev 11654)
+++ data/CVE/list 2009-04-20 02:09:18 UTC (rev 11655)
@@ -1,3 +1,5 @@
+CVE-2009-XXXX [pptp-linux: unrestrictive pptpsetup permissions]
+ - pptp-linux <unfixed> (low; bug #523476)
CVE-2009-XXXX [slurm-llnl doesn''t drop supplementary groups]
- slumn-llnl 1.3.15-1
CVE-2009-1330 (Stack-based buffer overflow in Easy RM to MP3 Converter allows
remote ...)
@@ -263,7 +265,7 @@
CVE-2009-1255
RESERVED
CVE-2008-6679 (Buffer overflow in the BaseFont writer module in Ghostscript
8.62, and ...)
- - ghostscript <unfixed>
+ - ghostscript <unfixed> (medium; bug #524803)
CVE-2008-6678 (SQL injection vulnerability in asp/includes/contact.asp in
QuickerSite ...)
NOT-FOR-US: QuickerSite
CVE-2008-6677 (Unrestricted file upload vulnerability in ...)
@@ -309,7 +311,7 @@
CVE-2008-6657 (Cross-site request forgery (CSRF) vulnerability in index.php in
Simple ...)
NOT-FOR-US: Simple Machines Forum
CVE-2007-6725 (The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and
possibly ...)
- - ghostscript <unfixed>
+ - ghostscript <unfixed> (medium; bug #524803)
CVE-2009-XXXX [roundup: insufficient access checks in web frontend]
- roundup <unfixed> (bug #518768)
[etch] - roundup 1.2.1-10+etch1
@@ -1942,7 +1944,8 @@
{DSA-1769-1}
- openjdk-6 <unfixed>
CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color
...)
- - argyll <unfixed> (low; bug #523427)
+ - argyll <unfixed> (low; bug #523472)
+ - ghostscript <unfixed>
CVE-2009-0791
RESERVED
CVE-2009-0790 (The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before
...)
@@ -3964,9 +3967,9 @@
- cyrus-sasl2 2.1.22.dfsg1-18 (bug #465561)
[etch] - cyrus-sasl2 <no-dsa> (Minor issue)
CVE-2009-0385 (Integer signedness error in the fourxm_read_header function in
...)
- - ffmpeg-debian 0.svn20080206-16
+ - ffmpeg-debian 0.svn20080206-16 (medium; bug #524799)
- ffmpeg <removed>
- - mplayer 1.0~rc2-14
+ - mplayer 1.0~rc2-14 (medium; bug #524805)
- xine-lib <unfixed> (medium; bug #523475)
NOTE: MPlayer links against libavformat since 1.0~rc2-14, etch Mplayer still
needs a fix
NOTE:
http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17
@@ -4387,7 +4390,7 @@
CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView
...)
NOT-FOR-US: IrfanView
CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict
function ...)
- - ghostscript <unfixed>
+ - ghostscript <unfixed> (medium; bug #524803)
CVE-2009-0195
RESERVED
CVE-2009-0194