[Secure-testing-commits] r3507 - data
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Sat Feb 18 13:06:53 UTC 2006
Author: jmm-guest
Date: 2006-02-18 13:06:52 +0000 (Sat, 18 Feb 2006)
New Revision: 3507
Added:
data/open-issues.txt
Log:
New experimental system to track TODOs, that require a bit
more time (typically involving studying of code, practical
tests or contacts with upstream):
This file contains open questions that can't currently be
addressed; if someone's interested in resolving them
replace the "none" behind the ==== with your name. Once an
issue has been fully researched add the information to
CVE/list and remove the entry.
Added: data/open-issues.txt
===================================================================
--- data/open-issues.txt 2006-02-18 12:55:28 UTC (rev 3506)
+++ data/open-issues.txt 2006-02-18 13:06:52 UTC (rev 3507)
@@ -0,0 +1,25 @@
+=== none
+
+From the graphicsmagick 1.1.7-1 upload:
+
+ * magick/constitute.c: Apply upstream fix for potential NULL pointer
+ dereference in ReadImage().
+
+Does this have a CVE name?
+Does it affect imagemagick?
+
+=== none
+
+tikiwiki has been uploaded to the archive a month ago. All previous issues
+in it should be reviewed, whether they're fixed and CVE/list updated
+accordingly.
+
+=== none
+
+From the freewheeling 0.5pre4-5 upload:
+ .
+ * Fixes various gcc-4.0 warnings (uninitialised variables, non-void
+ functions never returning, wrong printf format strings)
+ * Fixed 2 buffer overflows in fweelin_core_dsp.cc
+
+Are any of these exploitable issues?
\ No newline at end of file
More information about the Secure-testing-commits
mailing list