Author: fw
Date: 2007-05-26 10:19:08 +0000 (Sat, 26 May 2007)
New Revision: 5930
Modified:
data/CVE/list
Log:
CVE-2007-2756: libgd, libgd2
CVE-2007-2741: lcms fixed
CVE-2007-2739, CVE-2007-2740: php-xajax
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-05-26 09:46:45 UTC (rev 5929)
+++ data/CVE/list 2007-05-26 10:19:08 UTC (rev 5930)
@@ -98,7 +98,9 @@
CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable
1.2 ...)
NOT-FOR-US: Redoable
CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted
...)
- TODO: check
+ - libgd <unfixed> (bug #426099; low)
+ - libgd2 <unfixed> (bug #426100; low)
+ NOTE: http://bugs.libgd.org/?do=details&task_id=86
CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in ...)
NOT-FOR-US: PrecisionID
CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype
2.3.4 and ...)
@@ -129,11 +131,11 @@
CVE-2007-2742 (Unrestricted file upload vulnerability in labs.beffa.org w2box
4.0.0 ...)
NOT-FOR-US: w2box
CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lmcs) before 1.15
allows ...)
- TODO: check
+ - lcms 1.15-1 (medium)
CVE-2007-2740 (Unspecified vulnerability in xajax before 0.2.5 has unknown
impact and ...)
- TODO: check
+ - php-xajax <unfixed> (bug #426103; low)
CVE-2007-2739 (Cross-site scripting (XSS) vulnerability in xajax before 0.2.5
allows ...)
- TODO: check
+ - php-xajax <unfixed> (bug #426103; low)
CVE-2007-2738 (SQL injection vulnerability in glossaire-p-f.php in the
Glossaire 1.7 ...)
TODO: check
CVE-2007-2737 (SQL injection vulnerability in index.php in the MyConference
1.0 ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits