[Secure-testing-commits] r3404 - in data: . CVE DSA

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2006-02-01 09:39:31 +0000 (Wed, 01 Feb 2006)
New Revision: 3404

Modified:
   data/CVE/list
   data/DSA/list
   data/embedded-code-copies
Log:
new pdfkit.framework DSA


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-02-01 09:14:22 UTC (rev 3403)
+++ data/CVE/list	2006-02-01 09:39:31 UTC (rev 3404)
@@ -3495,6 +3495,7 @@
 	- xpdf 3.01-4
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
+	- pdfkit.framework <unfixed>
 CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...)
 	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
 	- poppler 0.4.4-1 (bug #346076)
@@ -3504,6 +3505,7 @@
 	- xpdf 3.01-4
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
+	- pdfkit.framework <unfixed>
 CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
 	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
 	- poppler 0.4.3-2
@@ -3512,6 +3514,7 @@
 	- gpdf 2.10.0-2 (bug #342286)
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
+	- pdfkit.framework <unfixed>
 CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
 	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
 	- poppler 0.4.4-1 (bug #346076)
@@ -3521,6 +3524,7 @@
 	- gpdf 2.10.0-2 (bug #342286)
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
+	- pdfkit.framework <unfixed>
 CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, ...)
 	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
 	- poppler 0.4.4-1 (bug #346076)
@@ -3530,6 +3534,7 @@
 	- xpdf 3.01-4
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
+	- pdfkit.framework <unfixed>
 CVE-2005-3623 [Incorrect ACLs only read-only NFS shares]
 	RESERVED
 	[sarge] - kernel-source-2.6.8 <not-affected> (Does not contain NFS ACLs)
@@ -4977,6 +4982,7 @@
 	- koffice <not-affected> (Vulnerable xpdf code not contained)
 	- libextractor 0.5.8-1 (medium)
 	- cupsys 1.1.23-13 (unimportant)
+	- pdfkit.framework <unfixed>
 CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpdf ...)
 	{DSA-950-1 DSA-940-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
 	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
@@ -4990,6 +4996,7 @@
 	- koffice 1:1.4.2-5 (bug #342294; medium)
 	- libextractor 0.5.8-1 (medium)
 	- cupsys 1.1.23-13 (unimportant)
+	- pdfkit.framework <unfixed>
 CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) ...)
 	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
 	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
@@ -4997,6 +5004,7 @@
 	- pdftohtml <unfixed> (bug #342289; medium)
 	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
 	NOTE: Previous kdegraphics fix was incomplete
+	- pdfkit.framework <unfixed>
 	- poppler 0.4.2-1.1 (bug #342288; medium)
 	- tetex-bin 3.0-11 (bug #342292; medium)
 	- koffice 1:1.4.2-5 (bug #342294; medium)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-02-01 09:14:22 UTC (rev 3403)
+++ data/DSA/list	2006-02-01 09:39:31 UTC (rev 3404)
@@ -1,3 +1,7 @@
+[01 Feb 2006] DSA-961-1 pdfkit.framework - buffer overflows
+	{CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
+	[sarge] - pdfkit.framework 0.8-2sarge1
+	NOTE: not fixed in testing at time of DSA (unfixed in sid)
 [31 Jan 2006] DSA-960-2 libmail-audit-perl - insecure temporary file creation
 	{CVE-2005-4536}
 	[sarge] - libmail-audit-perl 2.1-5sarge2

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2006-02-01 09:14:22 UTC (rev 3403)
+++ data/embedded-code-copies	2006-02-01 09:39:31 UTC (rev 3404)
@@ -11,8 +11,8 @@
 poppler
 koffice
 libextractor
+pdfkit.framework
 
-
 zlib code: (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
 dpkg
 rsync (somehow derived code base)