Secure testing commits - Dec 2011 - r17769 - data/CVE

Author: jmm
Date: 2011-12-09 20:51:16 +0000 (Fri, 09 Dec 2011)
New Revision: 17769

Modified:
   data/CVE/list
Log:
asterisk bugnum
openssl no-dsa
record libav fixes instead of ffmpeg, since libav is used in Debian


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-12-09 20:46:06 UTC (rev 17768)
+++ data/CVE/list	2011-12-09 20:51:16 UTC (rev 17769)
@@ -321,10 +321,10 @@
 	RESERVED
 CVE-2011-4598 [http://downloads.asterisk.org/pub/security/AST-2011-014.html]
 	RESERVED
-	- asterisk <unfixed>
+	- asterisk <unfixed> (bug #651552)
 CVE-2011-4597 [http://downloads.asterisk.org/pub/security/AST-2011-013.html]
 	RESERVED
-	- asterisk <unfixed> (unimportant)
+	- asterisk <unfixed> (unimportant; bug #651552)
 	NOTE: This is mostly a design limitation and has very little impact
 CVE-2011-4596
 	RESERVED
@@ -895,6 +895,7 @@
 	- ffmpeg <removed>
 	- ffmpeg-debian <end-of-life>
 	NOTE: http://www.usenix.org/events/woot11/tech/final_files/Yamaguchi.pdf
+        NOTE:
http://git.libav.org/?p=libav.git;a=commitdiff;h=494cfacdb9ba3f0549e37f76b3a2f86a7aeeac3c
 CVE-2011-4363
 	RESERVED
 	- libproc-processtable-perl <unfixed> (low; bug #650500)
@@ -934,30 +935,31 @@
 CVE-2011-4354 [OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys]
 	RESERVED
 	- openssl 0.9.8o-4squeeze3 (bug #650621)
+	[lenny] - openssl <no-dsa> (Minor issue)
 CVE-2011-4353 [VP5/VP6 DoS]
 	RESERVED
 	- libav <unfixed>
 	- ffmpeg <removed>
 	- ffmpeg-debian <end-of-life>
-	NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c693aa6f71b4f539cf9df67ba42f4b1932981687
-	NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bb4b0ad83b13c3af57675e80163f3f333adef96f
-	NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e0966eb140b3569b3d6b5b5008961944ef229c06
+	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=67a7ed6
+	NOTE: hhttp://git.libav.org/?p=libav.git;a=commitdiff;h=c76505e
+	NOTE: hhttp://git.libav.org/?p=libav.git;a=commitdiff;h=30c08e2
+	NOTE: hhttp://git.libav.org/?p=libav.git;a=commitdiff;h=7367cbe
+	NOTE: hhttp://git.libav.org/?p=libav.git;a=commitdiff;h=28acce2
 CVE-2011-4352 [VP3 integer overflow]
 	RESERVED
 	- libav <unfixed>
 	- ffmpeg <removed>
 	- ffmpeg-debian <end-of-life>
-	NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=eef5c35b4352ec49ca41f6198bee8a976b1f81e5
+	NOTE: http://article.gmane.org/gmane.comp.video.libav.devel/15182
 CVE-2011-4351 [QDM2 buffer overflow]
 	RESERVED
 	- libav <unfixed>
 	- ffmpeg <removed>
 	- ffmpeg-debian <end-of-life>
-	NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=491eaf35ae1f9b619441314bec33766e31580184
-	NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=291d74a46d32183653db07818c7b3407fd50a288
-	NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7d49f79f1cd47783a963a757a6563b9cac29db62
-	NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=14db3af4f26dad8e6ddf2147e96ccc710952ad4d
-	NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=895d258e9ba065d035dd30dbc622423031f0185c
+        NOTE:
http://git.libav.org/?p=libav.git;a=commitdiff;h=a31ccacb1a9b2abc0e140a812fb0ffca6f7c2591
+        NOTE:
http://git.libav.org/?p=libav.git;a=commitdiff;h=0d93d5c4614fafea74bdac681673f5b32eb49063
+        NOTE:
http://git.libav.org/?p=libav.git;a=commitdiff;h=73472053516f82b7d273a3d42c583f894077a191
 CVE-2011-4350
 	RESERVED
 	- yaws 1.91-2 (bug #650009)