thr3ads.net - Secure testing commits - [Secure-testing-commits] r16539

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2011-Apr-18 14:43 UTC
[Secure-testing-commits] r16539 - data/CVE

Author: jmm
Date: 2011-04-18 14:43:21 +0000 (Mon, 18 Apr 2011)
New Revision: 16539

Modified:
   data/CVE/list
Log:
- new libvirt issue
- kernel-sec sync
- three new ffmpeg issues as seen in USN, mdeslaur can you please commit public
refs to
  advisories/upstream bug or anything similar to the security tracker


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-04-18 14:18:34 UTC (rev 16538)
+++ data/CVE/list	2011-04-18 14:43:21 UTC (rev 16539)
@@ -545,6 +545,9 @@
 	TODO: check
 CVE-2011-1486
 	RESERVED
+	- libvirt <unfixed> (low; bug #623222)
+	[squeeze] - libvirt <no-dsa> (Minor issue)
+	[lenny] - libvirt <no-dsa> (Minor issue)
 CVE-2011-1485
 	RESERVED
 CVE-2011-1484
@@ -559,6 +562,9 @@
 	RESERVED
 CVE-2011-1479
 	RESERVED
+	- linux-2.6 <unfixed>
+	[lenny] - linux-2.6 <not-affected> (Only affected 2.6.37 and 2.6.38)
+	[squeeze] - linux-2.6 <not-affected> (Only affected 2.6.37 and 2.6.38)
 CVE-2011-1478
 	RESERVED
 	- linux-2.6 2.6.38-1
@@ -1887,7 +1893,7 @@
 	[squeeze] - openldap <no-dsa> (Minor issue)
 CVE-2011-1023
 	RESERVED
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.38-1
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.35)
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.35)
 CVE-2011-1022 (The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in
...)
@@ -2723,8 +2729,14 @@
 	NOTE:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001245.html
 CVE-2011-0723
 	RESERVED
+	- libav <undetermined>
+	- ffmpeg <undetermined>
+	- ffmpeg-debian <removed>
 CVE-2011-0722
 	RESERVED
+	- libav <undetermined>
+	- ffmpeg <undetermined>
+	- ffmpeg-debian <removed>
 CVE-2011-0721 (Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh
in ...)
 	{DSA-2164-1}
 	- shadow 1:4.1.4.2+svn3283-3
@@ -3382,9 +3394,9 @@
 	- chromium-browser <not-affected> (Chrome PDF plugin)
 	- webkit <not-affected> (Chrome PDF plugin)
 CVE-2011-0480 (Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder
in ...)
-	- ffmpeg <not-affected> (webm not yet supported; bug #610550)
+	- ffmpeg <not-affected> (webm not yet supported)
 	- ffmpeg-debian <not-affected> (webm not supported yet)
-	TODO: recheck newer versions (see bug)
+	- libav 4:0.6.1-1 (bug #610550)
 CVE-2011-0479 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do ...)
 	- chromium-browser 9.0.597.45~r70550-1
 	[squeeze] - chromium-browser <not-affected>
@@ -6705,8 +6717,11 @@
 	NOT-FOR-US: vTiger CRM
 CVE-2010-3909 (Incomplete blacklist vulnerability in config.template.php in
vtiger ...)
 	NOT-FOR-US: vtiger CRM
-CVE-2010-3908
+CVE-2010-3908 [ffmpeg/wmv issue]
 	RESERVED
+	- libav <undetermined>
+	- ffmpeg <undetermined>
+	- ffmpeg-debian <removed>
 CVE-2010-3907 (Multiple integer overflows in real.c in the Real demuxer plugin
in ...)
 	- vlc 1.1.3-1squeeze1
 	[lenny] - vlc <not-affected> (Vulnerable code not present)
Secure testing commits - Apr 2011 - r16539 - data/CVE

[Secure-testing-commits] r16539 - data/CVE
