[Secure-testing-team] [Secure-testing-commits] r12708 - data/CVE
Michael S Gilbert
michael.s.gilbert at gmail.com
Mon Aug 31 00:15:16 UTC 2009
On Mon, 31 Aug 2009 00:23:00 +0200 Nico Golde wrote:
> Hi,
> * Michael Gilbert <gilbert-guest at alioth.debian.org> [2009-08-30 19:06]:
> > Author: gilbert-guest
> > Date: 2009-08-30 17:09:16 +0000 (Sun, 30 Aug 2009)
> > New Revision: 12708
> >
> > Modified:
> > data/CVE/list
> > Log:
> > beginning of embedded code copies triage (5 down 395 to go)
> >
> > Modified: data/CVE/list
> > ===================================================================
> > --- data/CVE/list 2009-08-30 03:00:07 UTC (rev 12707)
> > +++ data/CVE/list 2009-08-30 17:09:16 UTC (rev 12708)
> > @@ -1286,6 +1286,7 @@
> > CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow ...)
> > {DSA-1857-1}
> > - camlimages 1:3.0.1-3 (medium; bug #540146)
> > + - advi <not-affected> (affected code section not present in advi code copy of camlimages)
> > CVE-2009-2657 (nilfs-utils before 2.0.14 installs multiple programs with unnecessary ...)
> > - nilfs2-tools <not-affected> (dh_fixperms removes the setuid and setgid bits from all files)
> > CVE-2009-2656 (Unspecified vulnerability in the com.android.phone process in Android ...)
> > @@ -1303,6 +1304,8 @@
> > CVE-2009-XXXX [VLC: integer underflow in Real RTSP]
> > - vlc 1.0.1-1
> > - mplayer <unfixed>
> > + - xine-lib <unfixed>
> > + NOTE: affected mplayer code copy present in xine-lib
>
> Did you only check if the code is present or also if it's
> used?
yes, i only checked that the embedded code is present. after further
review of the full disclosure posting, it is clear that xine-lib is not
affected because it has additional an additional check.
mike
More information about the Secure-testing-team
mailing list