Moritz Muehlenhoff
2011-Apr-06 21:36 UTC
[Secure-testing-commits] r16487 - in data: CVE DSA
Author: jmm
Date: 2011-04-06 21:36:12 +0000 (Wed, 06 Apr 2011)
New Revision: 16487
Modified:
data/CVE/list
data/DSA/list
Log:
VLC DSA
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-04-06 21:17:00 UTC (rev 16486)
+++ data/CVE/list 2011-04-06 21:36:12 UTC (rev 16487)
@@ -1531,7 +1531,9 @@
- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1087 [vlc bookmarks memory corruption]
RESERVED
- - vlc <unfixed> (bug #616156)
+ - vlc <unfixed> (low; bug #616156)
+ [squeeze] - vlc <no-dsa> (Minor issue)
+ [lenny] - vlc <no-dsa> (Minor issue)
NOTE: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php
NOTE: obscure exploit scenario
CVE-2011-1086
@@ -3061,6 +3063,7 @@
CVE-2011-0531 (demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC
media ...)
{DSA-2159-1}
- vlc 1.1.7-1 (medium)
+ [lenny] - vlc 0.8.6.h-4+lenny3
CVE-2011-0530 (Buffer overflow in the mainloop function in nbd-server.c in the
server ...)
{DSA-2183-1}
- nbd 1:2.9.16-8 (bug #611187)
@@ -4894,6 +4897,7 @@
NOT-FOR-US: 389 LDAP server
CVE-2011-0522 (The StripTags function in (1) the USF decoder ...)
- vlc 1.1.3-1squeeze2
+ [lenny] - vlc 0.8.6.h-4+lenny3
CVE-2011-0021 (Multiple heap-based buffer overflows in cdg.c in the CDG decoder
in ...)
- vlc 1.1.3-1squeeze2
[lenny] - vlc <not-affected> (Vulnerable code not present)
@@ -13480,15 +13484,17 @@
NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1443 [Invalid memory access in XSPF playlist parser]
RESERVED
- - vlc 1.0.6-1
+ - vlc 1.0.6-1 (unimportant)
NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1442 [Invalid memory access in AVI, ASF, Matroska (MKV) demuxers]
RESERVED
- vlc 1.0.6-1
+ [lenny] - vlc 0.8.6.h-4+lenny3
NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1441 [Heap buffer overflow vulnerability in A/52, DTS and MPEG Audio
decoders]
RESERVED
- vlc 1.0.6-1
+ [lenny] - vlc 0.8.6.h-4+lenny3
NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1440 (Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX
Live ...)
- texlive-bin 2009-6 (low; bug #580668)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2011-04-06 21:17:00 UTC (rev 16486)
+++ data/DSA/list 2011-04-06 21:36:12 UTC (rev 16487)
@@ -1,3 +1,7 @@
+[06 Apr 2011] DSA-2211-1 vlc - missing input sanitising
+ {CVE-2010-3275 CVE-2010-3276}
+ [squeeze] - vlc 1.1.3-1squeeze4
+ [lenny] - vlc 0.8.6.h-4+lenny3
[03 Apr 2011] DSA-2210-1 tiff - several
{CVE-2011-0191 CVE-2011-0192 CVE-2011-1167}
[squeeze] - tiff 3.9.4-5+squeeze1