Author: fw Date: 2007-05-26 10:19:08 +0000 (Sat, 26 May 2007) New Revision: 5930 Modified: data/CVE/list Log: CVE-2007-2756: libgd, libgd2 CVE-2007-2741: lcms fixed CVE-2007-2739, CVE-2007-2740: php-xajax Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-05-26 09:46:45 UTC (rev 5929) +++ data/CVE/list 2007-05-26 10:19:08 UTC (rev 5930) @@ -98,7 +98,9 @@ CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 ...) NOT-FOR-US: Redoable CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted ...) - TODO: check + - libgd <unfixed> (bug #426099; low) + - libgd2 <unfixed> (bug #426100; low) + NOTE: http://bugs.libgd.org/?do=details&task_id=86 CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in ...) NOT-FOR-US: PrecisionID CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and ...) @@ -129,11 +131,11 @@ CVE-2007-2742 (Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 ...) NOT-FOR-US: w2box CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows ...) - TODO: check + - lcms 1.15-1 (medium) CVE-2007-2740 (Unspecified vulnerability in xajax before 0.2.5 has unknown impact and ...) - TODO: check + - php-xajax <unfixed> (bug #426103; low) CVE-2007-2739 (Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows ...) - TODO: check + - php-xajax <unfixed> (bug #426103; low) CVE-2007-2738 (SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 ...) TODO: check CVE-2007-2737 (SQL injection vulnerability in index.php in the MyConference 1.0 ...)