[Secure-testing-commits] r5872 - in data: CVE DSA

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Thu May 17 19:31:17 UTC 2007


Author: jmm-guest
Date: 2007-05-17 19:31:16 +0000 (Thu, 17 May 2007)
New Revision: 5872

Modified:
   data/CVE/list
   data/DSA/list
Log:
quagga DSA
libpng crasher not treated as a security problem


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-05-17 19:10:43 UTC (rev 5871)
+++ data/CVE/list	2007-05-17 19:31:16 UTC (rev 5872)
@@ -569,8 +569,9 @@
 	- samba 3.0.25-1 (high)
 CVE-2007-2445 [libpng tRNS Chunk Denial of Service]
 	RESERVED
-	- libpng 1.2.15~beta5-2
-	- libpng3 <unfixed>
+	- libpng 1.2.15~beta5-2 (unimportant)
+	- libpng3 <unfixed> (unimportant)
+	NOTE: Only a crash, no code injection. Calling this DoS stretches things rather far
 CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd in Samba ...)
 	{DSA-1291-2}
 	- samba 3.0.25-1

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2007-05-17 19:10:43 UTC (rev 5871)
+++ data/DSA/list	2007-05-17 19:31:16 UTC (rev 5872)
@@ -1,3 +1,7 @@
+[17 May 2007] DSA-1293-1 quagga
+	{CVE-2007-1995}
+	[sarge] - 0.98.3-7.4
+	[etch] - 0.99.5-5etch2
 [15 May 2007] DSA-1292-1 qt4-x11
 	{CVE-2007-0242}
 	[etch] - qt4-x11 4.2.1-2etch1




More information about the Secure-testing-commits mailing list