[Secure-testing-commits] r9469 - data/CVE

thijs at alioth.debian.org thijs at alioth.debian.org
Tue Jul 29 14:43:50 UTC 2008


Author: thijs
Date: 2008-07-29 14:43:48 +0000 (Tue, 29 Jul 2008)
New Revision: 9469

Modified:
   data/CVE/list
Log:
2 cups issues only for 1.1 series


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-07-29 14:31:52 UTC (rev 9468)
+++ data/CVE/list	2008-07-29 14:43:48 UTC (rev 9469)
@@ -6353,14 +6353,16 @@
 	- linux-2.6 <unfixed> (bug #490910)
 	- linux-2.6.24 2.6.24-6~etchnhalf.4
 CVE-2008-0597 (Use-after-free vulnerability in CUPS before 1.1.22, and possibly other ...)
-	- cups 1.2
-	- cupsys 1.2
+	- cupsys 1.2.1-1
+	- cups <not-affected> (Vulnerable code not present)
 	NOTE: (mimeDeleteType included since 1.2.x
+	NOTE: according to maintainer, applies to 1.1.x series only. exact fixed
+	NOTE: version in 1.1 unknown but irrelevant. cups package never had 1.1
+	NOTE: versions in Debian.
 CVE-2008-0596 (Memory leak in CUPS before 1.1.22, and possibly other versions, allows ...)
-	- cupsys 1.3.6
-	- cups 1.3.6
-	NOTE: version in unstable has better array handling and is not vulnerable, exact version unknown
-	TODO: validate exact fixed version
+	- cupsys 1.2.1-1
+	- cups <not-affected> (Vulnerable code not present)
+	NOTE: see CVE-2008-0597
 CVE-2008-0595 (dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes ...)
 	{DSA-1599-1}
 	- dbus 1.1.20-1




More information about the Secure-testing-commits mailing list