[Secure-testing-commits] r4360 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Sun Jul 9 11:21:07 UTC 2006
Author: jmm-guest
Date: 2006-07-09 11:21:05 +0000 (Sun, 09 Jul 2006)
New Revision: 4360
Modified:
data/CVE/list
Log:
png overflow was dissected on vendor-sec and turned out to
be a non-issue.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-07-08 18:39:05 UTC (rev 4359)
+++ data/CVE/list 2006-07-09 11:21:05 UTC (rev 4360)
@@ -37,7 +37,9 @@
CVE-2006-3335 (Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, ...)
NOT-FOR-US: HP-UX
CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in pngrutil.c in ...)
- - libpng <unfixed> (bug #377298; high)
+ - libpng <unfixed> (bug #377298; unimportant)
+ NOTE: A static 50 char array consumes 13 machine words on 32bit archs, so the overflow
+ NOTE: cannot overwrite other memory sections
CVE-2006-3333 (Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum ...)
NOT-FOR-US: Zorum Forum
CVE-2006-3332 (SQL injection vulnerability in index.php in Zorum Forum 3.5 allows ...)
More information about the Secure-testing-commits
mailing list