Author: gilbert-guest Date: 2010-01-16 21:58:59 +0000 (Sat, 16 Jan 2010) New Revision: 13842 Modified: data/CVE/list Log: vulnerable libtheora code not present in etch Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-01-16 21:19:54 UTC (rev 13841) +++ data/CVE/list 2010-01-16 21:58:59 UTC (rev 13842) @@ -3,6 +3,7 @@ [etch] - xulrunner <not-affected> (theora introduced in 1.9.1) [lenny] - xulrunner <not-affected> (theora introduced in 1.9.1) - libtheora 1.1.1+dfsg.1-3 (medium) + [etch] - libtheora <not-affected> (vulnerable code not present) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=498815 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=498824 CVE-2010-XXXX [potential sudo vuln] @@ -4068,6 +4069,7 @@ NOT-FOR-US: iscsiadm and iscsitadm programs in Sun Solaris 10 CVE-2009-3389 (Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used ...) - libtheora 1.1 + [etch] - libtheora <not-affected> (vulnerable code not present) - xulrunner 1.9.1.6-1 [lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5) CVE-2009-3388 (liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before ...)