Author: joeyh
Date: 2009-03-01 09:14:12 +0000 (Sun, 01 Mar 2009)
New Revision: 11290
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-01 07:09:39 UTC (rev 11289)
+++ data/CVE/list 2009-03-01 09:14:12 UTC (rev 11290)
@@ -7927,7 +7927,7 @@
NOT-FOR-US: Oracle
CVE-2008-3699 (The MagnatuneBrowser::listDownloadComplete function in ...)
- amarok 1.4.10-1 (unimportant; bug #494765)
- [etch] - amarok <not-affected>
+ [etch] - amarok <not-affected>
NOTE: The code in question doesn't dereference the symlink, tested with
Etch
NOTE: and Lenny. Given that it only takes a minute to test this, it's
surprising
NOTE: that at least one vendor issued an advisory and upstream pushed a
new release...
@@ -27856,8 +27856,8 @@
- samba 3.0.25-1 (high)
CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before
1.0.25 and ...)
{DSA-1613-1}
- - libgd2 2.0.35.dfsg-1 (low)
- [etch] - libgd2 2.0.33-5.2etch1 (low)
+ - libgd2 2.0.35.dfsg-1 (low)
+ [etch] - libgd2 2.0.33-5.2etch1 (low)
- libpng 1.2.15~beta5-2 (unimportant)
- libpng3 <not-affected> (unimportant)
NOTE: Only a crash, no code injection. Calling this DoS stretches
things rather far
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
