Author: micah
Date: 2007-04-05 15:31:19 +0000 (Thu, 05 Apr 2007)
New Revision: 5626
Modified:
data/CVE/list
Log:
merge CVE-2007-XXXX and CVE-2007-1667
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-04-05 09:14:13 UTC (rev 5625)
+++ data/CVE/list 2007-04-05 15:31:19 UTC (rev 5626)
@@ -389,8 +389,6 @@
RESERVED
CVE-2007-1668
RESERVED
-CVE-2007-1667 (Multiple integer overflows in (1) the XGetPixel function in
ImUtil.c ...)
- - libx11 2:1.0.3-7 (bug #414045)
CVE-2007-1666 (The processor_request function in the debugger server for
DataRescue ...)
NOT-FOR-US: IDA Pro
CVE-2007-1665
@@ -2880,9 +2878,9 @@
{DSA-1260}
- graphicsmagick 1.1.7-12
- imagemagick 7:6.2.4.5.dfsg1-0.14 (bug #410435)
-CVE-2007-XXXX [Lack of input validation in XInitImage/XGetPixel, exposed by
broken XWD file]
+CVE-2007-1667 [Lack of input validation in XInitImage/XGetPixel, exposed by
broken XWD file]
- xfree86 <removed> (bug #414046; medium)
- - libx11 <unfixed> (bug #414045; medium)
+ - libx11 2:1.0.3-7 (bug #414045; medium)
NOTE: Discovered through CVE-2007-0770.
NOTE: With certain mail user agents, this issue is likely exploitable
NOTE: without much user interaction.