Author: joeyh
Date: 2009-10-22 21:15:24 +0000 (Thu, 22 Oct 2009)
New Revision: 13068
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-10-22 18:40:18 UTC (rev 13067)
+++ data/CVE/list 2009-10-22 21:15:24 UTC (rev 13068)
@@ -274,20 +274,20 @@
CVE-2009-3611 [backintime information disclosure]
RESERVED
- backintime 0.9.26-3 (bug #543785)
-CVE-2009-3609
- RESERVED
-CVE-2009-3608
- RESERVED
-CVE-2009-3607
- RESERVED
-CVE-2009-3606
- RESERVED
+CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in
Stream.cc ...)
+ TODO: check
+CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in
XRef.cc ...)
+ TODO: check
+CVE-2009-3607 (Integer overflow in the create_surface_from_thumbnail_data
function in ...)
+ TODO: check
+CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in
Xpdf ...)
+ TODO: check
CVE-2009-3605
RESERVED
-CVE-2009-3604
- RESERVED
-CVE-2009-3603
- RESERVED
+CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x
before ...)
+ TODO: check
+CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in
Xpdf ...)
+ TODO: check
CVE-2009-3591 (Dopewars 1.5.12 allows remote attackers to cause a denial of
service ...)
- dopewars <unfixed> (low; bug #550913)
[etch] - dopewars <no-dsa> (negligible issue)
@@ -4541,6 +4541,7 @@
NOT-FOR-US: OXID eShop
CVE-2009-2281 [Heap-based buffer underflow in the readPostBody function in
cgiutil.c ...]
RESERVED
+ {DSA-1914-1}
- mapserver 5.4.2-1 (medium; bug #535340)
NOTE: http://www.openwall.com/lists/oss-security/2009/06/22/2
CVE-2009-2265 (Multiple directory traversal vulnerabilities in FCKeditor before
...)
@@ -7893,7 +7894,7 @@
- dbus 1.2.14-1 (high; bug #532720)
NOTE: remote signature spoofing possible, and this was supposed to be
NOTE: originally fixed with the updates for CVE-2008-3834
-CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in Poppler before
...)
+CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in the ...)
- poppler 0.10.6-1 (medium; bug #524806)
[etch] - poppler <not-affected> (SplashBitmap code not present)
CVE-2009-1187 (Integer overflow in the JBIG2 decoding feature in Poppler before
...)
@@ -9013,18 +9014,23 @@
- krb5 1.6.dfsg.4~beta1-13
[etch] - krb5 <not-affected> (Vulnerable code was introduced in 1.5)
CVE-2009-0843 (The msLoadQuery function in mapserv in MapServer 4.x before
4.10.4 and ...)
+ {DSA-1914-1}
- mapserver 5.2.2-1 (unimportant; bug #523027)
NOTE: this can only probe for files that are not present, useless when not
NOTE: in combination with another attack
CVE-2009-0842 (mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2
allows ...)
+ {DSA-1914-1}
- mapserver 5.2.2-1 (low; bug #523027)
CVE-2009-0841 (Directory traversal vulnerability in mapserv.c in mapserv in
MapServer ...)
+ {DSA-1914-1}
- mapserver 5.2.2-1 (unimportant; bug #523027)
NOTE: this doesn''t work under linux as the root from the directory
traversal needs to exist
CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in
cgiutil.c ...)
+ {DSA-1914-1}
- mapserver 5.4.2-1 (medium; bug #523027)
NOTE: Initial fix was incomplete
CVE-2009-0839 (Stack-based buffer overflow in mapserv.c in mapserv in MapServer
4.x ...)
+ {DSA-1914-1}
- mapserver 5.2.2-1 (medium; bug #523027)
CVE-2009-0838 (The crypto pseudo device driver in Sun Solaris 10, and
OpenSolaris ...)
NOT-FOR-US: Solaris
@@ -9267,7 +9273,7 @@
{DTSA-198-1}
- argyll 1.0.3-3 (medium; bug #523472; bug #524802)
- ghostscript 8.64~dfsg-1.1 (medium; bug #524915)
-CVE-2009-0791 (Multiple integer overflows in the pdftops filter in CUPS 1.1.17,
...)
+CVE-2009-0791 (Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x,
as ...)
- cupsys <removed> (medium; bug #535488)
- cups 1.3.10-1 (medium; bug #535489)
[etch] - cupsys <not-affected> (pdftops source included, but not built)