[Secure-testing-commits] r13037 - in data: . CVE

[Michael Gilbert]

Author: gilbert-guest
Date: 2009-10-16 22:08:09 +0000 (Fri, 16 Oct 2009)
New Revision: 13037

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
- new xpdf issue
- track poppler as fork of xpdf
- bug submitted for swftools embed of xpdf

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-10-16 21:14:21 UTC (rev 13036)
+++ data/CVE/list	2009-10-16 22:08:09 UTC (rev 13037)
@@ -1,3 +1,8 @@
+CVE-2009-XXXX [xpdf: integer overflow and null ptr dereference vulnerability]
+	- xpdf <unfixed> (medium; bug #551287)
+	- poppler <unfixed> (medium; bug #551289)
+	- kdegraphics <unfixed> (medium; bug #551290)
+	- swftools <unfixed> (medium; bug #551291)
 CVE-2009-3699 (Stack-based buffer overflow in libcsa.a (aka the calendar daemon ...)
 	NOT-FOR-US: IBM AIX
 CVE-2009-3698 (An unspecified function in the Dalvik API in Android 1.5 and earlier ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2009-10-16 21:14:21 UTC (rev 13036)
+++ data/embedded-code-copies	2009-10-16 22:08:09 UTC (rev 13037)
@@ -28,7 +28,6 @@
 ---BEGIN
 xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
 	NOTE: Fixed packages link to poppler library unless otherwise noted
-	NOTE: has been replaced by evince in etch
 	- pdftohtml <unknown>
 	[sarge] - pdftohtml <unfixed>
 	[etch] - pdftohtml <unfixed>
@@ -45,7 +44,8 @@
 	- ruby-gnome2 <unknown> (embed)
 	NOTE: copy only present in source but links to poppler
 	- pdfedit <unfixed> (embed; bug #510794)
-	- swftools <unfixed> (embed)
+	- swftools <unfixed> (embed; bug #551293)
+	- poppler <unfixable> (fork)
 
 ppmd
 	- libcomplearn-mod-ppmd <unfixed> (fork)