Author: jmm-guest Date: 2006-07-09 11:21:05 +0000 (Sun, 09 Jul 2006) New Revision: 4360 Modified: data/CVE/list Log: png overflow was dissected on vendor-sec and turned out to be a non-issue. Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-07-08 18:39:05 UTC (rev 4359) +++ data/CVE/list 2006-07-09 11:21:05 UTC (rev 4360) @@ -37,7 +37,9 @@ CVE-2006-3335 (Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, ...) NOT-FOR-US: HP-UX CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in pngrutil.c in ...) - - libpng <unfixed> (bug #377298; high) + - libpng <unfixed> (bug #377298; unimportant) + NOTE: A static 50 char array consumes 13 machine words on 32bit archs, so the overflow + NOTE: cannot overwrite other memory sections CVE-2006-3333 (Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum ...) NOT-FOR-US: Zorum Forum CVE-2006-3332 (SQL injection vulnerability in index.php in Zorum Forum 3.5 allows ...)