Author: jmm
Date: 2012-01-24 17:13:33 +0000 (Tue, 24 Jan 2012)
New Revision: 18276
Modified:
data/CVE/list
Log:
wireshark updates
fix syntax
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-01-24 17:01:37 UTC (rev 18275)
+++ data/CVE/list 2012-01-24 17:13:33 UTC (rev 18276)
@@ -2689,12 +2689,19 @@
CVE-2012-0068 [heap-buffer underflow when parsing LANalyzer packet]
RESERVED
- wireshark 1.6.5-1
+ NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670
CVE-2012-0067 [DoS due to integer overflow in IPTrace capture format]
RESERVED
- - wireshark 1.6.5-1
+ - wireshark 1.6.5-1 (unimportant)
+ NOTE: Not suitable for code injection
+ NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668
CVE-2012-0066 [DoS via large buffer allocation request]
RESERVED
- - wireshark 1.6.5-1
+ - wireshark 1.6.5-1 (unimportant)
+ NOTE: Not suitable for code injection
+ NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666
+ NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667
+ NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669
CVE-2012-0065
RESERVED
- usbmuxd 1.0.7-2 (medium; bug #656581)
@@ -2779,10 +2786,11 @@
RESERVED
- wireshark 1.6.5-1 (unimportant)
NOTE: Not suitable for code injection
-CVE-2012-0041 [wireshark file parser issues]
+CVE-2012-0041 [typecast DoS]
RESERVED
- wireshark 1.6.5-1 (unimportant)
- NOTE: Only triggerable with social engineering
+ NOTE: Not suitable for code injection
+ NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663
CVE-2012-0040 [simpleSAMLphp cross site scripting]
RESERVED
{DSA-2387-1}
@@ -11983,7 +11991,7 @@
CVE-2010-4778 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
TODO: check
CVE-2011-1554 (Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf
before ...)
- {DSA-2388-2 DSA-2388-1}
+ {DSA-2388-1}
- t1lib 5.1.2-3.5
[lenny] - t1lib 5.1.2-3+lenny1
[squeeze] - t1lib 5.1.2-3+squeeze1
@@ -11991,7 +11999,7 @@
- xpdf 3.02-9
- poppler <not-affected> (never used t1lib)
CVE-2011-1553 (Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used
in ...)
- {DSA-2388-2 DSA-2388-1}
+ {DSA-2388-1}
- t1lib 5.1.2-3.5
[lenny] - t1lib 5.1.2-3+lenny1
[squeeze] - t1lib 5.1.2-3+squeeze1
@@ -11999,7 +12007,7 @@
- xpdf 3.02-9
- poppler <not-affected> (never used t1lib)
CVE-2011-1552 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and
other ...)
- {DSA-2388-2 DSA-2388-1}
+ {DSA-2388-1}
- t1lib 5.1.2-3.5
[lenny] - t1lib 5.1.2-3+lenny1
[squeeze] - t1lib 5.1.2-3+squeeze1
@@ -14427,7 +14435,7 @@
CVE-2011-0765 (Unspecified vulnerability in lft in pWhois Layer Four Traceroute
(LFT) ...)
NOT-FOR-US: pWhois Layer Four Traceroute
CVE-2011-0764 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and
other ...)
- {DSA-2388-2 DSA-2388-1}
+ {DSA-2388-1}
- xpdf 3.02-9
- poppler <not-affected> (never used t1lib)
- t1lib 5.1.2-3.3
@@ -15372,7 +15380,7 @@
- dtc 0.32.10-1
CVE-2011-0433 [linetoken() buffer overflow]
RESERVED
- {DSA-2388-2 DSA-2388-1}
+ {DSA-2388-1}
- evince 2.32.0-1 (bug #614668)
- vftool 2.0alpha-4.1 (low; bug #614669)
[squeeze] - vftool 2.0alpha-4+squeeze1
@@ -22398,7 +22406,7 @@
{DSA-2357-1}
- evince 2.30.3-2 (bug #609534)
CVE-2010-2642 (Heap-based buffer overflow in the AFM font parser in the
dvi-backend ...)
- {DSA-2388-2 DSA-2388-1 DSA-2357-1}
+ {DSA-2388-1 DSA-2357-1}
- evince 3.0.2-1 (bug #609534)
[squeeze] - evince 2.30.3-2+squeeze1
- t1lib 5.1.2-3.5