Author: nion Date: 2007-08-20 21:12:07 +0000 (Mon, 20 Aug 2007) New Revision: 6364 Modified: data/CVE/list Log: CVE-2007-0455, CVE-2007-2756, CVE-2007-3476 and CVE-2007-3477 fixed in 2.0.35.dfsg-1 Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-20 15:08:43 UTC (rev 6363) +++ data/CVE/list 2007-08-20 21:12:07 UTC (rev 6364) @@ -1980,10 +1980,10 @@ - libgd2 <not-affected> NOTE: this is a crash, and does not seem to be attacker controlled. CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics ...) - - libgd2 <unfixed> (low) + - libgd2 2.0.35.dfsg-1 (low) NOTE: CPU consumption DoS CVE-2007-3476 (Array index error in gd_gif_in.c in the GD Graphics Library (libgd) ...) - - libgd2 <unfixed> (low) + - libgd2 2.0.35.dfsg-1 (low) NOTE: can write a 0 to a 4k window in heap, very unlikely to be controllable. CVE-2007-3475 (The GD Graphics Library (libgd) before 2.0.35 allows user-assisted ...) - libgd2 <not-affected> @@ -3719,7 +3719,7 @@ CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 ...) NOT-FOR-US: Redoable CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted ...) - - libgd <unfixed> (bug #426099; low) + - libgd 2.0.35.dfsg-1 (bug #426099; low) [etch] - libgd <no-dsa> (Minor issue) [sarge] - libgd <no-dsa> (Minor issue) - libgd2 <unfixed> (bug #426100; low) @@ -9586,7 +9586,7 @@ - wireshark 0.99.4-5 (low) [sarge] - ethereal <not-affected> (Vulnerable code not present) CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in GD ...) - - libgd2 <unfixed> (bug #408982; low) + - libgd2 2.0.35.dfsg-1 (bug #408982; low) [sarge] - libgd2 <no-dsa> (Minor issue, hardly exploitable) [etch] - libgd2 <no-dsa> (Minor issue, hardly exploitable) CVE-2007-0454 (Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 ...)