[Secure-testing-commits] r18164 - data/CVE

Yves-Alexis Perez corsac at alioth.debian.org
Sun Jan 15 12:31:24 UTC 2012 

Author: corsac
Date: 2012-01-15 12:31:23 +0000 (Sun, 15 Jan 2012)
New Revision: 18164

Modified:
   data/CVE/list
Log:
mark t1lib as fixed in relevant versions


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-01-15 12:27:47 UTC (rev 18163)
+++ data/CVE/list	2012-01-15 12:31:23 UTC (rev 18164)
@@ -11446,16 +11446,22 @@
 	TODO: check
 CVE-2011-1554 (Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before ...)
 	- t1lib 5.1.2-3.3
+	[lenny] - t1lib 5.1.2-3+lenny1
+	[squeeze] - t1lib 5.1.2-3+squeeze1
 	NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=692909#c23
 	- xpdf 3.02-9
 	- poppler <not-affected> (never used t1lib)
 CVE-2011-1553 (Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in ...)
 	- t1lib 5.1.2-3.3
+	[lenny] - t1lib 5.1.2-3+lenny1
+	[squeeze] - t1lib 5.1.2-3+squeeze1
 	NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=692909#c23
 	- xpdf 3.02-9
 	- poppler <not-affected> (never used t1lib)
 CVE-2011-1552 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other ...)
 	- t1lib 5.1.2-3.3
+	[lenny] - t1lib 5.1.2-3+lenny1
+	[squeeze] - t1lib 5.1.2-3+squeeze1
 	NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=692909#c23
 	- xpdf 3.02-9
 	- poppler <not-affected> (never used t1lib)
@@ -13886,6 +13892,8 @@
 	- xpdf 3.02-9
 	- poppler <not-affected> (never used t1lib)
 	- t1lib 5.1.2-3.3
+	[lenny] - t1lib 5.1.2-3+lenny1
+	[squeeze] - t1lib 5.1.2-3+squeeze1
 	NOTE: http://www.toucan-system.com/advisories/tssa-2011-01.txt
 CVE-2011-0763
 	RESERVED
@@ -14831,6 +14839,8 @@
 	[lenny] - vftool 2.0alpha-3+lenny1
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=640923
 	- t1lib <unfixed>
+	[lenny] - t1lib 5.1.2-3+lenny1
+	[squeeze] - t1lib 5.1.2-3+squeeze1
 	NOTE: vuln source file is lib/t1lib/parseAFM.c, which differs slightly from evince's afmparse.c in the affected areas but it is indeed affected
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=640923
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=643882
@@ -21848,6 +21858,8 @@
 	- evince 3.0.2-1 (bug #609534)
 	[squeeze] - evince 2.30.3-2+squeeze1
 	- t1lib <unfixed>
+	[lenny] - t1lib 5.1.2-3+lenny1
+	[squeeze] - t1lib 5.1.2-3+squeeze1
 CVE-2010-2641 (Array index error in the VF font parser in the dvi-backend component ...)
 	{DSA-2357-1}
 	- evince 2.30.3-2 (bug #609534)

More information about the Secure-testing-commits mailing list