Secure testing commits - Jan 2010 - r13882 - data/CVE

Author: jmm-guest
Date: 2010-01-22 16:14:51 +0000 (Fri, 22 Jan 2010)
New Revision: 13882

Modified:
   data/CVE/list
Log:
- backup-manager spu
- evolution issues
- ffmpeg fixed


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-01-22 15:27:21 UTC (rev 13881)
+++ data/CVE/list	2010-01-22 16:14:51 UTC (rev 13882)
@@ -2656,8 +2656,10 @@
 	- linux-2.6 <unfixed> (unimportant)
 	- linux-2.6.24 <unfixed> (unimportant)
 	NOTE: All Debian kernels have MMU support enabled
-CVE-2009-3887
+CVE-2009-3887 [evolution path traversal]
 	RESERVED
+        - evolution <unfixed>
+        NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
 CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update
17 ...)
 	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
@@ -3180,8 +3182,10 @@
 	- kvm 88+dfsg-2 (low; bug #557739)
 	NOTE: http://bugzilla.redhat.com/531660
 	NOTE: http://git.kernel.org/linus/0a79b009525b160081d75cef5dbf45817956acf2
-CVE-2009-3721
+CVE-2009-3721 [evolution buffer overflow]
 	RESERVED
+        - evolution <unfixed>
+        NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
 CVE-2009-3720 (The updatePosition function in lib/xmltok_impl.c in libexpat in
Expat ...)
 	{DSA-1921-1}
 	- expat 2.0.1-5 (low; bug #551936)
@@ -4004,10 +4008,9 @@
 CVE-2009-3447 (Unrestricted file upload vulnerability in RADactive I-Load
before ...)
 	NOT-FOR-US: RADactive I-Load
 CVE-2009-XXXX [ffmpeg missing input sanitization/crashes]
-	- ffmpeg  (medium; bug #550442)
+	- ffmpeg 4:0.5+svn20090706-3 (medium; bug #550442)
 	- xmovie <removed> (medium)
 	- ffmpeg-debian <removed> (medium)
-	NOTE: Fixed in experimental in 4:0.5+svn20090706-3
 	NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240
 	NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245
 CVE-2009-XXXX [xen-tools: world readable disk image files]
@@ -40706,6 +40709,7 @@
 	- backup-manager 0.7.6-1 (low)
 	[sarge] - backup-manager <no-dsa> (Minor issue)
 	[etch] - backup-manager <no-dsa> (Minor issue)
+	TODO: next point update [etch] - backup-manager 0.7.5-5
 CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly parse
...)
 	NOT-FOR-US: BlockHosts
 CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm
switches ...)