Moritz Muehlenhoff
2010-Jun-04 21:27 UTC
[Secure-testing-commits] r14800 - in data: CVE DSA
Author: jmm-guest Date: 2010-06-04 21:27:03 +0000 (Fri, 04 Jun 2010) New Revision: 14800 Modified: data/CVE/list data/DSA/list Log: mplayer/vlc CVEfied bugnums Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-06-04 21:14:47 UTC (rev 14799) +++ data/CVE/list 2010-06-04 21:27:03 UTC (rev 14800) @@ -222,8 +222,16 @@ RESERVED CVE-2010-2063 RESERVED -CVE-2010-2062 +CVE-2010-2062 [VLC: integer underflow in Real RTSP] RESERVED + - vlc 1.0.1-1 + [lenny] - vlc 0.8.6.h-4+lenny2.3 + - mplayer 2:1.0~rc3+svn20100502-3 (medium; bug #581245) + [lenny] - mplayer 1.0~rc2-17+lenny3.2 + - xine-lib <not-affected> (immune due to additional check in xio_rw_abbort()) + NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca + NOTE: http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/ + NOTE: DSA-2043 and DSA-2044 CVE-2010-2061 RESERVED CVE-2010-2060 @@ -2659,7 +2667,7 @@ CVE-2009-4739 (PHP remote file inclusion vulnerability in index.php in SkaDate Dating ...) NOT-FOR-US: SkaDate Dating CVE-2010-XXXX [freeciv lua] - - freeciv <unfixed> (low) + - freeciv <unfixed> (low; bug #584589) [lenny] - freeciv <no-dsa> (Minor issue) NOTE: http://gna.org/bugs/?15624 CVE-2010-XXXX [Rbot Owner Reaction Command Execution] @@ -4856,7 +4864,7 @@ [lenny] - bozohttpd <no-dsa> (Minor issue) [etch] - bozohttpd <no-dsa> (Minor issue) CVE-2010-XXXX [maradns null pointer dereference] - - maradns <unfixed> (low) + - maradns <unfixed> (low; bug #584587) [lenny] - maradns <no-dsa> (minor issue) [etch] - maradns <not-affected> (vulnerable code introduced in 1.3.03) NOTE: http://maradns.org/download/maradns-1.4.02-parse_segfault.patch @@ -4869,7 +4877,7 @@ NOTE: http://lists.debian.org/debian-release/2010/01/msg00181.html CVE-2010-XXXX [sudosh3: many security weaknesses] - sudosh3 <unfixed> (high; bug #566142) - NOTE: package is likely to be removed + NOTE: Removal requested CVE-2010-XXXX [phpbb: many issues] - phpbb3 3.0.7-PL1-1 - phpbb2 <removed> Modified: data/DSA/list ==================================================================--- data/DSA/list 2010-06-04 21:14:47 UTC (rev 14799) +++ data/DSA/list 2010-06-04 21:27:03 UTC (rev 14800) @@ -29,8 +29,10 @@ {CVE-2009-3389} [lenny] - libtheora 1.0~beta3-1+lenny1 [11 May 2010] DSA-2044-1 mplayer - arbitrary code execution + {CVE-2010-2062} [lenny] - mplayer 1.0~rc2-17+lenny3.2 [11 May 2010] DSA-2043-1 vlc - arbitrary code execution + {CVE-2010-2062} [lenny] - vlc 0.8.6.h-4+lenny2.3 [05 May 2010] DSA-2042-1 iscsitarget - arbitrary code execution {CVE-2010-0743}