From: Darren S. <ds...@us...> - 2008-02-16 17:49:46
|
Update of /cvsroot/xine/xine_www/documentation/security In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv8632/documentation/security Modified Files: list Removed Files: README Log Message: Security page fixes: add version info, group by package. Also add some old CVEs. Dispose of the old README since the script no longer accesses it. Index: list =================================================================== RCS file: /cvsroot/xine/xine_www/documentation/security/list,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- list 8 Feb 2008 00:28:46 -0000 1.3 +++ list 16 Feb 2008 17:49:43 -0000 1.4 @@ -1,19 +1,31 @@ -XSA-2004-1: xine-lib config MRL vulnerability -XSA-2004-2: xine-ui "cfg:" MRL vulnerability -XSA-2004-3: xine-lib RTSP input vulnerability -XSA-2004-4: multiple string overflows in xine-lib -XSA-2004-5: heap overflow in DVD subpicture decoder -XSA-2004-6: multiple heap overflows in PNM and Real RTSP streaming clients -XSA-2004-7: stack overflow in AIFF demultiplexer -XSA-2004-8: multiple heap overflows in MMS and Real RTSP streaming clients -XSA-2005-1: format string vulnerability in CDDB client -CVE-2005-4048: heap overflow in ffmpeg PNG decoder -CVE-2006-1664: heap overflow in ASF demuxer -CVE-2006-2200: stack overflow in MMS streaming clients -CVE-2006-2802: buffer overflow in the HTTP plugin -CVE-2006-6172: buffer overflow in the Real RTSP stream handler -CVE-2007-1246: buffer overflow in DMO video decoding -CVE-2007-1387: buffer overflow in DirectShow video decoding -CVE-2008-0225: heap overflow in RTSP streaming clients -CVE-2008-0238: heap overflow in RTSP streaming clients -CVE-2008-0486: array index bug, potential heap overflow in FLAC parsing +# ID Not vuln <= Fixed in Description +xine-lib +XSA-2004-1 0.9.13 1-rc3b config MRL vulnerability +XSA-2004-3 1-beta0 1-rc4 RTSP input vulnerability +XSA-2004-4 1-rc1 1-rc6 multiple string overflows +XSA-2004-5 0.5.1 1-rc6 heap overflow in DVD subpicture decoder +XSA-2004-6 1-alpha1 1.0 multiple heap overflows in PNM and Real RTSP streaming clients +XSA-2004-7 1-rc8 1.0 stack overflow in AIFF demultiplexer +XSA-2004-8 0.9.8 1.0.1 multiple heap overflows in MMS and Real RTSP streaming clients +XSA-2005-1 1-beta2 1.1.1 format string vulnerability in CDDB client +CVE-2005-4048 =0.x 1.1.2 heap overflow in ffmpeg PNG decoder +CVE-2006-1664 1.1.2 1.1.10 heap overflow in ASF demuxer +CVE-2006-2200 ? 1.1.3 stack overflow in MMS streaming clients +CVE-2006-2802 ? 1.1.2 buffer overflow in the HTTP plugin +CVE-2006-6172 ? 1.1.3 buffer overflow in the Real RTSP stream handler +CVE-2007-1246 ? 1.1.5 buffer overflow in DMO video decoding +CVE-2007-1387 ? 1.1.5 buffer overflow in DirectShow video decoding +CVE-2008-0225 ? 1.1.9.1 heap overflow in RTSP streaming clients +CVE-2008-0238 ? 1.1.9.1 heap overflow in RTSP streaming clients +CVE-2008-0486 1.1.1 1.1.10.1 array index bug, potential heap overflow in FLAC parsing + +xine-ui +XSA-2004-2 0.9.20 0.99.1 "cfg:" MRL vulnerability +CVE-2004-0372 ? 0.99.1 symlink vulnerability in xine-bugreport & xine-check +CVE-2006-1905 ? 0.99.5 format string vulnerability in playlist file handling +CVE-2007-0254 ? 0.99.5 format string vulnerability in playlist error reporting + +gxine +CVE-2004-1034 ? 0.4.0-rc1 buffer overflow in the HTTP fetcher code +CVE-2005-1692 ? 0.4.5 format string vulnerability in error reporting +CVE-2007-0406 ? 0.5.10 local buffer overflow --- README DELETED --- |