Author: jmm Date: 2011-07-28 07:48:29 +0000 (Thu, 28 Jul 2011) New Revision: 17016 Modified: data/CVE/list Log: - new libsndfile issue (DSA in preparation) - also squashed a CVE-less duped entry for libsndfile Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-07-28 05:08:01 UTC (rev 17015) +++ data/CVE/list 2011-07-28 07:48:29 UTC (rev 17016) @@ -280,9 +280,9 @@ CVE-2011-2746 RESERVED CVE-2011-2745 (upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier ...) - TODO: check + NOT-FOR-US: Chyrp CVE-2011-2744 (Directory traversal vulnerability in Chyrp 2.1 and earlier allows ...) - NOT-FOR-US: Chyrp + NOT-FOR-US: Chyrp CVE-2011-2743 (Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and ...) NOT-FOR-US: Chyrp CVE-2011-2742 @@ -403,7 +403,7 @@ RESERVED - hplip <unfixed> (bug #635549; medium) CVE-2011-2696 (Integer overflow in libsndfile before 1.0.25 allows remote attackers ...) - TODO: check + - libsndfile 1.0.25-1 CVE-2011-2695 RESERVED CVE-2011-2694 [Samba SWAT XSS] @@ -28721,9 +28721,6 @@ - libdkim 1:1.0.19-4 (unimportant; bug #532740) NOTE: This is mostly a missing feature, it''s unlikely that any threaded application NOTE: is using libdkim in the current state, so the practical impact is none -CVE-2009-XXXX [libsndfile: potential dos via crafted input] - - libsndfile <unfixed> (unimportant; bug #530831) - NOTE: Just a crasher, no code injection CVE-2009-XXXX [mimedecode: potential dos/crash due to invalid input] - mimedecode <removed> (low; bug #530430) [etch] - mimedecode <no-dsa> (minor issue)