white at alioth.debian.org
2008-Oct-04 08:20 UTC
[Secure-testing-commits] r9985 - data/CVE
Author: white Date: 2008-10-04 08:20:35 +0000 (Sat, 04 Oct 2008) New Revision: 9985 Modified: data/CVE/list Log: Add information about libpng issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-10-04 08:19:06 UTC (rev 9984) +++ data/CVE/list 2008-10-04 08:20:35 UTC (rev 9985) @@ -1155,11 +1155,11 @@ - mysql-dfsg-5.0 5.0.51a-15 (low; bug #498362) begin claimed by white CVE-2008-3964 (Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 ...) - - libpng <unfixed> + - libpng <unfixed> (low; bug #501109) + [etch] - libpng <not-affected> (Vulnerable code not present) NOTE: off-by-one error in pngpread.c is not present, must have - NOTE: been introduced later, but I think pngtest.c is affected - TODO: check that 1.2.32 is not uploaded, as it also includes - TODO: the off-by-one error in pngpread.c + NOTE: been introduced later, but pngtest.c is affected. However, there + NOTE: is no known exploit. end claimed by white CVE-2008-XXXX [multiple heap based overflows in xine-lib] - xine-lib <unfixed> (medium; bug #498243)