[Secure-testing-commits] r3289 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Jan 13 10:57:12 UTC 2006 

Author: jmm-guest
Date: 2006-01-13 10:57:06 +0000 (Fri, 13 Jan 2006)
New Revision: 3289

Modified:
   data/CVE/list
   data/DSA/list
Log:
two new DSAs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-01-13 10:36:59 UTC (rev 3288)
+++ data/CVE/list	2006-01-13 10:57:06 UTC (rev 3289)
@@ -979,7 +979,7 @@
 CVE-2002-2208 (Extended Interior Gateway Routing Protocol (EIGRP), as implemented in ...)
 	NOT-FOR-US: IOS
 CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for ...)
-	- fetchmail <unfixed> (bug #343836; low)
+	- fetchmail 6.3.1-1 (bug #343836; low)
 CVE-2005-4418 [Default policy in util-vserver prior to 0.30.208 trusted unknown capabilities]
 	RESERVED
 	- util-vserver 0.30.208-1
@@ -2812,6 +2812,7 @@
 	RESERVED
 	{DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
 	- kdegraphics 3.5.0-3
+	- gpdf <unfixed>
 	- xpdf 3.01-4
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
@@ -2819,6 +2820,7 @@
 	{DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
 	- poppler 0.4.3-2
 	- kdegraphics 3.5.0-3
+	- gpdf <unfixed>
 	- xpdf 3.01-4
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
@@ -2827,6 +2829,7 @@
 	- poppler 0.4.3-2
 	- kdegraphics 3.5.0-3
 	- xpdf 3.01-4
+	- gpdf <unfixed>
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
 CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
@@ -2834,11 +2837,13 @@
 	- poppler 0.4.3-2
 	- kdegraphics 3.5.0-3
 	- xpdf 3.01-4
+	- gpdf <unfixed>
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
 CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, ...)
 	{DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
 	- poppler 0.4.3-2
+	- gpdf <unfixed>
 	- kdegraphics 3.5.0-3
 	- xpdf 3.01-4
 	- koffice 1:1.4.2-6 (bug #342294)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-01-13 10:36:59 UTC (rev 3288)
+++ data/DSA/list	2006-01-13 10:57:06 UTC (rev 3289)
@@ -1,3 +1,12 @@
+[13 Jan 2006] DSA-940-1 gpdf - buffer overflows
+	{CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
+	[sarge] - gpdf 2.8.2-1.2sarge2
+	NOTE: Not fixed in testing at time of DSA (waiting on dep)
+[13 Jan 2006] DSA-939-1 fetchmail - programming error
+	{CVE-2005-4348}
+	[woody] - fetchmail <not-affected> (Vulnerable code not present)
+	[sarge] - fetchmail 6.2.5-12sarge4
+	NOTE: Not fixed in testing at time of DSA (unfixed in sid)
 [12 Jan 2006] DSA-938-1 koffice - buffer overflows
 	{CVE-2005-3191 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
 	[sarge] - koffice 1.3.5-4.sarge.2

More information about the Secure-testing-commits mailing list