Author: gilbert-guest Date: 2009-12-19 20:30:41 +0000 (Sat, 19 Dec 2009) New Revision: 13604 Modified: data/CVE/list data/embedded-code-copies Log: - track gs-gpl as old version of ghostscript - expat issue in xulrunner is unimportant Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-19 20:30:30 UTC (rev 13603) +++ data/CVE/list 2009-12-19 20:30:41 UTC (rev 13604) @@ -1561,6 +1561,7 @@ NOT-FOR-US: module for Drupal CVE-2009-XXXX [NULL dereferences, similar to Adobe''s CVE-2009-0658] - ghostscript <unfixed> (unimportant) + - gs-gpl <removed> (unimportant) - xpdf <unfixed> (unimportant) CVE-2009-XXXX [multiple vulnerabilities in acidbase; XSS + possible sql injection] - acidbase 1.4.4-1 (bug #552235) @@ -1815,6 +1816,7 @@ - coin3 <unfixed> (unimportant; bug #560928) - gdcm 2.0.14-2 (low; bug #560929) - ghostscript <unfixed> (unimportant; bug #560930) + - gs-gpl <removed> (unimportant) - grmonitor <unfixed> (unimportant; bug #560931) - iceape <unfixed> (unimportant; bug #560932) - insighttoolkit 3.16.0-1 (unimportant; bug #560933) @@ -1837,7 +1839,7 @@ - xmlrpc-c <unfixed> (low; bug #560942) [etch] - xmlrpc-c <no-dsa> (minor issue) [lenny] - xmlrpc-c <no-dsa> (minor issue) - - iceweasel <unfixed> (unimportant; bug #560943) + - iceweasel <not-affected> (uses xulrunner; bug #560943) - kompozer 1:0.8~b1-2 (unimportant; bug #560944) - vxl 1.13.0-2 (low; bug #560945) - xulrunner <unfixed> (unimportant; bug #560946) @@ -2314,6 +2316,7 @@ - gdcm 2.0.14-2 (low; bug #560929) - ghostscript <unfixed> (low; bug #560930) [lenny] - ghostscript <no-dsa> (minor issue) + - gs-gpl <removed> (unimportant) - grmonitor <unfixed> (low; bug #560931) [etch] - grmonitor <no-dsa> (minor issue) [lenny] - grmonitor <no-dsa> (minor issue) @@ -2340,14 +2343,10 @@ - xmlrpc-c <unfixed> (low; bug #560942) [etch] - xmlrpc-c <no-dsa> (minor issue) [lenny] - xmlrpc-c <no-dsa> (minor issue) - - iceweasel <unfixed> (low; bug #560943) - [etch] - iceweasel <no-dsa> (minor issue) - [lenny] - iceweasel <no-dsa> (minor issue) + - iceweasel <not-affected> (uses xulrunner; bug #560943) - kompozer 1:0.8~b1-2 (low; bug #560944) - vxl 1.13.0-2 (low; bug #560945) - - xulrunner <unfixed> (low; bug #560946) - [etch] - xulrunner <no-dsa> (minor issue) - [lenny] - xulrunner <no-dsa> (minor issue) + - xulrunner <unfixed> (unimportant; bug #560946) - apache2 <not-affected> (links to system expat) - texlive-bin <not-affected> (Files are not compiled in, see #560948) - vnc4 <unfixed> (low; bug #560949) @@ -9634,6 +9633,7 @@ NOTE: even though this is not directly a vulnerability itself, part of this application''s armor is now missing; making it easier for unknown vulnerabilities to be effective. CVE-2008-6679 (Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and ...) - ghostscript 8.64~dfsg-1 (medium; bug #524803) + - gs-gpl <removed> (medium; bug #561717) CVE-2008-6678 (SQL injection vulnerability in asp/includes/contact.asp in QuickerSite ...) NOT-FOR-US: QuickerSite CVE-2008-6677 (Unrestricted file upload vulnerability in ...) @@ -9680,6 +9680,7 @@ NOT-FOR-US: Simple Machines Forum CVE-2007-6725 (The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly ...) - ghostscript 8.63.dfsg.1-1 (medium; bug #524803) + - gs-gpl <removed> (medium; bug #561717) CVE-2008-6680 (libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause ...) {DSA-1771-1} - clamav 0.95.1+dfsg-1 (medium; bug #523016) @@ -11433,6 +11434,7 @@ {DTSA-198-1} - argyll 1.0.3-3 (medium; bug #523472; bug #524802) - ghostscript 8.64~dfsg-1.1 (medium; bug #524915) + - gs-gpl <removed> (medium; bug #561717) CVE-2009-0791 (Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as ...) - cupsys <removed> (medium; bug #535488) - cups 1.3.10-1 (medium; bug #535489) @@ -12531,13 +12533,13 @@ {DSA-1746-1 DTSA-198-1} - ghostscript 8.64~dfsg-1.1 (medium; bug #522416) - argyll 1.0.3-2 (bug #522448) - - gs-gpl <removed> + - gs-gpl <removed> (medium) - gs-esp <removed> CVE-2009-0583 (Multiple integer overflows in icc.c in the International Color ...) {DSA-1746-1 DTSA-198-1} - ghostscript 8.64~dfsg-1.1 (medium; bug #522416) - argyll 1.0.3-2 (bug #522448) - - gs-gpl <removed> + - gs-gpl <removed> (medium) - gs-esp <removed> CVE-2009-0582 (The ntlm_challenge function in the NTLM SASL authentication mechanism ...) {DSA-1813-1} @@ -13971,6 +13973,7 @@ CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict function ...) {DTSA-198-1} - ghostscript 8.64~dfsg-1.1 (medium; bug #524803) + - gs-gpl <removed> (medium; bug #561717) - jbig2dec <itp> (medium; bug #539965) CVE-2009-0195 (Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, ...) {DSA-1790-1} @@ -20421,6 +20424,7 @@ CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in ...) - jasper 1.900.1-5.1 (medium; bug #501021) - ghostscript 8.64~dfsg-2 (medium; bug #559778) + - gs-gpl <removed> (medium; bug #561717) - netpbm-free <not-affected> (dynamically links to ghostscript if available) CVE-2008-3521 (Race condition in the jas_stream_tmpfile function in ...) - jasper 1.900.1-5.1 (unimportant; bug #501021) @@ -20428,6 +20432,7 @@ CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow ...) - jasper 1.900.1-5.1 (medium; bug #501021) - ghostscript 8.64~dfsg-2 (medium; bug #559778) + - gs-gpl <removed> (medium; bug #561717) - netpbm-free <not-affected> (dynamically links to ghostscript if available) CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat JBoss ...) - jbossas4 <not-affected> (configuration not yet included in Debian package) @@ -27825,6 +27830,7 @@ CVE-2008-0411 (Stack-based buffer overflow in the zseticcspace function in zicc.c in ...) {DSA-1510-1} - ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190) + - gs-gpl <removed> (medium) CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 ...) {DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1} - linux-2.6 2.6.24-1 @@ -39406,6 +39412,7 @@ - jasper 1.900.1-6 (medium; bug #413033; bug #528543) NOTE: Jasper was initially fixed in 1.900.1-3, but the fix got dropped later, see #528543 - ghostscript 8.61.dfsg.1~svn8187-1.1 (medium; bug #447188) + - gs-gpl <removed> (medium; bug #561717) NOTE: see http://ghostscript.com/pipermail/gs-cvs/2007-October/007877.html CVE-2007-2720 (Group-Office before 2.16-13 does not properly validate user IDs, which ...) NOT-FOR-US: Group-Office Modified: data/embedded-code-copies ==================================================================--- data/embedded-code-copies 2009-12-19 20:30:30 UTC (rev 13603) +++ data/embedded-code-copies 2009-12-19 20:30:41 UTC (rev 13604) @@ -1593,3 +1593,6 @@ bulletphysics (not packaged; http://www.bulletphysics.org/) - supertuxkart <unfixed> (embed) + +ghostscript + - gs-gpl <removed> (old-version)