joeyh at alioth.debian.org
2009-Mar-01 09:14 UTC
[Secure-testing-commits] r11290 - data/CVE
Author: joeyh
Date: 2009-03-01 09:14:12 +0000 (Sun, 01 Mar 2009)
New Revision: 11290
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-03-01 07:09:39 UTC (rev 11289)
+++ data/CVE/list 2009-03-01 09:14:12 UTC (rev 11290)
@@ -7927,7 +7927,7 @@
NOT-FOR-US: Oracle
CVE-2008-3699 (The MagnatuneBrowser::listDownloadComplete function in ...)
- amarok 1.4.10-1 (unimportant; bug #494765)
- [etch] - amarok <not-affected>
+ [etch] - amarok <not-affected>
NOTE: The code in question doesn''t dereference the symlink, tested
with Etch
NOTE: and Lenny. Given that it only takes a minute to test this, it''s
surprising
NOTE: that at least one vendor issued an advisory and upstream pushed a new
release...
@@ -27856,8 +27856,8 @@
- samba 3.0.25-1 (high)
CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before
1.0.25 and ...)
{DSA-1613-1}
- - libgd2 2.0.35.dfsg-1 (low)
- [etch] - libgd2 2.0.33-5.2etch1 (low)
+ - libgd2 2.0.35.dfsg-1 (low)
+ [etch] - libgd2 2.0.33-5.2etch1 (low)
- libpng 1.2.15~beta5-2 (unimportant)
- libpng3 <not-affected> (unimportant)
NOTE: Only a crash, no code injection. Calling this DoS stretches things
rather far