[Secure-testing-commits] r6177 - data/CVE

Thu, 26 Jul 2007 10:08:17 -0700 

Author: jmm-guest
Date: 2007-07-26 17:08:13 +0000 (Thu, 26 Jul 2007)
New Revision: 6177

Modified:
   data/CVE/list
Log:
iceweasel status checks
fck editor appears to be a non-issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-07-26 11:10:10 UTC (rev 6176)
+++ data/CVE/list       2007-07-26 17:08:13 UTC (rev 6177)
@@ -1607,9 +1607,14 @@
 CVE-2007-3164 (Microsoft Internet Explorer 7, when prompting for HTTP Basic 
...)
        NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in 
Frederico ...)
-       - moin <unfixed> (bug #429205)
-       - knowledgeroot 0.9.8.2-2 (bug #429204)
-       - karrigell <unfixed> (bug #429207)
+       - moin <unfixed> (unimportant; bug #429205)
+       - knowledgeroot 0.9.8.2-2 (unimportant; bug #429204)
+       - karrigell <unfixed> (unimportant; bug #429207)
+       NOTE: This is only exploitable on NTFS filesystems 
+       NOTE: Given the state of Linux' NTFS support it seems highly unlikely
+       NOTE: and given the state of ext3/XFS highly stupid to run a 
Debian-based
+       NOTE: web server with NTFS
+       TODO: Check, whether NTFS on Linux is affected at all, I doubt so
 CVE-2007-3162 (Buffer overflow in the NotSafe function in the idaiehlp ActiveX 
...)
        NOT-FOR-US: Internet Download Accelerator
 CVE-2007-3161 (Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, 
remote ...)
@@ -6194,7 +6199,8 @@
 CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 
6000, 6500, ...)
        NOT-FOR-US: Cisco
 CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the 
address ...)
-       - iceweasel <unfixed> (medium)
+       - iceweasel <unfixed> (unimportant)
+       NOTE: Not exploitable
 CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in 
...)
        NOT-FOR-US: Connectix Boards
 CVE-2007-1254 (SQL injection vulnerability in part.userprofile.php in 
Connectix ...)
@@ -6579,6 +6585,7 @@
        NOT-FOR-US: VirtueMart
 CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload 
...)
        - iceweasel <unfixed> (low)
+       NOTE: Pending for upcoming security releases
 CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause 
a ...)
        NOT-FOR-US: Microsoft IE
 CVE-2007-1093 (Multiple unspecified vulnerabilities in JP1/Cm2/Network Node 
Manager ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to