[Secure-testing-commits] r13382 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Nov 26 09:14:29 UTC 2009
Author: joeyh
Date: 2009-11-26 09:14:26 +0000 (Thu, 26 Nov 2009)
New Revision: 13382
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-11-26 07:46:05 UTC (rev 13381)
+++ data/CVE/list 2009-11-26 09:14:26 UTC (rev 13382)
@@ -1151,30 +1151,37 @@
CVE-2009-3611 (common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes ...)
- backintime 0.9.26-3 (bug #543785)
CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in Stream.cc ...)
+ {DSA-1941-1}
- xpdf <unfixed> (medium; bug #551287)
- poppler <unfixed> (medium; bug #551289)
- kdegraphics <unfixed> (medium; bug #551290)
- swftools <unfixed> (medium; bug #551291)
CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...)
+ {DSA-1941-1}
- xpdf <unfixed> (medium; bug #551287)
- poppler <unfixed> (medium; bug #551289)
- kdegraphics <unfixed> (medium; bug #551290)
- swftools <unfixed> (medium; bug #551291)
CVE-2009-3607 (Integer overflow in the create_surface_from_thumbnail_data function in ...)
+ {DSA-1941-1}
- poppler <unfixed> (medium; bug #551289)
CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf ...)
+ {DSA-1941-1}
- xpdf <unfixed> (medium; bug #551287)
- poppler <unfixed> (medium; bug #551289)
- kdegraphics <unfixed> (medium; bug #551290)
- swftools <unfixed> (medium; bug #551291)
CVE-2009-3605 (Multiple integer overflows in Poppler 0.10.5 and earlier allow remote ...)
+ {DSA-1941-1}
- poppler <unfixed> (medium; bug #551289)
CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...)
+ {DSA-1941-1}
- xpdf <unfixed> (medium; bug #551287)
- poppler <unfixed> (medium; bug #551289)
- kdegraphics <unfixed> (medium; bug #551290)
- swftools <unfixed> (medium; bug #551291)
CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf ...)
+ {DSA-1941-1}
- xpdf <unfixed> (medium; bug #551287)
- poppler <unfixed> (medium; bug #551289)
- kdegraphics <unfixed> (medium; bug #551290)
@@ -1949,6 +1956,7 @@
NOTE: the transparent colours functionality is only on php5's bundled libgd2
TODO: watch for possible merge of the transparent colours functionality into libgd2
CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before ...)
+ {DSA-1940-1}
- php5 5.2.11.dfsg.1-1 (low)
NOTE: unknown impact, it is related to missing sanity checks
NOTE: when determining the length of sections of jpg headers
@@ -1957,6 +1965,7 @@
NOTE: experimental is likely to be affected (as of 5.3.0)
TODO: check php4
CVE-2009-3291 (The php_openssl_apply_verification_policy function in PHP before ...)
+ {DSA-1940-1}
- php5 5.2.11.dfsg.1-1 (low)
[lenny] - php5 <no-dsa> (rather unimportant)
[etch] - php5 <no-dsa> (rather unimportant)
@@ -4228,6 +4237,7 @@
TODO: next point release [lenny] - xscreensaver 5.05-3+lenny1
CVE-2009-2626 [php5: remote information disclosure]
RESERVED
+ {DSA-1940-1}
- php5 5.2.11.dfsg.1-1 (low; bug #540605)
TODO: check php4
NOTE: requires the script itself to set and then restore a config var
@@ -4486,6 +4496,7 @@
CVE-2008-6884 (Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when ...)
NOT-FOR-US: XOOPS
CVE-2009-3938 (Buffer overflow in the ABWOutputDev::endWord function in ...)
+ {DSA-1941-1}
- poppler <unfixed> (low; bug #534680)
[etch] - poppler <not-affected> (Vulnerable code not present)
CVE-2009-2408 (Mozilla Network Security Services (NSS) before 3.12.3, Firefox before ...)
@@ -5410,6 +5421,7 @@
CVE-2007-6727 (SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows ...)
NOT-FOR-US: KerviNet Forum
CVE-2009-2687 (The exif_read_data function in the Exif module in PHP before 5.2.10 ...)
+ {DSA-1940-1}
- php5 5.2.10.dfsg.1-2 (low; bug #535888)
- php4 <unfixed> (low; bug #535897)
NOTE: 5.3.0 (in experimental) is not affected
@@ -10424,6 +10436,7 @@
[etch] - poppler <no-dsa> (Application crash only, could be fixed with further issues)
NOTE: poppler in lenny fixed in batch of CVEs pushed out in 5.0.2 release
CVE-2009-0755 (The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 ...)
+ {DSA-1941-1}
- poppler 0.10.6-1 (low; bug #518478)
[lenny] - poppler <no-dsa> (Application crash only, could be fixed with further issues)
[etch] - poppler <not-affected> (vulnerable code not present; forms introduced after 0.4.5)
More information about the Secure-testing-commits
mailing list