[Secure-testing-commits] r6364 - data/CVE

[nion at alioth.debian.org]

Author: nion
Date: 2007-08-20 21:12:07 +0000 (Mon, 20 Aug 2007)
New Revision: 6364

Modified:
   data/CVE/list
Log:
CVE-2007-0455, CVE-2007-2756, CVE-2007-3476 and CVE-2007-3477 fixed in 2.0.35.dfsg-1


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-08-20 15:08:43 UTC (rev 6363)
+++ data/CVE/list	2007-08-20 21:12:07 UTC (rev 6364)
@@ -1980,10 +1980,10 @@
 	- libgd2 <not-affected>
 	NOTE: this is a crash, and does not seem to be attacker controlled.
 CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics ...)
-	- libgd2 <unfixed> (low)
+	- libgd2 2.0.35.dfsg-1 (low)
 	NOTE: CPU consumption DoS
 CVE-2007-3476 (Array index error in gd_gif_in.c in the GD Graphics Library (libgd) ...)
-	- libgd2 <unfixed> (low)
+	- libgd2 2.0.35.dfsg-1 (low)
 	NOTE: can write a 0 to a 4k window in heap, very unlikely to be controllable.
 CVE-2007-3475 (The GD Graphics Library (libgd) before 2.0.35 allows user-assisted ...)
 	- libgd2 <not-affected>
@@ -3719,7 +3719,7 @@
 CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 ...)
 	NOT-FOR-US: Redoable
 CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted ...)
-	- libgd <unfixed> (bug #426099; low)
+	- libgd 2.0.35.dfsg-1 (bug #426099; low)
 	[etch] - libgd <no-dsa> (Minor issue)
 	[sarge] - libgd <no-dsa> (Minor issue)
 	- libgd2 <unfixed> (bug #426100; low)
@@ -9586,7 +9586,7 @@
 	- wireshark 0.99.4-5 (low)
 	[sarge] - ethereal <not-affected> (Vulnerable code not present)
 CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in GD ...)
-	- libgd2 <unfixed> (bug #408982; low)
+	- libgd2 2.0.35.dfsg-1 (bug #408982; low)
 	[sarge] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
 	[etch] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
 CVE-2007-0454 (Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 ...)