[Secure-testing-commits] r12457 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sat Aug 1 07:20:16 UTC 2009
Author: gilbert-guest
Date: 2009-08-01 07:20:15 +0000 (Sat, 01 Aug 2009)
New Revision: 12457
Modified:
data/CVE/list
Log:
poppler triage
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-01 00:17:55 UTC (rev 12456)
+++ data/CVE/list 2009-08-01 07:20:15 UTC (rev 12457)
@@ -1,3 +1,5 @@
+CVE-2009-XXXX [poppler: buffer overflow in abiword backend]
+ - poppler <unfixed> (low; bug #534680)
CVE-2009-XXXX [openssl: certificate spoofing via null characters]
- openssl <unfixed> (medium; bug #539499)
NOTE: asked maintainer to check whether openssl affected
@@ -5820,11 +5822,12 @@
[lenny] - mpfr <not-affected> (Vulnerable code not yet present)
[etch] - mpfr <not-affected> (Vulnerable code not yet present)
CVE-2009-0756 (The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 ...)
- - poppler <unfixed> (low; bug #518478)
- [lenny] - poppler <no-dsa> (Application crash only, could be fixed with further issues)
+ - poppler 0.10.6-1 (low; bug #518478)
+ [lenny] - poppler 0.8.7-2
[etch] - poppler <no-dsa> (Application crash only, could be fixed with further issues)
+ NOTE: poppler in lenny fixed in batch of CVEs pushed out in 5.0.2 release
CVE-2009-0755 (The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 ...)
- - poppler <unfixed> (low; bug #518478)
+ - poppler 0.10.6-1 (low; bug #518478)
[lenny] - poppler <no-dsa> (Application crash only, could be fixed with further issues)
[etch] - poppler <no-dsa> (Application crash only, could be fixed with further issues)
CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows ...)
More information about the Secure-testing-commits
mailing list