diff options
author | Michael Gilbert <michael.s.gilbert@gmail.com> | 2009-05-04 19:44:38 +0000 |
---|---|---|
committer | Michael Gilbert <michael.s.gilbert@gmail.com> | 2009-05-04 19:44:38 +0000 |
commit | ed2dfa0344a86ced219f37c3923b308a93c52d05 (patch) | |
tree | cf2c0b27685226e1446d12556fed9efcab4d2250 | |
parent | beb8702d563be949feb6ef31a2568a59958e231a (diff) |
CVE-2008-2009 vulnerability already fixed; additional hardening features to be considered as an spu/ospu candidate
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@11775 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/list | 4 | ||||
-rw-r--r-- | data/ospu-candidates.txt | 5 | ||||
-rw-r--r-- | data/spu-candidates.txt | 5 |
3 files changed, 14 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 26910c6b36..ca67638bac 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -14821,6 +14821,10 @@ CVE-2008-2010 (Unspecified vulnerability in Apple QuickTime Player on Windows XP NOT-FOR-US: Windows CVE-2008-2009 (Xiph.org libvorbis before 1.0 does not properly check for ...) - libvorbis 1.2.0.dfsg-4 (bug #482039) + [etch] - libvorbis <no-dsa> (actual vulnerability fixed pre-1.0) + [lenny] - libvorbis <no-dsa> (actual vulnerability fixed pre-1.0) + NOTE: additional hardening features have already been added to the unstable + NOTE: packages that would be useful to have in stable, so proposing as spu/ospu CVE-2008-2008 (Buffer overflow in the Display Names message feature in Cerulean ...) NOT-FOR-US: Cerulean Studios Trillian Basic CVE-2008-2007 diff --git a/data/ospu-candidates.txt b/data/ospu-candidates.txt index 4c91b15137..3ee2d2e708 100644 --- a/data/ospu-candidates.txt +++ b/data/ospu-candidates.txt @@ -310,6 +310,11 @@ notified maintainer -- +libvorbis (CVE-2008-2009) +notified maintainer and release team + +-- + liferea (CVE-2005-4791) notified maintainer diff --git a/data/spu-candidates.txt b/data/spu-candidates.txt index bc7a896c3d..90ce54dc36 100644 --- a/data/spu-candidates.txt +++ b/data/spu-candidates.txt @@ -32,6 +32,11 @@ kvm 82-1 (CVE-2008-5714) -- +libvorbis (CVE-2008-2009) +notified maintainer and release team + +-- + mpfr (CVE-2009-0757) notified maintainer |