Author: gilbert-guest
Date: 2009-09-15 02:26:58 +0000 (Tue, 15 Sep 2009)
New Revision: 12814
Modified:
data/CVE/list
Log:
some embedded code copy updates
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-09-14 21:14:11 UTC (rev 12813)
+++ data/CVE/list 2009-09-15 02:26:58 UTC (rev 12814)
@@ -630,8 +630,14 @@
NOT-FOR-US: DB2 Monitoring Console
CVE-2008-7129 (XySSL before 0.9 allows remote attackers to cause a denial of
service ...)
- xyssl 0.9-1
+ - polarssl <not-affected> (fixed in xyssl before polarssl was forked
from it)
+ - pdkim <itp> (bug #543150)
+ NOTE: check pdkim if/when it enters unstable (contains polarssl code copy)
CVE-2008-7128 (The ssl_parse_client_key_exchange function in XySSL before 0.9
does ...)
- xyssl 0.9-1
+ - polarssl <not-affected> (fixed in xyssl before polarssl was forked
from it)
+ - pdkim <itp> (bug #543150)
+ NOTE: check pdkim if/when it enters unstable (contains polarssl code copy)
CVE-2008-7127 (osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and
...)
NOT-FOR-US: Borland VisiBroker Smart Agent
CVE-2008-7126 (Integer overflow in osagent.exe in Borland VisiBroker Smart
Agent ...)
@@ -6324,6 +6330,7 @@
NOT-FOR-US: BS.player
CVE-2009-1274 (Integer overflow in the qt_error parse_trak_atom function in
...)
- xine-lib 1.1.16.3-1 (medium; bug #522811)
+ - vlc <not-affected> (affected part of xine-lib code not present)
CVE-2009-1238 (Race condition in the HFS vfs sysctl interface in XNU 1228.8.20
and ...)
NOT-FOR-US: Mac OS X
CVE-2009-1237 (Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac
OS X ...)
@@ -8331,6 +8338,7 @@
NOT-FOR-US: Plunet BusinessManager
CVE-2009-0698 (Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in
xine-lib ...)
- xine-lib 1.1.16.2-1 (bug #517792; bug #523475; medium)
+ - vlc <not-affected> (affected part of xine-lib code not present)
CVE-2009-0697
RESERVED
CVE-2009-0696 (The dns_db_findrdataset function in db.c in named in ISC BIND
9.4 ...)
@@ -12522,6 +12530,7 @@
NOTE: sch2eaglepos.sh only used as example script
CVE-2008-5248 (xine-lib before 1.1.15 allows remote attackers to cause a denial
of ...)
- xine-lib 1.1.14-3
+ - vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5247 (The real_parse_audio_specific_data function in demux_real.c in
...)
- xine-lib <unfixed> (unimportant; bug #508715)
NOTE: a devide by 0 because of a crafted media file is hardly a security
issue,
@@ -12529,6 +12538,7 @@
NOTE: got an own identifier
CVE-2008-5246 (Multiple heap-based buffer overflows in xine-lib before 1.1.15
allow ...)
- xine-lib 1.1.14-3 (low; bug #507184; bug #498243)
+ - vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5245 (xine-lib before 1.1.15 performs V4L video frame preallocation
before ...)
- xine-lib 1.1.14-3 (low)
[etch] - xine-lib <not-affected> (The version from Etch doesn''t
yet perform pre-allocation)
@@ -12575,12 +12585,14 @@
[squeeze] - xine-lib 1.1.14-4
CVE-2008-5235 (Heap-based buffer overflow in the demux_real_send_chunk function
in ...)
- xine-lib 1.1.14-3
+ - vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5234 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and
other ...)
- xine-lib 1.1.16-1 (medium; bug #508313; bug #498243)
[lenny] - xine-lib 1.1.14-4
[squeeze] - xine-lib 1.1.14-4
CVE-2008-5233 (xine-lib 1.1.12, and other versions before 1.1.15, does not
check for ...)
- xine-lib 1.1.14-3 (low)
+ - vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5232 (Buffer overflow in the CallHTMLHelp method in the Microsoft
Windows ...)
NOT-FOR-US: Microsoft Windows Media Services
CVE-2008-5231 (Stack-based buffer overflow in the ExecuteRequest method in the
Novell ...)
@@ -54867,6 +54879,7 @@
NOT-FOR-US: Arab Portal
CVE-2006-1664 (Buffer overflow in xine_list_delete_current in libxine 1.14 and
...)
- xine-lib <not-affected> (Not reproducible with Debian version, see bug
#363127)
+ - vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2006-1663
REJECTED
CVE-2006-1662 (The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows
remote ...)
@@ -70715,6 +70728,7 @@
NOT-FOR-US: PHPBB Knowledgebase Mod
CVE-2005-1195 (Multiple heap-based buffer overflows in the code used to handle
(1) ...)
- xine-lib 1.0.1-1
+ - mplayer <not-affected> (fixed in 1.0-pre7, which was released before
etch)
CVE-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for
nasm ...)
- nasm 0.98.38-1.2 (bug #309049)
CVE-2005-1193 (The bbencode_second_pass and make_clickable functions in
bbcode.php ...)
@@ -73665,9 +73679,11 @@
NOT-FOR-US: JRun
CVE-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in
xine-lib ...)
- xine-lib 1-rc6
+ - vlc <not-affected> (affected part of xine-lib code copy not present)
- libcdio 0.69
CVE-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through
1-rc5 ...)
- xine-lib 1-rc6
+ - vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R
running ...)
NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CVE-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R
running ...)
@@ -73709,6 +73725,7 @@
- cvstrac 1.1.4-1
CVE-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2
and ...)
- xine-lib 1-rc5-1.1
+ - vlc <not-affected> (vulnerable component of xine-lib code copy not
present)
CVE-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First
(OSPF) ...)
NOT-FOR-US: Cisco
CVE-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before
2.3.3.20040420, ...)
@@ -74959,6 +74976,7 @@
NOT-FOR-US: xlreader
CVE-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c
for ...)
- xine-lib 1-rc8-1
+ - vlc <not-affected> (vulnerable component of xine-lib code copy not
present)
CVE-2004-1299 (Buffer overflow in the get_attr function in html.c for
vilistextum ...)
NOT-FOR-US: vilistextum
CVE-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02
allows ...)
@@ -75212,8 +75230,10 @@
- krb5 1.3.6-1
CVE-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other
...)
- xine-lib 1-rc8-1
+ - mplayer <not-affected> (fixed in 1.0-pre5 which precedes the version
included in etch)
CVE-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for
xine ...)
- xine-lib 1-rc8-1
+ - mplayer <not-affected> (fixed in 1.0-pre5 which precedes the version
included in etch)
CVE-2004-1186 (Multiple buffer overflows in enscript 1.6.3 allow remote
attackers or ...)
{DSA-654-1}
- enscript 1.6.4-6
@@ -77097,6 +77117,7 @@
CVE-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol
(RTSP) ...)
- mplayer 1.0~pre6a-1
- xine-lib 1-rc4
+ TODO: check vlc (a problem in the xine-lib rtsp code copy. this was likely
fixed a long time ago, but i can''t find a link to the relevant code
anymore to compare to)
CVE-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR
based ACL ...)
- proftpd 1.2.9-4
CVE-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1
...)