[Secure-testing-commits] r20218 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Sun Sep 23 21:14:19 UTC 2012
Author: joeyh
Date: 2012-09-23 21:14:19 +0000 (Sun, 23 Sep 2012)
New Revision: 20218
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-09-23 14:34:04 UTC (rev 20217)
+++ data/CVE/list 2012-09-23 21:14:19 UTC (rev 20218)
@@ -2813,6 +2813,7 @@
- icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
- iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3955 (ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows ...)
+ {DSA-2551-1}
- isc-dhcp 4.2.4-2
[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1
CVE-2012-3954 (Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and ...)
@@ -4147,6 +4148,7 @@
- gimp 2.4.0~rc1-1
NOTE: Only affects 2.2 series
CVE-2012-3401 (The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in ...)
+ {DSA-2552-1}
- tiff 4.0.2-2 (bug #682115)
- tiff3 3.9.6-7 (bug #682195)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=837577
@@ -7270,6 +7272,7 @@
CVE-2012-2114 (Stack-based buffer overflow in fprintf in musl before 0.8.8 and ...)
NOT-FOR-US: musl libc not in Debian
CVE-2012-2113 (Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow ...)
+ {DSA-2552-1}
- tiff 4.0.2-1 (bug #678140)
CVE-2012-2112 (Cross-site scripting (XSS) vulnerability in the Exception Handler in ...)
{DSA-2455-1}
@@ -26585,6 +26588,7 @@
- libarchive <unfixed> (bug #669197)
[squeeze] - libarchive <not-affected> (no cab support prior to 3.0)
CVE-2010-4665 (Integer overflow in the ReadDirectory function in tiffdump.c in ...)
+ {DSA-2552-1}
- tiff3 3.9.5
NOTE: tiff (4) might be affected, it was branched after tiff3 3.8.2 but the tiffdump.c code is completely different so I'm unsure
CVE-2010-4664
@@ -33179,6 +33183,7 @@
CVE-2010-2631 (LibTIFF 3.9.0 ignores tags in certain situations during the first ...)
- tiff <unfixed> (unimportant)
CVE-2010-2630 (The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly ...)
+ {DSA-2552-1}
- tiff <unfixed> (unimportant)
CVE-2010-2629 (The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 ...)
NOT-FOR-US: Cisco
@@ -33310,10 +33315,12 @@
CVE-2010-2598 (LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as ...)
- tiff <unfixed> (unimportant)
CVE-2010-2597 (The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 ...)
+ {DSA-2552-1}
- tiff <unfixed> (unimportant)
CVE-2010-2596 (The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and ...)
- tiff <unfixed> (unimportant)
CVE-2010-2595 (The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ...)
+ {DSA-2552-1}
- tiff <unfixed> (unimportant)
CVE-2010-2573 (Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, ...)
NOT-FOR-US: Microsoft PowerPoint
@@ -33559,6 +33566,7 @@
CVE-2010-2483 (The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers ...)
- tiff 3.9.4-4 (unimportant)
CVE-2010-2482 (LibTIFF 3.9.4 and earlier does not properly handle an invalid ...)
+ {DSA-2552-1}
- tiff 3.9.4-1 (unimportant)
CVE-2010-2481 (The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly ...)
- tiff 3.9.4-1 (unimportant)
More information about the Secure-testing-commits
mailing list