Author: gilbert-guest
Date: 2009-10-16 22:08:09 +0000 (Fri, 16 Oct 2009)
New Revision: 13037
Modified:
data/CVE/list
data/embedded-code-copies
Log:
- new xpdf issue
- track poppler as fork of xpdf
- bug submitted for swftools embed of xpdf
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-16 21:14:21 UTC (rev 13036)
+++ data/CVE/list 2009-10-16 22:08:09 UTC (rev 13037)
@@ -1,3 +1,8 @@
+CVE-2009-XXXX [xpdf: integer overflow and null ptr dereference vulnerability]
+ - xpdf <unfixed> (medium; bug #551287)
+ - poppler <unfixed> (medium; bug #551289)
+ - kdegraphics <unfixed> (medium; bug #551290)
+ - swftools <unfixed> (medium; bug #551291)
CVE-2009-3699 (Stack-based buffer overflow in libcsa.a (aka the calendar
daemon ...)
NOT-FOR-US: IBM AIX
CVE-2009-3698 (An unspecified function in the Dalvik API in Android 1.5 and
earlier ...)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2009-10-16 21:14:21 UTC (rev 13036)
+++ data/embedded-code-copies 2009-10-16 22:08:09 UTC (rev 13037)
@@ -28,7 +28,6 @@
---BEGIN
xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
NOTE: Fixed packages link to poppler library unless otherwise noted
- NOTE: has been replaced by evince in etch
- pdftohtml <unknown>
[sarge] - pdftohtml <unfixed>
[etch] - pdftohtml <unfixed>
@@ -45,7 +44,8 @@
- ruby-gnome2 <unknown> (embed)
NOTE: copy only present in source but links to poppler
- pdfedit <unfixed> (embed; bug #510794)
- - swftools <unfixed> (embed)
+ - swftools <unfixed> (embed; bug #551293)
+ - poppler <unfixable> (fork)
ppmd
- libcomplearn-mod-ppmd <unfixed> (fork)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
