oss-security - Re: CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <652254890.179837.1305833444194.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Thu, 19 May 2011 15:30:44 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE requests:
 ffmpeg/widelands/jifty::db/lilo/libpcap

> 
> 1. ffmpeg/libav out of array write in AMV parsing
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339
> http://seclists.org/bugtraq/2011/Apr/257
> http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32

Use CVE-2011-1931


> 
> 2. widelands directory traversal
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960
> http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021

Use CVE-2011-1932


> 
> 3. SQL injection in Jifty::DBI
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622919
> http://lists.jifty.org/pipermail/jifty-devel/2011-April/002426.html

Use CVE-2011-1933


> 
> 4. lilo: lilo-uuid-diskid makes lilo.conf world-readable
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615103

Use CVE-2011-1934


> 
> 5. libpcap packet truncation
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623868
> http://thread.gmane.org/gmane.network.tcpdump.devel/5018

Use CVE-2011-1935

Thanks.

-- 
    JB

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.