[Secure-testing-commits] r13382 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu Nov 26 09:14:29 UTC 2009 

Author: joeyh
Date: 2009-11-26 09:14:26 +0000 (Thu, 26 Nov 2009)
New Revision: 13382

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-11-26 07:46:05 UTC (rev 13381)
+++ data/CVE/list	2009-11-26 09:14:26 UTC (rev 13382)
@@ -1151,30 +1151,37 @@
 CVE-2009-3611 (common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes ...)
 	- backintime 0.9.26-3 (bug #543785)
 CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in Stream.cc ...)
+	{DSA-1941-1}
 	- xpdf <unfixed> (medium; bug #551287)
 	- poppler <unfixed> (medium; bug #551289)
 	- kdegraphics <unfixed> (medium; bug #551290)
 	- swftools <unfixed> (medium; bug #551291)
 CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...)
+	{DSA-1941-1}
 	- xpdf <unfixed> (medium; bug #551287)
 	- poppler <unfixed> (medium; bug #551289)
 	- kdegraphics <unfixed> (medium; bug #551290)
 	- swftools <unfixed> (medium; bug #551291)
 CVE-2009-3607 (Integer overflow in the create_surface_from_thumbnail_data function in ...)
+	{DSA-1941-1}
 	- poppler <unfixed> (medium; bug #551289)
 CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf ...)
+	{DSA-1941-1}
 	- xpdf <unfixed> (medium; bug #551287)
 	- poppler <unfixed> (medium; bug #551289)
 	- kdegraphics <unfixed> (medium; bug #551290)
 	- swftools <unfixed> (medium; bug #551291)
 CVE-2009-3605 (Multiple integer overflows in Poppler 0.10.5 and earlier allow remote ...)
+	{DSA-1941-1}
 	- poppler <unfixed> (medium; bug #551289)
 CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...)
+	{DSA-1941-1}
 	- xpdf <unfixed> (medium; bug #551287)
 	- poppler <unfixed> (medium; bug #551289)
 	- kdegraphics <unfixed> (medium; bug #551290)
 	- swftools <unfixed> (medium; bug #551291)
 CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf ...)
+	{DSA-1941-1}
 	- xpdf <unfixed> (medium; bug #551287)
 	- poppler <unfixed> (medium; bug #551289)
 	- kdegraphics <unfixed> (medium; bug #551290)
@@ -1949,6 +1956,7 @@
 	NOTE: the transparent colours functionality is only on php5's bundled libgd2
 	TODO: watch for possible merge of the transparent colours functionality into libgd2
 CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before ...)
+	{DSA-1940-1}
 	- php5 5.2.11.dfsg.1-1 (low)
 	NOTE: unknown impact, it is related to missing sanity checks
 	NOTE: when determining the length of sections of jpg headers
@@ -1957,6 +1965,7 @@
 	NOTE: experimental is likely to be affected (as of 5.3.0)
 	TODO: check php4
 CVE-2009-3291 (The php_openssl_apply_verification_policy function in PHP before ...)
+	{DSA-1940-1}
 	- php5 5.2.11.dfsg.1-1 (low)
 	[lenny] - php5 <no-dsa> (rather unimportant)
 	[etch] - php5 <no-dsa> (rather unimportant)
@@ -4228,6 +4237,7 @@
 	TODO: next point release [lenny] - xscreensaver 5.05-3+lenny1
 CVE-2009-2626 [php5: remote information disclosure]
 	RESERVED
+	{DSA-1940-1}
 	- php5 5.2.11.dfsg.1-1 (low; bug #540605)
 	TODO: check php4
 	NOTE: requires the script itself to set and then restore a config var
@@ -4486,6 +4496,7 @@
 CVE-2008-6884 (Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when ...)
 	NOT-FOR-US: XOOPS
 CVE-2009-3938 (Buffer overflow in the ABWOutputDev::endWord function in ...)
+	{DSA-1941-1}
 	- poppler <unfixed> (low; bug #534680)
 	[etch] - poppler <not-affected> (Vulnerable code not present)
 CVE-2009-2408 (Mozilla Network Security Services (NSS) before 3.12.3, Firefox before ...)
@@ -5410,6 +5421,7 @@
 CVE-2007-6727 (SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows ...)
 	NOT-FOR-US: KerviNet Forum
 CVE-2009-2687 (The exif_read_data function in the Exif module in PHP before 5.2.10 ...)
+	{DSA-1940-1}
 	- php5 5.2.10.dfsg.1-2 (low; bug #535888)
 	- php4 <unfixed> (low; bug #535897)
 	NOTE: 5.3.0 (in experimental) is not affected
@@ -10424,6 +10436,7 @@
 	[etch] - poppler <no-dsa> (Application crash only, could be fixed with further issues)
 	NOTE: poppler in lenny fixed in batch of CVEs pushed out in 5.0.2 release
 CVE-2009-0755 (The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 ...)
+	{DSA-1941-1}
 	- poppler 0.10.6-1 (low; bug #518478)
 	[lenny] - poppler <no-dsa> (Application crash only, could be fixed with further issues)
 	[etch] - poppler <not-affected> (vulnerable code not present; forms introduced after 0.4.5)

More information about the Secure-testing-commits mailing list