[Secure-testing-commits] r12231 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Jun 29 21:38:10 UTC 2009
Author: gilbert-guest
Date: 2009-06-29 21:38:10 +0000 (Mon, 29 Jun 2009)
New Revision: 12231
Modified:
data/CVE/list
Log:
need to check whether netpbm affected by jasper issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-06-29 21:14:13 UTC (rev 12230)
+++ data/CVE/list 2009-06-29 21:38:10 UTC (rev 12231)
@@ -13452,11 +13452,13 @@
RESERVED
CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in ...)
- jasper 1.900.1-5.1 (medium; bug #501021)
+ TODO: determine whether netpbm affected (see mandriva announcement http://seclists.org/fulldisclosure/2009/Jun/0270.html)
CVE-2008-3521 (Race condition in the jas_stream_tmpfile function in ...)
- jasper 1.900.1-5.1 (unimportant; bug #501021)
NOTE: file is opened with O_EXCL even if tmpnam is used in this case
CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow ...)
- jasper 1.900.1-5.1 (medium; bug #501021)
+ TODO: determine whether netpbm affected (see mandriva announcement http://seclists.org/fulldisclosure/2009/Jun/0270.html)
CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat JBoss ...)
- jbossas4 <not-affected> (configuration not yet included in Debian package)
CVE-2008-3518
More information about the Secure-testing-commits
mailing list