[Secure-testing-commits] r5533 - data/CVE
Florian Weimer
fw at alioth.debian.org
Sat Mar 10 10:28:58 CET 2007
Author: fw
Date: 2007-03-10 09:28:55 +0000 (Sat, 10 Mar 2007)
New Revision: 5533
Modified:
data/CVE/list
Log:
lintian temporary file issue fixed
XInitImage/XGetPixel issue partially fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-03-09 21:14:14 UTC (rev 5532)
+++ data/CVE/list 2007-03-10 09:28:55 UTC (rev 5533)
@@ -1,3 +1,5 @@
+CVE-2007-XXXX [unsafe temporary file in lintian's objdump-info]
+ - lintian 1.23.28 (low)
CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and ...)
- php4 <unfixed> (low)
CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote ...)
@@ -1547,6 +1549,12 @@
{DSA-1260}
- graphicsmagick 1.1.7-12
- imagemagick 7:6.2.4.5.dfsg1-0.14 (bug #410435)
+CVE-2007-XXXX [Lack of input validation in XInitImage/XGetPixel, exposed by broken XWD file]
+ - xfree86 <removed> (bug #414046; medium)
+ - libx11 2:1.0.3-6 (bug #414045; medium)
+ NOTE: Discovered through CVE-2007-0770.
+ NOTE: With certain mail user agents, this issue is likely exploitable
+ NOTE: without much user interaction.
CVE-2006-6982 (3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic ...)
NOT-FOR-US: 3proxy
CVE-2006-6981 (3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows ...)
More information about the Secure-testing-commits
mailing list