[Secure-testing-commits] r13418 - in data: . CVE DSA

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Dec 1 22:08:31 UTC 2009


Author: jmm-guest
Date: 2009-12-01 22:08:31 +0000 (Tue, 01 Dec 2009)
New Revision: 13418

Modified:
   data/CVE/list
   data/DSA/list
   data/embedded-code-copies
Log:
- exaile patch was broken, update fixed version
- fix CVE ID in wireshark DSA
- update gforge code copies
- mark kdegraphics 4 as fixed, since okular links dynamically against poppler
- mysql-ocaml, fwbuilder fixed
- xerces buglet won't be fixed
- track fwbuilder by source package name


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-01 21:57:22 UTC (rev 13417)
+++ data/CVE/list	2009-12-01 22:08:31 UTC (rev 13418)
@@ -1333,13 +1333,13 @@
 	{DSA-1941-1}
 	- xpdf <unfixed> (medium; bug #551287)
 	- poppler 0.12.2-1 (medium; bug #551289)
-	- kdegraphics <unfixed> (medium; bug #551290)
+	- kdegraphics 4:4.0 (medium; bug #551290)
 	- swftools <unfixed> (medium; bug #551291)
 CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...)
 	{DSA-1941-1}
 	- xpdf <unfixed> (medium; bug #551287)
 	- poppler 0.12.2-1 (medium; bug #551289)
-	- kdegraphics <unfixed> (medium; bug #551290)
+	- kdegraphics 4:4.0 (medium; bug #551290)
 	- swftools <unfixed> (medium; bug #551291)
 CVE-2009-3607 (Integer overflow in the create_surface_from_thumbnail_data function in ...)
 	{DSA-1941-1}
@@ -1348,7 +1348,7 @@
 	{DSA-1941-1}
 	- xpdf <unfixed> (medium; bug #551287)
 	- poppler 0.12.2-1 (medium; bug #551289)
-	- kdegraphics <unfixed> (medium; bug #551290)
+	- kdegraphics 4:4.0 (medium; bug #551290)
 	- swftools <unfixed> (medium; bug #551291)
 CVE-2009-3605 (Multiple integer overflows in Poppler 0.10.5 and earlier allow remote ...)
 	{DSA-1941-1}
@@ -1357,13 +1357,13 @@
 	{DSA-1941-1}
 	- xpdf <unfixed> (medium; bug #551287)
 	- poppler 0.12.2-1 (medium; bug #551289)
-	- kdegraphics <unfixed> (medium; bug #551290)
+	- kdegraphics 4:4.0 (medium; bug #551290)
 	- swftools <unfixed> (medium; bug #551291)
 CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf ...)
 	{DSA-1941-1}
 	- xpdf <unfixed> (medium; bug #551287)
 	- poppler 0.12.2-1 (medium; bug #551289)
-	- kdegraphics <unfixed> (medium; bug #551290)
+	- kdegraphics 4:4.0 (medium; bug #551290)
 	- swftools <unfixed> (medium; bug #551291)
 CVE-2009-3591 (Dopewars 1.5.12 allows remote attackers to cause a denial of service ...)
 	- dopewars 1.5.12-9 (low; bug #550913)
@@ -1793,10 +1793,10 @@
 	NOT-FOR-US: Sun OpenSolaris xscreensaver
 CVE-2009-3431 (Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, ...)
 	NOT-FOR-US: Adobe Acrobat
-CVE-2009-XXXX [libfwbuilder insecure temp file usage]
-	- libfwbuilder <unfixed> (low)
-	[lenny] - libfwbuilder <not-affected> (Introduced in 3.0.4)
-	[etch] - libfwbuilder <not-affected> (Introduced in 3.0.4)
+CVE-2009-XXXX [fwbuilder insecure temp file usage]
+	- fwbuilder 3.0.7-1 (low; bug #547390)
+	[lenny] - fwbuilder <not-affected> (Introduced in 3.0.4)
+	[etch] - fwbuilder <not-affected> (Introduced in 3.0.4)
 CVE-2009-3892 (Cross-site scripting (XSS) vulnerability in Best Practical Solutions ...)
 	- request-tracker3.8 3.8.5-1 (bug #546829)
 	- request-tracker3.6 3.6.9-1 (bug #546778)
@@ -2504,7 +2504,7 @@
 	[lenny] - qwik <no-dsa> (minor issue)
 	- wordpress 2.5.0-2 (low; bug #555242)
 	[etch] - wordpress <not-affected> (prototype.js not present)
-	- exaile 0.2.14+debian-2.1 (low; bug #555244)
+	- exaile 0.2.14+debian-2.2 (low; bug #555244)
 	[lenny] - exaile <no-dsa> (minor issue)
 	- hobix 0.5~svn20070319-4 (low; bug #555246)
 	[lenny] - hobix <no-dsa> (minor issue)
@@ -3497,7 +3497,7 @@
 	- postgresql-ocaml 1.12.1-1 (low)
 CVE-2009-2942 (The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the ...)
 	{DSA-1910-1}
-	- mysql-ocaml <unfixed> (low)
+	- mysql-ocaml 1.0.4-7 (low)
 CVE-2009-2941 [pgtcl: missing escape function]
 	RESERVED
 	- pgtcl <unfixed> (low)
@@ -9138,7 +9138,7 @@
 	[lenny] - poppler 0.8.7-2
 	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
 	[squeeze] - xpdf 3.02-1.4+lenny1
-	- kdegraphics 4.0-1 (medium; bug #524810)
+	- kdegraphics 4:4.0 (medium; bug #524810)
 	- swftools <unfixed> (medium; bug #527449)
 CVE-2009-1182 (Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and ...)
 	{DSA-1793-1 DSA-1790-1}
@@ -9146,7 +9146,7 @@
 	[lenny] - poppler 0.8.7-2
 	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
 	[squeeze] - xpdf 3.02-1.4+lenny1
-	- kdegraphics 4.0-1 (medium; bug #524810)
+	- kdegraphics 4:4.0-1 (medium; bug #524810)
 	- swftools <unfixed> (medium; bug #527449)
 CVE-2009-1181 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
 	{DSA-1793-1 DSA-1790-1}
@@ -9154,7 +9154,7 @@
 	[lenny] - poppler 0.8.7-2
 	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
 	[squeeze] - xpdf 3.02-1.4+lenny1
-	- kdegraphics 4.0-1 (medium; bug #524810)
+	- kdegraphics 4:4.0-1 (medium; bug #524810)
 	- swftools <unfixed> (medium; bug #527449)
 CVE-2009-1180 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
 	{DSA-1793-1 DSA-1790-1}
@@ -9162,7 +9162,7 @@
 	[lenny] - poppler 0.8.7-2
 	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
 	[squeeze] - xpdf 3.02-1.4+lenny1
-	- kdegraphics 4.0-1 (medium; bug #524810)
+	- kdegraphics 4:4.0-1 (medium; bug #524810)
 	- swftools <unfixed> (medium; bug #527449)
 CVE-2009-1179 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, ...)
 	{DSA-1793-1 DSA-1790-1}
@@ -9170,7 +9170,7 @@
 	[lenny] - poppler 0.8.7-2
 	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
 	[squeeze] - xpdf 3.02-1.4+lenny1
-	- kdegraphics 4.0-1 (medium; bug #524810)
+	- kdegraphics 4:4.0-1 (medium; bug #524810)
 	- swftools <unfixed> (medium; bug #527449)
 CVE-2009-1178 (Unspecified vulnerability in the server in IBM Tivoli Storage Manager ...)
 	NOT-FOR-US: Tivoli
@@ -10467,7 +10467,7 @@
 	[lenny] - poppler 0.8.7-2
 	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
 	[squeeze] - xpdf 3.02-1.4+lenny1
-	- kdegraphics 4.0  (medium; bug #524810)
+	- kdegraphics 4:4.0  (medium; bug #524810)
 	- swftools <unfixed> (medium; bug #527449)
 CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
 	{DSA-1793-1 DSA-1790-1}
@@ -10475,7 +10475,7 @@
 	[lenny] - poppler 0.8.7-2
 	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
 	[squeeze] - xpdf 3.02-1.4+lenny1
-	- kdegraphics 4.0 (medium; bug #524810)
+	- kdegraphics 4:4.0 (medium; bug #524810)
 	- swftools <unfixed> (medium; bug #527449)
 CVE-2009-0798 (ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to ...)
 	{DSA-1786-1}
@@ -13133,7 +13133,7 @@
 	- cups <not-affected> (Uses poppler's pdftops)
 	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
 	[squeeze] - xpdf 3.02-1.4+lenny1
-	- kdegraphics <unfixed> (medium; bug #524810)
+	- kdegraphics 4:4.0 (medium; bug #524810)
 	- swftools <unfixed> (medium; bug #527449)
 CVE-2009-0165 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as ...)
 	{DSA-1793-1 DSA-1790-1}
@@ -13189,7 +13189,7 @@
 	- cups <not-affected> (Uses poppler's pdftops)
 	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
 	[squeeze] - xpdf 3.02-1.4+lenny1
-	- kdegraphics <unfixed> (medium; bug #524810)
+	- kdegraphics 4:4.0 (medium; bug #524810)
 	- swftools <unfixed> (medium; bug #527449)
 CVE-2009-0146 (Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ...)
 	{DSA-1793-1 DSA-1790-1}
@@ -13198,7 +13198,7 @@
 	- cups <not-affected> (Uses poppler's pdftops)
 	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
 	[squeeze] - xpdf 3.02-1.4+lenny1
-	- kdegraphics <unfixed> (medium; bug #524810)
+	- kdegraphics 4:4.0 (medium; bug #524810)
 	- swftools <unfixed> (medium; bug #527449)
 CVE-2009-0145 (CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone ...)
 	NOT-FOR-US: CoreGraphics in Apple Mac OS X
@@ -16952,8 +16952,8 @@
 CVE-2008-4503 (The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows context-dependent ...)
-	- xerces-c2 <unfixed> (low; bug #502102)
-	[lenny] - xerces-c2 <no-dsa> (Minor issue, too intrusive to backport)
+	- xerces-c2 <unfixed> (unimportant; bug #502102)
+	NOTE: Hardly a security issue, anyone who's concerned about this should use Xerces 3
 CVE-2008-4480 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x ...)
 	NOT-FOR-US: Novell eDirectory
 CVE-2008-4479 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2009-12-01 21:57:22 UTC (rev 13417)
+++ data/DSA/list	2009-12-01 22:08:31 UTC (rev 13418)
@@ -1,5 +1,5 @@
 [29 Nov 2009] DSA-1942-1 wireshark - several vulnerabilities
-	{CVE-2008-1829 CVE-2009-1268 CVE-2009-2560 CVE-2009-2562 CVE-2009-3241 CVE-2009-3550 CVE-2009-3829}
+	{CVE-2009-1829 CVE-2009-1268 CVE-2009-2560 CVE-2009-2562 CVE-2009-3241 CVE-2009-3550 CVE-2009-3829}
 	[etch] - wireshark 0.99.4-5.etch.4
 	[lenny] - wireshark 1.0.2-3+lenny7
 [25 Nov 2009] DSA-1941-1 poppler - several vulnerabilities

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2009-12-01 21:57:22 UTC (rev 13417)
+++ data/embedded-code-copies	2009-12-01 22:08:31 UTC (rev 13418)
@@ -713,6 +713,7 @@
 
 libphp-snoopy
 	- ampache 3.4.1-2 (embed; bug #504169)
+	- gforge 4.6.99+svn6094-2 (embed)
 	- mahara 1.0.5-2 (embed; bug #504170)
 	- pixelpost 1.7.1-5 (embed; bug #504171)
 	- mediamate 0.9.3.6-5 (embed; bug #504172)
@@ -922,6 +923,9 @@
 	- argyll <unfixed> (embed; bug #544223)
 	NOTE: reference, confirmed by build logs: http://lists.debian.org/debian-mentors/2009/08/msg00062.html
 
+nusoap
+	- gforge 4.8.2-1 (embed)
+
 libept
 	- adept <unfixed> (embed; bug #540649)
 
@@ -1157,7 +1161,7 @@
 	NOTE: embeds stdlib modules: optparse, subprocess
 	- smart <unfixed> (embed; bug #555432)
 	NOTE: embeds stdlib modules: optparse
-	- pyprotocols <unfixed> (embed; bug #555433)
+	- pyprotocols 1.0a.svn20070625-5 (embed; bug #555433)
 	NOTE: embeds stdlib modules: doctest
 	- ruledispatch 0.5a.svn20080510-4 (embed; bug #555434)
 	NOTE: embeds stdlib modules: doctest




More information about the Secure-testing-commits mailing list