Author: stef-guest
Date: 2006-09-25 18:19:51 +0000 (Mon, 25 Sep 2006)
New Revision: 4764
Modified:
data/CVE/list
Log:
- CVE-2006-4799, -4800: Already fixed in some packages,
other packages embedding ffmpeg code still need to be checked.
- libmodplug fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-25 09:14:29 UTC (rev 4763)
+++ data/CVE/list 2006-09-25 18:19:51 UTC (rev 4764)
@@ -363,9 +363,13 @@
CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7
and ...)
NOT-FOR-US: Roxio Toast
CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before ...)
- TODO: check
+ - ffmpeg 0.cvs20060329-1
+ NOTE: fixed in sid+etch according to jmm
+ TODO: check other packages embedding ffmpeg code
CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow
...)
- TODO: check
+ - xine-lib 1.1.2-1
+ NOTE: according to the changelog, libxine (starting from 1.1.2-4) links
dynamically against ffmpeg
+ TODO: check ffmpeg
CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string,
which ...)
- sql-ledger 2.4.5-1
CVE-2006-4797 (Cross-site scripting (XSS) vulnerability in tag.php in
CloudNine ...)
@@ -1755,7 +1759,7 @@
CVE-2006-4193 (Microsoft Internet Explorer 6.0 SP1 and possibly other versions
allows ...)
NOT-FOR-US: MS IE
CVE-2006-4192 (Multiple buffer overflows in MODPlug Tracker (OpenMPT)
1.17.02.43 and ...)
- - libmodplug <unfixed> (medium; bug #383574)
+ - libmodplug 1:0.7-5.2 (medium; bug #383574)
CVE-2006-4191 (Directory traversal vulnerability in memcp.php in XMB (Extreme
Message ...)
NOT-FOR-US: XMB
CVE-2006-4190 (Directory traversal vulnerability in autohtml.php in the
AutoHTML ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
