Author: nion Date: 2007-11-08 17:42:33 +0000 (Thu, 08 Nov 2007) New Revision: 7243 Modified: data/CVE/list Log: new issues: CVE-2007-5393, CVE-2007-5392, CVE-2007-4352 the usual xpdf/poppler candidates need to be fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-11-08 15:55:53 UTC (rev 7242) +++ data/CVE/list 2007-11-08 17:42:33 UTC (rev 7243) @@ -1706,10 +1706,38 @@ RESERVED CVE-2007-5394 RESERVED -CVE-2007-5393 +CVE-2007-5393 [xpdf buffer overflow in CCITTFaxStream::lookChar()] RESERVED -CVE-2007-5392 + - poppler <unfixed> (medium; bug #450628) + - kdegraphics <unfixed> (medium; bug #450630) + - xpdf <unfixed> (medium; bug #450629) + - koffice <unfixed> (medium; bug #450631) + - libextractor 0.5.9-1 + - cupsys 1.1.22-7 + - gpdf <removed> + - pdftohtml <removed> + - tetex-bin 3.0-12 + NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed + - cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code) + NOTE: cups uses xpdf-utils and poppler-utils + - libextractor 0.5.12-1 + NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed +CVE-2007-5392 [xpdf buffer overflow in DCTStream::reset()] RESERVED + - poppler <unfixed> (medium; bug #450628) + - kdegraphics <unfixed> (medium; bug #450630) + - xpdf <unfixed> (medium; bug #450629) + - koffice <unfixed> (medium; bug #450631) + - libextractor 0.5.9-1 + - cupsys 1.1.22-7 + - gpdf <removed> + - pdftohtml <removed> + - tetex-bin 3.0-12 + NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed + - cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code) + NOTE: cups uses xpdf-utils and poppler-utils + - libextractor 0.5.12-1 + NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed CVE-2003-1357 (ProxyView has a default administrator password of Administrator for ...) NOT-FOR-US: ProxyView CVE-2003-1356 (The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 ...) @@ -4382,8 +4410,22 @@ NOT-FOR-US: AIX CVE-2007-4353 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in ...) NOT-FOR-US: AIX -CVE-2007-4352 +CVE-2007-4352 [xpdf memory corruption in DCTStream::readProgressiveDataUnit()] RESERVED + - poppler <unfixed> (medium; bug #450628) + - kdegraphics <unfixed> (medium; bug #450630) + - xpdf <unfixed> (medium; bug #450629) + - koffice <unfixed> (medium; bug #450631) + - libextractor 0.5.9-1 + - cupsys 1.1.22-7 + - gpdf <removed> + - pdftohtml <removed> + - tetex-bin 3.0-12 + NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed + - cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code) + NOTE: cups uses xpdf-utils and poppler-utils + - libextractor 0.5.12-1 + NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed CVE-2007-4351 (Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 ...) - cupsys 1.3.4-1 (medium; bug #448866) CVE-2007-4350