Secure testing commits - Mar 2011 - r16457 - data/CVE

Author: jmm
Date: 2011-03-30 13:19:00 +0000 (Wed, 30 Mar 2011)
New Revision: 16457

Modified:
   data/CVE/list
Log:
vlc status updates:
- bookmark issue CVEfied
- one issue doesn''t affect lenny
- two new issue (actually just one) fixed in sid, unfixed in lenny and squeeze


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-03-30 13:17:41 UTC (rev 16456)
+++ data/CVE/list	2011-03-30 13:19:00 UTC (rev 16457)
@@ -1253,8 +1253,11 @@
 	NOTE: http://seclists.org/oss-sec/2011/q1/368
 CVE-2011-1088 (Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity
...)
 	- tomcat6 <not-affected> (Only affects Tomcat 7)
-CVE-2011-1087
+CVE-2011-1087 [vlc bookmarks memory corruption]
 	RESERVED
+	- vlc <unfixed> (bug #616156)
+	NOTE: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php
+	NOTE: obscure exploit scenario
 CVE-2011-1086
 	RESERVED
 CVE-2011-1085
@@ -4615,6 +4618,7 @@
 	- vlc 1.1.3-1squeeze2
 CVE-2011-0021 (Multiple heap-based buffer overflows in cdg.c in the CDG decoder
in ...)
 	- vlc 1.1.3-1squeeze2
+	[lenny] - vlc <not-affected> (Vulnerable code not present)
 	NOTE:
http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab
 CVE-2011-0020 (Heap-based buffer overflow in the
pango_ft2_font_render_box_glyph ...)
 	- pango1.0 1.28.3-1+squeeze1 (bug #610792)
@@ -8038,9 +8042,11 @@
 CVE-2010-3277 (The installer in VMware Workstation 7.x before 7.1.2 build
301548 and ...)
 	NOT-FOR-US: VMware Workstation
 CVE-2010-3276 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8
allows ...)
-	- vlc <unfixed>
+	- vlc 1.1.8-1
+        NOTE: fe44129dc6509b3347113ab0e1a0524af1e0dd11 in 1.1 branch
 CVE-2010-3275 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8
allows ...)
-	- vlc <unfixed>
+	- vlc 1.1.8-1
+        NOTE: fe44129dc6509b3347113ab0e1a0524af1e0dd11 in 1.1 branch
 CVE-2010-3274 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: ZOHO ManageEngine
 CVE-2010-3273 (ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500
allows ...)
@@ -14826,10 +14832,6 @@
 	NOT-FOR-US: Winn Guestbook
 CVE-2009-4677 (Cross-site scripting (XSS) vulnerability in search.php in phpFK
PHP ...)
 	NOT-FOR-US: phpFK PHP Forum
-CVE-2010-XXXX [vlc bookmarks memory corruption]
-	- vlc <unfixed> (bug #616156)
-	NOTE: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php
-	NOTE: obscure exploit scenario
 CVE-2010-XXXX [phpbb 3.0.7 permissions bypass]
 	- phpbb3 3.0.7-PL1
 	[lenny] - phpbb3 <not-affected> (older version is in the archive)