[Secure-testing-commits] r6624 - data/CVE

Mon, 17 Sep 2007 15:01:36 -0700 

Author: stef-guest
Date: 2007-09-17 19:51:13 +0000 (Mon, 17 Sep 2007)
New Revision: 6624

Modified:
   data/CVE/list
Log:
bind 8 issue, NFU, php not affected

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-09-17 19:31:35 UTC (rev 6623)
+++ data/CVE/list       2007-09-17 19:51:13 UTC (rev 6624)
@@ -4538,7 +4538,7 @@
 CVE-2007-2931 (Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, 
and ...)
        NOT-FOR-US: MSN Messenger
 CVE-2007-2930 (The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms 
in ISC ...)
-       TODO: check
+       - bind <removed> (bug filed)
 CVE-2007-2929 (The IBM Lenovo Access Support acpRunner ActiveX control, as ...)
        NOT-FOR-US: IBM Lenovo Access Support
 CVE-2007-2928 (Format string vulnerability in the IBM Lenovo Access Support 
acpRunner ...)
@@ -7456,7 +7456,7 @@
 CVE-2007-1689 (Buffer overflow in the ISAlertDataCOM ActiveX control in 
ISLALERT.DLL ...)
        NOT-FOR-US: Norton
 CVE-2007-1688 (Buffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll 
in ...)
-       TODO: check
+       NOT-FOR-US: PhPInfo ActiveX control
 CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation 
iPIX ...)
        NOT-FOR-US: iPIX Image Well ActiveX control
 CVE-2007-1686
@@ -8147,9 +8147,8 @@
        - php4 <not-affected> (cpdf extension not enabled in binary build)
        - php5 <not-affected> (cpdf extension not enabled in binary build)
 CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 
...)
-       TODO: check
-       NOTE: Haven't been able to reproduce the issue in either php4 or php5
-       NOTE: code inspection should be the next step.
+       - php4 <not-affected> (no mssql extension in Debian)
+       - php5 <not-affected> (no mssql extension in Debian)
 CVE-2007-1410 (SQL injection vulnerability in kategori.asp in GaziYapBoz Game 
Portal ...)
        NOT-FOR-US: GaziYapBoz Game Portal
 CVE-2007-1409 (WordPress allows remote attackers to obtain sensitive 
information via ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to