[Secure-testing-commits] r13882 - data/CVE

Fri, 22 Jan 2010 08:15:02 -0800 

Author: jmm-guest
Date: 2010-01-22 16:14:51 +0000 (Fri, 22 Jan 2010)
New Revision: 13882

Modified:
   data/CVE/list
Log:
- backup-manager spu
- evolution issues
- ffmpeg fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-01-22 15:27:21 UTC (rev 13881)
+++ data/CVE/list       2010-01-22 16:14:51 UTC (rev 13882)
@@ -2656,8 +2656,10 @@
        - linux-2.6 <unfixed> (unimportant)
        - linux-2.6.24 <unfixed> (unimportant)
        NOTE: All Debian kernels have MMU support enabled
-CVE-2009-3887
+CVE-2009-3887 [evolution path traversal]
        RESERVED
+        - evolution <unfixed>
+        NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
 CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before 
Update 17 ...)
        - openjdk-6 <unfixed> (medium; bug #560908)
        - sun-java6 6-17-1
@@ -3180,8 +3182,10 @@
        - kvm 88+dfsg-2 (low; bug #557739)
        NOTE: http://bugzilla.redhat.com/531660
        NOTE: 
http://git.kernel.org/linus/0a79b009525b160081d75cef5dbf45817956acf2
-CVE-2009-3721
+CVE-2009-3721 [evolution buffer overflow]
        RESERVED
+        - evolution <unfixed>
+        NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
 CVE-2009-3720 (The updatePosition function in lib/xmltok_impl.c in libexpat in 
Expat ...)
        {DSA-1921-1}
        - expat 2.0.1-5 (low; bug #551936)
@@ -4004,10 +4008,9 @@
 CVE-2009-3447 (Unrestricted file upload vulnerability in RADactive I-Load 
before ...)
        NOT-FOR-US: RADactive I-Load
 CVE-2009-XXXX [ffmpeg missing input sanitization/crashes]
-       - ffmpeg  (medium; bug #550442)
+       - ffmpeg 4:0.5+svn20090706-3 (medium; bug #550442)
        - xmovie <removed> (medium)
        - ffmpeg-debian <removed> (medium)
-       NOTE: Fixed in experimental in 4:0.5+svn20090706-3
        NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240
        NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245
 CVE-2009-XXXX [xen-tools: world readable disk image files]
@@ -40706,6 +40709,7 @@
        - backup-manager 0.7.6-1 (low)
        [sarge] - backup-manager <no-dsa> (Minor issue)
        [etch] - backup-manager <no-dsa> (Minor issue)
+       TODO: next point update [etch] - backup-manager 0.7.5-5
 CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly 
parse ...)
        NOT-FOR-US: BlockHosts
 CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm 
switches ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to