Author: gilbert-guest
Date: 2010-02-20 21:16:07 +0000 (Sat, 20 Feb 2010)
New Revision: 14133
Modified:
data/CVE/list
Log:
ffmpeg issues that got cve''s are indeed fixed, but many remain open
still
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-02-20 09:14:41 UTC (rev 14132)
+++ data/CVE/list 2010-02-20 21:16:07 UTC (rev 14133)
@@ -54,6 +54,9 @@
TODO: check
CVE-2009-4643 (Stack-based buffer overflow in dsInstallerService.dll in the
Juniper ...)
TODO: check
+CVE-2009-XXXX [ffmpeg vulnerabilities]
+ - ffmpeg <unfixed> (medium; bug #570713; bug #550442)
+ - ffmpeg-debian <removed> (medium)
CVE-2010-XXXX [dillo improper restriction of path in cookies]
- dillo <undetermined>
NOTE: http://hg.dillo.org/dillo/file/tip/ChangeLog
@@ -249,53 +252,44 @@
NOT-FOR-US: Trend Micro URL Filtering Engine
CVE-2009-4640 (Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote
...)
{DSA-2000-1}
- - ffmpeg <unfixed>
+ - ffmpeg 4:0.5+svn20090706-3
- ffmpeg-debian <removed>
- TODO: check
CVE-2009-4639 (The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5
allows ...)
- ffmpeg <unfixed>
- ffmpeg-debian <removed>
TODO: check
CVE-2009-4638 (Integer overflow in FFmpeg 0.5 allows remote attackers to cause
a ...)
{DSA-2000-1}
- - ffmpeg <unfixed>
+ - ffmpeg 4:0.5+svn20090706-3
- ffmpeg-debian <removed>
- TODO: check
CVE-2009-4637 (FFmpeg 0.5 allows remote attackers to cause a denial of service
...)
{DSA-2000-1}
- - ffmpeg <unfixed>
+ - ffmpeg 4:0.5+svn20090706-3
- ffmpeg-debian <removed>
- TODO: check
CVE-2009-4636 (FFmpeg 0.5 allows remote attackers to cause a denial of service
(hang) ...)
{DSA-2000-1}
- - ffmpeg <unfixed>
+ - ffmpeg 4:0.5+svn20090706-3
- ffmpeg-debian <removed>
- TODO: check
CVE-2009-4635 (FFmpeg 0.5 allows remote attackers to cause a denial of service
and ...)
{DSA-2000-1}
- - ffmpeg <unfixed>
+ - ffmpeg 4:0.5+svn20090706-3
- ffmpeg-debian <removed>
- TODO: check
CVE-2009-4634 (Multiple integer underflows in FFmpeg 0.5 allow remote attackers
to ...)
{DSA-2000-1}
- - ffmpeg <unfixed>
+ - ffmpeg 4:0.5+svn20090706-3
- ffmpeg-debian <removed>
- TODO: check
CVE-2009-4633 (vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a
...)
{DSA-2000-1}
- - ffmpeg <unfixed>
+ - ffmpeg 4:0.5+svn20090706-3
- ffmpeg-debian <removed>
- TODO: check
CVE-2009-4632 (oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain
...)
{DSA-2000-1}
- - ffmpeg <unfixed>
+ - ffmpeg 4:0.5+svn20090706-3
- ffmpeg-debian <removed>
- TODO: check
CVE-2009-4631 (Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows
...)
{DSA-2000-1}
- - ffmpeg <unfixed>
+ - ffmpeg 4:0.5+svn20090706-3
- ffmpeg-debian <removed>
- TODO: check
CVE-2010-0563 (The Single Sign-on (SSO) functionality in IBM WebSphere
Application ...)
NOT-FOR-US: IBM WebSphere Application
CVE-2010-0562 (The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and
6.3.13, ...)