[Secure-testing-commits] r13865 - data/CVE

Steffen Joeris white at alioth.debian.org
Wed Jan 20 14:43:29 UTC 2010


Author: white
Date: 2010-01-20 14:43:28 +0000 (Wed, 20 Jan 2010)
New Revision: 13865

Modified:
   data/CVE/list
Log:
gzip issues now public

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-20 14:17:26 UTC (rev 13864)
+++ data/CVE/list	2010-01-20 14:43:28 UTC (rev 13865)
@@ -1503,8 +1503,9 @@
 	- linux-2.6.24 <removed>
 CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash package for ...)
 	- bash <not-affected> (mandriva-specific packaging issue)
-CVE-2010-0001
+CVE-2010-0001 [gzip: integer underflow via LZW compressed gzip archive]
 	RESERVED
+	- gzip <unfixed> (medium)
 CVE-2009-4324 (Use-after-free vulnerability in the Doc.media.newPlayer method in ...)
 	NOT-FOR-US: Adobe Reader and Acrobat 8.0
 CVE-2009-4323 (The installation for Zen Cart stores sensitive information and ...)
@@ -7048,8 +7049,9 @@
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
 	- libxerces2-java <unfixed>
-CVE-2009-2624
+CVE-2009-2624 [gzip: missing input sanitation related to dynamic Huffman codes]
 	RESERVED
+	- gzip <unfixed> (medium)
 CVE-2009-2623
 	RESERVED
 CVE-2009-2620 (src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before ...)




More information about the Secure-testing-commits mailing list