[Secure-testing-commits] r3465 - data/CVE

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2006-02-13 08:56:50 +0000 (Mon, 13 Feb 2006)
New Revision: 3465

Modified:
   data/CVE/list
Log:
poppler and libast fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-02-13 08:21:23 UTC (rev 3464)
+++ data/CVE/list	2006-02-13 08:56:50 UTC (rev 3465)
@@ -847,14 +847,14 @@
 CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 ...)
 	NOT-FOR-US: ZyXel hardware
 CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf, as used in other ...)
-	- poppler <unfixed>
-	- tetex-bin 3.0-12
-	- kdegraphics 4:3.5.1-2
-	- gpdf <unfixed>
+	- poppler 0.4.5-1 (medium)
+	- tetex-bin 3.0-12 (medium)
+	- kdegraphics 4:3.5.1-2 (medium)
+	- gpdf <unfixed> (medium)
 	- xpdf 3.01-6 (bug #350785; bug #350783; medium)
-	- koffice <unfixed>
-	- libextractor <unfixed>
-	- pdfkit.framework 0.8-4
+	- koffice <unfixed> (medium)
+	- libextractor <unfixed> (medium)
+	- pdfkit.framework 0.8-4 (medium)
 CVE-2006-0300
 	RESERVED
 CVE-2006-0299 (The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird ...)
@@ -1032,7 +1032,7 @@
 CVE-2006-0225 (scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands ...)
 	- openssh <unfixed> (low; bug #349645; bug #352254)
 CVE-2006-0224 (Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 ...)
-	TODO: check
+	- libast 0.7-1
 CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier ...)
 	NOT-FOR-US: PunBB
 CVE-2006-0223 (Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat ...)