fw at alioth.debian.org
2009-Mar-22 17:23 UTC
[Secure-testing-commits] r11458 - in data: CVE DSA
Author: fw
Date: 2009-03-22 17:23:27 +0000 (Sun, 22 Mar 2009)
New Revision: 11458
Modified:
data/CVE/list
data/DSA/list
Log:
Reflect that DSA-1750-1 affects different CVEs on etch and lenny
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-03-22 17:16:52 UTC (rev 11457)
+++ data/CVE/list 2009-03-22 17:23:27 UTC (rev 11458)
@@ -14476,9 +14476,10 @@
CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile
or ...)
NOT-FOR-US: Gentoo Linux Ebuilds
CVE-2008-1382 (libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and
1.4.0beta01 ...)
+ {DSA-1750-1}
- libpng 1.2.26-1 (low; bug #476669)
NOTE: 1.2.26-1 contains a patch to fix that
- [etch] - libpng <no-dsa> (Minor issue, rare function)
+ [etch] - libpng 1.2.15~beta5-1+etch2
CVE-2008-1381 (ZoneMinder before 1.23.3 allows remote authenticated users, and
...)
{DTSA-130-1}
- zoneminder 1.23.3-1 (medium; bug #479034)
@@ -22049,9 +22050,10 @@
CVE-2007-5270 (Unspecified vulnerability in the Boost module before 4.7.x-1.0,
and ...)
- drupal <not-affected> (does not ship this module)
CVE-2007-5269 (Certain chunk handlers in libpng before 1.0.29 and 1.2.x before
1.2.21 ...)
+ {DSA-1750-1}
- libpng 1.2.15~beta5-3 (low; bug #446308)
- [etch] - libpng <no-dsa> (Minor issue)
[sarge] - libpng <no-dsa> (Minor issue)
+ [etch] - libpng 1.2.15~beta5-1+etch2
CVE-2007-5268 (pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use
(1) ...)
- libpng <not-affected> (Vulnerable code not present in Debian version,
introduced in 1.2.19)
CVE-2007-5267 (Off-by-one error in ICC profile chunk handling in the
png_set_iCCP ...)
@@ -29012,11 +29014,12 @@
{DSA-1291-2 DTSA-41-1}
- samba 3.0.25-1 (high)
CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before
1.0.25 and ...)
- {DSA-1613-1}
+ {DSA-1613-1 DSA-1750-1}
- libgd2 2.0.35.dfsg-1 (low)
[etch] - libgd2 2.0.33-5.2etch1 (low)
- libpng 1.2.15~beta5-2 (unimportant)
- libpng3 <not-affected> (unimportant)
+ [etch] - libpng 1.2.15~beta5-1+etch2
NOTE: Only a crash, no code injection. Calling this DoS stretches things
rather far
CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd in
Samba ...)
{DSA-1291-2 DTSA-41-1}
Modified: data/DSA/list
==================================================================---
data/DSA/list 2009-03-22 17:16:52 UTC (rev 11457)
+++ data/DSA/list 2009-03-22 17:23:27 UTC (rev 11458)
@@ -1,5 +1,5 @@
[22 Mar 2009] DSA-1750-1 libpng - several vulnerabilities
- {CVE-2007-2445 CVE-2007-5269 CVE-2008-1382 CVE-2008-5907 CVE-2008-6218
CVE-2009-0040}
+ {CVE-2008-5907 CVE-2008-6218 CVE-2009-0040}
[etch] - libpng 1.2.15~beta5-1+etch2
[lenny] - libpng 1.2.27-2+lenny2
[20 Mar 2009] DSA-1749-1 linux-2.6 - several vulnerabilities