Author: white
Date: 2009-10-16 10:35:10 +0000 (Fri, 16 Oct 2009)
New Revision: 13031
Modified:
data/CVE/list
Log:
New camlimages issue, should be rated low since it is only exploitable through
execution of crafted files
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-10-16 10:32:36 UTC (rev 13030)
+++ data/CVE/list 2009-10-16 10:35:10 UTC (rev 13031)
@@ -900,8 +900,9 @@
RESERVED
CVE-2009-3297
RESERVED
-CVE-2009-3296
+CVE-2009-3296 [camlimages: tiffread.c integer overflows]
RESERVED
+ - camlimages <unfixed> (low)
CVE-2009-3295
RESERVED
CVE-2009-3294 (The popen API function in TSRM/tsrm_win32.c in PHP before
5.2.11, when ...)
@@ -3292,7 +3293,7 @@
- strongswan 4.3.2-1.1 (bug #540144)
CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow ...)
{DSA-1857-1}
- - camlimages 1:3.0.1-3 (medium; bug #540146)
+ - camlimages 1:3.0.1-3 (low; bug #540146)
- advi <not-affected> (affected code section not present in advi code
copy of camlimages)
CVE-2009-2657 (nilfs-utils before 2.0.14 installs multiple programs with
unnecessary ...)
- nilfs2-tools <not-affected> (dh_fixperms removes the setuid and setgid
bits from all files)
@@ -4340,8 +4341,8 @@
NOT-FOR-US: kernel module in Sun Solaris
CVE-2009-2295 (Multiple integer overflows in CamlImages 2.2 and earlier might
allow ...)
{DSA-1832-1}
- - camlimages 1:3.0.1-2 (medium; bug #535909)
- - advi <unfixed> (medium; bug #550440)
+ - camlimages 1:3.0.1-2 (low; bug #535909)
+ - advi <unfixed> (low; bug #550440)
CVE-2009-2294 (Integer overflow in the Png_datainfo_callback function in Dillo
2.1 ...)
- dillo <unfixed> (medium; bug #535788)
NOTE: fixed in upstream version 2.2.1