Hi Moritz, * Moritz Muehlenhoff <[EMAIL PROTECTED]> [2007-10-17 22:36]: > > CVE-2007-5470 (Microsoft Expression Media stores the catalog password in > > cleartext in ...) > > NOT-FOR-US: Microsoft Expression Media > > CVE-2007-5469 (OpenSER 1.2.2 does not verify the Digest authentication > > header URI ...) > > - - openser <unfixed> (low; bug #446956) > > + - openser <unfixed> (unimportant; bug #446956) > > NOTE: should be only "exploitable" in local network with untrusted users > > CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest > > ...) > > NOT-FOR-US: Cisco > > In such cases it's useful to mail [EMAIL PROTECTED] with a reference to > the bug to tell them that the issue is not considered a security > problem, so that the CVE entry can be revoked or marked as "DISPUTED".
Thanks for the hint, contacted Steven Christey because of this. Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpqzF6w8lwny.pgp
Description: PGP signature
