nion at alioth.debian.org
2008-Jul-07 15:36 UTC
[Secure-testing-commits] r9252 - in data: CVE DTSA
Author: nion
Date: 2008-07-07 15:36:44 +0000 (Mon, 07 Jul 2008)
New Revision: 9252
Modified:
data/CVE/list
data/DTSA/list
Log:
new issue: poppler (CVE-2008-2950), xpdf not-affected
lenny fixed in poppler 0.8.2-2+lenny1 (DTSA-146-1)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-07-07 11:41:51 UTC (rev 9251)
+++ data/CVE/list 2008-07-07 15:36:44 UTC (rev 9252)
@@ -1,3 +1,6 @@
+CVE-2008-2950 [poppler unitinialized pointer leading to code execution]
+ - poppler <unfixed> (medium; bug #489756)
+ - xpdf <not-affected> (Page.cc is not allocating the widget and
therefore not vulnerable in the destructor, attrs initialized)
CVE-2008-2927 [integer overflow in MSN protocol handler involing SLP messages]
- pidgin 2.4.3-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=453764
Modified: data/DTSA/list
==================================================================---
data/DTSA/list 2008-07-07 11:41:51 UTC (rev 9251)
+++ data/DTSA/list 2008-07-07 15:36:44 UTC (rev 9252)
@@ -423,3 +423,6 @@
[July 5th, 2008] DTSA-145-1 pcre3 - heap-based buffer overflow
{CVE-2008-2371}
[lenny] - pcre3 7.4-1+lenny2
+[July 7th, 2008] DTSA-146-1 poppler - arbitrary code execution
+ {CVE-2008-2950}
+ [lenny] - poppler 0.8.2-2+lenny1