[Secure-testing-commits] r9985 - data/CVE

white at alioth.debian.org white at alioth.debian.org
Sat Oct 4 08:20:37 UTC 2008


Author: white
Date: 2008-10-04 08:20:35 +0000 (Sat, 04 Oct 2008)
New Revision: 9985

Modified:
   data/CVE/list
Log:
Add information about libpng issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-04 08:19:06 UTC (rev 9984)
+++ data/CVE/list	2008-10-04 08:20:35 UTC (rev 9985)
@@ -1155,11 +1155,11 @@
 	- mysql-dfsg-5.0 5.0.51a-15 (low; bug #498362)
 begin claimed by white
 CVE-2008-3964 (Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 ...)
-	- libpng <unfixed>
+	- libpng <unfixed> (low; bug #501109)
+	[etch] - libpng <not-affected> (Vulnerable code not present)
 	NOTE: off-by-one error in pngpread.c is not present, must have
-	NOTE: been introduced later, but I think pngtest.c is affected
-	TODO: check that 1.2.32 is not uploaded, as it also includes
-	TODO: the off-by-one error in pngpread.c
+	NOTE: been introduced later, but pngtest.c is affected. However, there
+	NOTE: is no known exploit.
 end claimed by white
 CVE-2008-XXXX [multiple heap based overflows in xine-lib]
 	- xine-lib <unfixed> (medium; bug #498243)




More information about the Secure-testing-commits mailing list