[Secure-testing-commits] r6876 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Tue Oct 9 11:11:08 UTC 2007


Author: nion
Date: 2007-10-09 11:11:07 +0000 (Tue, 09 Oct 2007)
New Revision: 6876

Modified:
   data/CVE/list
Log:
libpng no issue for debian version


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-09 10:45:20 UTC (rev 6875)
+++ data/CVE/list	2007-10-09 11:11:07 UTC (rev 6876)
@@ -1,5 +1,8 @@
 CVE-2007-XXXX
-	- libpng <unfixed> (low)
+	- libpng <not-affected> (vulnerable code not present)
+	NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one
+	NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1
+	NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe
 CVE-2007-5261 (Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote ...)
 	NOT-FOR-US: MultiCart
 CVE-2007-5260 (ASP-CMS 1.0 stores sensitive information under the web root with ...)




More information about the Secure-testing-commits mailing list