[Secure-testing-commits] r3148 - data/CVE

Florian Weimer fw at costa.debian.org
Sat Dec 24 10:49:02 UTC 2005 

Author: fw
Date: 2005-12-24 10:48:57 +0000 (Sat, 24 Dec 2005)
New Revision: 3148

Modified:
   data/CVE/list
Log:
CVE-2004-0888, CVE-2005-0064: record version of switch to wrapper
CVE-2005-2693: record version of cvsbug removal


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-24 09:37:23 UTC (rev 3147)
+++ data/CVE/list	2005-12-24 10:48:57 UTC (rev 3148)
@@ -4871,8 +4871,9 @@
 	- tleds 1.05beta10-9 (bug #276789; low)
 CVE-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, ...)
 	{DSA-806-1 DSA-802-1}
-	NOTE: cvs: not shipped in binary package
-	- cvs 1:1.12.9-15 (bug #325106; unimportant)
+	NOTE: cvsbug was removed from the cvs binary package in 1:1.11.5-4.
+	NOTE: The copy in the cvs source package was fixed in 1:1.12.9-15.
+	- cvs 1:1.11.5-4 (bug #325106; low)
 	- gcvs 1.0final-8 (bug #324969; low)
 CVE-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow ...)
 	NOT-FOR-US: RunCMS
@@ -15085,8 +15086,10 @@
 	- pdftohtml 0.36-11
 	- kdegraphics 4:3.3.2-2
 	- tetex-bin 2.0.2-26
-	NOTE: only affects source package, not used in binary
-	- cupsys 1.1.23-13 (bug #324459; unimportant)
+	- cupsys 1.1.22-6 (bug #324459)
+	NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
+	NOTE: In version 1.1.23-13, the dormant code in the source
+	NOTE: package was fixed.
 CVE-2005-0063 (The document processing application used by the Windows Shell in ...)
 	NOT-FOR-US: Microsoft
 CVE-2005-0062
@@ -16431,13 +16434,15 @@
 CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...)
 	{DSA-599-1 DSA-581-1 DSA-573-1}
 	- koffice 1:1.3.4-1
-	NOTE: only affects cupsys source package, not used in binary
-	- cupsys 1.1.20final+rc1-10 (bug #324460; unimportant)
 	- tetex-bin 2.0.2-23
 	- xpdf 3.00-9
 	- kpdf 4:3.3.1-1 (bug #278173)
 	- gpdf 2.8.0-1
 	- kfax 4:3.3.1-1 (bug #280373)
+	- cupsys 1.1.22-6 (bug #324460)
+	NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
+	NOTE: In version 1.1.20final+rc1-10, the dormant code in the source
+	NOTE: package was fixed.
 CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
 	TODO: Check, when this was fixed

More information about the Secure-testing-commits mailing list