[Secure-testing-commits] r7243 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Thu Nov 8 17:42:33 UTC 2007
Author: nion
Date: 2007-11-08 17:42:33 +0000 (Thu, 08 Nov 2007)
New Revision: 7243
Modified:
data/CVE/list
Log:
new issues: CVE-2007-5393, CVE-2007-5392, CVE-2007-4352 the usual xpdf/poppler candidates need to be fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-11-08 15:55:53 UTC (rev 7242)
+++ data/CVE/list 2007-11-08 17:42:33 UTC (rev 7243)
@@ -1706,10 +1706,38 @@
RESERVED
CVE-2007-5394
RESERVED
-CVE-2007-5393
+CVE-2007-5393 [xpdf buffer overflow in CCITTFaxStream::lookChar()]
RESERVED
-CVE-2007-5392
+ - poppler <unfixed> (medium; bug #450628)
+ - kdegraphics <unfixed> (medium; bug #450630)
+ - xpdf <unfixed> (medium; bug #450629)
+ - koffice <unfixed> (medium; bug #450631)
+ - libextractor 0.5.9-1
+ - cupsys 1.1.22-7
+ - gpdf <removed>
+ - pdftohtml <removed>
+ - tetex-bin 3.0-12
+ NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
+ - cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
+ NOTE: cups uses xpdf-utils and poppler-utils
+ - libextractor 0.5.12-1
+ NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
+CVE-2007-5392 [xpdf buffer overflow in DCTStream::reset()]
RESERVED
+ - poppler <unfixed> (medium; bug #450628)
+ - kdegraphics <unfixed> (medium; bug #450630)
+ - xpdf <unfixed> (medium; bug #450629)
+ - koffice <unfixed> (medium; bug #450631)
+ - libextractor 0.5.9-1
+ - cupsys 1.1.22-7
+ - gpdf <removed>
+ - pdftohtml <removed>
+ - tetex-bin 3.0-12
+ NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
+ - cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
+ NOTE: cups uses xpdf-utils and poppler-utils
+ - libextractor 0.5.12-1
+ NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
CVE-2003-1357 (ProxyView has a default administrator password of Administrator for ...)
NOT-FOR-US: ProxyView
CVE-2003-1356 (The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 ...)
@@ -4382,8 +4410,22 @@
NOT-FOR-US: AIX
CVE-2007-4353 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in ...)
NOT-FOR-US: AIX
-CVE-2007-4352
+CVE-2007-4352 [xpdf memory corruption in DCTStream::readProgressiveDataUnit()]
RESERVED
+ - poppler <unfixed> (medium; bug #450628)
+ - kdegraphics <unfixed> (medium; bug #450630)
+ - xpdf <unfixed> (medium; bug #450629)
+ - koffice <unfixed> (medium; bug #450631)
+ - libextractor 0.5.9-1
+ - cupsys 1.1.22-7
+ - gpdf <removed>
+ - pdftohtml <removed>
+ - tetex-bin 3.0-12
+ NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
+ - cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
+ NOTE: cups uses xpdf-utils and poppler-utils
+ - libextractor 0.5.12-1
+ NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
CVE-2007-4351 (Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 ...)
- cupsys 1.3.4-1 (medium; bug #448866)
CVE-2007-4350
More information about the Secure-testing-commits
mailing list