[Secure-testing-commits] r41208 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Apr 26 13:50:48 UTC 2016 

Author: jmm
Date: 2016-04-26 13:50:48 +0000 (Tue, 26 Apr 2016)
New Revision: 41208

Modified:
   data/CVE/list
Log:
hhvm affected by recent libgd issue
older libgd issues fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-04-26 13:41:43 UTC (rev 41207)
+++ data/CVE/list	2016-04-26 13:50:48 UTC (rev 41208)
@@ -2605,10 +2605,11 @@
 	- libgd2 2.1.1-4.1 (bug #822242)
 	- php5 <unfixed> (unimportant)
 	- php7.0 <unfixed> (unimportant)
+	- hhvm <unfixed>
 	NOTE: PoC: https://github.com/dyntopia/exploits/tree/master/CVE-2016-3074
 	NOTE: Upstream fix: https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19
 	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
-	TODO: check (php5, php7.0, hhvm, texlive, libwmf)
+	TODO: check (texlive, libwmf)
 CVE-2016-3073
 	RESERVED
 CVE-2016-3072
@@ -166879,7 +166880,7 @@
 CVE-2007-3479 (Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows ...)
 	NOT-FOR-US: PCSoft WinDEV
 CVE-2007-3478 (Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in ...)
-	- libgd2 <unfixed> (unimportant)
+	- libgd2 2.0.35.dfsg-1 (unimportant)
 	NOTE: this is a crash, and does not seem to be attacker controlled.
 CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics ...)
 	{DSA-1613-1}
@@ -166896,15 +166897,15 @@
 	NOTE: Only present in one of the sample pl-scheme packages (plot)
 	NOTE: can write a 0 to a 4k window in heap, very unlikely to be controllable.
 CVE-2007-3475 (The GD Graphics Library (libgd) before 2.0.35 allows user-assisted ...)
-	- libgd2 <unfixed> (unimportant)
+	- libgd2 2.0.35.dfsg-1 (unimportant)
 	NOTE: out-of-band memory read, does not appear attacker controlled.
 CVE-2007-3474 (Multiple unspecified vulnerabilities in the GIF reader in the GD ...)
 	NOTE: appears to be prophylactic dup of CVE-2007-3476.
 CVE-2007-3473 (The gdImageCreateXbm function in the GD Graphics Library (libgd) ...)
-	- libgd2 <unfixed> (unimportant)
+	- libgd2 2.0.35.dfsg-1 (unimportant)
 	NOTE: this is only a NULL deref crash (same as CVE-2007-3472)
 CVE-2007-3472 (Integer overflow in gdImageCreateTrueColor function in the GD Graphics ...)
-	- libgd2 <unfixed> (unimportant)
+	- libgd2 2.0.35.dfsg-1 (unimportant)
 	NOTE: this is only a NULL deref crash.
 CVE-2007-3471 (Buffer overflow in the dtsession Common Desktop Environment (CDE) ...)
 	NOT-FOR-US: Sun Solaris dtsession

More information about the Secure-testing-commits mailing list