[Secure-testing-commits] r13104 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Tue Oct 27 07:13:32 UTC 2009
Author: geissert
Date: 2009-10-27 07:13:16 +0000 (Tue, 27 Oct 2009)
New Revision: 13104
Modified:
data/CVE/list
Log:
libgd2 issue reported, still waiting for the BTS
new issue on, at least, ghostscript and xpdf based on Adobe PoC
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-27 06:27:46 UTC (rev 13103)
+++ data/CVE/list 2009-10-27 07:13:16 UTC (rev 13104)
@@ -1,3 +1,7 @@
+CVE-2009-XXXX [NULL dereferences, similar to Adobe's CVE-2009-0658]
+ - ghostscript <unfixed>
+ - xpdf <unfixed>
+ TODO: check poppler and friends, file bugs
CVE-2009-XXXX [multiple vulnerabilities in acidbase; XSS + possible sql injection]
- acidbase <unfixed> (bug #552235)
CVE-2009-XXXX [multiple vulnerabilities in jetty]
@@ -561,7 +565,7 @@
CVE-2009-3547
RESERVED
CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the ...)
- - libgd2 <unfixed> (medium)
+ - libgd2 <unfixed> (medium; bug filed)
- php5 <not-affected> (the php packages use the system libgd2)
NOTE: http://svn.php.net/viewvc?view=revision&revision=289557
NOTE: <20091015173822.084de220 at redhat.com> in OSS-sec
More information about the Secure-testing-commits
mailing list