[Secure-testing-commits] r18276 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2012-01-24 17:13:33 +0000 (Tue, 24 Jan 2012)
New Revision: 18276

Modified:
   data/CVE/list
Log:
wireshark updates
fix syntax


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-01-24 17:01:37 UTC (rev 18275)
+++ data/CVE/list	2012-01-24 17:13:33 UTC (rev 18276)
@@ -2689,12 +2689,19 @@
 CVE-2012-0068 [heap-buffer underflow when parsing LANalyzer packet]
 	RESERVED
 	- wireshark 1.6.5-1
+	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670
 CVE-2012-0067 [DoS due to integer overflow in IPTrace capture format]
 	RESERVED
-	- wireshark 1.6.5-1
+	- wireshark 1.6.5-1 (unimportant)
+	NOTE: Not suitable for code injection
+	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668
 CVE-2012-0066 [DoS via large buffer allocation request]
 	RESERVED
-	- wireshark 1.6.5-1
+	- wireshark 1.6.5-1 (unimportant)
+	NOTE: Not suitable for code injection
+	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666
+	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667
+	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669
 CVE-2012-0065
 	RESERVED
 	- usbmuxd 1.0.7-2 (medium; bug #656581)
@@ -2779,10 +2786,11 @@
 	RESERVED
 	- wireshark 1.6.5-1 (unimportant)
 	NOTE: Not suitable for code injection
-CVE-2012-0041 [wireshark file parser issues]
+CVE-2012-0041 [typecast DoS]
 	RESERVED
 	- wireshark 1.6.5-1 (unimportant)
-	NOTE: Only triggerable with social engineering
+	NOTE: Not suitable for code injection
+	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663
 CVE-2012-0040 [simpleSAMLphp cross site scripting]
 	RESERVED
 	{DSA-2387-1}
@@ -11983,7 +11991,7 @@
 CVE-2010-4778 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	TODO: check
 CVE-2011-1554 (Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before ...)
-	{DSA-2388-2 DSA-2388-1}
+	{DSA-2388-1}
 	- t1lib 5.1.2-3.5
 	[lenny] - t1lib 5.1.2-3+lenny1
 	[squeeze] - t1lib 5.1.2-3+squeeze1
@@ -11991,7 +11999,7 @@
 	- xpdf 3.02-9
 	- poppler <not-affected> (never used t1lib)
 CVE-2011-1553 (Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in ...)
-	{DSA-2388-2 DSA-2388-1}
+	{DSA-2388-1}
 	- t1lib 5.1.2-3.5
 	[lenny] - t1lib 5.1.2-3+lenny1
 	[squeeze] - t1lib 5.1.2-3+squeeze1
@@ -11999,7 +12007,7 @@
 	- xpdf 3.02-9
 	- poppler <not-affected> (never used t1lib)
 CVE-2011-1552 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other ...)
-	{DSA-2388-2 DSA-2388-1}
+	{DSA-2388-1}
 	- t1lib 5.1.2-3.5
 	[lenny] - t1lib 5.1.2-3+lenny1
 	[squeeze] - t1lib 5.1.2-3+squeeze1
@@ -14427,7 +14435,7 @@
 CVE-2011-0765 (Unspecified vulnerability in lft in pWhois Layer Four Traceroute (LFT) ...)
 	NOT-FOR-US: pWhois Layer Four Traceroute
 CVE-2011-0764 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other ...)
-	{DSA-2388-2 DSA-2388-1}
+	{DSA-2388-1}
 	- xpdf 3.02-9
 	- poppler <not-affected> (never used t1lib)
 	- t1lib 5.1.2-3.3
@@ -15372,7 +15380,7 @@
 	- dtc 0.32.10-1
 CVE-2011-0433 [linetoken() buffer overflow]
 	RESERVED
-	{DSA-2388-2 DSA-2388-1}
+	{DSA-2388-1}
 	- evince 2.32.0-1 (bug #614668)
 	- vftool 2.0alpha-4.1 (low; bug #614669)
 	[squeeze] - vftool 2.0alpha-4+squeeze1
@@ -22398,7 +22406,7 @@
 	{DSA-2357-1}
 	- evince 2.30.3-2 (bug #609534)
 CVE-2010-2642 (Heap-based buffer overflow in the AFM font parser in the dvi-backend ...)
-	{DSA-2388-2 DSA-2388-1 DSA-2357-1}
+	{DSA-2388-1 DSA-2357-1}
 	- evince 3.0.2-1 (bug #609534)
 	[squeeze] - evince 2.30.3-2+squeeze1
 	- t1lib 5.1.2-3.5