[Secure-testing-commits] r9985 - data/CVE
white at alioth.debian.org
white at alioth.debian.org
Sat Oct 4 08:20:37 UTC 2008
Author: white
Date: 2008-10-04 08:20:35 +0000 (Sat, 04 Oct 2008)
New Revision: 9985
Modified:
data/CVE/list
Log:
Add information about libpng issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-04 08:19:06 UTC (rev 9984)
+++ data/CVE/list 2008-10-04 08:20:35 UTC (rev 9985)
@@ -1155,11 +1155,11 @@
- mysql-dfsg-5.0 5.0.51a-15 (low; bug #498362)
begin claimed by white
CVE-2008-3964 (Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 ...)
- - libpng <unfixed>
+ - libpng <unfixed> (low; bug #501109)
+ [etch] - libpng <not-affected> (Vulnerable code not present)
NOTE: off-by-one error in pngpread.c is not present, must have
- NOTE: been introduced later, but I think pngtest.c is affected
- TODO: check that 1.2.32 is not uploaded, as it also includes
- TODO: the off-by-one error in pngpread.c
+ NOTE: been introduced later, but pngtest.c is affected. However, there
+ NOTE: is no known exploit.
end claimed by white
CVE-2008-XXXX [multiple heap based overflows in xine-lib]
- xine-lib <unfixed> (medium; bug #498243)
More information about the Secure-testing-commits
mailing list