Author: gilbert-guest Date: 2009-08-01 07:20:15 +0000 (Sat, 01 Aug 2009) New Revision: 12457 Modified: data/CVE/list Log: poppler triage Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-08-01 00:17:55 UTC (rev 12456) +++ data/CVE/list 2009-08-01 07:20:15 UTC (rev 12457) @@ -1,3 +1,5 @@ +CVE-2009-XXXX [poppler: buffer overflow in abiword backend] + - poppler <unfixed> (low; bug #534680) CVE-2009-XXXX [openssl: certificate spoofing via null characters] - openssl <unfixed> (medium; bug #539499) NOTE: asked maintainer to check whether openssl affected @@ -5820,11 +5822,12 @@ [lenny] - mpfr <not-affected> (Vulnerable code not yet present) [etch] - mpfr <not-affected> (Vulnerable code not yet present) CVE-2009-0756 (The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 ...) - - poppler <unfixed> (low; bug #518478) - [lenny] - poppler <no-dsa> (Application crash only, could be fixed with further issues) + - poppler 0.10.6-1 (low; bug #518478) + [lenny] - poppler 0.8.7-2 [etch] - poppler <no-dsa> (Application crash only, could be fixed with further issues) + NOTE: poppler in lenny fixed in batch of CVEs pushed out in 5.0.2 release CVE-2009-0755 (The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 ...) - - poppler <unfixed> (low; bug #518478) + - poppler 0.10.6-1 (low; bug #518478) [lenny] - poppler <no-dsa> (Application crash only, could be fixed with further issues) [etch] - poppler <no-dsa> (Application crash only, could be fixed with further issues) CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows ...)