white at alioth.debian.org
2007-Aug-22 04:47 UTC
[Secure-testing-commits] r6372 - data/CVE
Author: white Date: 2007-08-22 04:47:52 +0000 (Wed, 22 Aug 2007) New Revision: 6372 Modified: data/CVE/list Log: zziplib fixed in latest MU Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-21 21:14:12 UTC (rev 6371) +++ data/CVE/list 2007-08-22 04:47:52 UTC (rev 6372) @@ -6336,7 +6336,7 @@ CVE-2007-1615 (SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and ...) NOT-FOR-US: ScriptMagix CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in ...) - - zziplib <unfixed> (bug #436701; low) + - zziplib 0.13.49-0 (bug #436701; low) [etch] - zziplib <no-dsa> (Minor issue) NOTE: http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187 NOTE: If an attacker can supply arbitrary file names, we likely suffer from