Author: geissert Date: 2009-10-27 07:13:16 +0000 (Tue, 27 Oct 2009) New Revision: 13104 Modified: data/CVE/list Log: libgd2 issue reported, still waiting for the BTS new issue on, at least, ghostscript and xpdf based on Adobe PoC Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-27 06:27:46 UTC (rev 13103) +++ data/CVE/list 2009-10-27 07:13:16 UTC (rev 13104) @@ -1,3 +1,7 @@ +CVE-2009-XXXX [NULL dereferences, similar to Adobe''s CVE-2009-0658] + - ghostscript <unfixed> + - xpdf <unfixed> + TODO: check poppler and friends, file bugs CVE-2009-XXXX [multiple vulnerabilities in acidbase; XSS + possible sql injection] - acidbase <unfixed> (bug #552235) CVE-2009-XXXX [multiple vulnerabilities in jetty] @@ -561,7 +565,7 @@ CVE-2009-3547 RESERVED CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the ...) - - libgd2 <unfixed> (medium) + - libgd2 <unfixed> (medium; bug filed) - php5 <not-affected> (the php packages use the system libgd2) NOTE: http://svn.php.net/viewvc?view=revision&revision=289557 NOTE: <20091015173822.084de220 at redhat.com> in OSS-sec