[Secure-testing-commits] r13581 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Wed Dec 16 23:23:44 UTC 2009


Author: geissert
Date: 2009-12-16 23:23:44 +0000 (Wed, 16 Dec 2009)
New Revision: 13581

Modified:
   data/CVE/list
Log:
new kpdf/xpdf/poppler/... issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-16 23:00:28 UTC (rev 13580)
+++ data/CVE/list	2009-12-16 23:23:44 UTC (rev 13581)
@@ -829,8 +829,16 @@
 	NOT-FOR-US: FrontAccounting
 CVE-2009-4036
 	RESERVED
-CVE-2009-4035
+CVE-2009-4035 [FoFiType1::parse() integer underflow in xpdf/fofi/FoFiType1.cc]
 	RESERVED
+	- kpdf <unfixed>
+	- xpdf 3.01-1
+	- poppler 0.5.1-1
+	TODO: check
+	NOTE: was silently fixed by upstream xpdf, fix propagated to poppler in 4b4fc5c017b/2005-09-14
+	NOTE: but at least version 0.4.5 does *not* contain the ship.
+	NOTE: Was fixed somewhere between 0.4.5 and 0.5.1
+	NOTE: swftools probably not affected
 CVE-2009-4034 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before ...)
 	- postgresql-7.4 <removed>
 	- postgresql-8.1 <removed>




More information about the Secure-testing-commits mailing list