[Secure-testing-commits] r13603 - in data: . CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sat Dec 19 20:30:30 UTC 2009
Author: gilbert-guest
Date: 2009-12-19 20:30:30 +0000 (Sat, 19 Dec 2009)
New Revision: 13603
Modified:
data/CVE/list
data/embedded-code-copies
Log:
ghostscript uses system jasper shared lib
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-19 19:53:04 UTC (rev 13602)
+++ data/CVE/list 2009-12-19 20:30:30 UTC (rev 13603)
@@ -20420,14 +20420,14 @@
RESERVED
CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in ...)
- jasper 1.900.1-5.1 (medium; bug #501021)
- - ghostscript <unfixed> (medium; bug #559778)
+ - ghostscript 8.64~dfsg-2 (medium; bug #559778)
- netpbm-free <not-affected> (dynamically links to ghostscript if available)
CVE-2008-3521 (Race condition in the jas_stream_tmpfile function in ...)
- jasper 1.900.1-5.1 (unimportant; bug #501021)
NOTE: file is opened with O_EXCL even if tmpnam is used in this case
CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow ...)
- jasper 1.900.1-5.1 (medium; bug #501021)
- - ghostscript <unfixed> (medium; bug #559778)
+ - ghostscript 8.64~dfsg-2 (medium; bug #559778)
- netpbm-free <not-affected> (dynamically links to ghostscript if available)
CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat JBoss ...)
- jbossas4 <not-affected> (configuration not yet included in Debian package)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2009-12-19 19:53:04 UTC (rev 13602)
+++ data/embedded-code-copies 2009-12-19 20:30:30 UTC (rev 13603)
@@ -521,8 +521,7 @@
- krb5 <unfixed> (embed)
jasper
- - ghostscript 8.70~dfsg-2+b1 (embed)
- - ghostscript <unfixed> (static)
+ - ghostscript 8.64~dfsg-2 (embed)
libiris
- psi <unfixed> (embed)
More information about the Secure-testing-commits
mailing list