cupsys was renamed in cups

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@9064 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Nico Golde <nion@debian.org> 2008-06-13 18:02:33 +0000
committer: Nico Golde <nion@debian.org> 2008-06-13 18:02:33 +0000
commit: 1983366a73ca4292cd50d62d2759c2a0611d7213 (patch)
tree: eaca1000b54d44facef103b0a1e7afacfeba5404 /data
parent: 0a048ac0fcb9a2c29497a4a7fb273e37393db71e (diff)
8 files changed, 106 insertions, 54 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index 15c49cfcf5..08e5d9d089 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -170,7 +170,8 @@ CVE-2001-1509 (geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does
 	NOT-FOR-US: HP-UX
 CVE-2001-1508 (Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows ...)
 	- lprng <not-affected> (Not suid in Debian)
-	- cupsys <not-affected> (Not suid in Debian)
+	- cups <not-affected> (Not suid in Debian)
+	- cupsys <removed>
 CVE-2001-1507 (OpenSSH before 3.0.1 with Kerberos V enabled does not properly ...)
 	- openssh 1:3.0.1
 CVE-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...)
diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index 093d00705d..9481466597 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -2008,7 +2008,8 @@ CVE-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow
 	- traceroute-nanog 6.3.0-1
 CVE-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS) ...)
 	{DSA-232}
-	- cupsys 1.1.18-1
+	- cupsys <removed>
+	- cups 1.1.18-1
 CVE-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local ...)
 	{DSA-227}
 	- openldap2 2.0.27-3
@@ -2022,7 +2023,8 @@ CVE-2002-1370
 	REJECTED
 CVE-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...)
 	{DSA-232}
-	- cupsys 1.1.18-1
+	- cupsys <removed>
+	- cups 1.1.18-1
 CVE-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings with ...)
 	- openssh <not-affected> (OpenSSH not vulnerable)
 CVE-2002-1359 (Multiple SSH2 servers and clients do not properly handle large packets ...)
@@ -3078,7 +3080,8 @@ CVE-2002-1384 (Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xp
 	{DSA-232 DSA-226 DSA-222}
 	- xpdf-i 2.01-2
 	- xpdf 2.01-2
-	- cupsys 1.1.18-1
+	- cups 1.1.18-1
+	- cupsys <removed>
 CVE-2002-1382 (Macromedia Flash Player before 6.0.65.0 allows remote attackers to ...)
 	- flashplugin-nonfree 6.0.69-1
 CVE-2002-1381 (Format string vulnerability in daemon.c for Exim 4.x through 4.10, and ...)
@@ -3107,19 +3110,24 @@ CVE-2002-1373 (Signed integer vulnerability in the COM_TABLE_DUMP package for My
 	- mysql <removed>
 CVE-2002-1372 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not ...)
 	{DSA-232}
-	- cupsys 1.1.18-1
+	- cupsys <removed>
+	- cups 1.1.18-1
 CVE-2002-1371 (filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 ...)
 	{DSA-232}
-	- cupsys 1.1.18-1
+	- cupsys <removed>
+	- cups 1.1.18-1
 CVE-2002-1369 (jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 ...)
 	{DSA-232}
-	- cupsys 1.1.18-1
+	- cupsys <removed>
+	- cups 1.1.18-1
 CVE-2002-1367 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...)
 	{DSA-232}
-	- cupsys 1.1.18-1
+	- cupsys <removed>
+	- cups 1.1.18-1
 CVE-2002-1366 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local ...)
 	{DSA-232}
-	- cupsys 1.1.18-1
+	- cupsys <removed>
+	- cups 1.1.18-1
 CVE-2002-1365 (Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not ...)
 	{DSA-216}
 	- fetchmail 6.2.0-1
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index 7c2e79515b..6eebaf3268 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -1586,7 +1586,8 @@ CVE-2003-0790
 CVE-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...)
 	- apache2 2.0.48
 CVE-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...)
-	- cupsys 1.1.19
+	- cupsys <removed>
+	- cups 1.1.19
 CVE-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...)
 	- openssh 1:3.7.1p2
 CVE-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and ...)
@@ -2954,7 +2955,8 @@ CVE-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote
 	- samba 3.0
 CVE-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of ...)
 	{DSA-317}
-	- cupsys 1.1.19final-1
+	- cupsys <removed>
+	- cups 1.1.19final-1
 CVE-2003-0194 (tcpdump does not properly drop privileges to the pcap user when ...)
 	- tcpdump <not-affected> (Apparently a Red Hat specific compilation packaging flaw)
 CVE-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...)
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index 869a33a364..612f44b90f 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -1259,7 +1259,8 @@ CVE-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency 1.0
 CVE-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...)
 	NOT-FOR-US: Online-bookmarks
 CVE-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...)
-	- cupsys 1.1.20final+rc1-1 (low)
+	- cups 1.1.20final+rc1-1 (low)
+	- cupsys <removed> (low)
 CVE-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management Software ...)
 	NOT-FOR-US: Real Estate Management Software
 CVE-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...)
@@ -3094,13 +3095,17 @@ CVE-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c
 CVE-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows ...)
 	NOT-FOR-US: dxfscope
 CVE-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure ...)
-	- cupsys 1.1.22-2
+	- cups 1.1.22-2
+	- cupsys <removed>
 CVE-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it ...)
-	- cupsys 1.1.22-2
+	- cups 1.1.22-2
+	- cupsys <removed>
 CVE-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS ...)
-	- cupsys 1.1.22-2
+	- cups 1.1.22-2
+	- cupsys <removed>
 CVE-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the ...)
-	- cupsys 1.1.22-2
+	- cups 1.1.22-2
+	- cupsys <removed>
 CVE-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for ...)
 	NOT-FOR-US: csv2xml
 CVE-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the ...)
@@ -3430,7 +3435,8 @@ CVE-2004-1126
 CVE-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...)
 	{DSA-621-1 DSA-619-1}
 	- xpdf 3.00-11
-	- cupsys 1.1.22-2
+	- cupsys <removed>
+	- cups 1.1.22-2
 	- tetex-bin 2.0.2-25
 	- gpdf 2.8.2-1
 	- koffice 1:1.3.5-1
@@ -3952,7 +3958,8 @@ CVE-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initi
 	NOT-FOR-US: MacOS
 CVE-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a ...)
 	{DSA-566-1}
-	- cupsys 1.1.20final+rc1-9
+	- cupsys <removed>
+	- cups 1.1.20final+rc1-9
 CVE-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, ...)
 	NOT-FOR-US: MacOS
 CVE-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an ...)
@@ -4056,7 +4063,8 @@ CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other package
 	- xpdf 3.00-9
 	- gpdf 2.8.0-1
 	- kdegraphics 4:3.3.1-1 (bug #280373)
-	- cupsys 1.1.22-6 (bug #324460)
+	- cupsys <removed> (bug #324460)
+	- cups 1.1.22-6 (bug #324460)
 	NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
 	NOTE: In version 1.1.20final+rc1-10, the dormant code in the source
 	NOTE: package was fixed.
@@ -4880,7 +4888,8 @@ CVE-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local us
 	- usermin 1.090-1
 CVE-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before ...)
 	{DSA-545-1}
-	- cupsys 1.1.20final+rc1-6
+	- cupsys <removed>
+	- cups 1.1.20final+rc1-6
 CVE-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav.c for ...)
 	{DSA-565-1}
 	- sox 12.17.4-9 (bug #262083)
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index 920da49d27..f0269d601f 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -3,7 +3,8 @@ CVE-2005-4875 (TYPO3 3.8.0 and earlier allows remote attackers to obtain sensiti
 CVE-2005-4874 (The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE ...)
 	- iceweasel <not-affected> (old version and CVE)
 CVE-2005-4873 (Multiple stack-based buffer overflows in the phpcups PHP module for ...)
-	- cupsys 1.1.23-10sarge1
+	- cups 1.1.23-10sarge1
+	- cupsys <removed>
 CVE-2005-4872 (Perl-Compatible Regular Expression (PCRE) library before 6.2 does not ...)
 	- pcre3 6.2-1
 	[sarge] - pcre3 4.5+7.4-1
@@ -2751,7 +2752,8 @@ CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...)
 	- libextractor 0.5.9-1
 	- pdfkit.framework 0.8-4
 	- pdftohtml 0.36-12
-	- cupsys 1.1.22-7
+	- cupsys <removed>
+	- cups 1.1.22-7
 	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
 	- tetex-bin 3.0-12
 	NOTE: tetex-bin switched to poppler in 3.0-12.
@@ -2765,7 +2767,8 @@ CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftoh
 	- libextractor 0.5.9-1
 	- pdfkit.framework 0.8-4
 	- pdftohtml 0.36-12
-	- cupsys 1.1.22-7
+	- cupsys <removed>
+	- cups 1.1.22-7
 	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
 	- tetex-bin 3.0-12
 	NOTE: tetex-bin switched to poppler in 3.0-12.
@@ -2779,7 +2782,8 @@ CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler,
 	- libextractor 0.5.9-1
 	- pdfkit.framework 0.8-4
 	- pdftohtml 0.36-12
-	- cupsys 1.1.22-7
+	- cupsys <removed>
+	- cups 1.1.22-7
 	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
 	- tetex-bin 3.0-12
 	NOTE: tetex-bin switched to poppler in 3.0-12.
@@ -2794,7 +2798,8 @@ CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler,
 	- libextractor 0.5.9-1
 	- pdfkit.framework 0.8-4
 	- pdftohtml 0.36-12
-	- cupsys 1.1.22-7
+	- cups 1.1.22-7
+	- cupsys <removed>
 	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
 	NOTE: tetex-bin switched to poppler in 3.0-12.
 CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, ...)
@@ -2808,7 +2813,8 @@ CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf
 	- libextractor 0.5.9-1
 	- pdfkit.framework 0.8-4
 	- pdftohtml 0.36-12
-	- cupsys 1.1.22-7
+	- cups 1.1.22-7
+	- cupsys <removed>
 	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
 	NOTE: tetex-bin switched to poppler in 3.0-12.
 CVE-2005-3623 (nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR ...)
@@ -3875,7 +3881,8 @@ CVE-2005-3193 (Heap-based buffer overflow in the JPXStream::readCodestream funct
 	- tetex-bin 3.0-11 (bug #342292; medium)
 	- koffice <not-affected> (Vulnerable xpdf code not contained)
 	- libextractor 0.5.8-1 (medium)
-	- cupsys 1.1.23-13 (unimportant)
+	- cupsys <removed> (unimportant)
+	- cups 1.1.23-13 (unimportant)
 	- pdfkit.framework 0.8-4
 CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpdf ...)
 	{DSA-1019-1 DSA-983-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
@@ -3889,7 +3896,8 @@ CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpd
 	- tetex-bin 3.0-11 (bug #342292; medium)
 	- koffice 1:1.4.2-5 (bug #342294; medium)
 	- libextractor 0.5.8-1 (medium)
-	- cupsys 1.1.23-13 (unimportant)
+	- cupsys <removed> (unimportant)
+	- cups 1.1.23-13 (unimportant)
 	- pdfkit.framework 0.8-4
 CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) ...)
 	{DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
@@ -3903,7 +3911,8 @@ CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) ...)
 	- tetex-bin 3.0-11 (bug #342292; medium)
 	- koffice 1:1.4.2-5 (bug #342294; medium)
 	- libextractor 0.5.8-1 (medium)
-	- cupsys 1.1.23-13 (unimportant)
+	- cups 1.1.23-13 (unimportant)
+	- cupsys <removed> (unimportant)
 CVE-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 ...)
 	NOT-FOR-US: iGateway
 CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP Server ...)
@@ -4738,7 +4747,8 @@ CVE-2005-2875 (Py2Play allows remote attackers to execute arbitrary Python code
 	{DSA-856-1}
 	- py2play 0.1.8-1 (bug #326976; medium)
 CVE-2005-2874 (The is_path_absolute function in scheduler/client.c for the daemon in ...)
-	- cupsys 1.1.23-1 (unknown)
+	- cups 1.1.23-1 (unknown)
+	- cupsys <removed> (unknown)
 CVE-2005-2871 (Buffer overflow in the International Domain Name (IDN) support in ...)
 	{DSA-868-1 DSA-866-1 DSA-837-1}
 	- mozilla-firefox 1.0.6-5 (bug #327452; bug #327802; bug #327366; medium)
@@ -6629,7 +6639,8 @@ CVE-2005-2097 (xpdf and kpdf do not properly validate the &quot;loca&quot; table
 	[sarge] - tetex-bin <not-affected> (tetex2 uses an older version, which is not affected)
 	- gpdf 2.10.0-4 (bug #334454; low)
 	NOTE: Cups switched to xpdf-utils
-	- cupsys 1.1.22-7 (bug #324464)
+	- cupsys <removed> (bug #324464)
+	- cups 1.1.22-7 (bug #324464)
 	[woody] - cupsys <not-affected> (Vulnerable code not present)
 	- poppler 0.4.0-1 (low)
 	- libextractor 0.5.8-1 (medium)
@@ -10955,7 +10966,8 @@ CVE-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.
 	- kdegraphics <not-affected> (Initial Debian fix was already correct)
 	- tetex-bin <not-affected> (Initial Debian fix was already correct)
 	- pdftohtml <not-affected> (Initial Debian fix was already correct)
-	- cupsys 1.1.22-7
+	- cups 1.1.22-7
+	- cupsys <removed>
 	NOTE: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393
 	NOTE: cupsys uses an external xpdf now.
 CVE-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...)
@@ -11314,7 +11326,8 @@ CVE-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.
 	- pdftohtml 0.36-11
 	- kdegraphics 4:3.3.2-2
 	- tetex-bin 2.0.2-26
-	- cupsys 1.1.22-6 (bug #324459)
+	- cupsys <removed> (bug #324459)
+	- cups 1.1.22-6 (bug #324459)
 	NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
 	NOTE: In version 1.1.23-13, the dormant code in the source
 	NOTE: package was fixed.
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 6bb86fd747..ad61b51b8c 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -777,7 +777,8 @@ CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the Apa
 	[etch] - apache 1.3.34-4.1+etch1
 CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local users ...)
 	{DSA-1437-1}
-	- cupsys 1.3.5-1 (low; bug #456960)
+	- cups 1.3.5-1 (low; bug #456960)
+	- cupsys <removed> (low; bug #456960)
 	[sarge] - cupsys <no-dsa> (Minor issue)
 	NOTE: the debian package is a bit confusing here as it also ships a pdftops
 	NOTE: wrapper script as an example but the original script is installed
@@ -2062,10 +2063,12 @@ CVE-2007-5850 (Heap-based buffer overflow in Desktop Services in Apple Mac OS X
 	NOT-FOR-US: Desktop Services (Apple Mac OS X)
 CVE-2007-5849 (Integer underflow in the asn1_get_string function in the SNMP back end ...)
 	{DSA-1437-1}
-	- cupsys 1.3.5-1 (medium; bug #457453)
+	- cupsys <removed> (medium; bug #457453)
+	- cups 1.3.5-1 (medium; bug #457453)
 	[sarge] - cupsys <not-affected> (Vulnerable code not present)
 CVE-2007-5848 (Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin ...)
-	- cupsys 1.2.0
+	- cupsys <removed>
+	- cups 1.2.0
 	NOTE: This only affects the Cups 1.1 series
 	[sarge] - cupsys <no-dsa> (Minor issue, may only lead to an infinite loop)
 CVE-2007-5847 (Race condition in the CFURLWriteDataAndPropertiesToResource API in ...)
@@ -3084,13 +3087,14 @@ CVE-2007-5393 (Heap-based buffer overflow in the CCITTFaxStream::lookChar method
 	- xpdf 3.02-1.3 (medium; bug #450629)
 	- koffice 1:1.6.3-4 (medium; bug #450631)
 	- libextractor 0.5.9-1
-	- cupsys 1.1.22-7
+	- cupsys <removed>
+	- cups 1.1.22-7
 	- gpdf <removed>
 	- pdftohtml <removed>
 	[etch] - pdftohtml 0.36-13etch1
 	- tetex-bin 3.0-12
 	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
-	- cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
+	- cups <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
 	NOTE: cups uses xpdf-utils and poppler-utils
 	- libextractor 0.5.12-1
 	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
@@ -3102,13 +3106,14 @@ CVE-2007-5392 (Integer overflow in the DCTStream::reset method in xpdf/Stream.cc
 	- xpdf 3.02-1.3 (medium; bug #450629)
 	- koffice 1:1.6.3-4 (medium; bug #450631)
 	- libextractor 0.5.9-1
-	- cupsys 1.1.22-7
+	- cupsys <removed>
+	- cups 1.1.22-7
 	- gpdf <removed>
 	- pdftohtml <removed>
 	[etch] - pdftohtml 0.36-13etch1
 	- tetex-bin 3.0-12
 	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
-	- cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
+	- cups <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
 	NOTE: cups uses xpdf-utils and poppler-utils
 	- libextractor 0.5.12-1
 	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
@@ -5599,19 +5604,21 @@ CVE-2007-4352 (Array index error in the DCTStream::readProgressiveDataUnit metho
 	- xpdf 3.02-1.3 (medium; bug #450629)
 	- koffice 1:1.6.3-4 (medium; bug #450631)
 	- libextractor 0.5.9-1
-	- cupsys 1.1.22-7
+	- cupsys <removed>
+	- cups 1.1.22-7
 	- gpdf <removed>
 	- pdftohtml <removed>
 	[etch] - pdftohtml 0.36-13etch1
 	- tetex-bin 3.0-12
 	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
-	- cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
+	- cups <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
 	NOTE: cups uses xpdf-utils and poppler-utils
 	- libextractor 0.5.12-1
 	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
 CVE-2007-4351 (Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 ...)
 	{DSA-1407-1 DTSA-81-1}
-	- cupsys 1.3.4-1 (medium; bug #448866)
+	- cupsys <removed> (medium; bug #448866)
+	- cups 1.3.4-1 (medium; bug #448866)
 	[sarge] - cupsys <not-affected> (Only vulnerable to code injection since 1.2.x, effects are harmless otherwise)
 CVE-2007-4350
 	RESERVED
@@ -6288,7 +6295,8 @@ CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for (1
 CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery ...)
 	NOT-FOR-US: Pony Gallery
 CVE-2007-4045 (The CUPS service, as used in SUSE Linux before 20070720 and other ...)
-	- cupsys 1.2 
+	- cupsys <removed>
+	- cups 1.2 
 	NOTE: Since 1.2 allocation has changed and this issue is no longer exploitable
 CVE-2007-4044
 	REJECTED
@@ -7820,7 +7828,8 @@ CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor function
 	[etch] - pdftohtml 0.36-13etch1
 	- tetex-bin 3.0-12
 	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
-	- cupsys <not-affected> (unimportant; bug #436099)
+	- cupsys <removed> (unimportant; bug #436099)
+	- cups <not-affected> (unimportant; bug #436099)
 	NOTE: cups uses xpdf-utils
 	- pdfkit.framework 0.8-4
 	NOTE: links to poppler since 0.8-4, thus marking as fixed
@@ -14106,7 +14115,8 @@ CVE-2007-0722 (Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8
 CVE-2007-0721 (Unspecified vulnerability in diskimages-helper in Apple Mac OS X ...)
 	NOT-FOR-US: Apple Mac
 CVE-2007-0720 (The CUPS service on multiple platforms allows remote attackers to ...)
-	- cupsys 1.2.7-1 (bug #434734; low)
+	- cups 1.2.7-1 (bug #434734; low)
+	- cupsys <removed> (bug #434734; low)
 	[sarge] - cupsys <no-dsa> (Minor, conceptual design problem)
 	[etch] - cupsys <no-dsa> (Minor, conceptual design problem)
 CVE-2007-0719 (Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through ...)
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index fc59035e26..7439654bc2 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -2085,7 +2085,8 @@ CVE-2008-1724 (Stack-based buffer overflow in the IActiveXTransfer.FileTransfer
 CVE-2008-1723
 	RESERVED
 CVE-2008-1722 (Multiple integer overflows in (1) filter/image-png.c and (2) ...)
-	- cupsys 1.3.7-2 (medium; bug #476305)
+	- cups 1.3.7-2 (medium; bug #476305)
+	- cupsys <removed> (medium; bug #476305)
 CVE-2008-1721 (Integer signedness error in the zlib extension module in Python 2.5.2 ...)
 	{DSA-1551-1}
 	- python2.4 2.4.5-2
@@ -2898,10 +2899,12 @@ CVE-2008-1375 (Race condition in the directory notification subsystem (dnotify)
 	{DSA-1565-1}
 	- linux-2.6 2.6.25-2 (low)
 CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux ...)
-	- cupsys <not-affected> (Redhat-specific incomplete patch, upstream patch is complete)
+	- cupsys <removed>
+	- cups <not-affected> (Redhat-specific incomplete patch, upstream patch is complete)
 CVE-2008-1373 (Buffer overflow in the gif_read_lzw in CUPS 1.3.6 allows remote ...)
 	{DTSA-122-1}
-	- cupsys 1.3.7-1 (medium)
+	- cupsys <removed> (medium)
+	- cups 1.3.7-1 (medium)
 CVE-2008-1372 (bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to ...)
 	- bzip2 1.0.5-0.1 (low; bug #471670)
 	[etch] - bzip2 <no-dsa> (Pure crasher, no code injection, mostly a regular bug)
@@ -4033,7 +4036,8 @@ CVE-2008-0884 (The Replace function in the capp-lspp-config script in the (1) ..
 	NOTE: Seems Redhat specific
 CVE-2008-0882 (Double free vulnerability in the process_browse_data function in CUPS ...)
 	{DSA-1530-1 DTSA-117-1}
-	- cupsys 1.3.6-1 (medium; bug #467653)
+	- cupsys <removed> (medium; bug #467653)
+	- cups 1.3.6-1 (medium; bug #467653)
 	[sarge] - cupsys <no-dsa> (Remote DoS is minor issue)
 CVE-2008-0881 (SQL injection vulnerability in modules.php in the Okul 1.0 module for ...)
 	NOT-FOR-US: Okul module for PHP-Nuke
@@ -4646,10 +4650,12 @@ CVE-2008-0599 (The init_request_info function in sapi/cgi/cgi_main.c in PHP befo
 CVE-2008-0598
 	RESERVED
 CVE-2008-0597 (Use-after-free vulnerability in CUPS before 1.1.22, and possibly other ...)
-	- cupsys 1.2 
+	- cups 1.2
+	- cupsys <removed>
 	NOTE: (mimeDeleteType included since 1.2.x
 CVE-2008-0596 (Memory leak in CUPS before 1.1.22, and possibly other versions, allows ...)
-	- cupsys 1.3.6
+	- cupsys <removed>
+	- cups 1.3.6
 	NOTE: version in unstable has better array handling and is not vulnerable, exact version unknown
 	TODO: validate exact fixed version
 CVE-2008-0595 (dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes ...)
@@ -5927,7 +5933,8 @@ CVE-2008-0055 (Foundation in Apple Mac OS X 10.4.11 creates world-writable ...)
 CVE-2008-0054 (Foundation in Apple Mac OS X 10.4.11 might allow context-dependent ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0053 (Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS ...)
-	- cupsys 1.3.6-1
+	- cupsys <removed>
+	- cups 1.3.6-1
 	NOTE: https://bugzilla.redhat.com/attachment.cgi?id=298651
 CVE-2008-0052 (CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file ...)
 	NOT-FOR-US: Apple Mac OS X
@@ -5941,7 +5948,8 @@ CVE-2008-0048 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 a
 	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0047 (Heap-based buffer overflow in the cgiCompileSearch function in CUPS ...)
 	{DSA-1530-1}
-	- cupsys 1.3.6-3 (medium; bug #472105)
+	- cupsys <removed> (medium; bug #472105)
+	- cups 1.3.6-3 (medium; bug #472105)
 	[sarge] - cupsys <not-affected> (Vulnerable code not present)
 CVE-2008-0046 (The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect ...)
 	NOT-FOR-US: Apple Mac OS X
diff --git a/data/packages/removed-packages b/data/packages/removed-packages
index 1187b8323e..12dc8ba2a7 100644
--- a/data/packages/removed-packages
+++ b/data/packages/removed-packages
@@ -68,3 +68,4 @@ unarj
 apache-perl
 freenet6
 thunderbird
+cupsys
author	Nico Golde <nion@debian.org>	2008-06-13 18:02:33 +0000
committer	Nico Golde <nion@debian.org>	2008-06-13 18:02:33 +0000
commit	1983366a73ca4292cd50d62d2759c2a0611d7213 (patch)
tree	eaca1000b54d44facef103b0a1e7afacfeba5404 /data
parent	0a048ac0fcb9a2c29497a4a7fb273e37393db71e (diff)