[Secure-testing-commits] r11832 - in data: . CVE
Raphael Geissert
atomo64-guest at alioth.debian.org
Thu May 7 15:06:48 UTC 2009
Author: atomo64-guest
Date: 2009-05-07 15:06:47 +0000 (Thu, 07 May 2009)
New Revision: 11832
Modified:
data/CVE/list
data/embedded-code-copies
Log:
swfpdf embeds xpdf -- round one
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-05-07 11:38:45 UTC (rev 11831)
+++ data/CVE/list 2009-05-07 15:06:47 UTC (rev 11832)
@@ -1373,26 +1373,31 @@
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0-1 (medium; bug #524810)
+ - swftools <unfixed> (medium)
CVE-2009-1182 (Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and ...)
{DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0-1 (medium; bug #524810)
+ - swftools <unfixed> (medium)
CVE-2009-1181 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
{DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0-1 (medium; bug #524810)
+ - swftools <unfixed> (medium)
CVE-2009-1180 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
{DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0-1 (medium; bug #524810)
+ - swftools <unfixed> (medium)
CVE-2009-1179 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, ...)
{DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0-1 (medium; bug #524810)
+ - swftools <unfixed> (medium)
CVE-2009-1178 (Unspecified vulnerability in the server in IBM Tivoli Storage Manager ...)
NOT-FOR-US: Tivoli
CVE-2009-1177 (Multiple stack-based buffer overflows in maptemplate.c in mapserv in ...)
@@ -2657,11 +2662,13 @@
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0 (medium; bug #524810)
+ - swftools <unfixed> (medium)
CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
{DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0 (medium; bug #524810)
+ - swftools <unfixed> (medium)
CVE-2009-0798 (The daemon in acpid before 1.0.10 allows remote attackers to cause a ...)
{DSA-1786-1}
- acpid 1.0.10-1 (medium)
@@ -5239,6 +5246,7 @@
- cups <not-affected> (Uses poppler's pdftops)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics <unfixed> (medium; bug #524810)
+ - swftools <unfixed> (medium)
CVE-2009-0165 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as ...)
{DSA-1793-1 DSA-1790-1}
TODO: check
@@ -5289,12 +5297,14 @@
- cups <not-affected> (Uses poppler's pdftops)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics <unfixed> (medium; bug #524810)
+ - swftools <unfixed> (medium)
CVE-2009-0146 (Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ...)
{DSA-1793-1 DSA-1790-1}
- poppler <unfixed> (medium; bug #524806)
- cups <not-affected> (Uses poppler's pdftops)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics <unfixed> (medium; bug #524810)
+ - swftools <unfixed> (medium)
CVE-2009-0145
RESERVED
CVE-2009-0144
@@ -15794,6 +15804,7 @@
NOTE: see GfxFont.cc GfxFont::readEmbFontFile, line 362 checks if the font file is
NOTE: a stream or not. Anyone knows a fixed version?
- texlive-base <not-affected> (Vulnerable code not present)
+ - swftools <not-affected> (Vulnerable file/code not present)
CVE-2008-1692 (Eterm 0.9.4 opens a terminal window on :0 if -display is not specified ...)
- eterm 0.9.4.0debian1-2.1 (unimportant; bug #473127)
CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and ...)
@@ -23714,6 +23725,7 @@
NOTE: cups uses xpdf-utils and poppler-utils
- libextractor 0.5.12-1
NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
+ - swftools <unfixed> (medium)
CVE-2007-5392 (Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in ...)
{DSA-1537-1 DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
- poppler 0.6.2-1 (medium; bug #450628)
@@ -23734,6 +23746,7 @@
NOTE: cups uses xpdf-utils and poppler-utils
- libextractor 0.5.12-1
NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
+ - swftools <unfixed> (medium)
CVE-2003-1357 (ProxyView has a default administrator password of Administrator for ...)
NOT-FOR-US: ProxyView
CVE-2003-1356 (The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 ...)
@@ -26528,6 +26541,7 @@
NOTE: cups uses xpdf-utils and poppler-utils
- libextractor 0.5.12-1
NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
+ - swftools <unfixed> (medium)
CVE-2007-4351 (Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 ...)
{DSA-1407-1 DTSA-81-1}
- cupsys 1.3.4-1 (medium; bug #448866)
@@ -28829,6 +28843,7 @@
- libextractor 0.5.12-1
NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
- ipe <not-affected> (Does not include the vulnerable code)
+ - swftools <unfixed>
CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager Servlet ...)
{DSA-1447-1}
- tomcat5.5 5.5.25-1
@@ -37255,7 +37270,8 @@
- kdegraphics 4:3.5.5-3 (unimportant)
- koffice <unfixed> (unimportant)
- poppler 0.4.5-5.1 (unimportant)
- - xpdf <unfixed> (bug #406852; unimportant)
+ - xpdf 3.02 (bug #406852; unimportant)
+ - swftools <not-affected> (first version that entered the archive is based on xpdf 3.02)
NOTE: hardly a security issue; if someone sends someone a crafted PDF file triggering
NOTE: such an endless loop the user will simply abort kpdf and never look at
NOTE: that file again, this is only denial of service by a _very_ far stretch
@@ -52971,6 +52987,7 @@
- koffice 1.5.0-1 (medium)
- libextractor 0.5.10-1 (medium)
- pdfkit.framework 0.8-4 (medium)
+ - swftools <not-affected> (splash/ is not included, therefore no vulnerable code)
CVE-2006-0300 (Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted ...)
{DSA-987-1}
- tar 1.15.1-3 (bug #354091; high)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2009-05-07 11:38:45 UTC (rev 11831)
+++ data/embedded-code-copies 2009-05-07 15:06:47 UTC (rev 11832)
@@ -48,6 +48,7 @@
- ruby-gnome2 <unknown> (embed)
NOTE: copy only present in source but links to poppler
- pdfedit <unfixed> (embed; bug #510794)
+ - swftools <unfixed> (embed)
ppmd
- libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)
More information about the Secure-testing-commits
mailing list