ID CVE-2008-5233Type cveReporter cve@mitre.orgModified 2018-10-11T20:54:00
Description
xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
{"id": "CVE-2008-5233", "bulletinFamily": "NVD", "title": "CVE-2008-5233", "description": "xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.", "published": "2008-11-26T01:30:00", "modified": "2018-10-11T20:54:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5233", "reporter": "cve@mitre.org", "references": ["http://secunia.com/advisories/31827", "http://securitytracker.com/id?1020703", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/44639", "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020", "http://securityreason.com/securityalert/4648", "http://www.osvdb.org/47747", "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", "http://www.ocert.org/analysis/2008-008/analysis.txt", "https://exchange.xforce.ibmcloud.com/vulnerabilities/44649", "http://www.securityfocus.com/archive/1/495674/100/0/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/44648", "http://www.securityfocus.com/bid/30797", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html", "http://sourceforge.net/project/shownotes.php?release_id=619869"], "cvelist": ["CVE-2008-5233"], "type": "cve", "lastseen": "2019-05-29T18:09:29", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "c19a3083a279ab3ac430c65d349cc1df"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "70a951d4f7c95cbe09a7bc38cdc10d61"}, {"key": "cpe23", "hash": "8128c48ed2316aaddc29adadc79fc1a1"}, {"key": "cvelist", "hash": "761e2de33245602e24b3cee77d893c22"}, {"key": "cvss", "hash": "741b18e744e3f37108cd8c3f4a1c6ef7"}, {"key": "cvss2", "hash": "497bc610268b9555b01688437435adc2"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "bb61a0949f8c36262500079f243672e2"}, {"key": "description", "hash": "22cf046bb30e394a9128738c22ce6074"}, {"key": "href", "hash": "d4338a2670e7e189f7b70a3e8f22c881"}, {"key": "modified", "hash": "90e7018ad156f488d0e8955be6fb4318"}, {"key": "published", "hash": "8169de64f5e2e772fccdd5ac321a2f42"}, {"key": "references", "hash": "aad291e646ff0e79bd58b7e119fd8639"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "9344abb049c006f1faafd91a03842414"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "b710a120817599174ce190987b799513b6d7898da9ddc365ad2eb6a05903683c", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["FEDORA_2008-7572.NASL", "FEDORA_2008-7512.NASL", "MANDRIVA_MDVSA-2009-319.NASL", "MANDRIVA_MDVSA-2009-020.NASL", "SUSE_XINE-DEVEL-5966.NASL", "SUSE_11_0_XINE-DEVEL-090129.NASL", "SUSE_XINE-DEVEL-5965.NASL", "UBUNTU_USN-710-1.NASL", "GENTOO_GLSA-201006-04.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:63252", "OPENVAS:136141256231063252", "OPENVAS:136141256231066401", "OPENVAS:136141256231069007", "OPENVAS:66401", "OPENVAS:69007", "OPENVAS:63305", "OPENVAS:136141256231063412", "OPENVAS:63412"]}, {"type": "gentoo", "idList": ["GLSA-201006-04"]}, {"type": "ubuntu", "idList": ["USN-710-1"]}], "modified": "2019-05-29T18:09:29"}, "score": {"value": 7.3, "vector": "NONE", "modified": "2019-05-29T18:09:29"}, "vulnersScore": 7.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:xine:xine-lib:1.1.6", "cpe:/a:xine:xine-lib:1.1.12", "cpe:/a:xine:xine-lib:1_beta11", "cpe:/a:xine:xine-lib:1_beta9", "cpe:/a:xine:xine-lib:1_beta12", "cpe:/a:xine:xine-lib:1.0.2", "cpe:/a:xine:xine-lib:1_beta3", "cpe:/a:xine:xine-lib:1_beta2", "cpe:/a:xine:xine-lib:0.9.13", "cpe:/a:xine:xine-lib:1_beta6", "cpe:/a:xine:xine-lib:1_beta1", "cpe:/a:xine:xine-lib:1.1.1", "cpe:/a:xine:xine-lib:1.1.11.1", "cpe:/a:xine:xine-lib:1.1.7", "cpe:/a:xine:xine-lib:1.1.4", "cpe:/a:xine:xine-lib:1.1.5", "cpe:/a:xine:xine-lib:1.1.9", "cpe:/a:xine:xine-lib:1.1.8", "cpe:/a:xine:xine-lib:1_beta8", "cpe:/a:xine:xine-lib:1.1.3", "cpe:/a:xine:xine-lib:1.1.2", "cpe:/a:xine:xine-lib:1.0.1", "cpe:/a:xine:xine-lib:1.1.13", "cpe:/a:xine:xine-lib:1.1.10", "cpe:/a:xine:xine-lib:1.1.9.1", "cpe:/a:xine:xine-lib:1.0.3a", "cpe:/a:xine:xine-lib:1.0", "cpe:/a:xine:xine-lib:1.1.0", "cpe:/a:xine:xine-lib:1_beta5", "cpe:/a:xine:xine-lib:1_beta7", "cpe:/a:xine:xine-lib:1", "cpe:/a:xine:xine-lib:1_beta4", "cpe:/a:xine:xine-lib:1_beta10", "cpe:/a:xine:xine-lib:1.1.11", "cpe:/a:xine:xine-lib:1.1.10.1"], "affectedSoftware": [{"name": "xine xine-lib", "operator": "eq", "version": "1_beta11"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.0.2"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.1.7"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.1.6"}, {"name": "xine xine-lib", "operator": "eq", "version": "1_beta5"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.1.3"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.0.3a"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.0"}, {"name": "xine xine-lib", "operator": "eq", "version": "1_beta6"}, {"name": "xine xine-lib", "operator": "eq", "version": "1_beta2"}, {"name": "xine xine-lib", "operator": "eq", "version": "0.9.13"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.1.8"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.0.1"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.1.2"}, {"name": "xine xine-lib", "operator": "eq", "version": "1_beta7"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.1.10.1"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.1.1"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.1.13"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.1.12"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.1.9"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.1.0"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.1.9.1"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.1.11"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.1.4"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.1.11.1"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.1.10"}, {"name": "xine xine-lib", "operator": "eq", "version": "1_beta10"}, {"name": "xine xine-lib", "operator": "eq", "version": "1"}, {"name": "xine xine-lib", "operator": "eq", "version": "1_beta3"}, {"name": "xine xine-lib", "operator": "eq", "version": "1_beta1"}, {"name": "xine xine-lib", "operator": "eq", "version": "1_beta12"}, {"name": "xine xine-lib", "operator": "eq", "version": "1_beta4"}, {"name": "xine xine-lib", "operator": "le", "version": "1.1.14"}, {"name": "xine xine-lib", "operator": "eq", "version": "1.1.5"}, {"name": "xine xine-lib", "operator": "eq", "version": "1_beta9"}, {"name": "xine xine-lib", "operator": "eq", "version": "1_beta8"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cpe23": ["cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*"], "cwe": ["CWE-119"]}
{"openvas": [{"lastseen": "2017-07-24T12:56:46", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:020.", "modified": "2017-07-06T00:00:00", "published": "2009-01-26T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63252", "id": "OPENVAS:63252", "title": "Mandrake Security Advisory MDVSA-2009:020 (xine-lib)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_020.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:020 (xine-lib)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details, please visit the referenced security advisories.\n\nThis update provides the fix for all these security issues found in\nxine-lib 1.1.11 of Mandriva 2008.1. The vulnerabilities: CVE-2008-5234,\nCVE-2008-5236, CVE-2008-5237, CVE-2008-5239, CVE-2008-5240,\nCVE-2008-5243 are found in xine-lib 1.1.15 of Mandriva 2009.0 and\nare also fixed by this update.\n\nAffected: 2008.1, 2009.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:020\";\ntag_summary = \"The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:020.\";\n\n \n\nif(description)\n{\n script_id(63252);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-26 18:18:20 +0100 (Mon, 26 Jan 2009)\");\n script_cve_id(\"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5243\", \"CVE-2008-5245\", \"CVE-2008-5246\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:020 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libxine1\", rpm:\"libxine1~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine-devel\", rpm:\"libxine-devel~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-aa\", rpm:\"xine-aa~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-caca\", rpm:\"xine-caca~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-dxr3\", rpm:\"xine-dxr3~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-esd\", rpm:\"xine-esd~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-flac\", rpm:\"xine-flac~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-gnomevfs\", rpm:\"xine-gnomevfs~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-image\", rpm:\"xine-image~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-jack\", rpm:\"xine-jack~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-plugins\", rpm:\"xine-plugins~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-pulse\", rpm:\"xine-pulse~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-sdl\", rpm:\"xine-sdl~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-smb\", rpm:\"xine-smb~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-wavpack\", rpm:\"xine-wavpack~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine1\", rpm:\"lib64xine1~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine-devel\", rpm:\"lib64xine-devel~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine1\", rpm:\"libxine1~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine-devel\", rpm:\"libxine-devel~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-aa\", rpm:\"xine-aa~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-caca\", rpm:\"xine-caca~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-dxr3\", rpm:\"xine-dxr3~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-esd\", rpm:\"xine-esd~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-flac\", rpm:\"xine-flac~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-gnomevfs\", rpm:\"xine-gnomevfs~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-image\", rpm:\"xine-image~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-jack\", rpm:\"xine-jack~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-plugins\", rpm:\"xine-plugins~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-pulse\", rpm:\"xine-pulse~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-sdl\", rpm:\"xine-sdl~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-smb\", rpm:\"xine-smb~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-wavpack\", rpm:\"xine-wavpack~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine1\", rpm:\"lib64xine1~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine-devel\", rpm:\"lib64xine-devel~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:020.", "modified": "2018-04-06T00:00:00", "published": "2009-01-26T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063252", "id": "OPENVAS:136141256231063252", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:020 (xine-lib)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_020.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:020 (xine-lib)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details, please visit the referenced security advisories.\n\nThis update provides the fix for all these security issues found in\nxine-lib 1.1.11 of Mandriva 2008.1. The vulnerabilities: CVE-2008-5234,\nCVE-2008-5236, CVE-2008-5237, CVE-2008-5239, CVE-2008-5240,\nCVE-2008-5243 are found in xine-lib 1.1.15 of Mandriva 2009.0 and\nare also fixed by this update.\n\nAffected: 2008.1, 2009.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:020\";\ntag_summary = \"The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:020.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63252\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-26 18:18:20 +0100 (Mon, 26 Jan 2009)\");\n script_cve_id(\"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5243\", \"CVE-2008-5245\", \"CVE-2008-5246\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:020 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libxine1\", rpm:\"libxine1~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine-devel\", rpm:\"libxine-devel~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-aa\", rpm:\"xine-aa~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-caca\", rpm:\"xine-caca~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-dxr3\", rpm:\"xine-dxr3~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-esd\", rpm:\"xine-esd~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-flac\", rpm:\"xine-flac~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-gnomevfs\", rpm:\"xine-gnomevfs~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-image\", rpm:\"xine-image~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-jack\", rpm:\"xine-jack~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-plugins\", rpm:\"xine-plugins~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-pulse\", rpm:\"xine-pulse~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-sdl\", rpm:\"xine-sdl~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-smb\", rpm:\"xine-smb~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-wavpack\", rpm:\"xine-wavpack~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine1\", rpm:\"lib64xine1~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine-devel\", rpm:\"lib64xine-devel~1.1.11.1~4.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine1\", rpm:\"libxine1~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine-devel\", rpm:\"libxine-devel~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-aa\", rpm:\"xine-aa~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-caca\", rpm:\"xine-caca~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-dxr3\", rpm:\"xine-dxr3~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-esd\", rpm:\"xine-esd~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-flac\", rpm:\"xine-flac~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-gnomevfs\", rpm:\"xine-gnomevfs~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-image\", rpm:\"xine-image~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-jack\", rpm:\"xine-jack~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-plugins\", rpm:\"xine-plugins~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-pulse\", rpm:\"xine-pulse~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-sdl\", rpm:\"xine-sdl~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-smb\", rpm:\"xine-smb~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-wavpack\", rpm:\"xine-wavpack~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine1\", rpm:\"lib64xine1~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine-devel\", rpm:\"lib64xine-devel~1.1.15~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:47", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:319.", "modified": "2017-07-06T00:00:00", "published": "2009-12-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66401", "id": "OPENVAS:66401", "title": "Mandriva Security Advisory MDVSA-2009:319 (xine-lib)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_319.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:319 (xine-lib)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vulnerabilities have been discovered and corrected in xine-lib:\n\nFailure on Ogg files manipulation can lead remote attackers to cause\na denial of service by using crafted files (CVE-2008-3231).\n\nFailure on manipulation of either MNG or Real or MOD files can lead\nremote attackers to cause a denial of service by using crafted files\n(CVE: CVE-2008-5233).\n\nHeap-based overflow allows remote attackers to execute arbitrary\ncode by using Quicktime media files holding crafted metadata\n(CVE-2008-5234).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using either crafted Matroska or Real media files (CVE-2008-5236).\n\nFailure on manipulation of either MNG or Quicktime files can lead\nremote attackers to cause a denial of service by using crafted files\n(CVE-2008-5237).\n\nMultiple heap-based overflow on input plugins (http, net, smb, dvd,\ndvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to\nexecute arbitrary code by handling that input channels. Further\nthis problem can even lead attackers to cause denial of service\n(CVE-2008-5239).\n\nHeap-based overflow allows attackers to execute arbitrary code by using\ncrafted Matroska media files (MATROSKA_ID_TR_CODECPRIVATE track entry\nelement). Further a failure on handling of Real media files (CONT_TAG\nheader) can lead to a denial of service attack (CVE-2008-5240).\n\nInteger underflow allows remote attackers to cause denial of service\nby using Quicktime media files (CVE-2008-5241).\n\nFailure on manipulation of Real media files can lead remote attackers\nto cause a denial of service by indexing an allocated buffer with a\ncertain input value in a crafted file (CVE-2008-5243).\n\nVulnerabilities of unknown impact - possibly buffer overflow - caused\nby a condition of video frame preallocation before ascertaining the\nrequired length in V4L video input plugin (CVE-2008-5245).\n\nHeap-based overflow allows remote attackers to execute arbitrary\ncode by using crafted media files. This vulnerability is in the\nmanipulation of ID3 audio file data tagging mainly used in MP3 file\nformats (CVE-2008-5246).\n\nInteger overflow in the qt_error parse_trak_atom function in\ndemuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote\nattackers to execute arbitrary code via a Quicktime movie file with a\nlarge count value in an STTS atom, which triggers a heap-based buffer\noverflow (CVE-2009-1274)\n\nInteger overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib\n1.1.16.1 allows remote attackers to cause a denial of service (crash)\nand possibly execute arbitrary code via a 4X movie file with a large\ncurrent_track value, a similar issue to CVE-2009-0385 (CVE-2009-0698)\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nThis update fixes these issues.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:319\";\ntag_summary = \"The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:319.\";\n\n \n\nif(description)\n{\n script_id(66401);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5243\", \"CVE-2008-5245\", \"CVE-2008-5246\", \"CVE-2009-1274\", \"CVE-2009-0385\", \"CVE-2009-0698\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:319 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libxine1\", rpm:\"libxine1~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine-devel\", rpm:\"libxine-devel~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-aa\", rpm:\"xine-aa~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-caca\", rpm:\"xine-caca~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-dxr3\", rpm:\"xine-dxr3~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-esd\", rpm:\"xine-esd~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-flac\", rpm:\"xine-flac~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-gnomevfs\", rpm:\"xine-gnomevfs~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-image\", rpm:\"xine-image~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-jack\", rpm:\"xine-jack~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-plugins\", rpm:\"xine-plugins~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-pulse\", rpm:\"xine-pulse~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-sdl\", rpm:\"xine-sdl~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-smb\", rpm:\"xine-smb~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine1\", rpm:\"lib64xine1~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine-devel\", rpm:\"lib64xine-devel~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-04T14:19:57", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201006-04.", "modified": "2017-08-30T00:00:00", "published": "2011-03-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=69007", "id": "OPENVAS:69007", "title": "Gentoo Security Advisory GLSA 201006-04 (xine-lib)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in xine-lib might result in the remote execution\n of arbitrary code.\";\ntag_solution = \"All xine-lib users should upgrade to an unaffected version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.16.3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201006-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=234777\nhttp://bugs.gentoo.org/show_bug.cgi?id=249041\nhttp://bugs.gentoo.org/show_bug.cgi?id=260069\nhttp://bugs.gentoo.org/show_bug.cgi?id=265250\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201006-04.\";\n\n \n \n\nif(description)\n{\n script_id(69007);\n script_version(\"$Revision: 7024 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-30 13:51:43 +0200 (Wed, 30 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5235\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5238\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5242\", \"CVE-2008-5243\", \"CVE-2008-5244\", \"CVE-2008-5245\", \"CVE-2008-5246\", \"CVE-2008-5247\", \"CVE-2008-5248\", \"CVE-2009-0698\", \"CVE-2009-1274\");\n script_name(\"Gentoo Security Advisory GLSA 201006-04 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/xine-lib\", unaffected: make_list(\"ge 1.1.16.3\"), vulnerable: make_list(\"lt 1.1.16.3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:20", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:319.", "modified": "2018-04-06T00:00:00", "published": "2009-12-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066401", "id": "OPENVAS:136141256231066401", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:319 (xine-lib)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_319.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:319 (xine-lib)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vulnerabilities have been discovered and corrected in xine-lib:\n\nFailure on Ogg files manipulation can lead remote attackers to cause\na denial of service by using crafted files (CVE-2008-3231).\n\nFailure on manipulation of either MNG or Real or MOD files can lead\nremote attackers to cause a denial of service by using crafted files\n(CVE: CVE-2008-5233).\n\nHeap-based overflow allows remote attackers to execute arbitrary\ncode by using Quicktime media files holding crafted metadata\n(CVE-2008-5234).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using either crafted Matroska or Real media files (CVE-2008-5236).\n\nFailure on manipulation of either MNG or Quicktime files can lead\nremote attackers to cause a denial of service by using crafted files\n(CVE-2008-5237).\n\nMultiple heap-based overflow on input plugins (http, net, smb, dvd,\ndvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to\nexecute arbitrary code by handling that input channels. Further\nthis problem can even lead attackers to cause denial of service\n(CVE-2008-5239).\n\nHeap-based overflow allows attackers to execute arbitrary code by using\ncrafted Matroska media files (MATROSKA_ID_TR_CODECPRIVATE track entry\nelement). Further a failure on handling of Real media files (CONT_TAG\nheader) can lead to a denial of service attack (CVE-2008-5240).\n\nInteger underflow allows remote attackers to cause denial of service\nby using Quicktime media files (CVE-2008-5241).\n\nFailure on manipulation of Real media files can lead remote attackers\nto cause a denial of service by indexing an allocated buffer with a\ncertain input value in a crafted file (CVE-2008-5243).\n\nVulnerabilities of unknown impact - possibly buffer overflow - caused\nby a condition of video frame preallocation before ascertaining the\nrequired length in V4L video input plugin (CVE-2008-5245).\n\nHeap-based overflow allows remote attackers to execute arbitrary\ncode by using crafted media files. This vulnerability is in the\nmanipulation of ID3 audio file data tagging mainly used in MP3 file\nformats (CVE-2008-5246).\n\nInteger overflow in the qt_error parse_trak_atom function in\ndemuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote\nattackers to execute arbitrary code via a Quicktime movie file with a\nlarge count value in an STTS atom, which triggers a heap-based buffer\noverflow (CVE-2009-1274)\n\nInteger overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib\n1.1.16.1 allows remote attackers to cause a denial of service (crash)\nand possibly execute arbitrary code via a 4X movie file with a large\ncurrent_track value, a similar issue to CVE-2009-0385 (CVE-2009-0698)\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nThis update fixes these issues.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:319\";\ntag_summary = \"The remote host is missing an update to xine-lib\nannounced via advisory MDVSA-2009:319.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66401\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5243\", \"CVE-2008-5245\", \"CVE-2008-5246\", \"CVE-2009-1274\", \"CVE-2009-0385\", \"CVE-2009-0698\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:319 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libxine1\", rpm:\"libxine1~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxine-devel\", rpm:\"libxine-devel~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-aa\", rpm:\"xine-aa~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-caca\", rpm:\"xine-caca~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-dxr3\", rpm:\"xine-dxr3~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-esd\", rpm:\"xine-esd~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-flac\", rpm:\"xine-flac~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-gnomevfs\", rpm:\"xine-gnomevfs~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-image\", rpm:\"xine-image~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-jack\", rpm:\"xine-jack~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-plugins\", rpm:\"xine-plugins~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-pulse\", rpm:\"xine-pulse~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-sdl\", rpm:\"xine-sdl~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-smb\", rpm:\"xine-smb~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine1\", rpm:\"lib64xine1~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xine-devel\", rpm:\"lib64xine-devel~1.1.8~4.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:44", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201006-04.", "modified": "2019-03-14T00:00:00", "published": "2011-03-09T00:00:00", "id": "OPENVAS:136141256231069007", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069007", "title": "Gentoo Security Advisory GLSA 201006-04 (xine-lib)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201006_04.nasl 14171 2019-03-14 10:22:03Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69007\");\n script_version(\"$Revision: 14171 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 11:22:03 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5235\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5238\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5242\", \"CVE-2008-5243\", \"CVE-2008-5244\", \"CVE-2008-5245\", \"CVE-2008-5246\", \"CVE-2008-5247\", \"CVE-2008-5248\", \"CVE-2009-0698\", \"CVE-2009-1274\");\n script_name(\"Gentoo Security Advisory GLSA 201006-04 (xine-lib)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities in xine-lib might result in the remote execution\n of arbitrary code.\");\n script_tag(name:\"solution\", value:\"All xine-lib users should upgrade to an unaffected version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.16.3'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201006-04\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=234777\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=249041\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=260069\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=265250\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201006-04.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/xine-lib\", unaffected: make_list(\"ge 1.1.16.3\"), vulnerable: make_list(\"lt 1.1.16.3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:29:36", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xine-lib\nannounced via advisory USN-710-1.\n\nFor details on the issues addressed with this update, please\nvisit the referenced securtiy advisories.", "modified": "2017-12-01T00:00:00", "published": "2009-02-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63305", "id": "OPENVAS:63305", "title": "Ubuntu USN-710-1 (xine-lib)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_710_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_710_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-710-1 (xine-lib)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n libxine-main1 1.1.1+ubuntu2-7.10\n\nUbuntu 7.10:\n libxine1 1.1.7-1ubuntu1.4\n\nUbuntu 8.04 LTS:\n libxine1 1.1.11.1-1ubuntu3.2\n\nUbuntu 8.10:\n libxine1 1.1.15-0ubuntu3.1\n\nAfter a standard system upgrade you need to restart applications linked against\nxine-lib, such as Totem-xine and Amarok, to effect the necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-710-1\";\n\ntag_summary = \"The remote host is missing an update to xine-lib\nannounced via advisory USN-710-1.\n\nFor details on the issues addressed with this update, please\nvisit the referenced securtiy advisories.\";\n\n \n\n\nif(description)\n{\n script_id(63305);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-02 23:28:24 +0100 (Mon, 02 Feb 2009)\");\n script_cve_id(\"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5238\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5242\", \"CVE-2008-5243\", \"CVE-2008-5244\", \"CVE-2008-5246\", \"CVE-2008-5248\", \"CVE-2008-5905\", \"CVE-2008-5906\", \"CVE-2008-2712\", \"CVE-2008-4101\", \"CVE-2005-2090\", \"CVE-2005-3510\", \"CVE-2006-3835\", \"CVE-2006-7195\", \"CVE-2006-7196\", \"CVE-2007-0450\", \"CVE-2007-1355\", \"CVE-2007-1358\", \"CVE-2007-1858\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2008-0128\", \"CVE-2008-3358\", \"CVE-2009-0042\", \"CVE-2009-0135\", \"CVE-2009-0136\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-710-1 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-710-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.1+ubuntu2-7.10\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-main1\", ver:\"1.1.1+ubuntu2-7.10\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.7-1ubuntu1.4\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.7-1ubuntu1.4\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.7-1ubuntu1.4\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.7-1ubuntu1.4\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.7-1ubuntu1.4\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.7-1ubuntu1.4\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.7-1ubuntu1.4\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.7-1ubuntu1.4\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.11.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-all-plugins\", ver:\"1.1.11.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.11.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.11.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-bin\", ver:\"1.1.11.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.11.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.11.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-misc-plugins\", ver:\"1.1.11.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-x\", ver:\"1.1.11.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.11.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.11.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.11.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.15-0ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-all-plugins\", ver:\"1.1.15-0ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.15-0ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.15-0ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-bin\", ver:\"1.1.15-0ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.15-0ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.15-0ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.15-0ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.15-0ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-misc-plugins\", ver:\"1.1.15-0ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-x\", ver:\"1.1.15-0ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.15-0ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:47", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:004. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "modified": "2018-04-06T00:00:00", "published": "2009-02-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063412", "id": "OPENVAS:136141256231063412", "title": "SuSE Security Summary SUSE-SR:2009:004", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_004.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:004\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:004. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63412\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-18 23:13:28 +0100 (Wed, 18 Feb 2009)\");\n script_cve_id(\"CVE-2006-3835\", \"CVE-2007-0184\", \"CVE-2007-0185\", \"CVE-2007-2377\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5333\", \"CVE-2007-5342\", \"CVE-2007-5461\", \"CVE-2007-5613\", \"CVE-2007-5615\", \"CVE-2007-6286\", \"CVE-2008-0002\", \"CVE-2008-1232\", \"CVE-2008-1586\", \"CVE-2008-1947\", \"CVE-2008-2235\", \"CVE-2008-2370\", \"CVE-2008-2938\", \"CVE-2008-3231\", \"CVE-2008-3651\", \"CVE-2008-3652\", \"CVE-2008-3663\", \"CVE-2008-3796\", \"CVE-2008-4577\", \"CVE-2008-5086\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5235\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5238\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5242\", \"CVE-2008-5243\", \"CVE-2008-5244\", \"CVE-2008-5245\", \"CVE-2008-5246\", \"CVE-2008-5247\", \"CVE-2008-5248\", \"CVE-2008-5250\", \"CVE-2008-5252\", \"CVE-2008-5256\", \"CVE-2008-5302\", \"CVE-2008-5557\", \"CVE-2008-5587\", \"CVE-2008-5658\", \"CVE-2008-5718\", \"CVE-2009-0030\", \"CVE-2009-0310\", \"CVE-2009-0313\", \"CVE-2009-0416\", \"CVE-2009-0490\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:004\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.6~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.0.6~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.6~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aaa_base\", rpm:\"aaa_base~11.1~10007.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apport\", rpm:\"apport~0.114~8.5.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apport-crashdb-opensuse\", rpm:\"apport-crashdb-opensuse~0.114~8.5.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apport-gtk\", rpm:\"apport-gtk~0.114~8.5.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apport-qt\", rpm:\"apport-qt~0.114~8.5.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apport-retrace\", rpm:\"apport-retrace~0.114~8.5.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at-spi\", rpm:\"at-spi~1.24.0~2.6.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at-spi-devel\", rpm:\"at-spi-devel~1.24.0~2.6.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at-spi-doc\", rpm:\"at-spi-doc~1.24.0~2.6.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at-spi-lang\", rpm:\"at-spi-lang~1.24.0~2.6.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audacity\", rpm:\"audacity~1.3.5~49.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audiofile\", rpm:\"audiofile~0.2.6~142.19.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audiofile-devel\", rpm:\"audiofile-devel~0.2.6~142.19.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g\", rpm:\"compat-openssl097g~0.9.7g~146.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dice\", rpm:\"dice~0.1.9~1.3.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dice-debug\", rpm:\"dice-debug~0.1.9~1.3.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dice-devel\", rpm:\"dice-devel~0.1.9~1.3.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glade3\", rpm:\"glade3~3.5.2~7.25.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glade3-lang\", rpm:\"glade3-lang~3.5.2~7.25.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-html\", rpm:\"glibc-html~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-info\", rpm:\"glibc-info~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-locale\", rpm:\"glibc-locale~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-obsolete\", rpm:\"glibc-obsolete~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-packagekit\", rpm:\"gnome-packagekit~0.3.11~2.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-packagekit-lang\", rpm:\"gnome-packagekit-lang~0.3.11~2.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel\", rpm:\"gnome-panel~2.24.1~2.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-devel\", rpm:\"gnome-panel-devel~2.24.1~2.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-doc\", rpm:\"gnome-panel-doc~2.24.1~2.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-extras\", rpm:\"gnome-panel-extras~2.24.1~2.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-lang\", rpm:\"gnome-panel-lang~2.24.1~2.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2\", rpm:\"gtk2~2.14.4~8.5.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2-branding-upstream\", rpm:\"gtk2-branding-upstream~2.14.4~8.5.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2-devel\", rpm:\"gtk2-devel~2.14.4~8.5.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2-doc\", rpm:\"gtk2-doc~2.14.4~8.5.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2-lang\", rpm:\"gtk2-lang~2.14.4~8.5.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u12~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u12~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u12~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u12~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u12~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u12~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libQtWebKit-devel\", rpm:\"libQtWebKit-devel~4.4.3~4.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libQtWebKit4\", rpm:\"libQtWebKit4~4.4.3~4.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgladeui-1-8\", rpm:\"libgladeui-1-8~3.5.2~7.25.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgladeui-1_0-devel\", rpm:\"libgladeui-1_0-devel~3.5.2~7.25.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgladeui-1_0-doc\", rpm:\"libgladeui-1_0-doc~3.5.2~7.25.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipulog-devel\", rpm:\"libipulog-devel~1.24~129.51.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2_6-1_0\", rpm:\"libpython2_6-1_0~2.6.0~2.22.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqdialogsolver1\", rpm:\"libqdialogsolver1~1.2.6~1.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqdialogsolver1-devel\", rpm:\"libqdialogsolver1-devel~1.2.6~1.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4\", rpm:\"libqt4~4.4.3~4.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-devel\", rpm:\"libqt4-devel~4.4.3~4.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-devel-doc\", rpm:\"libqt4-devel-doc~4.4.3~4.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-qt3support\", rpm:\"libqt4-qt3support~4.4.3~4.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql\", rpm:\"libqt4-sql~4.4.3~4.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql-mysql\", rpm:\"libqt4-sql-mysql~4.4.3~11.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql-postgresql\", rpm:\"libqt4-sql-postgresql~4.4.3~11.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql-sqlite\", rpm:\"libqt4-sql-sqlite~4.4.3~4.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql-unixODBC\", rpm:\"libqt4-sql-unixODBC~4.4.3~11.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-x11\", rpm:\"libqt4-x11~4.4.3~4.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsatsolver-devel\", rpm:\"libsatsolver-devel~0.13.2~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.8.2~133.35.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~133.35.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~0.4.6~11.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-devel\", rpm:\"libvirt-devel~0.4.6~11.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-doc\", rpm:\"libvirt-doc~0.4.6~11.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-python\", rpm:\"libvirt-python~0.4.6~11.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.1~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.1~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-doc\", rpm:\"libxml2-doc~2.7.1~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp\", rpm:\"libzypp~5.25.3~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp-devel\", rpm:\"libzypp-devel~5.25.3~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.6~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.6~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.6~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.6~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nano\", rpm:\"nano~2.1.7~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netatalk\", rpm:\"netatalk~2.0.3~246.13.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netatalk-devel\", rpm:\"netatalk-devel~2.0.3~246.13.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-client\", rpm:\"nfs-client~1.1.3~18.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-doc\", rpm:\"nfs-doc~1.1.3~18.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-kernel-server\", rpm:\"nfs-kernel-server~1.1.3~18.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp\", rpm:\"openslp~1.2.0~168.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp-devel\", rpm:\"openslp-devel~1.2.0~168.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp-server\", rpm:\"openslp-server~1.2.0~168.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"parted\", rpm:\"parted~1.8.8~91.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"parted-devel\", rpm:\"parted-devel~1.8.8~91.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.0~62.17.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-base\", rpm:\"perl-base~5.10.0~62.17.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-doc\", rpm:\"perl-doc~5.10.0~62.17.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-satsolver\", rpm:\"perl-satsolver~0.13.2~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-hash\", rpm:\"php5-hash~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"powerdevil\", rpm:\"powerdevil~1.4.1~4.5.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"powerdevil-lang\", rpm:\"powerdevil-lang~1.4.1~4.5.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ptools\", rpm:\"ptools~0.1~2.16.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.6.0~2.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.6.0~2.22.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-curses\", rpm:\"python-curses~2.6.0~2.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-demo\", rpm:\"python-demo~2.6.0~2.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.6.0~2.22.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-gdbm\", rpm:\"python-gdbm~2.6.0~2.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-idle\", rpm:\"python-idle~2.6.0~2.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-m2crypto\", rpm:\"python-m2crypto~0.17~2.1.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-satsolver\", rpm:\"python-satsolver~0.13.2~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tk\", rpm:\"python-tk~2.6.0~2.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xml\", rpm:\"python-xml~2.6.0~2.22.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.6~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"qt4-x11-tools\", rpm:\"qt4-x11-tools~4.4.3~4.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-satsolver\", rpm:\"ruby-satsolver~0.13.2~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"satsolver-tools\", rpm:\"satsolver-tools~0.13.2~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sblim-sfcb\", rpm:\"sblim-sfcb~1.3.2~9.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sysvinit\", rpm:\"sysvinit~2.86~186.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tiff\", rpm:\"tiff~3.8.2~133.35.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd\", rpm:\"ulogd~1.24~129.51.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-mysql\", rpm:\"ulogd-mysql~1.24~129.51.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-pcap\", rpm:\"ulogd-pcap~1.24~129.51.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-pgsql\", rpm:\"ulogd-pgsql~1.24~129.51.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-sqlite\", rpm:\"ulogd-sqlite~1.24~129.51.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wine\", rpm:\"wine~1.1.9~1.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wine-devel\", rpm:\"wine-devel~1.1.9~1.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2\", rpm:\"yast2~2.17.59~1.2.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-devel-doc\", rpm:\"yast2-devel-doc~2.17.59~1.2.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-pkg-bindings\", rpm:\"yast2-pkg-bindings~2.17.31~1.2.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"zypper\", rpm:\"zypper~1.0.5~2.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.6~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.6~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audacity\", rpm:\"audacity~1.3.4~56.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~3.0.6~86.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-client\", rpm:\"dhcp-client~3.0.6~86.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~3.0.6~86.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-relay\", rpm:\"dhcp-relay~3.0.6~86.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-server\", rpm:\"dhcp-server~3.0.6~86.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot\", rpm:\"dovecot~1.0.13~24.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot-devel\", rpm:\"dovecot-devel~1.0.13~24.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-packagekit\", rpm:\"gnome-packagekit~0.2.1~15.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u12~1.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u12~1.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u12~1.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u12~1.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u12~1.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u12~1.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u12~1.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libQtWebKit-devel\", rpm:\"libQtWebKit-devel~4.4.0~12.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libQtWebKit4\", rpm:\"libQtWebKit4~4.4.0~12.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipulog\", rpm:\"libipulog~1.24~101.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4\", rpm:\"libqt4~4.4.0~12.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-devel\", rpm:\"libqt4-devel~4.4.0~12.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-devel-doc\", rpm:\"libqt4-devel-doc~4.4.0~12.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-qt3support\", rpm:\"libqt4-qt3support~4.4.0~12.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql\", rpm:\"libqt4-sql~4.4.0~12.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql-mysql\", rpm:\"libqt4-sql-mysql~4.4.0~5.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql-postgresql\", rpm:\"libqt4-sql-postgresql~4.4.0~5.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql-sqlite\", rpm:\"libqt4-sql-sqlite~4.4.0~12.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql-unixODBC\", rpm:\"libqt4-sql-unixODBC~4.4.0~5.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-x11\", rpm:\"libqt4-x11~4.4.0~12.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsatsolver-devel\", rpm:\"libsatsolver-devel~0.9.6~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsatsolver-perl\", rpm:\"libsatsolver-perl~0.9.6~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsatsolver-ruby\", rpm:\"libsatsolver-ruby~0.9.6~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.8.2~108.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~108.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~0.4.0~59.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-devel\", rpm:\"libvirt-devel~0.4.0~59.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-doc\", rpm:\"libvirt-doc~0.4.0~59.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-python\", rpm:\"libvirt-python~0.4.0~59.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.32~11.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.32~11.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-doc\", rpm:\"libxml2-doc~2.6.32~11.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp\", rpm:\"libzypp~4.28.1~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp-devel\", rpm:\"libzypp-devel~4.28.1~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.11.2~36.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.6~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.6~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.6~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.6~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netatalk\", rpm:\"netatalk~2.0.3~218.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netatalk-devel\", rpm:\"netatalk-devel~2.0.3~218.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"novell-ipsec-tools\", rpm:\"novell-ipsec-tools~0.6.3~183.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"novell-ipsec-tools-devel\", rpm:\"novell-ipsec-tools-devel~0.6.3~183.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp\", rpm:\"openslp~1.2.0~143.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp-devel\", rpm:\"openslp-devel~1.2.0~143.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp-server\", rpm:\"openslp-server~1.2.0~143.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.0~37.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-base\", rpm:\"perl-base~5.10.0~37.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-doc\", rpm:\"perl-doc~5.10.0~37.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-hash\", rpm:\"php5-hash~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"qt4-x11-tools\", rpm:\"qt4-x11-tools~4.4.0~12.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"satsolver-tools\", rpm:\"satsolver-tools~0.9.6~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sbl\", rpm:\"sbl~3.2.2~16.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sbl-orca\", rpm:\"sbl-orca~3.2.2~16.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sblim-sfcb\", rpm:\"sblim-sfcb~1.3.0~6.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"swfdec\", rpm:\"swfdec~0.6.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"swfdec-devel\", rpm:\"swfdec-devel~0.6.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"swfdec-doc\", rpm:\"swfdec-doc~0.6.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tiff\", rpm:\"tiff~3.8.2~108.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd\", rpm:\"ulogd~1.24~101.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-mysql\", rpm:\"ulogd-mysql~1.24~101.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-pcap\", rpm:\"ulogd-pcap~1.24~101.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-pgsql\", rpm:\"ulogd-pgsql~1.24~101.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-sqlite\", rpm:\"ulogd-sqlite~1.24~101.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose\", rpm:\"virtualbox-ose~1.5.6~33.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-guest-tools\", rpm:\"virtualbox-ose-guest-tools~1.5.6~33.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wine\", rpm:\"wine~0.9.64_aka_1.0.rc3~2.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wine-devel\", rpm:\"wine-devel~0.9.64_aka_1.0.rc3~2.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-devel\", rpm:\"xine-devel~1.1.12~8.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-extra\", rpm:\"xine-extra~1.1.12~8.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-lib\", rpm:\"xine-lib~1.1.12~8.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-driver-virtualbox-ose\", rpm:\"xorg-x11-driver-virtualbox-ose~1.5.6~33.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-gtk\", rpm:\"yast2-gtk~2.16.15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-ncurses-pkg\", rpm:\"yast2-ncurses-pkg~2.16.14~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-packager\", rpm:\"yast2-packager~2.16.53~3.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-pkg-bindings\", rpm:\"yast2-pkg-bindings~2.16.42~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-qt-pkg\", rpm:\"yast2-qt-pkg~2.16.48~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audacity\", rpm:\"audacity~1.3.3~46.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~3.0.6~24.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-client\", rpm:\"dhcp-client~3.0.6~24.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~3.0.6~24.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-relay\", rpm:\"dhcp-relay~3.0.6~24.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-server\", rpm:\"dhcp-server~3.0.6~24.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot\", rpm:\"dovecot~1.0.5~6.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot-devel\", rpm:\"dovecot-devel~1.0.5~6.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u12~1.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u12~1.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-debuginfo\", rpm:\"java-1_6_0-sun-debuginfo~1.6.0.u12~1.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u12~1.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u12~1.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u12~1.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u12~1.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u12~1.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipulog\", rpm:\"libipulog~1.24~36.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.8.2~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~0.3.0~30.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-devel\", rpm:\"libvirt-devel~0.3.0~30.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-doc\", rpm:\"libvirt-doc~0.3.0~30.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-python\", rpm:\"libvirt-python~0.3.0~30.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.30~4.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.30~4.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.10.0~32.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netatalk\", rpm:\"netatalk~2.0.3~130.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netatalk-devel\", rpm:\"netatalk-devel~2.0.3~130.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"novell-ipsec-tools\", rpm:\"novell-ipsec-tools~0.6.3~114.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"novell-ipsec-tools-devel\", rpm:\"novell-ipsec-tools-devel~0.6.3~114.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp\", rpm:\"openslp~1.2.0~96.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp-devel\", rpm:\"openslp-devel~1.2.0~96.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp-server\", rpm:\"openslp-server~1.2.0~96.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-hash\", rpm:\"php5-hash~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mhash\", rpm:\"php5-mhash~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sbl\", rpm:\"sbl~3.0f~16.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tiff\", rpm:\"tiff~3.8.2~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd\", rpm:\"ulogd~1.24~36.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-mysql\", rpm:\"ulogd-mysql~1.24~36.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-pcap\", rpm:\"ulogd-pcap~1.24~36.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-pgsql\", rpm:\"ulogd-pgsql~1.24~36.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-sqlite\", rpm:\"ulogd-sqlite~1.24~36.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~1.5.2~10.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~1.5.2~10.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-devel\", rpm:\"xine-devel~1.1.8~14.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-extra\", rpm:\"xine-extra~1.1.8~14.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-lib\", rpm:\"xine-lib~1.1.8~14.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-driver-virtualbox\", rpm:\"xorg-x11-driver-virtualbox~1.5.2~10.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:23", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:004. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "modified": "2017-07-11T00:00:00", "published": "2009-02-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63412", "id": "OPENVAS:63412", "title": "SuSE Security Summary SUSE-SR:2009:004", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_004.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:004\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:004. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \nif(description)\n{\n script_id(63412);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-18 23:13:28 +0100 (Wed, 18 Feb 2009)\");\n script_cve_id(\"CVE-2006-3835\", \"CVE-2007-0184\", \"CVE-2007-0185\", \"CVE-2007-2377\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5333\", \"CVE-2007-5342\", \"CVE-2007-5461\", \"CVE-2007-5613\", \"CVE-2007-5615\", \"CVE-2007-6286\", \"CVE-2008-0002\", \"CVE-2008-1232\", \"CVE-2008-1586\", \"CVE-2008-1947\", \"CVE-2008-2235\", \"CVE-2008-2370\", \"CVE-2008-2938\", \"CVE-2008-3231\", \"CVE-2008-3651\", \"CVE-2008-3652\", \"CVE-2008-3663\", \"CVE-2008-3796\", \"CVE-2008-4577\", \"CVE-2008-5086\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5235\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5238\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5242\", \"CVE-2008-5243\", \"CVE-2008-5244\", \"CVE-2008-5245\", \"CVE-2008-5246\", \"CVE-2008-5247\", \"CVE-2008-5248\", \"CVE-2008-5250\", \"CVE-2008-5252\", \"CVE-2008-5256\", \"CVE-2008-5302\", \"CVE-2008-5557\", \"CVE-2008-5587\", \"CVE-2008-5658\", \"CVE-2008-5718\", \"CVE-2009-0030\", \"CVE-2009-0310\", \"CVE-2009-0313\", \"CVE-2009-0416\", \"CVE-2009-0490\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:004\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.6~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.0.6~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.6~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aaa_base\", rpm:\"aaa_base~11.1~10007.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apport\", rpm:\"apport~0.114~8.5.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apport-crashdb-opensuse\", rpm:\"apport-crashdb-opensuse~0.114~8.5.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apport-gtk\", rpm:\"apport-gtk~0.114~8.5.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apport-qt\", rpm:\"apport-qt~0.114~8.5.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apport-retrace\", rpm:\"apport-retrace~0.114~8.5.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at-spi\", rpm:\"at-spi~1.24.0~2.6.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at-spi-devel\", rpm:\"at-spi-devel~1.24.0~2.6.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at-spi-doc\", rpm:\"at-spi-doc~1.24.0~2.6.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at-spi-lang\", rpm:\"at-spi-lang~1.24.0~2.6.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audacity\", rpm:\"audacity~1.3.5~49.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audiofile\", rpm:\"audiofile~0.2.6~142.19.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audiofile-devel\", rpm:\"audiofile-devel~0.2.6~142.19.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g\", rpm:\"compat-openssl097g~0.9.7g~146.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dice\", rpm:\"dice~0.1.9~1.3.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dice-debug\", rpm:\"dice-debug~0.1.9~1.3.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dice-devel\", rpm:\"dice-devel~0.1.9~1.3.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glade3\", rpm:\"glade3~3.5.2~7.25.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glade3-lang\", rpm:\"glade3-lang~3.5.2~7.25.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-html\", rpm:\"glibc-html~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-info\", rpm:\"glibc-info~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-locale\", rpm:\"glibc-locale~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-obsolete\", rpm:\"glibc-obsolete~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-packagekit\", rpm:\"gnome-packagekit~0.3.11~2.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-packagekit-lang\", rpm:\"gnome-packagekit-lang~0.3.11~2.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel\", rpm:\"gnome-panel~2.24.1~2.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-devel\", rpm:\"gnome-panel-devel~2.24.1~2.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-doc\", rpm:\"gnome-panel-doc~2.24.1~2.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-extras\", rpm:\"gnome-panel-extras~2.24.1~2.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-panel-lang\", rpm:\"gnome-panel-lang~2.24.1~2.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2\", rpm:\"gtk2~2.14.4~8.5.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2-branding-upstream\", rpm:\"gtk2-branding-upstream~2.14.4~8.5.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2-devel\", rpm:\"gtk2-devel~2.14.4~8.5.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2-doc\", rpm:\"gtk2-doc~2.14.4~8.5.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2-lang\", rpm:\"gtk2-lang~2.14.4~8.5.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u12~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u12~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u12~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u12~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u12~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u12~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libQtWebKit-devel\", rpm:\"libQtWebKit-devel~4.4.3~4.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libQtWebKit4\", rpm:\"libQtWebKit4~4.4.3~4.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgladeui-1-8\", rpm:\"libgladeui-1-8~3.5.2~7.25.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgladeui-1_0-devel\", rpm:\"libgladeui-1_0-devel~3.5.2~7.25.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgladeui-1_0-doc\", rpm:\"libgladeui-1_0-doc~3.5.2~7.25.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipulog-devel\", rpm:\"libipulog-devel~1.24~129.51.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2_6-1_0\", rpm:\"libpython2_6-1_0~2.6.0~2.22.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqdialogsolver1\", rpm:\"libqdialogsolver1~1.2.6~1.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqdialogsolver1-devel\", rpm:\"libqdialogsolver1-devel~1.2.6~1.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4\", rpm:\"libqt4~4.4.3~4.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-devel\", rpm:\"libqt4-devel~4.4.3~4.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-devel-doc\", rpm:\"libqt4-devel-doc~4.4.3~4.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-qt3support\", rpm:\"libqt4-qt3support~4.4.3~4.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql\", rpm:\"libqt4-sql~4.4.3~4.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql-mysql\", rpm:\"libqt4-sql-mysql~4.4.3~11.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql-postgresql\", rpm:\"libqt4-sql-postgresql~4.4.3~11.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql-sqlite\", rpm:\"libqt4-sql-sqlite~4.4.3~4.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql-unixODBC\", rpm:\"libqt4-sql-unixODBC~4.4.3~11.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-x11\", rpm:\"libqt4-x11~4.4.3~4.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsatsolver-devel\", rpm:\"libsatsolver-devel~0.13.2~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.8.2~133.35.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~133.35.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~0.4.6~11.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-devel\", rpm:\"libvirt-devel~0.4.6~11.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-doc\", rpm:\"libvirt-doc~0.4.6~11.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-python\", rpm:\"libvirt-python~0.4.6~11.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.1~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.1~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-doc\", rpm:\"libxml2-doc~2.7.1~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp\", rpm:\"libzypp~5.25.3~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp-devel\", rpm:\"libzypp-devel~5.25.3~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.6~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.6~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.6~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.6~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nano\", rpm:\"nano~2.1.7~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netatalk\", rpm:\"netatalk~2.0.3~246.13.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netatalk-devel\", rpm:\"netatalk-devel~2.0.3~246.13.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-client\", rpm:\"nfs-client~1.1.3~18.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-doc\", rpm:\"nfs-doc~1.1.3~18.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-kernel-server\", rpm:\"nfs-kernel-server~1.1.3~18.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.9~2.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp\", rpm:\"openslp~1.2.0~168.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp-devel\", rpm:\"openslp-devel~1.2.0~168.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp-server\", rpm:\"openslp-server~1.2.0~168.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"parted\", rpm:\"parted~1.8.8~91.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"parted-devel\", rpm:\"parted-devel~1.8.8~91.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.0~62.17.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-base\", rpm:\"perl-base~5.10.0~62.17.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-doc\", rpm:\"perl-doc~5.10.0~62.17.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-satsolver\", rpm:\"perl-satsolver~0.13.2~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-hash\", rpm:\"php5-hash~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.6~49.14.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"powerdevil\", rpm:\"powerdevil~1.4.1~4.5.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"powerdevil-lang\", rpm:\"powerdevil-lang~1.4.1~4.5.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ptools\", rpm:\"ptools~0.1~2.16.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.6.0~2.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.6.0~2.22.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-curses\", rpm:\"python-curses~2.6.0~2.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-demo\", rpm:\"python-demo~2.6.0~2.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.6.0~2.22.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-gdbm\", rpm:\"python-gdbm~2.6.0~2.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-idle\", rpm:\"python-idle~2.6.0~2.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-m2crypto\", rpm:\"python-m2crypto~0.17~2.1.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-satsolver\", rpm:\"python-satsolver~0.13.2~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tk\", rpm:\"python-tk~2.6.0~2.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xml\", rpm:\"python-xml~2.6.0~2.22.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.6~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"qt4-x11-tools\", rpm:\"qt4-x11-tools~4.4.3~4.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-satsolver\", rpm:\"ruby-satsolver~0.13.2~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"satsolver-tools\", rpm:\"satsolver-tools~0.13.2~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sblim-sfcb\", rpm:\"sblim-sfcb~1.3.2~9.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sysvinit\", rpm:\"sysvinit~2.86~186.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tiff\", rpm:\"tiff~3.8.2~133.35.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd\", rpm:\"ulogd~1.24~129.51.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-mysql\", rpm:\"ulogd-mysql~1.24~129.51.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-pcap\", rpm:\"ulogd-pcap~1.24~129.51.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-pgsql\", rpm:\"ulogd-pgsql~1.24~129.51.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-sqlite\", rpm:\"ulogd-sqlite~1.24~129.51.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wine\", rpm:\"wine~1.1.9~1.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wine-devel\", rpm:\"wine-devel~1.1.9~1.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2\", rpm:\"yast2~2.17.59~1.2.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-devel-doc\", rpm:\"yast2-devel-doc~2.17.59~1.2.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-pkg-bindings\", rpm:\"yast2-pkg-bindings~2.17.31~1.2.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"zypper\", rpm:\"zypper~1.0.5~2.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.6~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.6~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audacity\", rpm:\"audacity~1.3.4~56.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~3.0.6~86.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-client\", rpm:\"dhcp-client~3.0.6~86.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~3.0.6~86.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-relay\", rpm:\"dhcp-relay~3.0.6~86.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-server\", rpm:\"dhcp-server~3.0.6~86.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot\", rpm:\"dovecot~1.0.13~24.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot-devel\", rpm:\"dovecot-devel~1.0.13~24.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-packagekit\", rpm:\"gnome-packagekit~0.2.1~15.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u12~1.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u12~1.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u12~1.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u12~1.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u12~1.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u12~1.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u12~1.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libQtWebKit-devel\", rpm:\"libQtWebKit-devel~4.4.0~12.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libQtWebKit4\", rpm:\"libQtWebKit4~4.4.0~12.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipulog\", rpm:\"libipulog~1.24~101.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4\", rpm:\"libqt4~4.4.0~12.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-devel\", rpm:\"libqt4-devel~4.4.0~12.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-devel-doc\", rpm:\"libqt4-devel-doc~4.4.0~12.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-qt3support\", rpm:\"libqt4-qt3support~4.4.0~12.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql\", rpm:\"libqt4-sql~4.4.0~12.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql-mysql\", rpm:\"libqt4-sql-mysql~4.4.0~5.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql-postgresql\", rpm:\"libqt4-sql-postgresql~4.4.0~5.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql-sqlite\", rpm:\"libqt4-sql-sqlite~4.4.0~12.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-sql-unixODBC\", rpm:\"libqt4-sql-unixODBC~4.4.0~5.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libqt4-x11\", rpm:\"libqt4-x11~4.4.0~12.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsatsolver-devel\", rpm:\"libsatsolver-devel~0.9.6~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsatsolver-perl\", rpm:\"libsatsolver-perl~0.9.6~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsatsolver-ruby\", rpm:\"libsatsolver-ruby~0.9.6~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.8.2~108.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~108.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~0.4.0~59.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-devel\", rpm:\"libvirt-devel~0.4.0~59.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-doc\", rpm:\"libvirt-doc~0.4.0~59.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-python\", rpm:\"libvirt-python~0.4.0~59.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.32~11.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.32~11.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-doc\", rpm:\"libxml2-doc~2.6.32~11.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp\", rpm:\"libzypp~4.28.1~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp-devel\", rpm:\"libzypp-devel~4.28.1~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.11.2~36.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.6~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.6~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.6~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.6~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netatalk\", rpm:\"netatalk~2.0.3~218.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netatalk-devel\", rpm:\"netatalk-devel~2.0.3~218.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"novell-ipsec-tools\", rpm:\"novell-ipsec-tools~0.6.3~183.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"novell-ipsec-tools-devel\", rpm:\"novell-ipsec-tools-devel~0.6.3~183.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp\", rpm:\"openslp~1.2.0~143.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp-devel\", rpm:\"openslp-devel~1.2.0~143.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp-server\", rpm:\"openslp-server~1.2.0~143.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.0~37.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-base\", rpm:\"perl-base~5.10.0~37.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-doc\", rpm:\"perl-doc~5.10.0~37.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-hash\", rpm:\"php5-hash~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.6~0.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"qt4-x11-tools\", rpm:\"qt4-x11-tools~4.4.0~12.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"satsolver-tools\", rpm:\"satsolver-tools~0.9.6~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sbl\", rpm:\"sbl~3.2.2~16.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sbl-orca\", rpm:\"sbl-orca~3.2.2~16.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sblim-sfcb\", rpm:\"sblim-sfcb~1.3.0~6.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"swfdec\", rpm:\"swfdec~0.6.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"swfdec-devel\", rpm:\"swfdec-devel~0.6.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"swfdec-doc\", rpm:\"swfdec-doc~0.6.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tiff\", rpm:\"tiff~3.8.2~108.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd\", rpm:\"ulogd~1.24~101.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-mysql\", rpm:\"ulogd-mysql~1.24~101.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-pcap\", rpm:\"ulogd-pcap~1.24~101.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-pgsql\", rpm:\"ulogd-pgsql~1.24~101.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-sqlite\", rpm:\"ulogd-sqlite~1.24~101.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose\", rpm:\"virtualbox-ose~1.5.6~33.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-guest-tools\", rpm:\"virtualbox-ose-guest-tools~1.5.6~33.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wine\", rpm:\"wine~0.9.64_aka_1.0.rc3~2.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wine-devel\", rpm:\"wine-devel~0.9.64_aka_1.0.rc3~2.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-devel\", rpm:\"xine-devel~1.1.12~8.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-extra\", rpm:\"xine-extra~1.1.12~8.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-lib\", rpm:\"xine-lib~1.1.12~8.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-driver-virtualbox-ose\", rpm:\"xorg-x11-driver-virtualbox-ose~1.5.6~33.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-gtk\", rpm:\"yast2-gtk~2.16.15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-ncurses-pkg\", rpm:\"yast2-ncurses-pkg~2.16.14~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-packager\", rpm:\"yast2-packager~2.16.53~3.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-pkg-bindings\", rpm:\"yast2-pkg-bindings~2.16.42~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-qt-pkg\", rpm:\"yast2-qt-pkg~2.16.48~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audacity\", rpm:\"audacity~1.3.3~46.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~3.0.6~24.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-client\", rpm:\"dhcp-client~3.0.6~24.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~3.0.6~24.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-relay\", rpm:\"dhcp-relay~3.0.6~24.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-server\", rpm:\"dhcp-server~3.0.6~24.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot\", rpm:\"dovecot~1.0.5~6.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot-devel\", rpm:\"dovecot-devel~1.0.5~6.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u12~1.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u12~1.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-debuginfo\", rpm:\"java-1_6_0-sun-debuginfo~1.6.0.u12~1.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u12~1.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u12~1.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u12~1.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u12~1.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u12~1.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipulog\", rpm:\"libipulog~1.24~36.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.8.2~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~0.3.0~30.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-devel\", rpm:\"libvirt-devel~0.3.0~30.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-doc\", rpm:\"libvirt-doc~0.3.0~30.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-python\", rpm:\"libvirt-python~0.3.0~30.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.30~4.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.30~4.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mediawiki\", rpm:\"mediawiki~1.10.0~32.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netatalk\", rpm:\"netatalk~2.0.3~130.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netatalk-devel\", rpm:\"netatalk-devel~2.0.3~130.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"novell-ipsec-tools\", rpm:\"novell-ipsec-tools~0.6.3~114.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"novell-ipsec-tools-devel\", rpm:\"novell-ipsec-tools-devel~0.6.3~114.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp\", rpm:\"openslp~1.2.0~96.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp-devel\", rpm:\"openslp-devel~1.2.0~96.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp-server\", rpm:\"openslp-server~1.2.0~96.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-hash\", rpm:\"php5-hash~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mhash\", rpm:\"php5-mhash~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.6~0.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sbl\", rpm:\"sbl~3.0f~16.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tiff\", rpm:\"tiff~3.8.2~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd\", rpm:\"ulogd~1.24~36.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-mysql\", rpm:\"ulogd-mysql~1.24~36.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-pcap\", rpm:\"ulogd-pcap~1.24~36.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-pgsql\", rpm:\"ulogd-pgsql~1.24~36.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ulogd-sqlite\", rpm:\"ulogd-sqlite~1.24~36.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~1.5.2~10.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~1.5.2~10.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-devel\", rpm:\"xine-devel~1.1.8~14.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-extra\", rpm:\"xine-extra~1.1.8~14.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xine-lib\", rpm:\"xine-lib~1.1.8~14.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-driver-virtualbox\", rpm:\"xorg-x11-driver-virtualbox~1.5.2~10.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-11-01T02:55:03", "bulletinFamily": "scanner", "description": "Failure on Ogg files manipulation can lead remote attackers to cause a\ndenial of service by using crafted files (CVE-2008-3231).\n\nFailure on manipulation of either MNG or Real or MOD files can lead\nremote attackers to cause a denial of service by using crafted files\n(CVE: CVE-2008-5233).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using Quicktime media files holding crafted metadata\n(CVE-2008-5234).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using either crafted Matroska or Real media files (CVE-2008-5236).\n\nFailure on manipulation of either MNG or Quicktime files can lead\nremote attackers to cause a denial of service by using crafted files\n(CVE-2008-5237).\n\nMultiple heap-based overflow on input plugins (http, net, smb, dvd,\ndvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to\nexecute arbitrary code by handling that input channels. Further this\nproblem can even lead attackers to cause denial of service\n(CVE-2008-5239).\n\nHeap-based overflow allows attackers to execute arbitrary code by\nusing crafted Matroska media files (MATROSKA_ID_TR_CODECPRIVATE track\nentry element). Further a failure on handling of Real media files\n(CONT_TAG header) can lead to a denial of service attack\n(CVE-2008-5240).\n\nInteger underflow allows remote attackers to cause denial of service\nby using Quicktime media files (CVE-2008-5241).\n\nFailure on manipulation of Real media files can lead remote attackers\nto cause a denial of service by indexing an allocated buffer with a\ncertain input value in a crafted file (CVE-2008-5243).\n\nVulnerabilities of unknown impact - possibly buffer overflow - caused\nby a condition of video frame preallocation before ascertaining the\nrequired length in V4L video input plugin (CVE-2008-5245).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using crafted media files. This vulnerability is in the\nmanipulation of ID3 audio file data tagging mainly used in MP3 file\nformats (CVE-2008-5246).\n\nThis update provides the fix for all these security issues found in\nxine-lib 1.1.11 of Mandriva 2008.1. The vulnerabilities:\nCVE-2008-5234, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239,\nCVE-2008-5240, CVE-2008-5243 are found in xine-lib 1.1.15 of Mandriva\n2009.0 and are also fixed by this update.", "modified": "2019-11-02T00:00:00", "id": "MANDRIVA_MDVSA-2009-020.NASL", "href": "https://www.tenable.com/plugins/nessus/36846", "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : xine-lib (MDVSA-2009:020)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:020. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36846);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:51\");\n\n script_cve_id(\n \"CVE-2008-3231\",\n \"CVE-2008-5233\",\n \"CVE-2008-5234\",\n \"CVE-2008-5236\",\n \"CVE-2008-5237\",\n \"CVE-2008-5239\",\n \"CVE-2008-5240\",\n \"CVE-2008-5241\",\n \"CVE-2008-5243\",\n \"CVE-2008-5245\",\n \"CVE-2008-5246\"\n );\n script_bugtraq_id(\n 30698,\n 30699,\n 30797\n );\n script_xref(name:\"MDVSA\", value:\"2009:020\");\n\n script_name(english:\"Mandriva Linux Security Advisory : xine-lib (MDVSA-2009:020)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Failure on Ogg files manipulation can lead remote attackers to cause a\ndenial of service by using crafted files (CVE-2008-3231).\n\nFailure on manipulation of either MNG or Real or MOD files can lead\nremote attackers to cause a denial of service by using crafted files\n(CVE: CVE-2008-5233).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using Quicktime media files holding crafted metadata\n(CVE-2008-5234).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using either crafted Matroska or Real media files (CVE-2008-5236).\n\nFailure on manipulation of either MNG or Quicktime files can lead\nremote attackers to cause a denial of service by using crafted files\n(CVE-2008-5237).\n\nMultiple heap-based overflow on input plugins (http, net, smb, dvd,\ndvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to\nexecute arbitrary code by handling that input channels. Further this\nproblem can even lead attackers to cause denial of service\n(CVE-2008-5239).\n\nHeap-based overflow allows attackers to execute arbitrary code by\nusing crafted Matroska media files (MATROSKA_ID_TR_CODECPRIVATE track\nentry element). Further a failure on handling of Real media files\n(CONT_TAG header) can lead to a denial of service attack\n(CVE-2008-5240).\n\nInteger underflow allows remote attackers to cause denial of service\nby using Quicktime media files (CVE-2008-5241).\n\nFailure on manipulation of Real media files can lead remote attackers\nto cause a denial of service by indexing an allocated buffer with a\ncertain input value in a crafted file (CVE-2008-5243).\n\nVulnerabilities of unknown impact - possibly buffer overflow - caused\nby a condition of video frame preallocation before ascertaining the\nrequired length in V4L video input plugin (CVE-2008-5245).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using crafted media files. This vulnerability is in the\nmanipulation of ID3 audio file data tagging mainly used in MP3 file\nformats (CVE-2008-5246).\n\nThis update provides the fix for all these security issues found in\nxine-lib 1.1.11 of Mandriva 2008.1. The vulnerabilities:\nCVE-2008-5234, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239,\nCVE-2008-5240, CVE-2008-5243 are found in xine-lib 1.1.15 of Mandriva\n2009.0 and are also fixed by this update.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-caca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-dxr3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-smb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-wavpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64xine-devel-1.1.11.1-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.11.1-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libxine-devel-1.1.11.1-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libxine1-1.1.11.1-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"xine-aa-1.1.11.1-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"xine-caca-1.1.11.1-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"xine-dxr3-1.1.11.1-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"xine-esd-1.1.11.1-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"xine-flac-1.1.11.1-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"xine-gnomevfs-1.1.11.1-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"xine-image-1.1.11.1-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"xine-jack-1.1.11.1-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"xine-plugins-1.1.11.1-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"xine-pulse-1.1.11.1-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"xine-sdl-1.1.11.1-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"xine-smb-1.1.11.1-4.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"xine-wavpack-1.1.11.1-4.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xine-devel-1.1.15-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.15-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxine-devel-1.1.15-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxine1-1.1.15-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-aa-1.1.15-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-caca-1.1.15-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-dxr3-1.1.15-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-esd-1.1.15-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-flac-1.1.15-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-gnomevfs-1.1.15-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-image-1.1.15-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-jack-1.1.15-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-plugins-1.1.15-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-pulse-1.1.15-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-sdl-1.1.15-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-smb-1.1.15-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xine-wavpack-1.1.15-2.1mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:26:38", "bulletinFamily": "scanner", "description": "This release fixes multiple bugs and security issues: - DoS via\ncorrupted Ogg files (CVE-2008-3231) - multiple possible buffer\noverflows detailed in oCERT-2008-008 For more details, see:\nhttp://sourceforge.net/project/shownotes.php?release_id=619869&group_i\nd=9655 http://www.ocert.org/advisories/ocert-2008-008.html NOTE: A\ncoordinated release with 3rd-party repos was not possible, so this\nupdate may result in dependency issues with currently-installed\nxine-lib-extras-* rpms. This temporary problem will be rectified asap.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2008-7572.NASL", "href": "https://www.tenable.com/plugins/nessus/34136", "published": "2008-09-10T00:00:00", "title": "Fedora 8 : xine-lib-1.1.15-1.fc8 (2008-7572)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-7572.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34136);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:28\");\n\n script_cve_id(\"CVE-2008-1878\", \"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5238\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5242\", \"CVE-2008-5243\", \"CVE-2008-5247\");\n script_bugtraq_id(30698, 30699, 30797);\n script_xref(name:\"FEDORA\", value:\"2008-7572\");\n\n script_name(english:\"Fedora 8 : xine-lib-1.1.15-1.fc8 (2008-7572)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release fixes multiple bugs and security issues: - DoS via\ncorrupted Ogg files (CVE-2008-3231) - multiple possible buffer\noverflows detailed in oCERT-2008-008 For more details, see:\nhttp://sourceforge.net/project/shownotes.php?release_id=619869&group_i\nd=9655 http://www.ocert.org/advisories/ocert-2008-008.html NOTE: A\ncoordinated release with 3rd-party repos was not possible, so this\nupdate may result in dependency issues with currently-installed\nxine-lib-extras-* rpms. This temporary problem will be rectified asap.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?release_id=619869&group_id=9655\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d83ed04\"\n );\n # http://www.ocert.org/advisories/ocert-2008-008.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://ocert.org/advisories/ocert-2008-008.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=456057\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/013705.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4db7ea1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"xine-lib-1.1.15-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:26:38", "bulletinFamily": "scanner", "description": "This release fixes multiple bugs and security issues: - DoS via\ncorrupted Ogg files (CVE-2008-3231) - multiple possible buffer\noverflows detailed in oCERT-2008-008 For more details, see:\nhttp://sourceforge.net/project/shownotes.php?release_id=619869&group_i\nd=9655 http://www.ocert.org/advisories/ocert-2008-008.html NOTE: A\ncoordinated release with 3rd-party repos was not possible, so this\nupdate may result in dependency issues with currently-installed\nxine-lib-extras-* rpms. This temporary problem will be rectified asap.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2008-7512.NASL", "href": "https://www.tenable.com/plugins/nessus/34133", "published": "2008-09-10T00:00:00", "title": "Fedora 9 : xine-lib-1.1.15-1.fc9 (2008-7512)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-7512.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34133);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:28\");\n\n script_cve_id(\"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5238\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5242\", \"CVE-2008-5243\", \"CVE-2008-5247\");\n script_bugtraq_id(30698, 30699, 30797);\n script_xref(name:\"FEDORA\", value:\"2008-7512\");\n\n script_name(english:\"Fedora 9 : xine-lib-1.1.15-1.fc9 (2008-7512)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release fixes multiple bugs and security issues: - DoS via\ncorrupted Ogg files (CVE-2008-3231) - multiple possible buffer\noverflows detailed in oCERT-2008-008 For more details, see:\nhttp://sourceforge.net/project/shownotes.php?release_id=619869&group_i\nd=9655 http://www.ocert.org/advisories/ocert-2008-008.html NOTE: A\ncoordinated release with 3rd-party repos was not possible, so this\nupdate may result in dependency issues with currently-installed\nxine-lib-extras-* rpms. This temporary problem will be rectified asap.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?release_id=619869&group_id=9655\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d83ed04\"\n );\n # http://www.ocert.org/advisories/ocert-2008-008.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://ocert.org/advisories/ocert-2008-008.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=456057\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/013916.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dd3c0751\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"xine-lib-1.1.15-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:30:13", "bulletinFamily": "scanner", "description": "This update of xine fixes multiple buffer overflows while parsing\nfiles :\n\n - CVE-2008-3231\n\n - CVE-2008-5233\n\n - CVE-2008-5234\n\n - CVE-2008-5235\n\n - CVE-2008-5236\n\n - CVE-2008-5237\n\n - CVE-2008-5238\n\n - CVE-2008-5239\n\n - CVE-2008-5240\n\n - CVE-2008-5241\n\n - CVE-2008-5242\n\n - CVE-2008-5243\n\n - CVE-2008-5244\n\n - CVE-2008-5245\n\n - CVE-2008-5246\n\n - CVE-2008-5247\n\n - These bugs can lead to remote code execution.\n (CVE-2008-5248)", "modified": "2019-11-02T00:00:00", "id": "SUSE_XINE-DEVEL-5965.NASL", "href": "https://www.tenable.com/plugins/nessus/51768", "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : xine (ZYPP Patch Number 5965)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51768);\n script_version (\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:37\");\n\n script_cve_id(\"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5235\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5238\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5242\", \"CVE-2008-5243\", \"CVE-2008-5244\", \"CVE-2008-5245\", \"CVE-2008-5246\", \"CVE-2008-5247\", \"CVE-2008-5248\");\n\n script_name(english:\"SuSE 10 Security Update : xine (ZYPP Patch Number 5965)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes multiple buffer overflows while parsing\nfiles :\n\n - CVE-2008-3231\n\n - CVE-2008-5233\n\n - CVE-2008-5234\n\n - CVE-2008-5235\n\n - CVE-2008-5236\n\n - CVE-2008-5237\n\n - CVE-2008-5238\n\n - CVE-2008-5239\n\n - CVE-2008-5240\n\n - CVE-2008-5241\n\n - CVE-2008-5242\n\n - CVE-2008-5243\n\n - CVE-2008-5244\n\n - CVE-2008-5245\n\n - CVE-2008-5246\n\n - CVE-2008-5247\n\n - These bugs can lead to remote code execution.\n (CVE-2008-5248)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3231.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5233.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5234.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5235.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5236.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5237.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5238.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5239.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5240.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5241.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5242.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5243.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5244.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5245.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5246.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5247.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5248.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5965.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"xine-devel-1.1.1-24.43\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"xine-lib-1.1.1-24.43\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.43\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:55:06", "bulletinFamily": "scanner", "description": "Vulnerabilities have been discovered and corrected in xine-lib :\n\nFailure on Ogg files manipulation can lead remote attackers to cause a\ndenial of service by using crafted files (CVE-2008-3231).\n\nFailure on manipulation of either MNG or Real or MOD files can lead\nremote attackers to cause a denial of service by using crafted files\n(CVE: CVE-2008-5233).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using Quicktime media files holding crafted metadata\n(CVE-2008-5234).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using either crafted Matroska or Real media files (CVE-2008-5236).\n\nFailure on manipulation of either MNG or Quicktime files can lead\nremote attackers to cause a denial of service by using crafted files\n(CVE-2008-5237).\n\nMultiple heap-based overflow on input plugins (http, net, smb, dvd,\ndvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to\nexecute arbitrary code by handling that input channels. Further this\nproblem can even lead attackers to cause denial of service\n(CVE-2008-5239).\n\nHeap-based overflow allows attackers to execute arbitrary code by\nusing crafted Matroska media files (MATROSKA_ID_TR_CODECPRIVATE track\nentry element). Further a failure on handling of Real media files\n(CONT_TAG header) can lead to a denial of service attack\n(CVE-2008-5240).\n\nInteger underflow allows remote attackers to cause denial of service\nby using Quicktime media files (CVE-2008-5241).\n\nFailure on manipulation of Real media files can lead remote attackers\nto cause a denial of service by indexing an allocated buffer with a\ncertain input value in a crafted file (CVE-2008-5243).\n\nVulnerabilities of unknown impact - possibly buffer overflow - caused\nby a condition of video frame preallocation before ascertaining the\nrequired length in V4L video input plugin (CVE-2008-5245).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using crafted media files. This vulnerability is in the\nmanipulation of ID3 audio file data tagging mainly used in MP3 file\nformats (CVE-2008-5246).\n\nInteger overflow in the qt_error parse_trak_atom function in\ndemuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote\nattackers to execute arbitrary code via a Quicktime movie file with a\nlarge count value in an STTS atom, which triggers a heap-based buffer\noverflow (CVE-2009-1274)\n\nInteger overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib\n1.1.16.1 allows remote attackers to cause a denial of service (crash)\nand possibly execute arbitrary code via a 4X movie file with a large\ncurrent_track value, a similar issue to CVE-2009-0385 (CVE-2009-0698)\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\n\nThis update fixes these issues.", "modified": "2019-11-02T00:00:00", "id": "MANDRIVA_MDVSA-2009-319.NASL", "href": "https://www.tenable.com/plugins/nessus/43022", "published": "2009-12-07T00:00:00", "title": "Mandriva Linux Security Advisory : xine-lib (MDVSA-2009:319)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:319. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43022);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:52\");\n\n script_cve_id(\n \"CVE-2008-3231\",\n \"CVE-2008-5233\",\n \"CVE-2008-5234\",\n \"CVE-2008-5236\",\n \"CVE-2008-5237\",\n \"CVE-2008-5239\",\n \"CVE-2008-5240\",\n \"CVE-2008-5241\",\n \"CVE-2008-5243\",\n \"CVE-2008-5245\",\n \"CVE-2008-5246\",\n \"CVE-2009-0698\",\n \"CVE-2009-1274\"\n );\n script_bugtraq_id(\n 30698,\n 30699,\n 30797,\n 33502,\n 34384\n );\n script_xref(name:\"MDVSA\", value:\"2009:319\");\n\n script_name(english:\"Mandriva Linux Security Advisory : xine-lib (MDVSA-2009:319)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerabilities have been discovered and corrected in xine-lib :\n\nFailure on Ogg files manipulation can lead remote attackers to cause a\ndenial of service by using crafted files (CVE-2008-3231).\n\nFailure on manipulation of either MNG or Real or MOD files can lead\nremote attackers to cause a denial of service by using crafted files\n(CVE: CVE-2008-5233).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using Quicktime media files holding crafted metadata\n(CVE-2008-5234).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using either crafted Matroska or Real media files (CVE-2008-5236).\n\nFailure on manipulation of either MNG or Quicktime files can lead\nremote attackers to cause a denial of service by using crafted files\n(CVE-2008-5237).\n\nMultiple heap-based overflow on input plugins (http, net, smb, dvd,\ndvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to\nexecute arbitrary code by handling that input channels. Further this\nproblem can even lead attackers to cause denial of service\n(CVE-2008-5239).\n\nHeap-based overflow allows attackers to execute arbitrary code by\nusing crafted Matroska media files (MATROSKA_ID_TR_CODECPRIVATE track\nentry element). Further a failure on handling of Real media files\n(CONT_TAG header) can lead to a denial of service attack\n(CVE-2008-5240).\n\nInteger underflow allows remote attackers to cause denial of service\nby using Quicktime media files (CVE-2008-5241).\n\nFailure on manipulation of Real media files can lead remote attackers\nto cause a denial of service by indexing an allocated buffer with a\ncertain input value in a crafted file (CVE-2008-5243).\n\nVulnerabilities of unknown impact - possibly buffer overflow - caused\nby a condition of video frame preallocation before ascertaining the\nrequired length in V4L video input plugin (CVE-2008-5245).\n\nHeap-based overflow allows remote attackers to execute arbitrary code\nby using crafted media files. This vulnerability is in the\nmanipulation of ID3 audio file data tagging mainly used in MP3 file\nformats (CVE-2008-5246).\n\nInteger overflow in the qt_error parse_trak_atom function in\ndemuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote\nattackers to execute arbitrary code via a Quicktime movie file with a\nlarge count value in an STTS atom, which triggers a heap-based buffer\noverflow (CVE-2009-1274)\n\nInteger overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib\n1.1.16.1 allows remote attackers to cause a denial of service (crash)\nand possibly execute arbitrary code via a 4X movie file with a large\ncurrent_track value, a similar issue to CVE-2009-0385 (CVE-2009-0698)\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\n\nThis update fixes these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-caca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-dxr3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-smb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine-devel-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine-devel-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine1-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-aa-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-caca-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-dxr3-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-esd-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-flac-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-gnomevfs-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-image-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-jack-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-plugins-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-pulse-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-sdl-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-smb-1.1.8-4.8mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:40:20", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201006-04\n(xine-lib: User-assisted execution of arbitrary code)\n\n Multiple vulnerabilities have been reported in xine-lib. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to play a specially crafted video\n file or stream with a player using xine-lib, potentially resulting in\n the execution of arbitrary code with the privileges of the user running\n the application.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-201006-04.NASL", "href": "https://www.tenable.com/plugins/nessus/46771", "published": "2010-06-02T00:00:00", "title": "GLSA-201006-04 : xine-lib: User-assisted execution of arbitrary code", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201006-04.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46771);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/08/02 13:32:45\");\n\n script_cve_id(\"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5235\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5238\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5242\", \"CVE-2008-5243\", \"CVE-2008-5244\", \"CVE-2008-5245\", \"CVE-2008-5246\", \"CVE-2008-5247\", \"CVE-2008-5248\", \"CVE-2009-0698\", \"CVE-2009-1274\");\n script_bugtraq_id(30698, 30699, 30797, 33502, 34384);\n script_xref(name:\"GLSA\", value:\"201006-04\");\n\n script_name(english:\"GLSA-201006-04 : xine-lib: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201006-04\n(xine-lib: User-assisted execution of arbitrary code)\n\n Multiple vulnerabilities have been reported in xine-lib. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to play a specially crafted video\n file or stream with a player using xine-lib, potentially resulting in\n the execution of arbitrary code with the privileges of the user running\n the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201006-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All xine-lib users should upgrade to an unaffected version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.16.3'\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since April 10, 2009. It is likely that your system is\n already no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/xine-lib\", unaffected:make_list(\"ge 1.1.16.3\"), vulnerable:make_list(\"lt 1.1.16.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:38:17", "bulletinFamily": "scanner", "description": "It was discovered that xine-lib did not correctly handle certain\nmalformed Ogg and Windows Media files. If a user or automated system\nwere tricked into opening a specially crafted Ogg or Windows Media\nfile, an attacker could cause xine-lib to crash, creating a denial of\nservice. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04\nLTS. (CVE-2008-3231)\n\nIt was discovered that the MNG, MOD, and Real demuxers in xine-lib did\nnot correctly handle memory allocation failures. If a user or\nautomated system were tricked into opening a specially crafted MNG,\nMOD, or Real file, an attacker could crash xine-lib or possibly\nexecute arbitrary code with the privileges of the user invoking the\nprogram. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04\nLTS. (CVE-2008-5233)\n\nIt was discovered that the QT demuxer in xine-lib did not correctly\nhandle an invalid metadata atom size, resulting in a heap-based buffer\noverflow. If a user or automated system were tricked into opening a\nspecially crafted MOV file, an attacker could execute arbitrary code\nas the user invoking the program. (CVE-2008-5234, CVE-2008-5242)\n\nIt was discovered that the Real, RealAudio, and Matroska demuxers in\nxine-lib did not correctly handle malformed files, resulting in\nheap-based buffer overflows. If a user or automated system were\ntricked into opening a specially crafted Real, RealAudio, or Matroska\nfile, an attacker could execute arbitrary code as the user invoking\nthe program. (CVE-2008-5236)\n\nIt was discovered that the MNG and QT demuxers in xine-lib did not\ncorrectly handle malformed files, resulting in integer overflows. If a\nuser or automated system were tricked into opening a specially crafted\nMNG or MOV file, an attacker could execute arbitrary code as the user\ninvoking the program. (CVE-2008-5237)\n\nIt was discovered that the Matroska, MOD, Real, and Real Audio\ndemuxers in xine-lib did not correctly handle malformed files,\nresulting in integer overflows. If a user or automated system were\ntricked into opening a specially crafted Matroska, MOD, Real, or Real\nAudio file, an attacker could execute arbitrary code as the user\ninvoking the program. This issue only applied to Ubuntu 6.06 LTS,\n7.10, and 8.04 LTS. (CVE-2008-5238)\n\nIt was discovered that the input handlers in xine-lib did not\ncorrectly handle certain error codes, resulting in out-of-bounds reads\nand heap-based buffer overflows. If a user or automated system were\ntricked into opening a specially crafted file, stream, or URL, an\nattacker could execute arbitrary code as the user invoking the\nprogram. (CVE-2008-5239)\n\nIt was discovered that the Matroska and Real demuxers in xine-lib did\nnot correctly handle memory allocation failures. If a user or\nautomated system were tricked into opening a specially crafted\nMatroska or Real file, an attacker could crash xine-lib or possibly\nexecute arbitrary code with the privileges of the user invoking the\nprogram. (CVE-2008-5240)\n\nIt was discovered that the QT demuxer in xine-lib did not correctly\nhandle an invalid metadata atom size in a compressed MOV file,\nresulting in an integer underflow. If a user or automated system were\ntricked into opening a specially crafted MOV file, an attacker could\nan attacker could cause xine-lib to crash, creating a denial of\nservice. (CVE-2008-5241)\n\nIt was discovered that the Real demuxer in xine-lib did not correctly\nhandle certain malformed files. If a user or automated system were\ntricked into opening a specially crafted Real file, an attacker could\ncould cause xine-lib to crash, creating a denial of service.\n(CVE-2008-5243)\n\nIt was discovered that xine-lib did not correctly handle certain\nmalformed AAC files. If a user or automated system were tricked into\nopening a specially crafted AAC file, an attacker could could cause\nxine-lib to crash, creating a denial of service. This issue only\napplied to Ubuntu 7.10, and 8.04 LTS. (CVE-2008-5244)\n\nIt was discovered that the id3 tag handler in xine-lib did not\ncorrectly handle malformed tags, resulting in heap-based buffer\noverflows. If a user or automated system were tricked into opening a\nmedia file containing a specially crafted id3 tag, an attacker could\nexecute arbitrary code as the user invoking the program. This issue\nonly applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5246)\n\nIt was discovered that xine-lib did not correctly handle MP3 files\nwith metadata consisting only of separators. If a user or automated\nsystem were tricked into opening a specially crafted MP3 file, an\nattacker could could cause xine-lib to crash, creating a denial of\nservice. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04\nLTS. (CVE-2008-5248)\n\nIt was discovered that the Matroska demuxer in xine-lib did not\ncorrectly handle an invalid track type. If a user or automated system\nwere tricked into opening a specially crafted Matroska file, an\nattacker could could cause xine-lib to crash, creating a denial of\nservice.\n\nIt was discovered that the ffmpeg video decoder in xine-lib did not\ncorrectly handle media with certain image heights, resulting in a\nheap-based buffer overflow. If a user or automated system were tricked\ninto opening a specially crafted video file, an attacker could crash\nxine-lib or possibly execute arbitrary code with the privileges of the\nuser invoking the program. This issue only applied to Ubuntu 7.10,\n8.04 LTS, and 8.10.\n\nIt was discovered that the ffmpeg audio decoder in xine-lib did not\ncorrectly handle malformed media, resulting in a integer overflow. If\na user or automated system were tricked into opening a specially\ncrafted media file, an attacker could crash xine-lib or possibly\nexecute arbitrary code with the privileges of the user invoking the\nprogram. This issue only applied to Ubuntu 8.10.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-710-1.NASL", "href": "https://www.tenable.com/plugins/nessus/37469", "published": "2009-04-23T00:00:00", "title": "Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : xine-lib vulnerabilities (USN-710-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-710-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37469);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:33:02\");\n\n script_cve_id(\"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5238\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5242\", \"CVE-2008-5243\", \"CVE-2008-5244\", \"CVE-2008-5246\", \"CVE-2008-5248\");\n script_bugtraq_id(30698, 30699, 30797);\n script_xref(name:\"USN\", value:\"710-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : xine-lib vulnerabilities (USN-710-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that xine-lib did not correctly handle certain\nmalformed Ogg and Windows Media files. If a user or automated system\nwere tricked into opening a specially crafted Ogg or Windows Media\nfile, an attacker could cause xine-lib to crash, creating a denial of\nservice. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04\nLTS. (CVE-2008-3231)\n\nIt was discovered that the MNG, MOD, and Real demuxers in xine-lib did\nnot correctly handle memory allocation failures. If a user or\nautomated system were tricked into opening a specially crafted MNG,\nMOD, or Real file, an attacker could crash xine-lib or possibly\nexecute arbitrary code with the privileges of the user invoking the\nprogram. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04\nLTS. (CVE-2008-5233)\n\nIt was discovered that the QT demuxer in xine-lib did not correctly\nhandle an invalid metadata atom size, resulting in a heap-based buffer\noverflow. If a user or automated system were tricked into opening a\nspecially crafted MOV file, an attacker could execute arbitrary code\nas the user invoking the program. (CVE-2008-5234, CVE-2008-5242)\n\nIt was discovered that the Real, RealAudio, and Matroska demuxers in\nxine-lib did not correctly handle malformed files, resulting in\nheap-based buffer overflows. If a user or automated system were\ntricked into opening a specially crafted Real, RealAudio, or Matroska\nfile, an attacker could execute arbitrary code as the user invoking\nthe program. (CVE-2008-5236)\n\nIt was discovered that the MNG and QT demuxers in xine-lib did not\ncorrectly handle malformed files, resulting in integer overflows. If a\nuser or automated system were tricked into opening a specially crafted\nMNG or MOV file, an attacker could execute arbitrary code as the user\ninvoking the program. (CVE-2008-5237)\n\nIt was discovered that the Matroska, MOD, Real, and Real Audio\ndemuxers in xine-lib did not correctly handle malformed files,\nresulting in integer overflows. If a user or automated system were\ntricked into opening a specially crafted Matroska, MOD, Real, or Real\nAudio file, an attacker could execute arbitrary code as the user\ninvoking the program. This issue only applied to Ubuntu 6.06 LTS,\n7.10, and 8.04 LTS. (CVE-2008-5238)\n\nIt was discovered that the input handlers in xine-lib did not\ncorrectly handle certain error codes, resulting in out-of-bounds reads\nand heap-based buffer overflows. If a user or automated system were\ntricked into opening a specially crafted file, stream, or URL, an\nattacker could execute arbitrary code as the user invoking the\nprogram. (CVE-2008-5239)\n\nIt was discovered that the Matroska and Real demuxers in xine-lib did\nnot correctly handle memory allocation failures. If a user or\nautomated system were tricked into opening a specially crafted\nMatroska or Real file, an attacker could crash xine-lib or possibly\nexecute arbitrary code with the privileges of the user invoking the\nprogram. (CVE-2008-5240)\n\nIt was discovered that the QT demuxer in xine-lib did not correctly\nhandle an invalid metadata atom size in a compressed MOV file,\nresulting in an integer underflow. If a user or automated system were\ntricked into opening a specially crafted MOV file, an attacker could\nan attacker could cause xine-lib to crash, creating a denial of\nservice. (CVE-2008-5241)\n\nIt was discovered that the Real demuxer in xine-lib did not correctly\nhandle certain malformed files. If a user or automated system were\ntricked into opening a specially crafted Real file, an attacker could\ncould cause xine-lib to crash, creating a denial of service.\n(CVE-2008-5243)\n\nIt was discovered that xine-lib did not correctly handle certain\nmalformed AAC files. If a user or automated system were tricked into\nopening a specially crafted AAC file, an attacker could could cause\nxine-lib to crash, creating a denial of service. This issue only\napplied to Ubuntu 7.10, and 8.04 LTS. (CVE-2008-5244)\n\nIt was discovered that the id3 tag handler in xine-lib did not\ncorrectly handle malformed tags, resulting in heap-based buffer\noverflows. If a user or automated system were tricked into opening a\nmedia file containing a specially crafted id3 tag, an attacker could\nexecute arbitrary code as the user invoking the program. This issue\nonly applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5246)\n\nIt was discovered that xine-lib did not correctly handle MP3 files\nwith metadata consisting only of separators. If a user or automated\nsystem were tricked into opening a specially crafted MP3 file, an\nattacker could could cause xine-lib to crash, creating a denial of\nservice. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04\nLTS. (CVE-2008-5248)\n\nIt was discovered that the Matroska demuxer in xine-lib did not\ncorrectly handle an invalid track type. If a user or automated system\nwere tricked into opening a specially crafted Matroska file, an\nattacker could could cause xine-lib to crash, creating a denial of\nservice.\n\nIt was discovered that the ffmpeg video decoder in xine-lib did not\ncorrectly handle media with certain image heights, resulting in a\nheap-based buffer overflow. If a user or automated system were tricked\ninto opening a specially crafted video file, an attacker could crash\nxine-lib or possibly execute arbitrary code with the privileges of the\nuser invoking the program. This issue only applied to Ubuntu 7.10,\n8.04 LTS, and 8.10.\n\nIt was discovered that the ffmpeg audio decoder in xine-lib did not\ncorrectly handle malformed media, resulting in a integer overflow. If\na user or automated system were tricked into opening a specially\ncrafted media file, an attacker could crash xine-lib or possibly\nexecute arbitrary code with the privileges of the user invoking the\nprogram. This issue only applied to Ubuntu 8.10.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/710-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine-main1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-all-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-misc-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1-x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.10|8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.10 / 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libxine-dev\", pkgver:\"1.1.1+ubuntu2-7.10\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libxine-main1\", pkgver:\"1.1.1+ubuntu2-7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libxine-dev\", pkgver:\"1.1.7-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libxine1\", pkgver:\"1.1.7-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libxine1-console\", pkgver:\"1.1.7-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libxine1-dbg\", pkgver:\"1.1.7-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libxine1-doc\", pkgver:\"1.1.7-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libxine1-ffmpeg\", pkgver:\"1.1.7-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libxine1-gnome\", pkgver:\"1.1.7-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libxine1-plugins\", pkgver:\"1.1.7-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine-dev\", pkgver:\"1.1.11.1-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1\", pkgver:\"1.1.11.1-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-all-plugins\", pkgver:\"1.1.11.1-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-bin\", pkgver:\"1.1.11.1-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-console\", pkgver:\"1.1.11.1-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-dbg\", pkgver:\"1.1.11.1-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-doc\", pkgver:\"1.1.11.1-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-ffmpeg\", pkgver:\"1.1.11.1-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-gnome\", pkgver:\"1.1.11.1-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-misc-plugins\", pkgver:\"1.1.11.1-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-plugins\", pkgver:\"1.1.11.1-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxine1-x\", pkgver:\"1.1.11.1-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine-dev\", pkgver:\"1.1.15-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1\", pkgver:\"1.1.15-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-all-plugins\", pkgver:\"1.1.15-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-bin\", pkgver:\"1.1.15-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-console\", pkgver:\"1.1.15-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-dbg\", pkgver:\"1.1.15-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-doc\", pkgver:\"1.1.15-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-ffmpeg\", pkgver:\"1.1.15-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-gnome\", pkgver:\"1.1.15-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-misc-plugins\", pkgver:\"1.1.15-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-plugins\", pkgver:\"1.1.15-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libxine1-x\", pkgver:\"1.1.15-0ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxine-dev / libxine-main1 / libxine1 / libxine1-all-plugins / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:30:13", "bulletinFamily": "scanner", "description": "This update of xine fixes multiple buffer overflows while parsing\nfiles :\n\n - CVE-2008-3231\n\n - CVE-2008-5233\n\n - CVE-2008-5234\n\n - CVE-2008-5235\n\n - CVE-2008-5236\n\n - CVE-2008-5237\n\n - CVE-2008-5238\n\n - CVE-2008-5239\n\n - CVE-2008-5240\n\n - CVE-2008-5241\n\n - CVE-2008-5242\n\n - CVE-2008-5243\n\n - CVE-2008-5244\n\n - CVE-2008-5245\n\n - CVE-2008-5246\n\n - CVE-2008-5247\n\n - CVE-2008-5248 These bugs can lead to remote code\n execution.", "modified": "2019-11-02T00:00:00", "id": "SUSE_XINE-DEVEL-5966.NASL", "href": "https://www.tenable.com/plugins/nessus/35599", "published": "2009-02-05T00:00:00", "title": "openSUSE 10 Security Update : xine-devel (xine-devel-5966)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xine-devel-5966.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35599);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:37\");\n\n script_cve_id(\"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5235\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5238\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5242\", \"CVE-2008-5243\", \"CVE-2008-5244\", \"CVE-2008-5245\", \"CVE-2008-5246\", \"CVE-2008-5247\", \"CVE-2008-5248\");\n\n script_name(english:\"openSUSE 10 Security Update : xine-devel (xine-devel-5966)\");\n script_summary(english:\"Check for the xine-devel-5966 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes multiple buffer overflows while parsing\nfiles :\n\n - CVE-2008-3231\n\n - CVE-2008-5233\n\n - CVE-2008-5234\n\n - CVE-2008-5235\n\n - CVE-2008-5236\n\n - CVE-2008-5237\n\n - CVE-2008-5238\n\n - CVE-2008-5239\n\n - CVE-2008-5240\n\n - CVE-2008-5241\n\n - CVE-2008-5242\n\n - CVE-2008-5243\n\n - CVE-2008-5244\n\n - CVE-2008-5245\n\n - CVE-2008-5246\n\n - CVE-2008-5247\n\n - CVE-2008-5248 These bugs can lead to remote code\n execution.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"xine-devel-1.1.8-14.11\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"xine-extra-1.1.8-14.11\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"xine-lib-1.1.8-14.11\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.8-14.11\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:17:25", "bulletinFamily": "scanner", "description": "This update of xine fixes multiple buffer overflows while parsing\nfiles :\n\n - CVE-2008-3231\n\n - CVE-2008-5233\n\n - CVE-2008-5234\n\n - CVE-2008-5235\n\n - CVE-2008-5236\n\n - CVE-2008-5237\n\n - CVE-2008-5238\n\n - CVE-2008-5239\n\n - CVE-2008-5240\n\n - CVE-2008-5241\n\n - CVE-2008-5242\n\n - CVE-2008-5243\n\n - CVE-2008-5244\n\n - CVE-2008-5245\n\n - CVE-2008-5246\n\n - CVE-2008-5247\n\n - CVE-2008-5248 These bugs can lead to remote code\n execution.", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_0_XINE-DEVEL-090129.NASL", "href": "https://www.tenable.com/plugins/nessus/40156", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : xine-devel (xine-devel-483)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xine-devel-483.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40156);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/25 13:36:34\");\n\n script_cve_id(\"CVE-2008-3231\", \"CVE-2008-5233\", \"CVE-2008-5234\", \"CVE-2008-5235\", \"CVE-2008-5236\", \"CVE-2008-5237\", \"CVE-2008-5238\", \"CVE-2008-5239\", \"CVE-2008-5240\", \"CVE-2008-5241\", \"CVE-2008-5242\", \"CVE-2008-5243\", \"CVE-2008-5244\", \"CVE-2008-5245\", \"CVE-2008-5246\", \"CVE-2008-5247\", \"CVE-2008-5248\");\n\n script_name(english:\"openSUSE Security Update : xine-devel (xine-devel-483)\");\n script_summary(english:\"Check for the xine-devel-483 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes multiple buffer overflows while parsing\nfiles :\n\n - CVE-2008-3231\n\n - CVE-2008-5233\n\n - CVE-2008-5234\n\n - CVE-2008-5235\n\n - CVE-2008-5236\n\n - CVE-2008-5237\n\n - CVE-2008-5238\n\n - CVE-2008-5239\n\n - CVE-2008-5240\n\n - CVE-2008-5241\n\n - CVE-2008-5242\n\n - CVE-2008-5243\n\n - CVE-2008-5244\n\n - CVE-2008-5245\n\n - CVE-2008-5246\n\n - CVE-2008-5247\n\n - CVE-2008-5248 These bugs can lead to remote code\n execution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=417929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=419541\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-devel-1.1.12-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-extra-1.1.12-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xine-lib-1.1.12-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.12-8.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:57", "bulletinFamily": "unix", "description": "### Background\n\nxine-lib is the core library package for the xine media player, and other players such as Amarok, Codeine/Dragon Player and Kaffeine. \n\n### Description\n\nMultiple vulnerabilities have been reported in xine-lib. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to play a specially crafted video file or stream with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll xine-lib users should upgrade to an unaffected version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/xine-lib-1.1.16.3\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since April 10, 2009. It is likely that your system is already no longer affected by this issue.", "modified": "2010-06-01T00:00:00", "published": "2010-06-01T00:00:00", "id": "GLSA-201006-04", "href": "https://security.gentoo.org/glsa/201006-04", "type": "gentoo", "title": "xine-lib: User-assisted execution of arbitrary code", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:34", "bulletinFamily": "unix", "description": "It was discovered that xine-lib did not correctly handle certain malformed Ogg and Windows Media files. If a user or automated system were tricked into opening a specially crafted Ogg or Windows Media file, an attacker could cause xine-lib to crash, creating a denial of service. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-3231)\n\nIt was discovered that the MNG, MOD, and Real demuxers in xine-lib did not correctly handle memory allocation failures. If a user or automated system were tricked into opening a specially crafted MNG, MOD, or Real file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5233)\n\nIt was discovered that the QT demuxer in xine-lib did not correctly handle an invalid metadata atom size, resulting in a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted MOV file, an attacker could execute arbitrary code as the user invoking the program. (CVE-2008-5234, CVE-2008-5242)\n\nIt was discovered that the Real, RealAudio, and Matroska demuxers in xine-lib did not correctly handle malformed files, resulting in heap-based buffer overflows. If a user or automated system were tricked into opening a specially crafted Real, RealAudio, or Matroska file, an attacker could execute arbitrary code as the user invoking the program. (CVE-2008-5236)\n\nIt was discovered that the MNG and QT demuxers in xine-lib did not correctly handle malformed files, resulting in integer overflows. If a user or automated system were tricked into opening a specially crafted MNG or MOV file, an attacker could execute arbitrary code as the user invoking the program. (CVE-2008-5237)\n\nIt was discovered that the Matroska, MOD, Real, and Real Audio demuxers in xine-lib did not correctly handle malformed files, resulting in integer overflows. If a user or automated system were tricked into opening a specially crafted Matroska, MOD, Real, or Real Audio file, an attacker could execute arbitrary code as the user invoking the program. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5238)\n\nIt was discovered that the input handlers in xine-lib did not correctly handle certain error codes, resulting in out-of-bounds reads and heap-based buffer overflows. If a user or automated system were tricked into opening a specially crafted file, stream, or URL, an attacker could execute arbitrary code as the user invoking the program. (CVE-2008-5239)\n\nIt was discovered that the Matroska and Real demuxers in xine-lib did not correctly handle memory allocation failures. If a user or automated system were tricked into opening a specially crafted Matroska or Real file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-5240)\n\nIt was discovered that the QT demuxer in xine-lib did not correctly handle an invalid metadata atom size in a compressed MOV file, resulting in an integer underflow. If a user or automated system were tricked into opening a specially crafted MOV file, an attacker could an attacker could cause xine-lib to crash, creating a denial of service. (CVE-2008-5241)\n\nIt was discovered that the Real demuxer in xine-lib did not correctly handle certain malformed files. If a user or automated system were tricked into opening a specially crafted Real file, an attacker could could cause xine-lib to crash, creating a denial of service. (CVE-2008-5243)\n\nIt was discovered that xine-lib did not correctly handle certain malformed AAC files. If a user or automated system were tricked into opening a specially crafted AAC file, an attacker could could cause xine-lib to crash, creating a denial of service. This issue only applied to Ubuntu 7.10, and 8.04 LTS. (CVE-2008-5244)\n\nIt was discovered that the id3 tag handler in xine-lib did not correctly handle malformed tags, resulting in heap-based buffer overflows. If a user or automated system were tricked into opening a media file containing a specially crafted id3 tag, an attacker could execute arbitrary code as the user invoking the program. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5246)\n\nIt was discovered that xine-lib did not correctly handle MP3 files with metadata consisting only of separators. If a user or automated system were tricked into opening a specially crafted MP3 file, an attacker could could cause xine-lib to crash, creating a denial of service. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5248)\n\nIt was discovered that the Matroska demuxer in xine-lib did not correctly handle an invalid track type. If a user or automated system were tricked into opening a specially crafted Matroska file, an attacker could could cause xine-lib to crash, creating a denial of service.\n\nIt was discovered that the ffmpeg video decoder in xine-lib did not correctly handle media with certain image heights, resulting in a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted video file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only applied to Ubuntu 7.10, 8.04 LTS, and 8.10.\n\nIt was discovered that the ffmpeg audio decoder in xine-lib did not correctly handle malformed media, resulting in a integer overflow. If a user or automated system were tricked into opening a specially crafted media file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only applied to Ubuntu 8.10.", "modified": "2009-01-26T00:00:00", "published": "2009-01-26T00:00:00", "id": "USN-710-1", "href": "https://usn.ubuntu.com/710-1/", "title": "xine-lib vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
