current ffmpeg not affected; poppler is vulnerable to new issues; xpdf uses poppler

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@16022 e39458fd-73e7-0310-bf30-c45bca0a0e42

1 files changed, 6 insertions, 7 deletions

diff --git a/data/CVE/list b/data/CVE/list
index c245c131c5..f2c58ab151 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -470,8 +470,9 @@ CVE-2011-0481 (Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS
 	- chromium-browser <not-affected> (Chrome PDF plugin)
 	- webkit <not-affected> (Chrome PDF plugin)
 CVE-2011-0480 (Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in ...)
-	- ffmpeg <unfixed> (bug #610550)
-	- ffmpeg-debian <removed>
+	- ffmpeg <not-affected> (webm not yet supported; bug #610550)
+	- ffmpeg-debian <not-affected> (webm not supported yet)
+	TODO: recheck newer versions (see bug)
 CVE-2011-0479 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
 	- chromium-browser 9.0.597.45~r70550-1
 	[squeeze] - chromium-browser <not-affected>
@@ -1032,17 +1033,15 @@ CVE-2010-4655 [heap contents leak for CAP_NET_ADMIN via ethtool ioctl]
 CVE-2010-4654
 	RESERVED
 	- kdegraphics 4.0
-	- xpdf <unfixed>
-	- poppler <undetermined>
+	- xpdf 3.02-9 
+	- poppler <unfixed>
 	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=8284008aa8230a92ba08d547864353d3290e9bf9
-	TODO: check
 CVE-2010-4653
 	RESERVED
 	- kdegraphics 4.0
-	- xpdf <unfixed>
+	- xpdf 3.02-9
 	- poppler <unfixed>
 	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=cad66a7d25abdb6aa15f3aa94a35737b119b2659
-	TODO: check
 CVE-2010-4652 [buffer overflow when preparing SQL queries]
 	RESERVED
 	- proftpd-dfsg 1.3.3a-6