[Secure-testing-commits] r13068 - data/CVE

Thu Oct 22 21:15:44 UTC 2009

Author: joeyh
Date: 2009-10-22 21:15:24 +0000 (Thu, 22 Oct 2009)
New Revision: 13068

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-10-22 18:40:18 UTC (rev 13067)
+++ data/CVE/list	2009-10-22 21:15:24 UTC (rev 13068)
@@ -274,20 +274,20 @@
 CVE-2009-3611 [backintime information disclosure]
 	RESERVED
 	- backintime 0.9.26-3 (bug #543785)
-CVE-2009-3609
-	RESERVED
-CVE-2009-3608
-	RESERVED
-CVE-2009-3607
-	RESERVED
-CVE-2009-3606
-	RESERVED
+CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in Stream.cc ...)
+	TODO: check
+CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...)
+	TODO: check
+CVE-2009-3607 (Integer overflow in the create_surface_from_thumbnail_data function in ...)
+	TODO: check
+CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf ...)
+	TODO: check
 CVE-2009-3605
 	RESERVED
-CVE-2009-3604
-	RESERVED
-CVE-2009-3603
-	RESERVED
+CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...)
+	TODO: check
+CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf ...)
+	TODO: check
 CVE-2009-3591 (Dopewars 1.5.12 allows remote attackers to cause a denial of service ...)
 	- dopewars <unfixed> (low; bug #550913)
 	[etch] - dopewars <no-dsa> (negligible issue)
@@ -4541,6 +4541,7 @@
 	NOT-FOR-US: OXID eShop
 CVE-2009-2281 [Heap-based buffer underflow in the readPostBody function in cgiutil.c ...]
 	RESERVED
+	{DSA-1914-1}
 	- mapserver 5.4.2-1 (medium; bug #535340)
 	NOTE: http://www.openwall.com/lists/oss-security/2009/06/22/2
 CVE-2009-2265 (Multiple directory traversal vulnerabilities in FCKeditor before ...)
@@ -7893,7 +7894,7 @@
 	- dbus 1.2.14-1 (high; bug #532720)
 	NOTE: remote signature spoofing possible, and this was supposed to be
 	NOTE: originally fixed with the updates for CVE-2008-3834
-CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in Poppler before ...)
+CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in the ...)
 	- poppler 0.10.6-1 (medium; bug #524806)
 	[etch] - poppler <not-affected> (SplashBitmap code not present)
 CVE-2009-1187 (Integer overflow in the JBIG2 decoding feature in Poppler before ...)
@@ -9013,18 +9014,23 @@
 	- krb5 1.6.dfsg.4~beta1-13
 	[etch] - krb5 <not-affected> (Vulnerable code was introduced in 1.5)
 CVE-2009-0843 (The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and ...)
+	{DSA-1914-1}
 	- mapserver 5.2.2-1 (unimportant; bug #523027)
 	NOTE: this can only probe for files that are not present, useless when not
 	NOTE: in combination with another attack
 CVE-2009-0842 (mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows ...)
+	{DSA-1914-1}
 	- mapserver 5.2.2-1 (low; bug #523027)
 CVE-2009-0841 (Directory traversal vulnerability in mapserv.c in mapserv in MapServer ...)
+	{DSA-1914-1}
 	- mapserver 5.2.2-1 (unimportant; bug #523027)
 	NOTE: this doesn't work under linux as the root from the directory traversal needs to exist
 CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in cgiutil.c ...)
+	{DSA-1914-1}
 	- mapserver 5.4.2-1 (medium; bug #523027)
 	NOTE: Initial fix was incomplete
 CVE-2009-0839 (Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x ...)
+	{DSA-1914-1}
 	- mapserver 5.2.2-1 (medium; bug #523027)
 CVE-2009-0838 (The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris ...)
 	NOT-FOR-US: Solaris
@@ -9267,7 +9273,7 @@
 	{DTSA-198-1}
 	- argyll 1.0.3-3 (medium; bug #523472; bug #524802)
 	- ghostscript 8.64~dfsg-1.1 (medium; bug #524915)
-CVE-2009-0791 (Multiple integer overflows in the pdftops filter in CUPS 1.1.17, ...)
+CVE-2009-0791 (Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as ...)
 	- cupsys <removed> (medium; bug #535488)
 	- cups 1.3.10-1 (medium; bug #535489)
 	[etch] - cupsys <not-affected> (pdftops source included, but not built)


