[Secure-testing-commits] r20111 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Sep 6 19:59:55 UTC 2012
Author: jmm
Date: 2012-09-06 19:59:54 +0000 (Thu, 06 Sep 2012)
New Revision: 20111
Modified:
data/CVE/list
Log:
several mozilla issues don't affect iceweasel ESV and related products (confirmed by Mike Hommey)
swift fixed
more chromium fixes
gpe-tetris non-issue
libx11 undetermined
mozilla wheezy no-dsas
puppet "fixed"
ruby1.9 is gone (no longer in stable)
one ruby issue only affected 1.8
drop fprobe entry
reintroduced swftools no longer builds swf2pdf
no point in tracking webkit security-wise, drop existing <unfixed> entries
icedtea-web fixed
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-09-06 18:34:00 UTC (rev 20110)
+++ data/CVE/list 2012-09-06 19:59:54 UTC (rev 20111)
@@ -39,27 +39,27 @@
CVE-2011-5149 (Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 ...)
NOT-FOR-US: SpamTitan 5.08
CVE-2011-5148 (Multiple incomplete blacklist vulnerabilities in the Simple File ...)
- TODO: check
+ NOT-FOR-US: Simple File Upload
CVE-2011-5147 (Static code injection vulnerability in ajax_save_name.php in the Ajax ...)
- TODO: check
+ NOT-FOR-US: tinymce plugin
CVE-2011-5145 (Multiple SQL injection vulnerabilities in Open Business Management ...)
- TODO: check
+ NOT-FOR-US: Open Business Management
CVE-2011-5144 (Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: Open Business Management
CVE-2011-5143 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business ...)
- TODO: check
+ NOT-FOR-US: Open Business Management
CVE-2011-5142 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business ...)
- TODO: check
+ NOT-FOR-US: Open Business Management
CVE-2011-5141 (Directory traversal vulnerability in exportcsv/exportcsv_index.php in ...)
- TODO: check
+ NOT-FOR-US: Open Business Management
CVE-2011-5140 (Multiple SQL injection vulnerabilities in the blog module 1.0 for ...)
- TODO: check
+ NOT-FOR-US: DIY CMS
CVE-2011-5139 (SQL injection vulnerability in page.php in Pre Studio Business Cards ...)
NOT-FOR-US: Pre Studio Business Cards Designer
CVE-2011-5138 (Cross-site scripting (XSS) vulnerability in member.php in tForum ...)
- TODO: check
+ NOT-FOR-US: tForum
CVE-2011-5137 (Multiple SQL injection vulnerabilities in tForum b0.915 allow remote ...)
- TODO: check
+ NOT-FOR-US: tForum
CVE-2010-5194 (Stack-based buffer overflow in the Image2PDF function in the ...)
NOT-FOR-US: Viscom Image Viewer CP Pro
CVE-2010-5193 (Stack-based buffer overflow in the TIFMergeMultiFiles function in the ...)
@@ -930,7 +930,7 @@
RESERVED
CVE-2012-4406
RESERVED
- - swift <unfixed> (bug #686812)
+ - swift 1.4.8-2 (bug #686812)
CVE-2012-4405
RESERVED
CVE-2012-4404 [moinmoin virtual groups and ACLs evaluation issue]
@@ -1546,8 +1546,6 @@
NOT-FOR-US: Opera
CVE-2012-XXXX [redeclipse code execution through map files]
- redeclipse 1.2-3 (bug #684143)
-CVE-2012-XXXX [world-writeable directory]
- - gpe-tetris <unfixed> (bug #684178)
CVE-2012-XXXX [base name disclosure]
- spip 2.1.17-1 (bug #683667)
CVE-2012-XXXX [insecure default configuration / authentication bypass]
@@ -1939,17 +1937,17 @@
- icedove <not-affected> (Only affects Firefox >= 10)
- iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-3970 (Use-after-free vulnerability in the nsTArray_base::Length function in ...)
- - iceweasel 10.0.7esr-1
- - icedove <unfixed>
- - iceape <unfixed>
+ - iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
+ - icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
+ - iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3969 (Integer overflow in the nsSVGFEMorphologyElement::Filter function in ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
CVE-2012-3968 (Use-after-free vulnerability in the WebGL implementation in Mozilla ...)
- - iceweasel 10.0.7esr-1
- - icedove <unfixed>
- - iceape <unfixed>
+ - iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
+ - icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
+ - iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3967 (The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
@@ -1961,21 +1959,21 @@
CVE-2012-3965 (Mozilla Firefox before 15.0 does not properly restrict navigation to ...)
- iceweasel <not-affected> (Only affects Firefox >= 10)
CVE-2012-3964 (Use-after-free vulnerability in the gfxTextRun::GetUserData function ...)
- - iceweasel 10.0.7esr-1
- - icedove <unfixed>
- - iceape <unfixed>
+ - iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
+ - icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
+ - iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3963 (Use-after-free vulnerability in the js::gc::MapAllocToTraceKind ...)
- - iceweasel 10.0.7esr-1
- - icedove <unfixed>
- - iceape <unfixed>
+ - iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
+ - icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
+ - iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3962 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
CVE-2012-3961 (Use-after-free vulnerability in the RangeData implementation in ...)
- - iceweasel 10.0.7esr-1
- - icedove <unfixed>
- - iceape <unfixed>
+ - iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
+ - icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
+ - iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3960 (Use-after-free vulnerability in the ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
@@ -1985,17 +1983,17 @@
- icedove <unfixed>
- iceape 2.7.7-1
CVE-2012-3958 (Use-after-free vulnerability in the ...)
- - iceweasel 10.0.7esr-1
- - icedove <unfixed>
- - iceape <unfixed>
+ - iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
+ - icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
+ - iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3957 (Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
CVE-2012-3956 (Use-after-free vulnerability in the ...)
- - iceweasel 10.0.7esr-1
- - icedove <unfixed>
- - iceape <unfixed>
+ - iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
+ - icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
+ - iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3955
RESERVED
CVE-2012-3954 (Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and ...)
@@ -3227,9 +3225,9 @@
- rails <not-affected> (Only affects RoR 3.x)
- ruby-actionpack-3.2 3.2.6-3 (bug #683370)
CVE-2012-3423 (The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant ...)
- - icedtea-web <unfixed>
+ - icedtea-web 1.3-1
CVE-2012-3422 (The getFirstInTableInstance function in the IcedTea-Web plugin before ...)
- - icedtea-web <unfixed>
+ - icedtea-web 1.3-1
CVE-2012-3421 (The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) ...)
{DSA-2533-1}
- pcp 3.6.5 (bug #685476)
@@ -3276,10 +3274,11 @@
- ecryptfs-utils 99-1 (bug #682220)
[squeeze] - ecryptfs-utils <not-affected> (home src/dest mountpoints hardcoded in that version)
CVE-2012-3408 (lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet ...)
- - puppet <unfixed> (low)
+ - puppet 2.7.18-1 (low)
[squeeze] - puppet <no-dsa> (Minor issue)
NOTE: http://puppetlabs.com/security/cve/cve-2012-3408/
NOTE: There's no code fix, but this should be addressed in stable with a NEWS file warning about this
+ NOTE: Fixed in 2.7.18 by updated docs
CVE-2012-3407
RESERVED
NOT-FOR-US: plow
@@ -10419,11 +10418,14 @@
RESERVED
CVE-2012-0475 (Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and ...)
- icedove 10.0.4-1
+ [wheezy] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
[squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
- iceweasel 12.0-1 (low)
[squeeze] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
+ [wheezy] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
- iceape <unfixed> (low)
[squeeze] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
+ [wheezy] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9
CVE-2012-0474 (Cross-site scripting (XSS) vulnerability in the docshell ...)
- icedove 10.0.4-1
@@ -11324,7 +11326,7 @@
CVE-2011-4947 (Cross-site request forgery (CSRF) vulnerability in ...)
TODO: check
CVE-2011-4946 (SQL injection vulnerability in e107_admin/users_extended.php in e107 ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2011-4945
RESERVED
- policykit-1 0.103-1
@@ -15885,9 +15887,8 @@
- nss 3.13.1.with.ckbi.1.88-1 (low; bug #647614)
[lenny] - nss <no-dsa> (Minor issue)
[squeeze] - nss <no-dsa> (Minor issue)
- - chromium-browser <unfixed> (low)
- [lenny] - chromium-browser <no-dsa> (attacker needs to get malicious file into cwd first)
- [squeeze] - chromium-browser <no-dsa> (attacker needs to get malicious file into cwd first)
+ - chromium-browser <unfixed> (unimportant)
+ NOTE: attacker needs to get malicious file into cwd first
NOTE: http://seclists.org/fulldisclosure/2011/Oct/734
CVE-2011-3639 (The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 ...)
{DSA-2405-1}
@@ -16664,7 +16665,7 @@
- openjdk-7 7~b147-2.0-1
- iceweasel <not-affected>
NOTE: http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
- - chromium-browser <unfixed>
+ - chromium-browser 15.0.874.106~r107270-1
- webkit <unfixed>
- lighttpd 1.4.30-1
NOTE: strictly speaking this is no lighttpd issue, but lighttpd adds a workaround
@@ -18807,8 +18808,7 @@
NOT-FOR-US: sNews
CVE-2011-2705 (The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby ...)
- ruby1.8 1.8.7.352-1 (low; bug #635878)
- - ruby1.9 <unfixed> (low)
- - ruby1.9.1 <unfixed> (low)
+ - ruby1.9.1 1.9.3~preview1-1 (low)
CVE-2011-2704 (Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before ...)
{DSA-2285-1}
- mapserver 6.0.1-1
@@ -18879,8 +18879,6 @@
TODO: Check status of "Reflected cross site scripting vulnerability in error handler" in Squeeze
CVE-2011-2686 (Ruby before 1.8.7-p352 does not reset the random seed upon forking, ...)
- ruby1.8 1.8.7.352-1 (low; bug #635878)
- - ruby1.9 <unfixed> (low)
- - ruby1.9.1 <unfixed> (low)
CVE-2011-2685 (Stack-based buffer overflow in the Lotus Word Pro import filter in ...)
{DSA-2275-1}
- libreoffice 1:3.3.3-1
@@ -23106,10 +23104,13 @@
CVE-2011-1187 (Google Chrome before 10.0.648.127 allows remote attackers to bypass ...)
- libv8 3.1.8.10-1 (bug #617418)
- icedove <unfixed> (low)
+ [wheezy] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
[squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
- iceweasel 12.0-1 (low)
+ [wheezy] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
[squeeze] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
- iceape <unfixed> (low)
+ [wheezy] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
[squeeze] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9
CVE-2011-1186 (Google Chrome before 10.0.648.127 on Linux does not properly handle ...)
@@ -30620,8 +30621,6 @@
NOTE: chromium specific
CVE-2010-3249 (Google Chrome before 6.0.472.53 does not properly implement SVG ...)
- chromium-browser 6.0.472.53~r57914-1
- - webkit <unfixed>
- [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
NOTE: http://trac.webkit.org/changeset/60541
CVE-2010-3248 (Google Chrome before 6.0.472.53 does not properly restrict copying to ...)
- chromium-browser 6.0.472.53~r57914-1
@@ -34476,8 +34475,6 @@
CVE-2010-1826
RESERVED
CVE-2010-1825 (Use-after-free vulnerability in WebKit, as used in Google Chrome ...)
- - webkit <unfixed>
- [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 6.0.472.59~r59126-1
NOTE: http://trac.webkit.org/changeset/66847
CVE-2010-1824 (Use-after-free vulnerability in WebKit, as used in Apple iTunes before ...)
@@ -34539,7 +34536,6 @@
NOTE: test-case: -parseFloat("NAN(ffffeeeeeff0f)")
NOTE: reproduced with epiphany
CVE-2010-1806 (Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x ...)
- - webkit <unfixed>
- chromium-browser 5.0.375.127~r55887-1
NOTE: http://trac.webkit.org/changeset/63772
CVE-2010-1805 (Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 ...)
@@ -41523,7 +41519,7 @@
- kdegraphics 4.0
- xpdf 3.01-1
- poppler 0.5.1-1
- - swftools <removed>
+ - swftools 0.9.2+ds1-2
NOTE: was silently fixed by upstream xpdf, fix propagated to poppler in 4b4fc5c017b/2005-09-14
NOTE: but at least version 0.4.5 does *not* contain the ship.
NOTE: Was fixed somewhere between 0.4.5 and 0.5.1
@@ -42901,13 +42897,13 @@
- xpdf 3.02-2 (medium; bug #551287)
- poppler 0.12.2-1 (medium; bug #551289)
- kdegraphics 4:4.0 (medium; bug #551290)
- - swftools <removed> (medium; bug #551291)
+ - swftools 0.9.2+ds1-2
CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...)
{DSA-2050-1 DSA-2028-1 DSA-1941-1}
- xpdf 3.02-2 (medium; bug #551287)
- poppler 0.12.2-1 (medium; bug #551289)
- kdegraphics 4:4.0 (medium; bug #551290)
- - swftools <removed> (medium; bug #551291)
+ - swftools 0.9.2+ds1-2
CVE-2009-3607 (Integer overflow in the create_surface_from_thumbnail_data function in ...)
{DSA-1941-1}
- poppler 0.12.2-1 (medium; bug #551289)
@@ -42916,7 +42912,7 @@
- xpdf 3.02-2 (medium; bug #551287)
- poppler 0.12.2-1 (medium; bug #551289)
- kdegraphics 4:4.0 (medium; bug #551290)
- - swftools <removed> (medium; bug #551291)
+ - swftools 0.9.2+ds1-2
CVE-2009-3605 (Multiple integer overflows in Poppler 0.10.5 and earlier allow remote ...)
{DSA-1941-1}
- poppler 0.12.2-1 (medium; bug #551289)
@@ -42925,13 +42921,14 @@
- xpdf 3.02-2 (medium; bug #551287)
- poppler 0.12.2-1 (medium; bug #551289)
- kdegraphics 4:4.0 (medium; bug #551290)
- - swftools <removed> (medium; bug #551291)
+ - swftools 0.9.2+ds1-2
CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf ...)
{DSA-2050-1 DSA-2028-1 DSA-1941-1}
- xpdf 3.02-2 (medium; bug #551287)
- poppler 0.12.2-1 (medium; bug #551289)
- kdegraphics 4:4.0 (medium; bug #551290)
- swftools <removed> (medium; bug #551291)
+ - swftools 0.9.2+ds1-2
CVE-2009-3591 (Dopewars 1.5.12 allows remote attackers to cause a denial of service ...)
- dopewars 1.5.12-9 (low; bug #550913)
[etch] - dopewars <no-dsa> (negligible issue)
@@ -51012,7 +51009,7 @@
[lenny] - poppler 0.8.7-3.1
- xpdf 3.02-2 (bug #575779)
- kdegraphics 4:4.0
- - swftools <removed>
+ - swftools 0.9.2+ds1-2
CVE-2009-1187 (Integer overflow in the JBIG2 decoding feature in Poppler before ...)
{DSA-1941-1}
- poppler 0.10.6-1 (medium; bug #524806)
@@ -51034,7 +51031,7 @@
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- kdegraphics 4:4.0 (medium; bug #524810)
- - swftools <removed> (medium; bug #527449)
+ - swftools 0.9.2+ds1-2
CVE-2009-1182 (Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and ...)
{DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
@@ -51042,7 +51039,7 @@
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- kdegraphics 4:4.0-1 (medium; bug #524810)
- - swftools <removed> (medium; bug #527449)
+ - swftools 0.9.2+ds1-2
CVE-2009-1181 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
{DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
@@ -51050,7 +51047,7 @@
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- kdegraphics 4:4.0-1 (medium; bug #524810)
- - swftools <removed> (medium; bug #527449)
+ - swftools 0.9.2+ds1-2
CVE-2009-1180 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
{DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
@@ -51058,7 +51055,7 @@
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- kdegraphics 4:4.0-1 (medium; bug #524810)
- - swftools <removed> (medium; bug #527449)
+ - swftools 0.9.2+ds1-2
CVE-2009-1179 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, ...)
{DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
@@ -51066,7 +51063,7 @@
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- kdegraphics 4:4.0-1 (medium; bug #524810)
- - swftools <removed> (medium; bug #527449)
+ - swftools 0.9.2+ds1-2
CVE-2009-1178 (Unspecified vulnerability in the server in IBM Tivoli Storage Manager ...)
NOT-FOR-US: Tivoli
CVE-2009-1177 (Multiple stack-based buffer overflows in maptemplate.c in mapserv in ...)
@@ -52376,7 +52373,7 @@
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- kdegraphics 4:4.0 (medium; bug #524810)
- - swftools <removed> (medium; bug #527449)
+ - swftools 0.9.2+ds1-2
CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
{DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
@@ -52384,7 +52381,7 @@
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- kdegraphics 4:4.0 (medium; bug #524810)
- - swftools <removed> (medium; bug #527449)
+ - swftools 0.9.2+ds1-2
CVE-2009-0798 (ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to ...)
{DSA-1786-1}
- acpid 1.0.10-1 (medium)
@@ -55092,7 +55089,7 @@
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- kdegraphics 4:4.0 (medium; bug #524810)
- - swftools <removed> (medium; bug #527449)
+ - swftools 0.9.2+ds1-2
CVE-2009-0165 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as ...)
{DSA-1793-1 DSA-1790-1}
- xpdf 3.02-1.4+lenny1 (low; bug #524809)
@@ -55149,7 +55146,7 @@
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- kdegraphics 4:4.0 (medium; bug #524810)
- - swftools <removed> (medium; bug #527449)
+ - swftools 0.9.2+ds1-2
CVE-2009-0146 (Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ...)
{DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
@@ -55158,7 +55155,7 @@
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- kdegraphics 4:4.0 (medium; bug #524810)
- - swftools <removed> (medium; bug #527449)
+ - swftools 0.9.2+ds1-2
CVE-2009-0145 (CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone ...)
NOT-FOR-US: CoreGraphics in Apple Mac OS X
CVE-2009-0144 (CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse ...)
@@ -73702,7 +73699,7 @@
NOTE: cups uses xpdf-utils and poppler-utils
- libextractor 0.5.12-1
NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
- - swftools <removed> (medium; bug #527449)
+ - swftools 0.9.2+ds1-2
CVE-2007-5392 (Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in ...)
{DSA-1537-1 DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
- poppler 0.6.2-1 (medium; bug #450628)
@@ -73720,7 +73717,7 @@
NOTE: cups uses xpdf-utils and poppler-utils
- libextractor 0.5.12-1
NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
- - swftools <removed> (medium; bug #527449)
+ - swftools 0.9.2+ds1-2
CVE-2003-1357 (ProxyView has a default administrator password of Administrator for ...)
NOT-FOR-US: ProxyView
CVE-2003-1356 (The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 ...)
@@ -76508,7 +76505,7 @@
NOTE: cups uses xpdf-utils and poppler-utils since version 1.1.22-7
- libextractor 0.5.12-1
NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
- - swftools <removed> (medium; bug #527449)
+ - swftools 0.9.2+ds1-2
CVE-2007-4351 (Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 ...)
{DSA-1407-1 DTSA-81-1}
- cupsys 1.3.4-1 (medium; bug #448866)
@@ -78827,7 +78824,7 @@
- libextractor 0.5.12-1
NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
- ipe <not-affected> (Does not include the vulnerable code)
- - swftools <removed> (bug #527449)
+ - swftools 0.9.2+ds1-2
CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager Servlet ...)
{DSA-1447-1}
- tomcat5.5 5.5.25-1
@@ -103329,8 +103326,8 @@
CVE-2006-0198 (Cross-site scripting (XSS) vulnerability in a certain module, possibly ...)
NOT-FOR-US: XOOPS
CVE-2006-0197 (The XClientMessageEvent struct used in certain components of X.Org ...)
- NOTE: exploitability uncertian
- - libx11 <unfixed> (bug #349251; low)
+ - libx11 <undetermined>
+ NOTE: Doesn't look like a security problem, see #349251
CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 ...)
NOT-FOR-US: slsnif
CVE-2006-0195 (Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 ...)
@@ -108165,9 +108162,6 @@
- libosip2 2.0.9-1 (bug #308737)
CVE-2005-XXXX [rkhunter: Insecure temporary file]
- rkhunter 1.2.7-14 (bug #330627; medium)
-CVE-2005-XXXX [fprobe-ng: Insecure default hash]
- - fprobe <unfixed> (bug #322699; low)
- [sarge] - fprobe-ng <no-dsa> (Hardly exploitable)
CVE-2005-3104 (mt-comments.cgi in Movable Type before 3.2 allows attackers to ...)
NOT-FOR-US: Movable Type
CVE-2005-3103 (Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 ...)
More information about the Secure-testing-commits
mailing list