[Secure-testing-commits] r13581 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Wed Dec 16 23:23:44 UTC 2009
Author: geissert
Date: 2009-12-16 23:23:44 +0000 (Wed, 16 Dec 2009)
New Revision: 13581
Modified:
data/CVE/list
Log:
new kpdf/xpdf/poppler/... issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-16 23:00:28 UTC (rev 13580)
+++ data/CVE/list 2009-12-16 23:23:44 UTC (rev 13581)
@@ -829,8 +829,16 @@
NOT-FOR-US: FrontAccounting
CVE-2009-4036
RESERVED
-CVE-2009-4035
+CVE-2009-4035 [FoFiType1::parse() integer underflow in xpdf/fofi/FoFiType1.cc]
RESERVED
+ - kpdf <unfixed>
+ - xpdf 3.01-1
+ - poppler 0.5.1-1
+ TODO: check
+ NOTE: was silently fixed by upstream xpdf, fix propagated to poppler in 4b4fc5c017b/2005-09-14
+ NOTE: but at least version 0.4.5 does *not* contain the ship.
+ NOTE: Was fixed somewhere between 0.4.5 and 0.5.1
+ NOTE: swftools probably not affected
CVE-2009-4034 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before ...)
- postgresql-7.4 <removed>
- postgresql-8.1 <removed>
More information about the Secure-testing-commits
mailing list