thr3ads.net - Secure testing commits - [Secure-testing-commits] r11816

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-May-06 15:04 UTC

[Secure-testing-commits] r11816 - data/CVE

Author: derevko-guest
Date: 2009-05-06 15:04:45 +0000 (Wed, 06 May 2009)
New Revision: 11816

Modified:
   data/CVE/list
Log:
CVE-2009-1513: cve id assigned to libmodplug
CVE-2009-1438: gst-plugins-bad0.10 is vulnerable only in stable and oldstable


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-05-06 14:23:26 UTC (rev 11815)
+++ data/CVE/list	2009-05-06 15:04:45 UTC (rev 11816)
@@ -5,7 +5,10 @@
 	NOTE: http://hg.moinmo.in/moin/1.8/rev/269a1fbc3ed7
 	NOTE: CVE id requested
 CVE-2009-1513 (Buffer overflow in the PATinst function in src/load_pat.cpp in
...)
-	TODO: check
+	- libmodplug <unfixed> (medium; bug #526084)
+	- gst-plugins-bad0.10 <not-affected> (Vulnerable code not present; bug
#527077)
+	[etch] - libmodplug <not-affected> (Vulnerable code not present)
+	NOTE: gst-plugins-bad0.10 in testing and unstable builds against an external
libmodplug.
 CVE-2009-XXXX [unsafe temp file in coccinelle]
 	- coccinelle 0.1.7.deb-3 (low)
 	[lenny] - coccinelle <no-dsa> (Minor issue)
@@ -34,12 +37,6 @@
 	[etch] - xorg-server <no-dsa> (minor issue)
 	[lenny] - xorg-server <no-dsa> (minor issue)
 	NOTE: CVE id requested
-CVE-2009-XXXX [libmodplug buffer overflow in PAT sampler]
-	- libmodplug <unfixed> (medium; bug #526084)
-	- gst-plugins-bad0.10 <not-affected> (Vulnerable code not present; bug
#527077)
-	[etch] - libmodplug <not-affected> (Vulnerable code not present)
-	NOTE: CVE id requested on oss-sec
-	NOTE: gst-plugins-bad0.10 in testing and unstable builds against an external
libmodplug.
 CVE-2009-XXXX [clamav milter init script "typo"]
 	- clamav <not-affected> (Vulnerable code not present)
 	NOTE: from what I see this code was never uploaded to the debian archive
@@ -277,7 +274,9 @@
 	- linux-2.6.24 <removed>
 CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...)
 	- libmodplug <unfixed> (low; bug #526657; bug #527076)
-	- gst-plugins-bad0.10 <unfixed> (low; bug #527075)
+	- gst-plugins-bad0.10 <not-affected> (it builds against an external
libmodplug; bug #527075)
+	[etch] - gst-plugins-bad0.10 <unfixed> (low; bug #527075)
+	[lenny] - gst-plugins-bad0.10 <unfixed> (low; bug #527075)
 CVE-2009-1437 (Stack-based buffer overflow in PortableApps CoolPlayer Portable
(aka ...)
 	NOT-FOR-US: CoolPlayer
 CVE-2009-1436 (The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and ...)

Secure testing commits - May 2009 - r11816 - data/CVE

[Secure-testing-commits] r11816 - data/CVE