Author: nion
Date: 2008-06-16 15:57:15 +0000 (Mon, 16 Jun 2008)
New Revision: 9083
Modified:
data/CVE/list
Log:
(hopefully) fix cupsys -> cups renaming
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-06-16 15:34:30 UTC (rev 9082)
+++ data/CVE/list 2008-06-16 15:57:15 UTC (rev 9083)
@@ -2113,7 +2113,7 @@
RESERVED
CVE-2008-1722 (Multiple integer overflows in (1) filter/image-png.c and (2)
...)
- cups 1.3.7-2 (medium; bug #476305)
- - cupsys <removed> (medium; bug #476305)
+ - cupsys 1.3.7-2 (medium; bug #476305)
CVE-2008-1721 (Integer signedness error in the zlib extension module in Python
2.5.2 ...)
{DSA-1551-1}
- python2.4 2.4.5-2
@@ -2883,7 +2883,7 @@
NOT-FOR-US: FreeWebShop.org
CVE-2005-4873 (Multiple stack-based buffer overflows in the phpcups PHP module
for ...)
- cups 1.1.23-10sarge1
- - cupsys <removed>
+ - cupsys 1.1.23-10sarge1
CVE-2008-1476 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y)
before ...)
{DSA-1528-1}
- serendipity 1.3-1
@@ -2949,11 +2949,11 @@
{DSA-1565-1}
- linux-2.6 2.6.25-2 (low)
CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise
Linux ...)
- - cupsys <removed>
+ - cupsys <not-affected> (Redhat-specific incomplete patch, upstream
patch is complete)
- cups <not-affected> (Redhat-specific incomplete patch, upstream patch
is complete)
CVE-2008-1373 (Buffer overflow in the gif_read_lzw in CUPS 1.3.6 allows remote
...)
{DTSA-122-1}
- - cupsys <removed> (medium)
+ - cupsys 1.3.7-1 (medium)
- cups 1.3.7-1 (medium)
CVE-2008-1372 (bzlib.c in bzip2 before 1.0.5 allows user-assisted remote
attackers to ...)
- bzip2 1.0.5-0.1 (low; bug #471670)
@@ -4129,7 +4129,7 @@
NOTE: Seems Redhat specific
CVE-2008-0882 (Double free vulnerability in the process_browse_data function in
CUPS ...)
{DSA-1530-1 DTSA-117-1}
- - cupsys <removed> (medium; bug #467653)
+ - cupsys 1.3.6-1 (medium; bug #467653)
- cups 1.3.6-1 (medium; bug #467653)
[sarge] - cupsys <no-dsa> (Remote DoS is minor issue)
CVE-2008-0881 (SQL injection vulnerability in modules.php in the Okul 1.0
module for ...)
@@ -4758,10 +4758,10 @@
RESERVED
CVE-2008-0597 (Use-after-free vulnerability in CUPS before 1.1.22, and possibly
other ...)
- cups 1.2
- - cupsys <removed>
+ - cupsys 1.2
NOTE: (mimeDeleteType included since 1.2.x
CVE-2008-0596 (Memory leak in CUPS before 1.1.22, and possibly other versions,
allows ...)
- - cupsys <removed>
+ - cupsys 1.3.6
- cups 1.3.6
NOTE: version in unstable has better array handling and is not vulnerable,
exact version unknown
TODO: validate exact fixed version
@@ -6116,7 +6116,7 @@
CVE-2008-0054 (Foundation in Apple Mac OS X 10.4.11 might allow
context-dependent ...)
NOT-FOR-US: Apple Mac OS X
CVE-2008-0053 (Multiple buffer overflows in the HP-GL/2-to-PostScript filter in
CUPS ...)
- - cupsys <removed>
+ - cupsys 1.3.6-1
- cups 1.3.6-1
NOTE: https://bugzilla.redhat.com/attachment.cgi?id=298651
CVE-2008-0052 (CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe
file ...)
@@ -6131,7 +6131,7 @@
NOT-FOR-US: Apple Mac OS X
CVE-2008-0047 (Heap-based buffer overflow in the cgiCompileSearch function in
CUPS ...)
{DSA-1530-1}
- - cupsys <removed> (medium; bug #472105)
+ - cupsys 1.3.6-3 (medium; bug #472105)
- cups 1.3.6-3 (medium; bug #472105)
[sarge] - cupsys <not-affected> (Vulnerable code not present)
CVE-2008-0046 (The Application Firewall in Apple Mac OS X 10.5.2 has an
incorrect ...)
@@ -6852,7 +6852,7 @@
CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local
users ...)
{DSA-1437-1}
- cups 1.3.5-1 (low; bug #456960)
- - cupsys <removed> (low; bug #456960)
+ - cupsys 1.3.5-1 (low; bug #456960)
[sarge] - cupsys <no-dsa> (Minor issue)
NOTE: the debian package is a bit confusing here as it also ships a pdftops
NOTE: wrapper script as an example but the original script is installed
@@ -8286,11 +8286,11 @@
NOT-FOR-US: Desktop Services (Apple Mac OS X)
CVE-2007-5849 (Integer underflow in the asn1_get_string function in the SNMP
back end ...)
{DSA-1437-1}
- - cupsys <removed> (medium; bug #457453)
+ - cupsys 1.3.5-1 (medium; bug #457453)
- cups 1.3.5-1 (medium; bug #457453)
[sarge] - cupsys <not-affected> (Vulnerable code not present)
CVE-2007-5848 (Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local
admin ...)
- - cupsys <removed>
+ - cupsys 1.2.0
- cups 1.2.0
NOTE: This only affects the Cups 1.1 series
[sarge] - cupsys <no-dsa> (Minor issue, may only lead to an infinite
loop)
@@ -9993,7 +9993,6 @@
- xpdf 3.02-1.3 (medium; bug #450629)
- koffice 1:1.6.3-4 (medium; bug #450631)
- libextractor 0.5.9-1
- - cupsys <removed>
- cups 1.1.22-7
- gpdf <removed>
- pdftohtml <removed>
@@ -10001,6 +10000,7 @@
- tetex-bin 3.0-12
NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
- cups <not-affected> (we use xpdf-utils in sarge and poppler-utils
since etch to not embedd this code)
+ - cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils
since etch to not embedd this code)
NOTE: cups uses xpdf-utils and poppler-utils
- libextractor 0.5.12-1
NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as
fixed
@@ -10020,6 +10020,7 @@
- tetex-bin 3.0-12
NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
- cups <not-affected> (we use xpdf-utils in sarge and poppler-utils
since etch to not embedd this code)
+ - cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils
since etch to not embedd this code)
NOTE: cups uses xpdf-utils and poppler-utils
- libextractor 0.5.12-1
NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as
fixed
@@ -12796,7 +12797,7 @@
- xpdf 3.02-1.3 (medium; bug #450629)
- koffice 1:1.6.3-4 (medium; bug #450631)
- libextractor 0.5.9-1
- - cupsys <removed>
+ - cupsys 1.1.22-7
- cups 1.1.22-7
- gpdf <removed>
- pdftohtml <removed>
@@ -12804,12 +12805,13 @@
- tetex-bin 3.0-12
NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
- cups <not-affected> (we use xpdf-utils in sarge and poppler-utils
since etch to not embedd this code)
+ - cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils
since etch to not embedd this code)
NOTE: cups uses xpdf-utils and poppler-utils
- libextractor 0.5.12-1
NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as
fixed
CVE-2007-4351 (Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS
1.3.3 ...)
{DSA-1407-1 DTSA-81-1}
- - cupsys <removed> (medium; bug #448866)
+ - cupsys 1.3.4-1 (medium; bug #448866)
- cups 1.3.4-1 (medium; bug #448866)
[sarge] - cupsys <not-affected> (Only vulnerable to code injection since
1.2.x, effects are harmless otherwise)
CVE-2007-4350
@@ -13489,7 +13491,7 @@
CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery
...)
NOT-FOR-US: Pony Gallery
CVE-2007-4045 (The CUPS service, as used in SUSE Linux before 20070720 and
other ...)
- - cupsys <removed>
+ - cupsys 1.2
- cups 1.2
NOTE: Since 1.2 allocation has changed and this issue is no longer exploitable
CVE-2007-4044
@@ -15091,7 +15093,7 @@
[etch] - pdftohtml 0.36-13etch1
- tetex-bin 3.0-12
NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
- - cupsys <removed> (unimportant; bug #436099)
+ - cupsys <not-affected> (unimportant; bug #436099)
- cups <not-affected> (unimportant; bug #436099)
NOTE: cups uses xpdf-utils
- pdfkit.framework 0.8-4
@@ -21980,7 +21982,7 @@
NOT-FOR-US: Apple Mac
CVE-2007-0720 (The CUPS service on multiple platforms allows remote attackers
to ...)
- cups 1.2.7-1 (bug #434734; low)
- - cupsys <removed> (bug #434734; low)
+ - cupsys 1.2.7-1 (bug #434734; low)
[sarge] - cupsys <no-dsa> (Minor, conceptual design problem)
[etch] - cupsys <no-dsa> (Minor, conceptual design problem)
CVE-2007-0719 (Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4
through ...)
@@ -42441,7 +42443,7 @@
- libextractor 0.5.9-1
- pdfkit.framework 0.8-4
- pdftohtml 0.36-12
- - cupsys <removed>
+ - cupsys 1.1.22-7
- cups 1.1.22-7
NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
- tetex-bin 3.0-12
@@ -42456,7 +42458,7 @@
- libextractor 0.5.9-1
- pdfkit.framework 0.8-4
- pdftohtml 0.36-12
- - cupsys <removed>
+ - cupsys 1.1.22-7
- cups 1.1.22-7
NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
- tetex-bin 3.0-12
@@ -42471,7 +42473,7 @@
- libextractor 0.5.9-1
- pdfkit.framework 0.8-4
- pdftohtml 0.36-12
- - cupsys <removed>
+ - cupsys 1.1.22-7
- cups 1.1.22-7
NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
- tetex-bin 3.0-12
@@ -42488,7 +42490,7 @@
- pdfkit.framework 0.8-4
- pdftohtml 0.36-12
- cups 1.1.22-7
- - cupsys <removed>
+ - cupsys 1.1.22-7
NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for
xpdf, ...)
@@ -42503,7 +42505,7 @@
- pdfkit.framework 0.8-4
- pdftohtml 0.36-12
- cups 1.1.22-7
- - cupsys <removed>
+ - cupsys 1.1.22-7
NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3623 (nfs2acl.c in the Linux kernel 2.6.14.4 does not check for
MAY_SATTR ...)
@@ -43972,7 +43974,7 @@
- tetex-bin 3.0-11 (bug #342292; medium)
- koffice <not-affected> (Vulnerable xpdf code not contained)
- libextractor 0.5.8-1 (medium)
- - cupsys <removed> (unimportant)
+ - cupsys 1.1.23-13 (unimportant)
- cups 1.1.23-13 (unimportant)
- pdfkit.framework 0.8-4
CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in
Xpdf ...)
@@ -43987,7 +43989,7 @@
- tetex-bin 3.0-11 (bug #342292; medium)
- koffice 1:1.4.2-5 (bug #342294; medium)
- libextractor 0.5.8-1 (medium)
- - cupsys <removed> (unimportant)
+ - cupsys 1.1.23-13 (unimportant)
- cups 1.1.23-13 (unimportant)
- pdfkit.framework 0.8-4
CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) ...)
@@ -44003,7 +44005,7 @@
- koffice 1:1.4.2-5 (bug #342294; medium)
- libextractor 0.5.8-1 (medium)
- cups 1.1.23-13 (unimportant)
- - cupsys <removed> (unimportant)
+ - cupsys 1.1.23-13 (unimportant)
CVE-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0
...)
NOT-FOR-US: iGateway
CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP
Server ...)
@@ -44870,7 +44872,7 @@
- py2play 0.1.8-1 (bug #326976; medium)
CVE-2005-2874 (The is_path_absolute function in scheduler/client.c for the
daemon in ...)
- cups 1.1.23-1 (unknown)
- - cupsys <removed> (unknown)
+ - cupsys 1.1.23-1 (unknown)
CVE-2005-2871 (Buffer overflow in the International Domain Name (IDN) support
in ...)
{DSA-868-1 DSA-866-1 DSA-837-1}
- mozilla-firefox 1.0.6-5 (bug #327452; bug #327802; bug #327366; medium)
@@ -47414,7 +47416,7 @@
CVE-2001-1508 (Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a
allows ...)
- lprng <not-affected> (Not suid in Debian)
- cups <not-affected> (Not suid in Debian)
- - cupsys <removed>
+ - cupsys <not-affected> (Not suid in Debian)
CVE-2001-1507 (OpenSSH before 3.0.1 with Kerberos V enabled does not properly
...)
- openssh 1:3.0.1
CVE-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving
an ...)
@@ -47867,7 +47869,7 @@
NOT-FOR-US: Windows
CVE-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf
as ...)
- cups 1.1.20final+rc1-1 (low)
- - cupsys <removed> (low)
+ - cupsys 1.1.20final+rc1-1 (low)
CVE-2005-2116
REJECTED
CVE-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to
cause ...)
@@ -47927,7 +47929,7 @@
[sarge] - tetex-bin <not-affected> (tetex2 uses an older version, which
is not affected)
- gpdf 2.10.0-4 (bug #334454; low)
NOTE: Cups switched to xpdf-utils
- - cupsys <removed> (bug #324464)
+ - cupsys 1.1.22-7 (bug #324464)
- cups 1.1.22-7 (bug #324464)
[woody] - cupsys <not-affected> (Vulnerable code not present)
- poppler 0.4.0-1 (low)
@@ -55213,7 +55215,7 @@
- tetex-bin <not-affected> (Initial Debian fix was already correct)
- pdftohtml <not-affected> (Initial Debian fix was already correct)
- cups 1.1.22-7
- - cupsys <removed>
+ - cupsys 1.1.22-7
NOTE: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393
NOTE: cupsys uses an external xpdf now.
CVE-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without
certain ...)
@@ -55613,7 +55615,7 @@
- pdftohtml 0.36-11
- kdegraphics 4:3.3.2-2
- tetex-bin 2.0.2-26
- - cupsys <removed> (bug #324459)
+ - cupsys 1.1.22-6 (bug #324459)
- cups 1.1.22-6 (bug #324459)
NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
NOTE: In version 1.1.23-13, the dormant code in the source
@@ -56007,16 +56009,16 @@
NOT-FOR-US: dxfscope
CVE-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not
ensure ...)
- cups 1.1.22-2
- - cupsys <removed>
+ - cupsys 1.1.22-2
CVE-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if
it ...)
- cups 1.1.22-2
- - cupsys <removed>
+ - cupsys 1.1.22-2
CVE-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the
CUPS ...)
- cups 1.1.22-2
- - cupsys <removed>
+ - cupsys 1.1.22-2
CVE-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in
the ...)
- cups 1.1.22-2
- - cupsys <removed>
+ - cupsys 1.1.22-2
CVE-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp
for ...)
NOT-FOR-US: csv2xml
CVE-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp
for the ...)
@@ -56346,7 +56348,7 @@
CVE-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf
3.00, ...)
{DSA-621-1 DSA-619-1}
- xpdf 3.00-11
- - cupsys <removed>
+ - cupsys 1.1.22-2
- cups 1.1.22-2
- tetex-bin 2.0.2-25
- gpdf 2.8.2-1
@@ -56869,7 +56871,7 @@
NOT-FOR-US: MacOS
CVE-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a
...)
{DSA-566-1}
- - cupsys <removed>
+ - cupsys 1.1.20final+rc1-9
- cups 1.1.20final+rc1-9
CVE-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain
conditions, ...)
NOT-FOR-US: MacOS
@@ -56974,7 +56976,7 @@
- xpdf 3.00-9
- gpdf 2.8.0-1
- kdegraphics 4:3.3.1-1 (bug #280373)
- - cupsys <removed> (bug #324460)
+ - cupsys 1.1.22-6 (bug #324460)
- cups 1.1.22-6 (bug #324460)
NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
NOTE: In version 1.1.20final+rc1-10, the dormant code in the source
@@ -57799,8 +57801,8 @@
- usermin 1.090-1
CVE-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS
before ...)
{DSA-545-1}
- - cupsys <removed>
- cups 1.1.20final+rc1-6
+ - cupsys 1.1.20final+rc1-6
CVE-2004-0557 (Multiple buffer overflows in the st_wavstartread function in
wav.c for ...)
{DSA-565-1}
- sox 12.17.4-9 (bug #262083)
@@ -59464,8 +59466,8 @@
CVE-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM,
does not ...)
- apache2 2.0.48
CVE-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP)
...)
- - cupsys <removed>
- cups 1.1.19
+ - cupsys 1.1.19
CVE-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1
interprets ...)
- openssh 1:3.7.1p2
CVE-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1
and ...)
@@ -60833,8 +60835,8 @@
- samba 3.0
CVE-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of
...)
{DSA-317}
- - cupsys <removed>
- cups 1.1.19final-1
+ - cupsys 1.1.19final-1
CVE-2003-0194 (tcpdump does not properly drop privileges to the pcap user when
...)
- tcpdump <not-affected> (Apparently a Red Hat specific compilation
packaging flaw)
CVE-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local
users ...)
@@ -61416,8 +61418,8 @@
- traceroute-nanog 6.3.0-1
CVE-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS)
...)
{DSA-232}
- - cupsys <removed>
- cups 1.1.18-1
+ - cupsys 1.1.18-1
CVE-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local
...)
{DSA-227}
- openldap2 2.0.27-3
@@ -61431,8 +61433,8 @@
REJECTED
CVE-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows
remote ...)
{DSA-232}
- - cupsys <removed>
- cups 1.1.18-1
+ - cupsys 1.1.18-1
CVE-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings
with ...)
- openssh <not-affected> (OpenSSH not vulnerable)
CVE-2002-1359 (Multiple SSH2 servers and clients do not properly handle large
packets ...)
@@ -62864,7 +62866,7 @@
- xpdf-i 2.01-2
- xpdf 2.01-2
- cups 1.1.18-1
- - cupsys <removed>
+ - cupsys 1.1.18-1
CVE-2002-1382 (Macromedia Flash Player before 6.0.65.0 allows remote attackers
to ...)
- flashplugin-nonfree 6.0.69-1
CVE-2002-1381 (Format string vulnerability in daemon.c for Exim 4.x through
4.10, and ...)
@@ -62893,24 +62895,24 @@
- mysql <removed>
CVE-2002-1372 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does
not ...)
{DSA-232}
- - cupsys <removed>
- cups 1.1.18-1
+ - cupsys 1.1.18-1
CVE-2002-1371 (filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14
...)
{DSA-232}
- - cupsys <removed>
- cups 1.1.18-1
+ - cupsys 1.1.18-1
CVE-2002-1369 (jobs.c in Common Unix Printing System (CUPS) 1.1.14 through
1.1.17 ...)
{DSA-232}
- - cupsys <removed>
- cups 1.1.18-1
+ - cupsys 1.1.18-1
CVE-2002-1367 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows
remote ...)
{DSA-232}
- - cupsys <removed>
- cups 1.1.18-1
+ - cupsys 1.1.18-1
CVE-2002-1366 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows
local ...)
{DSA-232}
- - cupsys <removed>
- cups 1.1.18-1
+ - cupsys 1.1.18-1
CVE-2002-1365 (Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does
not ...)
{DSA-216}
- fetchmail 6.2.0-1