Giuseppe Iuculano
2009-May-15 08:17 UTC
[Secure-testing-commits] r11898 - in data: CVE DSA
Author: derevko-guest
Date: 2009-05-15 08:17:12 +0000 (Fri, 15 May 2009)
New Revision: 11898
Modified:
data/CVE/list
data/DSA/list
Log:
NFUs
CVE-2009-0195 already covered by DSA-1790-1
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-05-14 21:14:11 UTC (rev 11897)
+++ data/CVE/list 2009-05-15 08:17:12 UTC (rev 11898)
@@ -3,33 +3,33 @@
CVE-2009-1628
RESERVED
CVE-2009-1627 (Stack-based buffer overflow in Streaming Download Project (SDP)
...)
- TODO: check
+ NOT-FOR-US: Streaming Download Project (SDP)
CVE-2009-1626 (SQL injection vulnerability in public/specific.php in EZ-Blog
before ...)
- TODO: check
+ NOT-FOR-US: EZ-Blog
CVE-2009-1625 (Directory traversal vulnerability in index.php in Thickbox
Gallery 2 ...)
- TODO: check
+ NOT-FOR-US: Thickbox Gallery 2
CVE-2009-1624 (Directory traversal vulnerability in index.php in
Dew-NewPHPLinks 2.0 ...)
- TODO: check
+ NOT-FOR-US: Dew-NewPHPLinks 2.0
CVE-2009-1623 (Cross-site scripting (XSS) vulnerability in index.php in ...)
- TODO: check
+ NOT-FOR-US: Dew-NewPHPLinks 2.0
CVE-2009-1622 (SQL injection vulnerability in user.php in EcShop 2.5.0 allows
remote ...)
- TODO: check
+ NOT-FOR-US: EcShop 2.5.0
CVE-2009-1621 (Directory traversal vulnerability in index.php in OpenCart 1.1.8
...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2009-1620 (Multiple cross-site scripting (XSS) vulnerabilities in input.php
in ...)
- TODO: check
+ NOT-FOR-US: MataChat
CVE-2009-1619 (Teraway FileStream 1.0 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Teraway FileStream
CVE-2009-1618 (Teraway LiveHelp 2.0 allows remote attackers to bypass
authentication ...)
- TODO: check
+ NOT-FOR-US: Teraway LiveHelp
CVE-2009-1617 (Teraway LinkTracker 1.0 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Teraway LinkTracker
CVE-2008-6808 (SQL injection vulnerability in links.php in Scripts for Sites
(SFS) EZ ...)
- TODO: check
+ NOT-FOR-US: SFS Link Directory
CVE-2008-6807 (PHP remote file inclusion vulnerability in ListRecords.php in
osprey ...)
- TODO: check
+ NOT-FOR-US: osprey
CVE-2008-6806 (Unrestricted file upload vulnerability in
includes/imageupload.php in ...)
- TODO: check
+ NOT-FOR-US: 7Shop
CVE-2009-1616 (Cross-site scripting (XSS) vulnerability in docs/showdoc.php in
...)
NOT-FOR-US: Coppermine Photo Gallery
CVE-2009-1615 (Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows
remote ...)
@@ -1766,7 +1766,7 @@
CVE-2009-1138
RESERVED
CVE-2009-1137 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-1136
RESERVED
CVE-2009-1135
@@ -1778,13 +1778,13 @@
CVE-2009-1132
RESERVED
CVE-2009-1131 (Multiple stack-based buffer overflows in Microsoft Office
PowerPoint ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-1130 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002
SP3 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-1129 (Multiple stack-based buffer overflows in the PowerPoint 95
importer ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-1128 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-1127
RESERVED
CVE-2009-1126
@@ -5324,21 +5324,21 @@
CVE-2009-0228
RESERVED
CVE-2009-0227 (Stack-based buffer overflow in the PowerPoint 4.2 conversion
filter ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0226 (Stack-based buffer overflow in the PowerPoint 4.2 conversion
filter in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0225 (Microsoft Office PowerPoint 2002 SP3 allows remote attackers to
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0224 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and
2007 SP1 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0223 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0222 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0221 (Integer overflow in Microsoft Office PowerPoint 2002 SP3 and
2003 SP3 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0220 (Multiple stack-based buffer overflows in the PowerPoint 4.0
importer ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0219 (The PDF distiller in the Attachment Service in Research in
Motion ...)
NOT-FOR-US: BlackBerry
CVE-2009-0218 (Insecure method vulnerability in Particle Software IntraLaunch
...)
@@ -5389,7 +5389,8 @@
{DTSA-198-1}
- ghostscript 8.64~dfsg-1.1 (medium; bug #524803)
CVE-2009-0195 (Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS
1.3.9, ...)
- TODO: check
+ - xpdf <unfixed> (medium; bug #524809)
+ TODO: check poppler cups kdegraphics swftools
CVE-2009-0194 (The domain-locking implementation in the ...)
NOT-FOR-US: Garmin Communicator Plug-In
CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1,
8 ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2009-05-14 21:14:11 UTC (rev 11897)
+++ data/DSA/list 2009-05-15 08:17:12 UTC (rev 11898)
@@ -32,7 +32,7 @@
{CVE-2009-1482}
[lenny] - moin 1.7.1-3+lenny2
[05 May 2009] DSA-1790-1 xpdf - multiple vulnerabilities
- {CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799
CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182
CVE-2009-1183}
+ {CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799
CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182
CVE-2009-1183 CVE-2009-0195}
[etch] - xpdf 3.01-9.1+etch6
[lenny] - xpdf 3.02-1.4+lenny1
[04 May 2009] DSA-1789-1 php5 - several vulnerabilities
Michael S. Gilbert
2009-May-15 17:09 UTC
[Secure-testing-commits] r11898 - in data: CVE DSA
On Fri, 15 May 2009 08:17:12 +0000, Giuseppe Iuculano wrote:> Author: derevko-guest > Date: 2009-05-15 08:17:12 +0000 (Fri, 15 May 2009) > New Revision: 11898 > > Modified: > data/CVE/list > data/DSA/list > Log: > NFUs > CVE-2009-0195 already covered by DSA-1790-1i''ve checked the code for xpdf 3.02-1.4+lenny1, and found that the patch for CVE-2009-0195 has actually not yet been applied. can you double-check this and revert this commit if you agree? thanks. mike
Giuseppe Iuculano
2009-May-15 18:26 UTC
[Secure-testing-commits] r11898 - in data: CVE DSA
Michael S. Gilbert ha scritto:> i''ve checked the code for xpdf 3.02-1.4+lenny1, and found that the > patch for CVE-2009-0195 has actually not yet been applied. can you > double-check this and revert this commit if you agree? thanks.Please explain. I''ve backported all checks in JBIG2 symbol dictionary added in upstream xpdf-3.02pl3.patch. What is the patch not yet been applied? Cheers, Giuseppe. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20090515/db382390/attachment.pgp>
Michael S. Gilbert
2009-May-15 18:56 UTC
[Secure-testing-commits] r11898 - in data: CVE DSA
On Fri, 15 May 2009 20:26:01 +0200, Giuseppe Iuculano wrote:> Michael S. Gilbert ha scritto: > > i''ve checked the code for xpdf 3.02-1.4+lenny1, and found that the > > patch for CVE-2009-0195 has actually not yet been applied. can you > > double-check this and revert this commit if you agree? thanks. > > Please explain. I''ve backported all checks in JBIG2 symbol dictionary added in > upstream xpdf-3.02pl3.patch. What is the patch not yet been applied?like i said, i checked xpdf 3.02-1.4+lenny1 (the version that was uploaded in DSA-1790), and the changes in xpdf-3.02pl3.patch are indeed not applied. for example if the patch set were applied, then line 425 of xpdf/JBIG2Stream.cc should say: if (table[0].rangeLen != jbig2HuffmanEOT) { but it does not. it says: i = 0; which is what the diff says that the code should look like before the patch set were applied. i see that these changes were made in your debdiff, but it doesn''t look like they got rolled into the version that got uploaded... mike
Giuseppe Iuculano
2009-May-15 19:57 UTC
[Secure-testing-commits] r11898 - in data: CVE DSA
Michael S. Gilbert ha scritto:> like i said, i checked xpdf 3.02-1.4+lenny1 (the version that was > uploaded in DSA-1790), and the changes in xpdf-3.02pl3.patch are > indeed not applied. > > for example if the patch set were applied, then line 425 of > xpdf/JBIG2Stream.cc should say: > > if (table[0].rangeLen != jbig2HuffmanEOT) { > > but it does not. it says: > > i = 0;xpdf patches are handled by dpatch, after a "dpatch apply-all" I got the correct line in your example. (41_lesstif_cpp.dpatch fails in sid, see #528807) Cheers, Giuseppe. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20090515/436ccb34/attachment.pgp>
Michael S. Gilbert
2009-May-15 20:16 UTC
[Secure-testing-commits] r11898 - in data: CVE DSA
On Fri, 15 May 2009 21:57:10 +0200, Giuseppe Iuculano wrote:> xpdf patches are handled by dpatch, after a "dpatch apply-all" I got the correct > line in your example. (41_lesstif_cpp.dpatch fails in sid, see #528807)ok, yes, i agree now that the patches are indeed applied.