[Secure-testing-commits] r3240 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Fri Jan 6 12:43:35 UTC 2006
Author: jmm-guest
Date: 2006-01-06 12:43:30 +0000 (Fri, 06 Jan 2006)
New Revision: 3240
Modified:
data/CVE/list
Log:
four more security problems in xpdf code, as usual applies
to eight source packages. For etch we need to port as many
packages as possible to use the poppler lib, Ubuntu has
some patches as mpitt told me. If someone has some time
available please dig up the patches and contact the respective
maintainers.
Maybe we can even link xpdf itself against poppler :-)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-06 10:39:57 UTC (rev 3239)
+++ data/CVE/list 2006-01-06 12:43:30 UTC (rev 3240)
@@ -2501,14 +2501,18 @@
RESERVED
CVE-2005-3628
RESERVED
-CVE-2005-3627
+CVE-2005-3627 [xpdf buffer overflow]
RESERVED
-CVE-2005-3626
+ - poppler 0.4.3-2
+CVE-2005-3626 [xpdf null pointer dos]
RESERVED
-CVE-2005-3625
+ - poppler 0.4.3-2
+CVE-2005-3625 [xpdf endless loop]
RESERVED
-CVE-2005-3624
+ - poppler 0.4.3-2
+CVE-2005-3624 [xpdf heap overflow]
RESERVED
+ - poppler 0.4.3-2
CVE-2005-3623 [Incorrect ACLs only read-only NFS shares]
RESERVED
[sarge] - kernel-source-2.6.8 <not-affected> (Does not contain NFS ACLs)
@@ -3957,7 +3961,8 @@
- pdftohtml <unfixed> (bug #342289; medium)
- kdegraphics 4:3.4.3-4 (bug #342287; medium)
NOTE: Previous kdegraphics fix was incomplete
- - poppler 0.4.2-1.1 (bug #342288; medium)
+ - poppler 0.4.3-2 (bug #342288; medium)
+ NOTE: Intial poppler patch in 0.4.2-1.1 was incomplete
- tetex-bin 3.0-11 (bug #342292; medium)
- koffice 1:1.4.2-5 (bug #342294; medium)
- libextractor 0.5.8-1 (medium)
More information about the Secure-testing-commits
mailing list