Author: geissert Date: 2009-12-16 23:23:44 +0000 (Wed, 16 Dec 2009) New Revision: 13581 Modified: data/CVE/list Log: new kpdf/xpdf/poppler/... issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-16 23:00:28 UTC (rev 13580) +++ data/CVE/list 2009-12-16 23:23:44 UTC (rev 13581) @@ -829,8 +829,16 @@ NOT-FOR-US: FrontAccounting CVE-2009-4036 RESERVED -CVE-2009-4035 +CVE-2009-4035 [FoFiType1::parse() integer underflow in xpdf/fofi/FoFiType1.cc] RESERVED + - kpdf <unfixed> + - xpdf 3.01-1 + - poppler 0.5.1-1 + TODO: check + NOTE: was silently fixed by upstream xpdf, fix propagated to poppler in 4b4fc5c017b/2005-09-14 + NOTE: but at least version 0.4.5 does *not* contain the ship. + NOTE: Was fixed somewhere between 0.4.5 and 0.5.1 + NOTE: swftools probably not affected CVE-2009-4034 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before ...) - postgresql-7.4 <removed> - postgresql-8.1 <removed>