Secure testing commits - Mar 2009 - r11459 - data/CVE

Author: joeyh
Date: 2009-03-22 21:14:11 +0000 (Sun, 22 Mar 2009)
New Revision: 11459

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-03-22 17:23:27 UTC (rev 11458)
+++ data/CVE/list	2009-03-22 21:14:11 UTC (rev 11459)
@@ -1435,6 +1435,7 @@
 CVE-2008-6219 (nsrexecd.exe in multiple EMC Networker products including EMC
...)
 	NOT-FOR-US: EMC Networker products
 CVE-2008-6218 (Memory leak in the png_handle_tEXt function in pngrutil.c in
libpng ...)
+	{DSA-1750-1}
 	- libpng 1.2.33-1
 CVE-2008-6217 (Cross-site scripting (XSS) vulnerability in index.php in Extrakt
...)
 	NOT-FOR-US: Extrakt Framework
@@ -3325,6 +3326,7 @@
 CVE-2009-0122 (hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7
and ...)
 	- hplip <not-affected> (only a bug in ubuntus postinst script, we use
our own postinst which is not vulnerable)
 CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before
1.0.42, ...)
+	{DSA-1750-1}
 	- libpng 1.2.35-1 (unimportant; bug #512665)
 	NOTE: Only an issues when using libpng to create out-of-spec images
 CVE-2008-5906 (Eval injection vulnerability in the web interface plugin in
KTorrent ...)
@@ -4191,6 +4193,7 @@
 	NOTE: fixed in r6 point update
 	NOTE: http://www.tdiary.org/20071215.html
 CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x
before ...)
+	{DSA-1750-1}
 	- pngcrush 1.6.15-1
 	- libpng 1.2.35-1 (bug #516256)
 CVE-2009-0039
@@ -14476,7 +14479,6 @@
 CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile
or ...)
 	NOT-FOR-US: Gentoo Linux Ebuilds
 CVE-2008-1382 (libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and
1.4.0beta01 ...)
-	{DSA-1750-1}
 	- libpng 1.2.26-1 (low; bug #476669)
 	NOTE: 1.2.26-1 contains a patch to fix that
 	[etch] - libpng 1.2.15~beta5-1+etch2
@@ -22050,7 +22052,6 @@
 CVE-2007-5270 (Unspecified vulnerability in the Boost module before 4.7.x-1.0,
and ...)
 	- drupal <not-affected> (does not ship this module)
 CVE-2007-5269 (Certain chunk handlers in libpng before 1.0.29 and 1.2.x before
1.2.21 ...)
-	{DSA-1750-1}
 	- libpng 1.2.15~beta5-3 (low; bug #446308)
 	[sarge] - libpng <no-dsa> (Minor issue)
 	[etch] - libpng 1.2.15~beta5-1+etch2
@@ -29014,7 +29015,7 @@
 	{DSA-1291-2 DTSA-41-1}
 	- samba 3.0.25-1 (high)
 CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before
1.0.25 and ...)
-	{DSA-1613-1 DSA-1750-1}
+	{DSA-1613-1}
 	- libgd2 2.0.35.dfsg-1 (low)
 	[etch] - libgd2 2.0.33-5.2etch1 (low)
 	- libpng 1.2.15~beta5-2 (unimportant)