diff options
author | Steffen Joeris <white@debian.org> | 2007-09-03 12:19:55 +0000 |
---|---|---|
committer | Steffen Joeris <white@debian.org> | 2007-09-03 12:19:55 +0000 |
commit | 992c697a1b2a710603bfd1d4fa5d97bf6bb6917f (patch) | |
tree | 17e749f46f17e3c91c0184db84472c8f3dd3cdad /data/DTSA/advs | |
parent | 3be9733cae104edce547dbd59d44cfb7a2487943 (diff) |
Add missing .adv files for DTSA 54 and 55
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6477 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs')
-rw-r--r-- | data/DTSA/advs/54-poppler.adv | 21 | ||||
-rw-r--r-- | data/DTSA/advs/55-centerim.adv | 22 |
2 files changed, 43 insertions, 0 deletions
diff --git a/data/DTSA/advs/54-poppler.adv b/data/DTSA/advs/54-poppler.adv new file mode 100644 index 0000000000..77d750c10d --- /dev/null +++ b/data/DTSA/advs/54-poppler.adv @@ -0,0 +1,21 @@ +source: poppler +date: August 22nd , 2007 +author: Steffen Joeris +vuln-type: integer overflow +problem-scope: local (remote) +debian-specifc: no +cve: CVE-2007-3387 +vendor-advisory: +testing-fix: 0.5.4-6lenny1 +sid-fix: 0.5.4-6.1 +upgrade: apt-get upgrade + +It was discovered that an integer overflow in the xpdf PDF viewer may lead +to the execution of arbitrary code if a malformed PDF file is opened. + +CVE-2007-3387 + +Integer overflow in the StreamPredictor::StreamPredictor function in gpdf +before 2.8.2, as used in (1) poppler, (2) xpdf, (3) kpdf, (4) kdegraphics, +(5) CUPS, and other products, might allow remote attackers to execute +arbitrary code via a crafted PDF file. diff --git a/data/DTSA/advs/55-centerim.adv b/data/DTSA/advs/55-centerim.adv new file mode 100644 index 0000000000..1fb37cbc8b --- /dev/null +++ b/data/DTSA/advs/55-centerim.adv @@ -0,0 +1,22 @@ +source: centerim +date: September 1st , 2007 +author: Steffen Joeris +vuln-type: buffer overflows +problem-scope: remote +debian-specifc: no +cve: CVE-2007-3713 +vendor-advisory: +testing-fix: 4.22.1-2lenny1 +sid-fix: 4.22.1-2.1 +upgrade: apt-get upgrade + +It was discovered that there are multiple buffer overflows, which could lead +to the execution of arbitrary code. + +CVE-2007-3713 + +Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow +remote attackers to execute arbitrary code via unspecified vectors. +NOTE: the provenance of this information is unknown; the details are +obtained solely from third party information. NOTE: this might overlap +CVE-2007-0160. |