Author: derevko-guest Date: 2009-10-26 12:12:29 +0000 (Mon, 26 Oct 2009) New Revision: 13095 Modified: data/CVE/list Log: - xpdf issues - CVE-2008-6059: webkit in linux needs libsoup for cookie support - CVE-2008-1845: next point update: [etch] - mksh 28.0-3 Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-25 21:14:24 UTC (rev 13094) +++ data/CVE/list 2009-10-26 12:12:29 UTC (rev 13095) @@ -123,11 +123,6 @@ RESERVED CVE-2009-3700 RESERVED -CVE-2009-XXXX [xpdf: integer overflow and null ptr dereference vulnerability] - - xpdf <unfixed> (medium; bug #551287) - - poppler <unfixed> (medium; bug #551289) - - kdegraphics <unfixed> (medium; bug #551290) - - swftools <unfixed> (medium; bug #551291) CVE-2009-3699 (Stack-based buffer overflow in libcsa.a (aka the calendar daemon ...) NOT-FOR-US: IBM AIX CVE-2009-3698 (An unspecified function in the Dalvik API in Android 1.5 and earlier ...) @@ -352,19 +347,35 @@ RESERVED - backintime 0.9.26-3 (bug #543785) CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in Stream.cc ...) - TODO: check + - xpdf <unfixed> (medium; bug #551287) + - poppler <unfixed> (medium; bug #551289) + - kdegraphics <unfixed> (medium; bug #551290) + - swftools <unfixed> (medium; bug #551291) CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...) - TODO: check + - xpdf <unfixed> (medium; bug #551287) + - poppler <unfixed> (medium; bug #551289) + - kdegraphics <unfixed> (medium; bug #551290) + - swftools <unfixed> (medium; bug #551291) CVE-2009-3607 (Integer overflow in the create_surface_from_thumbnail_data function in ...) - TODO: check + - poppler <unfixed> (medium; bug #551289) CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf ...) - TODO: check + - xpdf <unfixed> (medium; bug #551287) + - poppler <unfixed> (medium; bug #551289) + - kdegraphics <unfixed> (medium; bug #551290) + - swftools <unfixed> (medium; bug #551291) CVE-2009-3605 RESERVED + - poppler <unfixed> (medium; bug #551289) CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...) - TODO: check + - xpdf <unfixed> (medium; bug #551287) + - poppler <unfixed> (medium; bug #551289) + - kdegraphics <unfixed> (medium; bug #551290) + - swftools <unfixed> (medium; bug #551291) CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf ...) - TODO: check + - xpdf <unfixed> (medium; bug #551287) + - poppler <unfixed> (medium; bug #551289) + - kdegraphics <unfixed> (medium; bug #551290) + - swftools <unfixed> (medium; bug #551291) CVE-2009-3591 (Dopewars 1.5.12 allows remote attackers to cause a denial of service ...) - dopewars <unfixed> (low; bug #550913) [etch] - dopewars <no-dsa> (negligible issue) @@ -11032,7 +11043,8 @@ CVE-2008-6060 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...) NOT-FOR-US: InfoSoft FusionCharts CVE-2008-6059 (xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not ...) - - webkit <unfixed> (bug #516555; low) + - webkit <not-affected> (bug #516555; low) + NOTE: webkit in linux needs libsoup for cookie support CVE-2008-6058 (Syslserve 1.058 and earlier, and probably 1.059, allows remote ...) NOT-FOR-US: Syslserve CVE-2008-6057 (Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under ...) @@ -22237,6 +22249,7 @@ CVE-2008-1845 (The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not ...) - mksh 33.4-1 (low) [etch] - mksh <no-dsa> (Minor issue) + TODO: next point update: [etch] - mksh 28.0-3 CVE-2008-1844 (SQL injection vulnerability in cat.php in W2B phpHotResources allows ...) NOT-FOR-US: W2B phpHotResources CVE-2008-1843 (SQL injection vulnerability in browse.php in W2B DatingClub (aka ...)