[Secure-testing-commits] r13031 - data/CVE
Steffen Joeris
white at alioth.debian.org
Fri Oct 16 10:35:10 UTC 2009
Author: white
Date: 2009-10-16 10:35:10 +0000 (Fri, 16 Oct 2009)
New Revision: 13031
Modified:
data/CVE/list
Log:
New camlimages issue, should be rated low since it is only exploitable through execution of crafted files
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-16 10:32:36 UTC (rev 13030)
+++ data/CVE/list 2009-10-16 10:35:10 UTC (rev 13031)
@@ -900,8 +900,9 @@
RESERVED
CVE-2009-3297
RESERVED
-CVE-2009-3296
+CVE-2009-3296 [camlimages: tiffread.c integer overflows]
RESERVED
+ - camlimages <unfixed> (low)
CVE-2009-3295
RESERVED
CVE-2009-3294 (The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11, when ...)
@@ -3292,7 +3293,7 @@
- strongswan 4.3.2-1.1 (bug #540144)
CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow ...)
{DSA-1857-1}
- - camlimages 1:3.0.1-3 (medium; bug #540146)
+ - camlimages 1:3.0.1-3 (low; bug #540146)
- advi <not-affected> (affected code section not present in advi code copy of camlimages)
CVE-2009-2657 (nilfs-utils before 2.0.14 installs multiple programs with unnecessary ...)
- nilfs2-tools <not-affected> (dh_fixperms removes the setuid and setgid bits from all files)
@@ -4340,8 +4341,8 @@
NOT-FOR-US: kernel module in Sun Solaris
CVE-2009-2295 (Multiple integer overflows in CamlImages 2.2 and earlier might allow ...)
{DSA-1832-1}
- - camlimages 1:3.0.1-2 (medium; bug #535909)
- - advi <unfixed> (medium; bug #550440)
+ - camlimages 1:3.0.1-2 (low; bug #535909)
+ - advi <unfixed> (low; bug #550440)
CVE-2009-2294 (Integer overflow in the Png_datainfo_callback function in Dillo 2.1 ...)
- dillo <unfixed> (medium; bug #535788)
NOTE: fixed in upstream version 2.2.1
More information about the Secure-testing-commits
mailing list