[Secure-testing-commits] r15872 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Jan 14 23:55:49 UTC 2011 

Author: jmm
Date: 2011-01-14 23:55:49 +0000 (Fri, 14 Jan 2011)
New Revision: 15872

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
graphviz links dynamically against libgd2 (checked for squeeze and lenny)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-01-14 23:47:02 UTC (rev 15871)
+++ data/CVE/list	2011-01-14 23:55:49 UTC (rev 15872)
@@ -17201,7 +17201,6 @@
 	- plt-scheme <unfixed> (low; bug #601525)
 	[squeeze] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
 	[lenny] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
-	- graphviz <unfixed>
 	- libgd2 2.0.36~rc1~dfsg-3.1 (medium; bug #552534)
 	- php5 <not-affected> (the php packages use the system libgd2)
 	NOTE: http://svn.php.net/viewvc?view=revision&revision=289557
@@ -49212,7 +49211,6 @@
 	- plt-scheme <unfixed> (low; bug #601525)
 	[squeeze] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
 	[lenny] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
-	- graphviz <unfixed>
 	- libgd2 2.0.35.dfsg-3
 	[etch] - libgd2 2.0.33-5.2etch1 
 	TODO: check
@@ -51364,7 +51362,6 @@
 	- plt-scheme <unfixed> (low; bug #601525)
 	[squeeze] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
 	[lenny] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
-	- graphviz <unfixed>
 	NOTE: Debian's PHP packages are linked dynamically against libgd
 	NOTE: see http://www.php.net/releases/5_2_4.php
 	TODO: check
@@ -52634,7 +52631,6 @@
 	- plt-scheme <unfixed> (low; bug #601525)
 	[squeeze] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
 	[lenny] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
-	- graphviz <unfixed>
 	NOTE: CPU consumption DoS
 	TODO: check
 CVE-2007-3476 (Array index error in gd_gif_in.c in the GD Graphics Library (libgd) ...)
@@ -52644,7 +52640,6 @@
 	- plt-scheme <unfixed> (low; bug #601525)
 	[squeeze] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
 	[lenny] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
-	- graphviz <unfixed>
 	NOTE: can write a 0 to a 4k window in heap, very unlikely to be controllable.
 	TODO: check
 CVE-2007-3475 (The GD Graphics Library (libgd) before 2.0.35 allows user-assisted ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2011-01-14 23:47:02 UTC (rev 15871)
+++ data/embedded-code-copies	2011-01-14 23:55:49 UTC (rev 15872)
@@ -577,7 +577,7 @@
         - ia32-libs <unfixable> (embed)
 
 libgd2
-	- graphviz <unfixed> (embed)
+	- graphviz 2.16-1 (embed)
 	NOTE: lib/gd seems to be 2.0.33
 	- wml 2.0.11ds2-1 (embed)
 	- libwmf <unfixed> (embed)

More information about the Secure-testing-commits mailing list