[Secure-testing-commits] r6264 - data/CVE

white Wed, 08 Aug 2007 08:17:43 -0700

Author: white
Date: 2007-08-08 15:17:39 +0000 (Wed, 08 Aug 2007)
New Revision: 6264


Modified:
   data/CVE/list
Log:
* Add Debian bug for zziplib CVE

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-08-08 14:28:31 UTC (rev 6263)
+++ data/CVE/list       2007-08-08 15:17:39 UTC (rev 6264)
@@ -5756,7 +5756,7 @@
 CVE-2007-1615 (SQL injection vulnerability in index.php in ScriptMagix Jokes 
2.0 and ...)
        NOT-FOR-US: ScriptMagix
 CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function 
in ...)
-       - zziplib <unfixed> (low)
+       - zziplib <unfixed> (bug #436701; low)
        NOTE: 
http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187
        NOTE: If an attacker can supply arbitrary file names, we likely suffer 
from
        NOTE: an information disclosure issue anyway.


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r6264 - data/CVE

Reply via email to