Moritz Muehlenhoff
2009-Dec-01 22:08 UTC
[Secure-testing-commits] r13418 - in data: . CVE DSA
Author: jmm-guest
Date: 2009-12-01 22:08:31 +0000 (Tue, 01 Dec 2009)
New Revision: 13418
Modified:
data/CVE/list
data/DSA/list
data/embedded-code-copies
Log:
- exaile patch was broken, update fixed version
- fix CVE ID in wireshark DSA
- update gforge code copies
- mark kdegraphics 4 as fixed, since okular links dynamically against poppler
- mysql-ocaml, fwbuilder fixed
- xerces buglet won''t be fixed
- track fwbuilder by source package name
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-12-01 21:57:22 UTC (rev 13417)
+++ data/CVE/list 2009-12-01 22:08:31 UTC (rev 13418)
@@ -1333,13 +1333,13 @@
{DSA-1941-1}
- xpdf <unfixed> (medium; bug #551287)
- poppler 0.12.2-1 (medium; bug #551289)
- - kdegraphics <unfixed> (medium; bug #551290)
+ - kdegraphics 4:4.0 (medium; bug #551290)
- swftools <unfixed> (medium; bug #551291)
CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in
XRef.cc ...)
{DSA-1941-1}
- xpdf <unfixed> (medium; bug #551287)
- poppler 0.12.2-1 (medium; bug #551289)
- - kdegraphics <unfixed> (medium; bug #551290)
+ - kdegraphics 4:4.0 (medium; bug #551290)
- swftools <unfixed> (medium; bug #551291)
CVE-2009-3607 (Integer overflow in the create_surface_from_thumbnail_data
function in ...)
{DSA-1941-1}
@@ -1348,7 +1348,7 @@
{DSA-1941-1}
- xpdf <unfixed> (medium; bug #551287)
- poppler 0.12.2-1 (medium; bug #551289)
- - kdegraphics <unfixed> (medium; bug #551290)
+ - kdegraphics 4:4.0 (medium; bug #551290)
- swftools <unfixed> (medium; bug #551291)
CVE-2009-3605 (Multiple integer overflows in Poppler 0.10.5 and earlier allow
remote ...)
{DSA-1941-1}
@@ -1357,13 +1357,13 @@
{DSA-1941-1}
- xpdf <unfixed> (medium; bug #551287)
- poppler 0.12.2-1 (medium; bug #551289)
- - kdegraphics <unfixed> (medium; bug #551290)
+ - kdegraphics 4:4.0 (medium; bug #551290)
- swftools <unfixed> (medium; bug #551291)
CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in
Xpdf ...)
{DSA-1941-1}
- xpdf <unfixed> (medium; bug #551287)
- poppler 0.12.2-1 (medium; bug #551289)
- - kdegraphics <unfixed> (medium; bug #551290)
+ - kdegraphics 4:4.0 (medium; bug #551290)
- swftools <unfixed> (medium; bug #551291)
CVE-2009-3591 (Dopewars 1.5.12 allows remote attackers to cause a denial of
service ...)
- dopewars 1.5.12-9 (low; bug #550913)
@@ -1793,10 +1793,10 @@
NOT-FOR-US: Sun OpenSolaris xscreensaver
CVE-2009-3431 (Stack consumption vulnerability in Adobe Reader and Acrobat
9.1.3, ...)
NOT-FOR-US: Adobe Acrobat
-CVE-2009-XXXX [libfwbuilder insecure temp file usage]
- - libfwbuilder <unfixed> (low)
- [lenny] - libfwbuilder <not-affected> (Introduced in 3.0.4)
- [etch] - libfwbuilder <not-affected> (Introduced in 3.0.4)
+CVE-2009-XXXX [fwbuilder insecure temp file usage]
+ - fwbuilder 3.0.7-1 (low; bug #547390)
+ [lenny] - fwbuilder <not-affected> (Introduced in 3.0.4)
+ [etch] - fwbuilder <not-affected> (Introduced in 3.0.4)
CVE-2009-3892 (Cross-site scripting (XSS) vulnerability in Best Practical
Solutions ...)
- request-tracker3.8 3.8.5-1 (bug #546829)
- request-tracker3.6 3.6.9-1 (bug #546778)
@@ -2504,7 +2504,7 @@
[lenny] - qwik <no-dsa> (minor issue)
- wordpress 2.5.0-2 (low; bug #555242)
[etch] - wordpress <not-affected> (prototype.js not present)
- - exaile 0.2.14+debian-2.1 (low; bug #555244)
+ - exaile 0.2.14+debian-2.2 (low; bug #555244)
[lenny] - exaile <no-dsa> (minor issue)
- hobix 0.5~svn20070319-4 (low; bug #555246)
[lenny] - hobix <no-dsa> (minor issue)
@@ -3497,7 +3497,7 @@
- postgresql-ocaml 1.12.1-1 (low)
CVE-2009-2942 (The mysql-ocaml bindings 1.0.4 for MySQL do not properly support
the ...)
{DSA-1910-1}
- - mysql-ocaml <unfixed> (low)
+ - mysql-ocaml 1.0.4-7 (low)
CVE-2009-2941 [pgtcl: missing escape function]
RESERVED
- pgtcl <unfixed> (low)
@@ -9138,7 +9138,7 @@
[lenny] - poppler 0.8.7-2
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- - kdegraphics 4.0-1 (medium; bug #524810)
+ - kdegraphics 4:4.0 (medium; bug #524810)
- swftools <unfixed> (medium; bug #527449)
CVE-2009-1182 (Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf
3.02pl2 and ...)
{DSA-1793-1 DSA-1790-1}
@@ -9146,7 +9146,7 @@
[lenny] - poppler 0.8.7-2
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- - kdegraphics 4.0-1 (medium; bug #524810)
+ - kdegraphics 4:4.0-1 (medium; bug #524810)
- swftools <unfixed> (medium; bug #527449)
CVE-2009-1181 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
earlier, ...)
{DSA-1793-1 DSA-1790-1}
@@ -9154,7 +9154,7 @@
[lenny] - poppler 0.8.7-2
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- - kdegraphics 4.0-1 (medium; bug #524810)
+ - kdegraphics 4:4.0-1 (medium; bug #524810)
- swftools <unfixed> (medium; bug #527449)
CVE-2009-1180 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
earlier, ...)
{DSA-1793-1 DSA-1790-1}
@@ -9162,7 +9162,7 @@
[lenny] - poppler 0.8.7-2
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- - kdegraphics 4.0-1 (medium; bug #524810)
+ - kdegraphics 4:4.0-1 (medium; bug #524810)
- swftools <unfixed> (medium; bug #527449)
CVE-2009-1179 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, ...)
{DSA-1793-1 DSA-1790-1}
@@ -9170,7 +9170,7 @@
[lenny] - poppler 0.8.7-2
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- - kdegraphics 4.0-1 (medium; bug #524810)
+ - kdegraphics 4:4.0-1 (medium; bug #524810)
- swftools <unfixed> (medium; bug #527449)
CVE-2009-1178 (Unspecified vulnerability in the server in IBM Tivoli Storage
Manager ...)
NOT-FOR-US: Tivoli
@@ -10467,7 +10467,7 @@
[lenny] - poppler 0.8.7-2
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- - kdegraphics 4.0 (medium; bug #524810)
+ - kdegraphics 4:4.0 (medium; bug #524810)
- swftools <unfixed> (medium; bug #527449)
CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
earlier, ...)
{DSA-1793-1 DSA-1790-1}
@@ -10475,7 +10475,7 @@
[lenny] - poppler 0.8.7-2
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- - kdegraphics 4.0 (medium; bug #524810)
+ - kdegraphics 4:4.0 (medium; bug #524810)
- swftools <unfixed> (medium; bug #527449)
CVE-2009-0798 (ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers
to ...)
{DSA-1786-1}
@@ -13133,7 +13133,7 @@
- cups <not-affected> (Uses poppler''s pdftops)
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- - kdegraphics <unfixed> (medium; bug #524810)
+ - kdegraphics 4:4.0 (medium; bug #524810)
- swftools <unfixed> (medium; bug #527449)
CVE-2009-0165 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, as ...)
{DSA-1793-1 DSA-1790-1}
@@ -13189,7 +13189,7 @@
- cups <not-affected> (Uses poppler''s pdftops)
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- - kdegraphics <unfixed> (medium; bug #524810)
+ - kdegraphics 4:4.0 (medium; bug #524810)
- swftools <unfixed> (medium; bug #527449)
CVE-2009-0146 (Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and ...)
{DSA-1793-1 DSA-1790-1}
@@ -13198,7 +13198,7 @@
- cups <not-affected> (Uses poppler''s pdftops)
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- - kdegraphics <unfixed> (medium; bug #524810)
+ - kdegraphics 4:4.0 (medium; bug #524810)
- swftools <unfixed> (medium; bug #527449)
CVE-2009-0145 (CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7,
iPhone ...)
NOT-FOR-US: CoreGraphics in Apple Mac OS X
@@ -16952,8 +16952,8 @@
CVE-2008-4503 (The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier
...)
NOT-FOR-US: Adobe Flash Player
CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows
context-dependent ...)
- - xerces-c2 <unfixed> (low; bug #502102)
- [lenny] - xerces-c2 <no-dsa> (Minor issue, too intrusive to backport)
+ - xerces-c2 <unfixed> (unimportant; bug #502102)
+ NOTE: Hardly a security issue, anyone who''s concerned about this
should use Xerces 3
CVE-2008-4480 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x
...)
NOT-FOR-US: Novell eDirectory
CVE-2008-4479 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8
...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2009-12-01 21:57:22 UTC (rev 13417)
+++ data/DSA/list 2009-12-01 22:08:31 UTC (rev 13418)
@@ -1,5 +1,5 @@
[29 Nov 2009] DSA-1942-1 wireshark - several vulnerabilities
- {CVE-2008-1829 CVE-2009-1268 CVE-2009-2560 CVE-2009-2562 CVE-2009-3241
CVE-2009-3550 CVE-2009-3829}
+ {CVE-2009-1829 CVE-2009-1268 CVE-2009-2560 CVE-2009-2562 CVE-2009-3241
CVE-2009-3550 CVE-2009-3829}
[etch] - wireshark 0.99.4-5.etch.4
[lenny] - wireshark 1.0.2-3+lenny7
[25 Nov 2009] DSA-1941-1 poppler - several vulnerabilities
Modified: data/embedded-code-copies
==================================================================---
data/embedded-code-copies 2009-12-01 21:57:22 UTC (rev 13417)
+++ data/embedded-code-copies 2009-12-01 22:08:31 UTC (rev 13418)
@@ -713,6 +713,7 @@
libphp-snoopy
- ampache 3.4.1-2 (embed; bug #504169)
+ - gforge 4.6.99+svn6094-2 (embed)
- mahara 1.0.5-2 (embed; bug #504170)
- pixelpost 1.7.1-5 (embed; bug #504171)
- mediamate 0.9.3.6-5 (embed; bug #504172)
@@ -922,6 +923,9 @@
- argyll <unfixed> (embed; bug #544223)
NOTE: reference, confirmed by build logs:
http://lists.debian.org/debian-mentors/2009/08/msg00062.html
+nusoap
+ - gforge 4.8.2-1 (embed)
+
libept
- adept <unfixed> (embed; bug #540649)
@@ -1157,7 +1161,7 @@
NOTE: embeds stdlib modules: optparse, subprocess
- smart <unfixed> (embed; bug #555432)
NOTE: embeds stdlib modules: optparse
- - pyprotocols <unfixed> (embed; bug #555433)
+ - pyprotocols 1.0a.svn20070625-5 (embed; bug #555433)
NOTE: embeds stdlib modules: doctest
- ruledispatch 0.5a.svn20080510-4 (embed; bug #555434)
NOTE: embeds stdlib modules: doctest