> CVE-2007-5470 (Microsoft Expression Media stores the catalog password in
> cleartext in ...)
> NOT-FOR-US: Microsoft Expression Media
> CVE-2007-5469 (OpenSER 1.2.2 does not verify the Digest authentication
> header URI ...)
> - - openser <unfixed> (low; bug #446956)
> + - openser <unfixed> (unimportant; bug #446956)
> NOTE: should be only "exploitable" in local network with untrusted users
> CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest ...)
> NOT-FOR-US: Cisco
In such cases it's useful to mail [EMAIL PROTECTED] with a reference to
the bug to tell them that the issue is not considered a security
problem, so that the CVE entry can be revoked or marked as "DISPUTED".
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
