[Secure-testing-commits] r2962 - in data: . CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Tue Dec 6 23:39:28 UTC 2005 

Author: jmm-guest
Date: 2005-12-06 23:39:19 +0000 (Tue, 06 Dec 2005)
New Revision: 2962

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
track koffice copy of xpdf code
xpdf fixed (info from changelog is wrong)
minor kernel update
xpdf bugnums


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-06 22:22:51 UTC (rev 2961)
+++ data/CVE/list	2005-12-06 23:39:19 UTC (rev 2962)
@@ -2491,7 +2491,7 @@
 	NOT-FOR-US: ALZip
 CVE-2005-3193 [xpdf jpx stream reader heap overflow]
 	RESERVED
-	- xpdf <unfixed> (bug #342281; medium)
+	- xpdf 3.01-3 (bug #342281; medium)
 	- gpdf <unfixed> (bug #342286; medium)
 	- pdftohtml <not-affected> (Vulnerable xpdf code not contained)
 	- kdegraphics <unfixed> (bug #342287; medium)
@@ -2500,22 +2500,22 @@
 	- koffice <not-affected> (Vulnerable xpdf code not contained)
 CVE-2005-3192 [xpdf stream predictor heap overflow]
 	RESERVED
-	- xpdf <unfixed> (bug #342281; medium)
+	- xpdf 3.01-3 (bug #342281; medium)
 	- gpdf <unfixed> (bug #342286; medium)
-	- pdftohtml <unfixed> (bug filed; medium)
+	- pdftohtml <unfixed> (bug #342289; medium)
 	- kdegraphics <unfixed> (bug #342287; medium)
 	- poppler <unfixed> (bug #34228; medium)
 	- tetex-bin <unfixed> (bug filed; medium)
-	- koffice <unfixed> (bug filed; medium)
+	- koffice <unfixed> (bug #342294; medium)
 CVE-2005-3191 [xpdf dctstream heap overflow]
 	RESERVED
-	- xpdf <unfixed> (bug #342281; medium)
+	- xpdf 3.01-3 (bug #342281; medium)
 	- gpdf <unfixed> (bug #342286; medium)
-	- pdftohtml <unfixed> (bug filed; medium)
+	- pdftohtml <unfixed> (bug #342289; medium)
 	- kdegraphics <unfixed> (bug #342287; medium)
 	- poppler <unfixed> (bug #34228; medium)
 	- tetex-bin <unfixed> (bug filed; medium)
-	- koffice <unfixed> (bug filed; medium)
+	- koffice <unfixed> (bug #342294; medium)
 CVE-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 ...)
 	NOT-FOR-US: iGateway
 CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP Server ...)
@@ -21041,6 +21041,7 @@
 	NOT-FOR-US: redhat 8.0 only
 CVE-2003-0018 (Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the ...)
 	{DSA-423 DSA-358}
+	- linux-2.6 <not-affected> (Fixed before upload into archive; in 2.5.27)
 	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; in 2.4.21)
 CVE-2003-0017 (Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers ...)
 	NOT-FOR-US: apache on windows

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2005-12-06 22:22:51 UTC (rev 2961)
+++ data/embedded-code-copies	2005-12-06 23:39:19 UTC (rev 2962)
@@ -8,6 +8,7 @@
 tetex-bin
 cupsys (only older releases, recent ones use xpdf-utils, it's still present in the src, though)
 poppler
+koffice
 
 zlib code: (separate between 1.2 and 1.1)
 dpkg

More information about the Secure-testing-commits mailing list