gilbert-guest at alioth.debian.org
2009-Mar-01 04:01 UTC
[Secure-testing-commits] r11284 - data/CVE
Author: gilbert-guest
Date: 2009-03-01 04:01:14 +0000 (Sun, 01 Mar 2009)
New Revision: 11284
Modified:
data/CVE/list
Log:
ccording to DSA-1613, CVE-2007-2445 was fixed in libgd2 version 2.0.35.dfsg-1,
so updating tracker with this info. however, there was no bug report ever
submitted to explicitly track 2445, so it is somewhat unclear whether this
specific problem has been fixed or not.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-03-01 03:48:20 UTC (rev 11283)
+++ data/CVE/list 2009-03-01 04:01:14 UTC (rev 11284)
@@ -27855,6 +27855,7 @@
- samba 3.0.25-1 (high)
CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before
1.0.25 and ...)
{DSA-1613-1}
+ - libgd2 2.0.35.dfsg-1 (low)
- libpng 1.2.15~beta5-2 (unimportant)
- libpng3 <unfixed> (unimportant)
NOTE: Only a crash, no code injection. Calling this DoS stretches things
rather far