Author: jmm
Date: 2011-09-01 16:14:54 +0000 (Thu, 01 Sep 2011)
New Revision: 17157
Modified:
data/CVE/list
Log:
researched the foomatic-filters/hplip mess (front desk, please create
a ticket for foomatic-filters)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-09-01 15:34:54 UTC (rev 17156)
+++ data/CVE/list 2011-09-01 16:14:54 UTC (rev 17157)
@@ -908,7 +908,11 @@
CVE-2011-2965
RESERVED
CVE-2011-2964 (foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic
4.0.6 ...)
- TODO: check
+ - foomatic-filters 4.0.9-1
+ NOTE: There two implementation of the affected filter: the version from
foomatic-filters
+ NOTE: 4.0 is written in C and has been assigned CVE-2011-2964 and the version
in
+ NOTE: foomatic-filters 3.x is written in Perl and has been assigned
CVE-2011-2697
+ NOTE: Fixed in foomatic-filters 4.0.8
CVE-2011-2963 (TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084
does not ...)
NOT-FOR-US: Progea Movicon
CVE-2011-2962 (Multiple stack-based buffer overflows in Invensys Wonderware
...)
@@ -1611,6 +1615,12 @@
NOTE: no code injection, not treated as a security issue, see
README.Debian.security
CVE-2011-2697 (foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP)
3.11.5 ...)
- hplip <unfixed> (bug #635549; medium)
+ - foomatic-filters 4.0
+ NOTE: There two implementation of the affected filter: the version from
foomatic-filters
+ NOTE: 4.0 is written in C and has been assigned CVE-2011-2964 and the version
in
+ NOTE: foomatic-filters 3.x is written in Perl and has been assigned
CVE-2011-2697
+ NOTE: hplip includes local copy of the Perl version. It needs to be checked,
whether
+ NOTE: it''s modified somehow
CVE-2011-2696 (Integer overflow in libsndfile before 1.0.25 allows remote
attackers ...)
{DSA-2288-1}
- libsndfile 1.0.25-1