Author: gilbert-guest Date: 2009-05-04 19:44:38 +0000 (Mon, 04 May 2009) New Revision: 11775 Modified: data/CVE/list data/ospu-candidates.txt data/spu-candidates.txt Log: CVE-2008-2009 vulnerability already fixed; additional hardening features to be considered as an spu/ospu candidate Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-05-04 17:31:20 UTC (rev 11774) +++ data/CVE/list 2009-05-04 19:44:38 UTC (rev 11775) @@ -14821,6 +14821,10 @@ NOT-FOR-US: Windows CVE-2008-2009 (Xiph.org libvorbis before 1.0 does not properly check for ...) - libvorbis 1.2.0.dfsg-4 (bug #482039) + [etch] - libvorbis <no-dsa> (actual vulnerability fixed pre-1.0) + [lenny] - libvorbis <no-dsa> (actual vulnerability fixed pre-1.0) + NOTE: additional hardening features have already been added to the unstable + NOTE: packages that would be useful to have in stable, so proposing as spu/ospu CVE-2008-2008 (Buffer overflow in the Display Names message feature in Cerulean ...) NOT-FOR-US: Cerulean Studios Trillian Basic CVE-2008-2007 Modified: data/ospu-candidates.txt ==================================================================--- data/ospu-candidates.txt 2009-05-04 17:31:20 UTC (rev 11774) +++ data/ospu-candidates.txt 2009-05-04 19:44:38 UTC (rev 11775) @@ -310,6 +310,11 @@ -- +libvorbis (CVE-2008-2009) +notified maintainer and release team + +-- + liferea (CVE-2005-4791) notified maintainer Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2009-05-04 17:31:20 UTC (rev 11774) +++ data/spu-candidates.txt 2009-05-04 19:44:38 UTC (rev 11775) @@ -32,6 +32,11 @@ -- +libvorbis (CVE-2008-2009) +notified maintainer and release team + +-- + mpfr (CVE-2009-0757) notified maintainer