thijs at alioth.debian.org
2008-Jul-29 14:43 UTC
[Secure-testing-commits] r9469 - data/CVE
Author: thijs
Date: 2008-07-29 14:43:48 +0000 (Tue, 29 Jul 2008)
New Revision: 9469
Modified:
data/CVE/list
Log:
2 cups issues only for 1.1 series
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-07-29 14:31:52 UTC (rev 9468)
+++ data/CVE/list 2008-07-29 14:43:48 UTC (rev 9469)
@@ -6353,14 +6353,16 @@
- linux-2.6 <unfixed> (bug #490910)
- linux-2.6.24 2.6.24-6~etchnhalf.4
CVE-2008-0597 (Use-after-free vulnerability in CUPS before 1.1.22, and possibly
other ...)
- - cups 1.2
- - cupsys 1.2
+ - cupsys 1.2.1-1
+ - cups <not-affected> (Vulnerable code not present)
NOTE: (mimeDeleteType included since 1.2.x
+ NOTE: according to maintainer, applies to 1.1.x series only. exact fixed
+ NOTE: version in 1.1 unknown but irrelevant. cups package never had 1.1
+ NOTE: versions in Debian.
CVE-2008-0596 (Memory leak in CUPS before 1.1.22, and possibly other versions,
allows ...)
- - cupsys 1.3.6
- - cups 1.3.6
- NOTE: version in unstable has better array handling and is not vulnerable,
exact version unknown
- TODO: validate exact fixed version
+ - cupsys 1.2.1-1
+ - cups <not-affected> (Vulnerable code not present)
+ NOTE: see CVE-2008-0597
CVE-2008-0595 (dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20,
recognizes ...)
{DSA-1599-1}
- dbus 1.1.20-1