Author: gilbert-guest
Date: 2010-05-11 22:31:12 +0000 (Tue, 11 May 2010)
New Revision: 14678
Modified:
data/CVE/list
data/DSA/list
Log:
fix theora dsa; mark vlc/mplayer issues as fixed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-05-11 21:14:36 UTC (rev 14677)
+++ data/CVE/list 2010-05-11 22:31:12 UTC (rev 14678)
@@ -11428,12 +11428,14 @@
CVE-2008-6892 (SQL injection vulnerability in lire/index.php in Peel 3.1 allows
...)
NOT-FOR-US: Peel
CVE-2009-XXXX [VLC: integer underflow in Real RTSP]
- - vlc <unfixed>
- - mplayer <unfixed>
+ - vlc 1.0.1-1
+ [lenny] - vlc 0.8.6.h-4+lenny2.3
+ - mplayer <unfixed> (medium; bug #581245)
+ [lenny] - mplayer 1.0~rc2-17+lenny3.2
- xine-lib <not-affected> (immune due to additional check in
xio_rw_abbort())
- TODO: File bugs
NOTE:
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca
NOTE:
http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
+ NOTE: DSA-2043 and DSA-2044
CVE-2009-2655 (mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP
SP3 ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows
remote ...)
@@ -23781,7 +23783,7 @@
CVE-2008-4593 (Apple iPhone 2.1 with firmware 5F136, when Require Passcode is
enabled ...)
NOT-FOR-US: Apple iPhone 2.1 with firmware 5F136
CVE-2007-6718 (MPlayer, possibly 1.0rc1, allows remote attackers to cause a
denial of ...)
- - mplayer <unfixed> (low; bug #407010)
+ - mplayer 1.0~rc3+svn20100502-1 (low; bug #407010)
[lenny] - mplayer <no-dsa> (Some have been fixed in Lenny/libavcodec,
some crashers left)
NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
CVE-2008-4654 (Stack-based buffer overflow in the parse_master function in the
Ty ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2010-05-11 21:14:36 UTC (rev 14677)
+++ data/DSA/list 2010-05-11 22:31:12 UTC (rev 14678)
@@ -1,5 +1,6 @@
[11 May 2010] DSA-2045-1 - arbitrary code execution
{CVE-2009-3389}
+ [lenny] - libtheora 1.0~beta3-1+lenny1
[11 May 2010] DSA-2044-1 mplayer - arbitrary code execution
[lenny] - mplayer 1.0~rc2-17+lenny3.2
[11 May 2010] DSA-2043-1 vlc - arbitrary code execution