Author: jmm-guest
Date: 2005-11-16 13:55:28 +0000 (Wed, 16 Nov 2005)
New Revision: 2760
Modified:
data/CVE/list
Log:
researched gtk/gdk-pixbuf xpm vulnerabilities
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-16 09:58:12 UTC (rev 2759)
+++ data/CVE/list 2005-11-16 13:55:28 UTC (rev 2760)
@@ -848,7 +848,7 @@
CVE-2005-3186 [Integer overflow in GTK''s XPM code]
RESERVED
- gtk+2.0 <unfixed> (bug #339431; medium)
- TODO: Check gdk-pixbuf
+ - gdk-pixbuf <unfixed> (bug #339431; medium)
CVE-2005-3184 (Buffer overflow vulnerability in the unicode_to_bytes in the
Service ...)
- ethereal <unfixed> (bug #334880; medium)
CVE-2005-3183 (The HTBoundary_put_block function in HTBound.c for W3C libwww
...)
@@ -1454,10 +1454,13 @@
- pam <unfixed> (bug #336344; medium)
[sarge] - pam <not-affected> (Does not contain SELinux support)
[woody] - pam <not-affected> (Does not contain SELinux support)
-CVE-2005-2976
+CVE-2005-2976 [integer overflow in "pixels" calculation of
gdk-pixbuf]
RESERVED
-CVE-2005-2975
+ - gdk-pixbuf (bug #339431; medium)
+CVE-2005-2975 [dos in xpm processing of gdk-pixbuf]
RESERVED
+ - gdk-pixbuf (bug #339431; low)
+ - gtk+2.0 (bug #339431; low)
CVE-2005-2974 [libungif null pointer deref dos]
RESERVED
{DSA-890-1}