Author: gilbert-guest
Date: 2010-03-04 04:02:05 +0000 (Thu, 04 Mar 2010)
New Revision: 14183
Modified:
data/CVE/list
data/DSA/list
Log:
fix a few latently vulnerable issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-03-04 03:26:12 UTC (rev 14182)
+++ data/CVE/list 2010-03-04 04:02:05 UTC (rev 14183)
@@ -14742,6 +14742,7 @@
CVE-2009-0688 (Multiple buffer overflows in the CMU Cyrus SASL library before
2.1.23 ...)
{DSA-1807-1 DTSA-200-1 DTSA-201-1}
- cyrus-sasl2 2.1.23.dfsg1-1 (bug #528749)
+ - cyrus-sasl2-heimdal 2.1.23.dfsg1-1
NOTE: VU#238019
CVE-2009-0687 (The pf_test_rule function in OpenBSD Packet Filter (PF), as used
in ...)
NOT-FOR-US: OpenBSD Packet Filter
@@ -19826,6 +19827,7 @@
[etch] - kino <not-affected> (Does not ship ffmpeg)
- gstreamer0.10-ffmpeg 0.10.3-2
CVE-2008-4868 (Unspecified vulnerability in the avcodec_close function in ...)
+ - ffmpeg <not-affected> (Vulnerable code not present)
- ffmpeg-debian <not-affected> (Vulnerable code not present)
[etch] - ffmpeg <not-affected> (Vulnerable code not present)
- mplayer 1.0~rc2-14
@@ -19835,6 +19837,7 @@
- gstreamer0.10-ffmpeg 0.10.3-2
[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not
present)
CVE-2008-4867 (Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before
r14917, as ...)
+ - ffmpeg 0.svn20080206-14
- ffmpeg-debian 0.svn20080206-14 (bug #504977)
[etch] - ffmpeg <not-affected> (Vulnerable code not present)
- mplayer 1.0~rc2-14
@@ -19845,6 +19848,7 @@
[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not
present)
CVE-2008-4866 (Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9
...)
{DSA-1782-1}
+ - ffmpeg 0.svn20080206-14
- ffmpeg-debian 0.svn20080206-14 (bug #504977)
[etch] - ffmpeg <not-affected> (Vulnerable code not present)
- mplayer 1.0~rc2-14
@@ -19973,13 +19977,13 @@
[lenny] - smarty <no-dsa> (Minor issue, fix will change behaviour)
[etch] - smarty <no-dsa> (Minor issue, fix will change behaviour)
- moodle 1.8.2-2 (bug #504345)
- [etch] - gallery2 <unfixed>
+ - gallery2 2.2.5-2
NOTE: This attack vector is *not* fixed in r2797
CVE-2008-4810 (The _expand_quoted_text function in
libs/Smarty_Compiler.class.php in ...)
{DSA-1919-1 DSA-1691-1}
- smarty 2.6.26-0.1 (bug #504328)
- moodle 1.8.2-2 (bug #504345)
- [etch] - gallery2 <unfixed>
+ - gallery2 2.2.5-2
NOTE: This attack vector is fixed in r2797
CVE-2008-4809 (Multiple unspecified vulnerabilities in the Profiles search
pages in ...)
NOT-FOR-US: IBM Lotus Connections
@@ -40891,6 +40895,7 @@
NOT-FOR-US: Calendarix
CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for
Evolution Data ...)
{DSA-1325-1 DSA-1321-1}
+ - evolution 2.12.0-1
- evolution-data-server 1.10.2-2 (bug #429876)
[sarge] - evolution-data-server <not-affected> (Vulnerable code present
in a different source package)
CVE-2007-3256 (Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL),
and ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2010-03-04 03:26:12 UTC (rev 14182)
+++ data/DSA/list 2010-03-04 04:02:05 UTC (rev 14183)
@@ -47,7 +47,7 @@
{CVE-2010-0438}
[lenny] - otrs2 2.2.7-2lenny3
[04 Feb 2010] DSA-1992-1 chrony - denial of service
- {CVE-2009-3563 CVE-2010-0292 CVE-2010-0293 CVE-2010-0294}
+ {CVE-2010-0292 CVE-2010-0293 CVE-2010-0294}
[etch] - chrony 1.21z-5+etch1
[lenny] - chrony 1.23-6+lenny1
[04 Feb 2010] DSA-1991-1 squid squid3 - denial of service