[Secure-testing-commits] r11458 - in data: CVE DSA

fw at alioth.debian.org fw at alioth.debian.org
Sun Mar 22 17:23:28 UTC 2009 

Author: fw
Date: 2009-03-22 17:23:27 +0000 (Sun, 22 Mar 2009)
New Revision: 11458

Modified:
   data/CVE/list
   data/DSA/list
Log:
Reflect that DSA-1750-1 affects different CVEs on etch and lenny


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-03-22 17:16:52 UTC (rev 11457)
+++ data/CVE/list	2009-03-22 17:23:27 UTC (rev 11458)
@@ -14476,9 +14476,10 @@
 CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile or ...)
 	NOT-FOR-US: Gentoo Linux Ebuilds
 CVE-2008-1382 (libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 ...)
+	{DSA-1750-1}
 	- libpng 1.2.26-1 (low; bug #476669)
 	NOTE: 1.2.26-1 contains a patch to fix that
-	[etch] - libpng <no-dsa> (Minor issue, rare function)
+	[etch] - libpng 1.2.15~beta5-1+etch2
 CVE-2008-1381 (ZoneMinder before 1.23.3 allows remote authenticated users, and ...)
 	{DTSA-130-1}
 	- zoneminder 1.23.3-1 (medium; bug #479034)
@@ -22049,9 +22050,10 @@
 CVE-2007-5270 (Unspecified vulnerability in the Boost module before 4.7.x-1.0, and ...)
 	- drupal <not-affected> (does not ship this module)
 CVE-2007-5269 (Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 ...)
+	{DSA-1750-1}
 	- libpng 1.2.15~beta5-3 (low; bug #446308)
-	[etch] - libpng <no-dsa> (Minor issue)
 	[sarge] - libpng <no-dsa> (Minor issue)
+	[etch] - libpng 1.2.15~beta5-1+etch2
 CVE-2007-5268 (pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) ...)
 	- libpng <not-affected> (Vulnerable code not present in Debian version, introduced in 1.2.19)
 CVE-2007-5267 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP ...)
@@ -29012,11 +29014,12 @@
 	{DSA-1291-2 DTSA-41-1}
 	- samba 3.0.25-1 (high)
 CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and ...)
-	{DSA-1613-1}
+	{DSA-1613-1 DSA-1750-1}
 	- libgd2 2.0.35.dfsg-1 (low)
 	[etch] - libgd2 2.0.33-5.2etch1 (low)
 	- libpng 1.2.15~beta5-2 (unimportant)
 	- libpng3 <not-affected> (unimportant)
+	[etch] - libpng 1.2.15~beta5-1+etch2
 	NOTE: Only a crash, no code injection. Calling this DoS stretches things rather far
 CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd in Samba ...)
 	{DSA-1291-2 DTSA-41-1}

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2009-03-22 17:16:52 UTC (rev 11457)
+++ data/DSA/list	2009-03-22 17:23:27 UTC (rev 11458)
@@ -1,5 +1,5 @@
 [22 Mar 2009] DSA-1750-1 libpng - several vulnerabilities
-	{CVE-2007-2445 CVE-2007-5269 CVE-2008-1382 CVE-2008-5907 CVE-2008-6218 CVE-2009-0040}
+	{CVE-2008-5907 CVE-2008-6218 CVE-2009-0040}
 	[etch] - libpng 1.2.15~beta5-1+etch2
 	[lenny] - libpng 1.2.27-2+lenny2
 [20 Mar 2009] DSA-1749-1 linux-2.6 - several vulnerabilities

More information about the Secure-testing-commits mailing list