[Secure-testing-commits] r6876 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Tue Oct 9 11:11:08 UTC 2007
Author: nion
Date: 2007-10-09 11:11:07 +0000 (Tue, 09 Oct 2007)
New Revision: 6876
Modified:
data/CVE/list
Log:
libpng no issue for debian version
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-09 10:45:20 UTC (rev 6875)
+++ data/CVE/list 2007-10-09 11:11:07 UTC (rev 6876)
@@ -1,5 +1,8 @@
CVE-2007-XXXX
- - libpng <unfixed> (low)
+ - libpng <not-affected> (vulnerable code not present)
+ NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one
+ NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1
+ NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe
CVE-2007-5261 (Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote ...)
NOT-FOR-US: MultiCart
CVE-2007-5260 (ASP-CMS 1.0 stores sensitive information under the web root with ...)
More information about the Secure-testing-commits
mailing list