[Secure-testing-commits] r13095 - data/CVE

[Giuseppe Iuculano]

Author: derevko-guest
Date: 2009-10-26 12:12:29 +0000 (Mon, 26 Oct 2009)
New Revision: 13095

Modified:
   data/CVE/list
Log:
- xpdf issues
- CVE-2008-6059: webkit in linux needs libsoup for cookie support
- CVE-2008-1845: next point update: [etch] - mksh 28.0-3


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-10-25 21:14:24 UTC (rev 13094)
+++ data/CVE/list	2009-10-26 12:12:29 UTC (rev 13095)
@@ -123,11 +123,6 @@
 	RESERVED
 CVE-2009-3700
 	RESERVED
-CVE-2009-XXXX [xpdf: integer overflow and null ptr dereference vulnerability]
-	- xpdf <unfixed> (medium; bug #551287)
-	- poppler <unfixed> (medium; bug #551289)
-	- kdegraphics <unfixed> (medium; bug #551290)
-	- swftools <unfixed> (medium; bug #551291)
 CVE-2009-3699 (Stack-based buffer overflow in libcsa.a (aka the calendar daemon ...)
 	NOT-FOR-US: IBM AIX
 CVE-2009-3698 (An unspecified function in the Dalvik API in Android 1.5 and earlier ...)
@@ -352,19 +347,35 @@
 	RESERVED
 	- backintime 0.9.26-3 (bug #543785)
 CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in Stream.cc ...)
-	TODO: check
+	- xpdf <unfixed> (medium; bug #551287)
+	- poppler <unfixed> (medium; bug #551289)
+	- kdegraphics <unfixed> (medium; bug #551290)
+	- swftools <unfixed> (medium; bug #551291)
 CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...)
-	TODO: check
+	- xpdf <unfixed> (medium; bug #551287)
+	- poppler <unfixed> (medium; bug #551289)
+	- kdegraphics <unfixed> (medium; bug #551290)
+	- swftools <unfixed> (medium; bug #551291)
 CVE-2009-3607 (Integer overflow in the create_surface_from_thumbnail_data function in ...)
-	TODO: check
+	- poppler <unfixed> (medium; bug #551289)
 CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf ...)
-	TODO: check
+	- xpdf <unfixed> (medium; bug #551287)
+	- poppler <unfixed> (medium; bug #551289)
+	- kdegraphics <unfixed> (medium; bug #551290)
+	- swftools <unfixed> (medium; bug #551291)
 CVE-2009-3605
 	RESERVED
+	- poppler <unfixed> (medium; bug #551289)
 CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...)
-	TODO: check
+	- xpdf <unfixed> (medium; bug #551287)
+	- poppler <unfixed> (medium; bug #551289)
+	- kdegraphics <unfixed> (medium; bug #551290)
+	- swftools <unfixed> (medium; bug #551291)
 CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf ...)
-	TODO: check
+	- xpdf <unfixed> (medium; bug #551287)
+	- poppler <unfixed> (medium; bug #551289)
+	- kdegraphics <unfixed> (medium; bug #551290)
+	- swftools <unfixed> (medium; bug #551291)
 CVE-2009-3591 (Dopewars 1.5.12 allows remote attackers to cause a denial of service ...)
 	- dopewars <unfixed> (low; bug #550913)
 	[etch] - dopewars <no-dsa> (negligible issue)
@@ -11032,7 +11043,8 @@
 CVE-2008-6060 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...)
 	NOT-FOR-US: InfoSoft FusionCharts 
 CVE-2008-6059 (xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not ...)
-	- webkit <unfixed> (bug #516555; low)
+	- webkit <not-affected> (bug #516555; low)
+	NOTE: webkit in linux needs libsoup for cookie support
 CVE-2008-6058 (Syslserve 1.058 and earlier, and probably 1.059, allows remote ...)
 	NOT-FOR-US: Syslserve
 CVE-2008-6057 (Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under ...)
@@ -22237,6 +22249,7 @@
 CVE-2008-1845 (The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not ...)
 	- mksh 33.4-1 (low)
 	[etch] - mksh <no-dsa> (Minor issue)
+	TODO: next point update: [etch] - mksh 28.0-3
 CVE-2008-1844 (SQL injection vulnerability in cat.php in W2B phpHotResources allows ...)
 	NOT-FOR-US: W2B phpHotResources
 CVE-2008-1843 (SQL injection vulnerability in browse.php in W2B DatingClub (aka ...)