Author: jmm-guest
Date: 2007-08-05 19:09:59 +0000 (Sun, 05 Aug 2007)
New Revision: 6241

Modified:
   data/CVE/list
Log:
smbd regression in SuSE
another icefoo issue fixed
reported kernel issue isn't sufficiently attacker controllable to
  warrant calling it a security problem


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-08-05 19:07:41 UTC (rev 6240)
+++ data/CVE/list       2007-08-05 19:09:59 UTC (rev 6241)
@@ -155,13 +155,13 @@
 CVE-2007-4045 (The CUPS service on SUSE Linux before 20070720 allows remote 
attackers ...)
        TODO: check
 CVE-2007-4044 (Incomplete blacklist vulnerability in the MS-RPC functionality 
in smbd ...)
-       TODO: check
+       NOTE: I've contacted SuSE: It's a functional regression in SuSE, not a 
security problem
 CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network 
Security ...)
        NOT-FOR-US: Secure Computing SecurityReporter
 CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape 
Navigator 9 ...)
-       TODO: check
+       NOT-FOR-US: Netscape Navigator
 CVE-2007-4041 (Multiple argument injection vulnerabilities in Mozilla Firefox 
2.0.0.5 ...)
-       TODO: check
+       - iceweasel 2.0.0.6-1
 CVE-2007-4040 (Argument injection vulnerability involving Microsoft Outlook 
and ...)
        NOT-FOR-US: Micrsoft Outlook
 CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when 
certain URIs ...)
@@ -2307,7 +2307,8 @@
 CVE-2007-3108
        RESERVED
 CVE-2007-3107 (The signal handling in the Linux kernel 2.6.2 and later, when 
run on ...)
-       - linux-2.6 <unfixed>
+       - linux-2.6 <unfixed> (unimportant)
+       NOTE: Not reproducibly reliably by an attacker, mostly a bug
 CVE-2007-3106 (libvorbis 1.1.2, and possibly other versions before 1.2.0, 
allows ...)
        TODO: check
 CVE-2007-3105 (Stack-based buffer overflow in the random number generator 
(RNG) ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to