Author: fw
Date: 2007-05-26 10:19:08 +0000 (Sat, 26 May 2007)
New Revision: 5930

Modified:
   data/CVE/list
Log:
CVE-2007-2756: libgd, libgd2
CVE-2007-2741: lcms fixed
CVE-2007-2739, CVE-2007-2740: php-xajax


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-05-26 09:46:45 UTC (rev 5929)
+++ data/CVE/list       2007-05-26 10:19:08 UTC (rev 5930)
@@ -98,7 +98,9 @@
 CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable 
1.2 ...)
        NOT-FOR-US: Redoable
 CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted 
...)
-       TODO: check
+       - libgd <unfixed> (bug #426099; low)
+       - libgd2 <unfixed> (bug #426100; low)
+       NOTE: http://bugs.libgd.org/?do=details&task_id=86
 CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in ...)
        NOT-FOR-US: PrecisionID
 CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 
2.3.4 and ...)
@@ -129,11 +131,11 @@
 CVE-2007-2742 (Unrestricted file upload vulnerability in labs.beffa.org w2box 
4.0.0 ...)
        NOT-FOR-US: w2box
 CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lmcs) before 1.15 
allows ...)
-       TODO: check
+       - lcms 1.15-1 (medium)
 CVE-2007-2740 (Unspecified vulnerability in xajax before 0.2.5 has unknown 
impact and ...)
-       TODO: check
+       - php-xajax <unfixed> (bug #426103; low)
 CVE-2007-2739 (Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 
allows ...)
-       TODO: check
+       - php-xajax <unfixed> (bug #426103; low)
 CVE-2007-2738 (SQL injection vulnerability in glossaire-p-f.php in the 
Glossaire 1.7 ...)
        TODO: check
 CVE-2007-2737 (SQL injection vulnerability in index.php in the MyConference 
1.0 ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to