joeyh at alioth.debian.org
2008-Jul-22 09:14 UTC
[Secure-testing-commits] r9391 - data/CVE
Author: joeyh
Date: 2008-07-22 09:14:19 +0000 (Tue, 22 Jul 2008)
New Revision: 9391
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-07-22 07:01:44 UTC (rev 9390)
+++ data/CVE/list 2008-07-22 09:14:19 UTC (rev 9391)
@@ -14894,6 +14894,7 @@
- php4 <unfixed> (unimportant)
NOTE: only exploitable by malicious script
CVE-2007-3996 (Multiple integer overflows in libgd in PHP before 5.2.4 allow
remote ...)
+ {DSA-1613-1}
- libgd2 2.0.35.dfsg-1 (bug #443456; medium)
- php5 5.2.4-1 (medium)
NOTE: see http://www.php.net/releases/5_2_4.php
@@ -16154,9 +16155,11 @@
- libgd2 <unfixed> (unimportant)
NOTE: this is a crash, and does not seem to be attacker controlled.
CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics
...)
+ {DSA-1613-1}
- libgd2 2.0.35.dfsg-1 (low)
NOTE: CPU consumption DoS
CVE-2007-3476 (Array index error in gd_gif_in.c in the GD Graphics Library
(libgd) ...)
+ {DSA-1613-1}
- libgd2 2.0.35.dfsg-1 (low)
NOTE: can write a 0 to a 4k window in heap, very unlikely to be controllable.
CVE-2007-3475 (The GD Graphics Library (libgd) before 2.0.35 allows
user-assisted ...)
@@ -18657,6 +18660,7 @@
{DSA-1291-2 DTSA-41-1}
- samba 3.0.25-1 (high)
CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before
1.0.25 and ...)
+ {DSA-1613-1}
- libpng 1.2.15~beta5-2 (unimportant)
- libpng3 <unfixed> (unimportant)
NOTE: Only a crash, no code injection. Calling this DoS stretches things
rather far