Author: jmm-guest Date: 2007-01-15 21:41:57 +0100 (Mon, 15 Jan 2007) New Revision: 5266 Modified: data/CVE/list Log: new kernel issue fixed in Etch xpdf non-issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-15 17:21:56 UTC (rev 5265) +++ data/CVE/list 2007-01-15 20:41:57 UTC (rev 5266) @@ -243,9 +243,17 @@ CVE-2007-0105 (Stack-based buffer overflow in the CSAdmin service in Cisco Secure ...) NOT-FOR-US: Cisco CVE-2007-0104 (The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, ...) - TODO: check + - kdegraphics <unfixed> (unimportant) + - koffice <unfixed> (unimportant) + NOTE: hardly a security issue; if someone sends someone a crafted PDF file triggering + NOTE: such an endless loop the user will simply abort kpdf and never look at + NOTE: that file again, this is only denial of service by a _very_ far stretch + NOTE: of imagination. I suppose KDE Security only issued an update for it + NOTE: because the shared underlying code was part of the Month of Apple Bugs + NOTE: and they wanted to debunk claims of code injection. + TODO: Check the other usual suspects CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat ...) - TODO: check + NOT-FOR-US: Acrobat Reader CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X ...) TODO: check CVE-2007-0101 (Cross-site request forgery (CSRF) vulnerability in SPINE allows remote ...) @@ -3053,7 +3061,7 @@ CVE-2006-5756 RESERVED CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does not ...) - TODO: check + - linux-2.6 2.6.18-1 CVE-2006-5754 RESERVED CVE-2006-5753