[Secure-testing-commits] r13604 - in data: . CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Sat Dec 19 20:30:41 UTC 2009 

Author: gilbert-guest
Date: 2009-12-19 20:30:41 +0000 (Sat, 19 Dec 2009)
New Revision: 13604

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
- track gs-gpl as old version of ghostscript
- expat issue in xulrunner is unimportant

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-19 20:30:30 UTC (rev 13603)
+++ data/CVE/list	2009-12-19 20:30:41 UTC (rev 13604)
@@ -1561,6 +1561,7 @@
 	NOT-FOR-US: module for Drupal
 CVE-2009-XXXX [NULL dereferences, similar to Adobe's CVE-2009-0658]
 	- ghostscript <unfixed> (unimportant)
+	- gs-gpl <removed> (unimportant)
 	- xpdf <unfixed> (unimportant)
 CVE-2009-XXXX [multiple vulnerabilities in acidbase; XSS + possible sql injection]
 	- acidbase 1.4.4-1 (bug #552235)
@@ -1815,6 +1816,7 @@
 	- coin3 <unfixed> (unimportant; bug #560928)
 	- gdcm 2.0.14-2 (low; bug #560929)
 	- ghostscript <unfixed> (unimportant; bug #560930)
+	- gs-gpl <removed> (unimportant)
 	- grmonitor <unfixed> (unimportant; bug #560931)
 	- iceape <unfixed> (unimportant; bug #560932)
 	- insighttoolkit 3.16.0-1 (unimportant; bug #560933)
@@ -1837,7 +1839,7 @@
 	- xmlrpc-c <unfixed> (low; bug #560942)
 	[etch] - xmlrpc-c <no-dsa> (minor issue)
 	[lenny] - xmlrpc-c <no-dsa> (minor issue)
-	- iceweasel <unfixed> (unimportant; bug #560943)
+	- iceweasel <not-affected> (uses xulrunner; bug #560943)
 	- kompozer 1:0.8~b1-2 (unimportant; bug #560944)
 	- vxl 1.13.0-2 (low; bug #560945)
 	- xulrunner <unfixed> (unimportant; bug #560946)
@@ -2314,6 +2316,7 @@
 	- gdcm 2.0.14-2 (low; bug #560929)
 	- ghostscript <unfixed> (low; bug #560930)
 	[lenny] - ghostscript <no-dsa> (minor issue)
+	- gs-gpl <removed> (unimportant)
 	- grmonitor <unfixed> (low; bug #560931)
 	[etch] - grmonitor <no-dsa> (minor issue)
 	[lenny] - grmonitor <no-dsa> (minor issue)
@@ -2340,14 +2343,10 @@
 	- xmlrpc-c <unfixed> (low; bug #560942)
 	[etch] - xmlrpc-c <no-dsa> (minor issue)
 	[lenny] - xmlrpc-c <no-dsa> (minor issue)
-	- iceweasel <unfixed> (low; bug #560943)
-	[etch] - iceweasel <no-dsa> (minor issue)
-	[lenny] - iceweasel <no-dsa> (minor issue)
+	- iceweasel <not-affected> (uses xulrunner; bug #560943)
 	- kompozer 1:0.8~b1-2 (low; bug #560944)
 	- vxl 1.13.0-2 (low; bug #560945)
-	- xulrunner <unfixed> (low; bug #560946)
-	[etch] - xulrunner <no-dsa> (minor issue)
-	[lenny] - xulrunner <no-dsa> (minor issue)
+	- xulrunner <unfixed> (unimportant; bug #560946)
 	- apache2 <not-affected> (links to system expat)
 	- texlive-bin <not-affected> (Files are not compiled in, see #560948)
 	- vnc4 <unfixed> (low; bug #560949)
@@ -9634,6 +9633,7 @@
 	NOTE: even though this is not directly a vulnerability itself, part of this application's armor is now missing; making it easier for unknown vulnerabilities to be effective.
 CVE-2008-6679 (Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and ...)
 	- ghostscript 8.64~dfsg-1 (medium; bug #524803)
+	- gs-gpl <removed> (medium; bug #561717)
 CVE-2008-6678 (SQL injection vulnerability in asp/includes/contact.asp in QuickerSite ...)
 	NOT-FOR-US: QuickerSite
 CVE-2008-6677 (Unrestricted file upload vulnerability in ...)
@@ -9680,6 +9680,7 @@
 	NOT-FOR-US: Simple Machines Forum
 CVE-2007-6725 (The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly ...)
 	- ghostscript 8.63.dfsg.1-1 (medium; bug #524803)
+	- gs-gpl <removed> (medium; bug #561717)
 CVE-2008-6680 (libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause ...)
 	{DSA-1771-1}
 	- clamav 0.95.1+dfsg-1 (medium; bug #523016)
@@ -11433,6 +11434,7 @@
 	{DTSA-198-1}
 	- argyll 1.0.3-3 (medium; bug #523472; bug #524802)
 	- ghostscript 8.64~dfsg-1.1 (medium; bug #524915)
+	- gs-gpl <removed> (medium; bug #561717)
 CVE-2009-0791 (Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as ...)
 	- cupsys <removed> (medium; bug #535488)
 	- cups 1.3.10-1 (medium; bug #535489)
@@ -12531,13 +12533,13 @@
 	{DSA-1746-1 DTSA-198-1}
 	- ghostscript 8.64~dfsg-1.1 (medium; bug #522416)
 	- argyll 1.0.3-2 (bug #522448)
-	- gs-gpl <removed>
+	- gs-gpl <removed> (medium)
 	- gs-esp <removed>
 CVE-2009-0583 (Multiple integer overflows in icc.c in the International Color ...)
 	{DSA-1746-1 DTSA-198-1}
 	- ghostscript 8.64~dfsg-1.1 (medium; bug #522416)
 	- argyll 1.0.3-2 (bug #522448)
-	- gs-gpl <removed>
+	- gs-gpl <removed> (medium)
 	- gs-esp <removed>
 CVE-2009-0582 (The ntlm_challenge function in the NTLM SASL authentication mechanism ...)
 	{DSA-1813-1}
@@ -13971,6 +13973,7 @@
 CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict function ...)
 	{DTSA-198-1}
 	- ghostscript 8.64~dfsg-1.1 (medium; bug #524803)
+	- gs-gpl <removed> (medium; bug #561717)
 	- jbig2dec <itp> (medium; bug #539965)
 CVE-2009-0195 (Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, ...)
 	{DSA-1790-1}
@@ -20421,6 +20424,7 @@
 CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in ...)
 	- jasper 1.900.1-5.1 (medium; bug #501021)
 	- ghostscript 8.64~dfsg-2 (medium; bug #559778)
+	- gs-gpl <removed> (medium; bug #561717)
 	- netpbm-free <not-affected> (dynamically links to ghostscript if available)
 CVE-2008-3521 (Race condition in the jas_stream_tmpfile function in ...)
 	- jasper 1.900.1-5.1 (unimportant; bug #501021)
@@ -20428,6 +20432,7 @@
 CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow ...)
 	- jasper 1.900.1-5.1 (medium; bug #501021)
 	- ghostscript 8.64~dfsg-2 (medium; bug #559778)
+	- gs-gpl <removed> (medium; bug #561717)
 	- netpbm-free <not-affected> (dynamically links to ghostscript if available)
 CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat JBoss ...)
 	- jbossas4 <not-affected> (configuration not yet included in Debian package)
@@ -27825,6 +27830,7 @@
 CVE-2008-0411 (Stack-based buffer overflow in the zseticcspace function in zicc.c in ...)
 	{DSA-1510-1}
 	- ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190)
+	- gs-gpl <removed> (medium)
 CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 ...)
 	{DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
 	- linux-2.6 2.6.24-1
@@ -39406,6 +39412,7 @@
 	- jasper 1.900.1-6 (medium; bug #413033; bug #528543)
 	NOTE: Jasper was initially fixed in 1.900.1-3, but the fix got dropped later, see #528543
 	- ghostscript 8.61.dfsg.1~svn8187-1.1 (medium; bug #447188)
+	- gs-gpl <removed> (medium; bug #561717)
 	NOTE: see http://ghostscript.com/pipermail/gs-cvs/2007-October/007877.html
 CVE-2007-2720 (Group-Office before 2.16-13 does not properly validate user IDs, which ...)
 	NOT-FOR-US: Group-Office

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2009-12-19 20:30:30 UTC (rev 13603)
+++ data/embedded-code-copies	2009-12-19 20:30:41 UTC (rev 13604)
@@ -1593,3 +1593,6 @@
 
 bulletphysics (not packaged; http://www.bulletphysics.org/)
 	- supertuxkart <unfixed> (embed)
+
+ghostscript
+	- gs-gpl <removed> (old-version)

More information about the Secure-testing-commits mailing list