Author: jmm-guest
Date: 2010-01-07 22:53:06 +0000 (Thu, 07 Jan 2010)
New Revision: 13757
Modified:
data/CVE/list
Log:
* arts/ltdl not affected
* ffmpeg fixed in experimental
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-01-07 21:35:07 UTC (rev 13756)
+++ data/CVE/list 2010-01-07 22:53:06 UTC (rev 13757)
@@ -2535,9 +2535,7 @@
CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
...)
{DSA-1958-1}
- libtool 2.2.6b-1 (low; bug #559797)
- - arts <unfixed> (low; bug #559798)
- [lenny] - arts <no-dsa> (Minor issue)
- [etch] - arts <no-dsa> (Minor issue)
+ - arts <not-affected> (Uses absolute path to the sound backend)
- bochs <not-affected> (additional hardening in this package prevents
this type of attack; bug #559799)
- camserv <unfixed> (low; bug #559800)
[lenny] - camserv <no-dsa> (Minor issue)
@@ -3528,9 +3526,10 @@
CVE-2009-3447 (Unrestricted file upload vulnerability in RADactive I-Load
before ...)
NOT-FOR-US: RADactive I-Load
CVE-2009-XXXX [ffmpeg missing input sanitization/crashes]
- - ffmpeg <unfixed> (medium; bug #550442)
+ - ffmpeg (medium; bug #550442)
- xmovie <removed> (medium)
- ffmpeg-debian <removed> (medium)
+ NOTE: Fixed in experimental in 4:0.5+svn20090706-3
NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240
NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245
CVE-2009-XXXX [xen-tools: world readable disk image files]