[Secure-testing-commits] r13581 - data/CVE

Raphael Geissert Wed, 16 Dec 2009 15:23:51 -0800

Author: geissert
Date: 2009-12-16 23:23:44 +0000 (Wed, 16 Dec 2009)
New Revision: 13581


Modified:
   data/CVE/list
Log:
new kpdf/xpdf/poppler/... issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-12-16 23:00:28 UTC (rev 13580)
+++ data/CVE/list       2009-12-16 23:23:44 UTC (rev 13581)
@@ -829,8 +829,16 @@
        NOT-FOR-US: FrontAccounting
 CVE-2009-4036
        RESERVED
-CVE-2009-4035
+CVE-2009-4035 [FoFiType1::parse() integer underflow in xpdf/fofi/FoFiType1.cc]
        RESERVED
+       - kpdf <unfixed>
+       - xpdf 3.01-1
+       - poppler 0.5.1-1
+       TODO: check
+       NOTE: was silently fixed by upstream xpdf, fix propagated to poppler in 
4b4fc5c017b/2005-09-14
+       NOTE: but at least version 0.4.5 does *not* contain the ship.
+       NOTE: Was fixed somewhere between 0.4.5 and 0.5.1
+       NOTE: swftools probably not affected
 CVE-2009-4034 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x 
before ...)
        - postgresql-7.4 <removed>
        - postgresql-8.1 <removed>


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r13581 - data/CVE

Reply via email to