Author: nion Date: 2007-10-09 11:11:07 +0000 (Tue, 09 Oct 2007) New Revision: 6876 Modified: data/CVE/list Log: libpng no issue for debian version Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-10-09 10:45:20 UTC (rev 6875) +++ data/CVE/list 2007-10-09 11:11:07 UTC (rev 6876) @@ -1,5 +1,8 @@ CVE-2007-XXXX - - libpng <unfixed> (low) + - libpng <not-affected> (vulnerable code not present) + NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one + NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1 + NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe CVE-2007-5261 (Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote ...) NOT-FOR-US: MultiCart CVE-2007-5260 (ASP-CMS 1.0 stores sensitive information under the web root with ...)