[Secure-testing-commits] r6477 - data/DTSA/advs

Mon Sep 3 12:19:55 UTC 2007

Author: white
Date: 2007-09-03 12:19:55 +0000 (Mon, 03 Sep 2007)
New Revision: 6477

Added:
   data/DTSA/advs/54-poppler.adv
   data/DTSA/advs/55-centerim.adv
Log:
Add missing .adv files for DTSA 54 and 55

Added: data/DTSA/advs/54-poppler.adv
===================================================================

--- data/DTSA/advs/54-poppler.adv	                        (rev 0)
+++ data/DTSA/advs/54-poppler.adv	2007-09-03 12:19:55 UTC (rev 6477)
@@ -0,0 +1,21 @@
+source: poppler
+date:  August 22nd , 2007
+author: Steffen Joeris
+vuln-type: integer overflow
+problem-scope: local (remote)
+debian-specifc: no
+cve: CVE-2007-3387
+vendor-advisory: 
+testing-fix: 0.5.4-6lenny1
+sid-fix: 0.5.4-6.1
+upgrade: apt-get upgrade
+
+It was discovered that an integer overflow in the xpdf PDF viewer may lead
+to the execution of arbitrary code if a malformed PDF file is opened.
+
+CVE-2007-3387
+
+Integer overflow in the StreamPredictor::StreamPredictor function in gpdf 
+before 2.8.2, as used in (1) poppler, (2) xpdf, (3) kpdf, (4) kdegraphics,
+(5) CUPS, and other products, might allow remote attackers to execute 
+arbitrary code via a crafted PDF file.

Added: data/DTSA/advs/55-centerim.adv
===================================================================
--- data/DTSA/advs/55-centerim.adv	                        (rev 0)
+++ data/DTSA/advs/55-centerim.adv	2007-09-03 12:19:55 UTC (rev 6477)
@@ -0,0 +1,22 @@
+source: centerim
+date: September 1st , 2007
+author: Steffen Joeris
+vuln-type: buffer overflows
+problem-scope: remote
+debian-specifc: no
+cve: CVE-2007-3713
+vendor-advisory: 
+testing-fix: 4.22.1-2lenny1
+sid-fix: 4.22.1-2.1
+upgrade: apt-get upgrade
+
+It was discovered that there are multiple buffer overflows, which could lead 
+to the execution of arbitrary code.
+
+CVE-2007-3713
+
+Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow
+remote attackers to execute arbitrary code via unspecified vectors.
+NOTE: the provenance of this information is unknown; the details are 
+obtained solely from third party information. NOTE: this might overlap
+CVE-2007-0160.


