[Secure-testing-commits] r3446 - in data: . CVE

Wed Feb 8 11:52:54 UTC 2006

Author: jmm-guest
Date: 2006-02-08 11:52:48 +0000 (Wed, 08 Feb 2006)
New Revision: 3446

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
yeah, another xpdf copy gone


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-02-08 10:41:15 UTC (rev 3445)
+++ data/CVE/list	2006-02-08 11:52:48 UTC (rev 3446)
@@ -734,7 +734,7 @@
 	- xpdf 3.01-6 (bug #350785; bug #350783; medium)
 	- koffice <unfixed>
 	- libextractor <unfixed>
-	- pdfkit.framework <unfixed>
+	- pdfkit.framework 0.8-4
 CVE-2006-0300
 	RESERVED
 CVE-2006-0299 (The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird ...)
@@ -3883,7 +3883,7 @@
 	- xpdf 3.01-4
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
-	- pdfkit.framework <unfixed>
+	- pdfkit.framework 0.8-4
 	- pdftohtml <unfixed>
 CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...)
 	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
@@ -3894,7 +3894,7 @@
 	- xpdf 3.01-4
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
-	- pdfkit.framework <unfixed>
+	- pdfkit.framework 0.8-4
 	- pdftohtml <unfixed>
 CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
 	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
@@ -3904,7 +3904,7 @@
 	- gpdf 2.10.0-2 (bug #342286)
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
-	- pdfkit.framework <unfixed>
+	- pdfkit.framework 0.8-4
 	- pdftohtml <unfixed>
 CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
 	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
@@ -3915,7 +3915,7 @@
 	- gpdf 2.10.0-2 (bug #342286)
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
-	- pdfkit.framework <unfixed>
+	- pdfkit.framework 0.8-4
 	- pdftohtml <unfixed>
 CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, ...)
 	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
@@ -3926,7 +3926,7 @@
 	- xpdf 3.01-4
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
-	- pdfkit.framework <unfixed>
+	- pdfkit.framework 0.8-4
 	- pdftohtml <unfixed>
 CVE-2005-3623 [Incorrect ACLs only read-only NFS shares]
 	RESERVED
@@ -5375,7 +5375,7 @@
 	- koffice <not-affected> (Vulnerable xpdf code not contained)
 	- libextractor 0.5.8-1 (medium)
 	- cupsys 1.1.23-13 (unimportant)
-	- pdfkit.framework <unfixed>
+	- pdfkit.framework 0.8-4
 CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpdf ...)
 	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
 	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
@@ -5389,7 +5389,7 @@
 	- koffice 1:1.4.2-5 (bug #342294; medium)
 	- libextractor 0.5.8-1 (medium)
 	- cupsys 1.1.23-13 (unimportant)
-	- pdfkit.framework <unfixed>
+	- pdfkit.framework 0.8-4
 CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) ...)
 	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
 	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
@@ -5397,7 +5397,7 @@
 	- pdftohtml <unfixed> (bug #342289; medium)
 	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
 	NOTE: Previous kdegraphics fix was incomplete
-	- pdfkit.framework <unfixed>
+	- pdfkit.framework 0.8-4
 	- poppler 0.4.2-1.1 (bug #342288; medium)
 	- tetex-bin 3.0-11 (bug #342292; medium)
 	- koffice 1:1.4.2-5 (bug #342294; medium)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2006-02-08 10:41:15 UTC (rev 3445)
+++ data/embedded-code-copies	2006-02-08 11:52:48 UTC (rev 3446)
@@ -11,7 +11,7 @@
 poppler
 koffice
 libextractor
-pdfkit.framework
+pdfkit.framework (links to poppler since 0.8-4)
 
 zlib code: (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
 dpkg


