Apple Computer Inc. Not Affected

Updated:  March 17, 2003

Status

Not Affected

Vendor Statement

Mac OS X and Mac OS X Server do not contain the vulnerabilities described in this report.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Debian Affected

Updated:  March 17, 2003

Status

Affected

Vendor Statement

Please see http://www.debian.org/security/2003/dsa-263.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Fujitsu Not Affected

Updated:  March 17, 2003

Status

Not Affected

Vendor Statement

Fujitsu's UXP/V o.s. does not support the Utah Raster Toolkit or netpbm, so it is not vulnerable to the vulnerabilities reported in this VU report.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Hewlett-Packard Company Not Affected

Updated:  March 17, 2003

Status

Not Affected

Vendor Statement

Source: Hewlett-Packard Company Software Security Response Team HP-UX - not vulnerable HP-MPE/ix - not vulnerable HP Tru64 UNIX - not vulnerable HP OpenVMS - not vulnerable HP NonStop Servers - not vulnerable To report potential security vulnerabilities in HP software, send an E-mail message to: mailto:security-alert@hp.com

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Ingrian Networks Not Affected

Updated:  March 17, 2003

Status

Not Affected

Vendor Statement

Ingrian Networks products are not vulnerable to VU#378049 or VU#630433.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Microsoft Corporation Not Affected

Updated:  March 17, 2003

Status

Not Affected

Vendor Statement

Microsoft has confirmed this issue does not affect our software.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NetPBM Affected

Notified:  December 20, 2002 Updated: March 17, 2003

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Red Hat Inc. Affected

Updated:  April 03, 2003

Status

Affected

Vendor Statement

Red Hat Linux and Red Hat Enterprise Linux ship with a NetPBM package vulnerable to these issues. Updated NetPBM packages are available along with our advisory at the URLs below. Users of the Red Hat Network can update their systems using the 'up2date' tool. Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2003-061.html Red Hat Linux: http://rhn.redhat.com/errata/RHSA-2003-060.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.