thr3ads.net - Secure testing commits - [Secure-testing-commits] r7990

If this information is useful, please help other people find it:
Share via:

jmm-guest at alioth.debian.org

2008-Jan-20 15:37 UTC

[Secure-testing-commits] r7990 - data/CVE

Author: jmm-guest
Date: 2008-01-20 15:37:45 +0000 (Sun, 20 Jan 2008)
New Revision: 7990

Modified:
   data/CVE/list
Log:
one flac issue is not exploitable


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-01-20 15:27:07 UTC (rev 7989)
+++ data/CVE/list	2008-01-20 15:37:45 UTC (rev 7990)
@@ -1693,7 +1693,9 @@
 CVE-2007-6280
 	RESERVED
 CVE-2007-6279 (Multiple double-free vulnerabilities in Free Lossless Audio
Codec ...)
-	- flac 1.2.1-1
+	- flac 1.2.1-1 (unimportant)
+	NOTE: According to upstream this issue is not exploitable for code injection
+	NOTE: due to the layout of the seektable memory
 CVE-2007-6278 (Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows
...)
 	- flac 1.2.1-1 (unimportant)
 	NOTE: Such validations are within the responsibility of the respective
applications

Secure testing commits - Jan 2008 - r7990 - data/CVE

[Secure-testing-commits] r7990 - data/CVE