Author: nion
Date: 2007-12-19 12:40:28 +0000 (Wed, 19 Dec 2007)
New Revision: 7657
Modified:
data/CVE/list
Log:
NFUs
new linux-2.6 issues, poked maks
CVE-2007-6416 does not affect xen in Debian
removed comments for rejects items
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-12-19 09:14:12 UTC (rev 7656)
+++ data/CVE/list 2007-12-19 12:40:28 UTC (rev 7657)
@@ -9,13 +9,13 @@
CVE-2008-0026
RESERVED
CVE-2007-6436 (Stack-based buffer overflow in JSGCI.DLL in JustSystems
Ichitaro 2005, ...)
- TODO: check
+ NOT-FOR-US: JustSystems
CVE-2007-6435 (Stack-based buffer overflow in Novell GroupWise before 6.5.7,
when ...)
- TODO: check
+ NOT-FOR-US: Novell GroupWise
CVE-2007-6434 (Linux kernel 2.6.23 allows local users to create low pages in
virtual ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2007-6433 (The getRenderedEjbql method in the
org.jboss.seam.framework.Query ...)
- TODO: check
+ - jbosseam <itp> (bug #451956)
CVE-2007-6432
RESERVED
CVE-2007-6431
@@ -33,7 +33,7 @@
CVE-2007-6425
RESERVED
CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running
in ...)
- TODO: check
+ NOT-FOR-US: Fonality Trixbox
CVE-2007-6423
RESERVED
CVE-2007-6422
@@ -45,15 +45,17 @@
CVE-2007-6419
RESERVED
CVE-2007-6417 (The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11
through ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2007-6416 (The copy_to_user function in the PAL emulation functionality
for Xen ...)
- TODO: check
+ - xen-unstable <not-affected> (We only have xen for i386 and amd64)
+ - xen-3 <not-affected> (We only have xen for i386 and amd64)
+ - xen-3.0 <not-affected> (We only have xen for i386 and amd64)
CVE-2007-6415
RESERVED
CVE-2007-6414 (admin/administrator.php in Adult Script 1.6 and earlier sends a
...)
- TODO: check
+ NOT-FOR-US: Adult ScriptAdult Script
CVE-2007-6413 (Sun Solaris 10 with the 120011-04 and 120012-04 patches, and
later ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2007-6412 (Direct static code injection vulnerability in wiki/index.php in
...)
TODO: check
CVE-2007-6411 (Multiple buffer overflows in the HandleEmotsConfig function in
the GG ...)
@@ -9062,14 +9064,8 @@
NOT-FOR-US: Acoustica MP3 CD Burner
CVE-2007-3005
REJECTED
- [etch] - sun-java5 <no-dsa> (Non-free not supported)
- - sun-java5 1.5.0-11-1 (low)
- - sun-java6 6-01-0ubuntu1 (low)
CVE-2007-3004
REJECTED
- [etch] - sun-java5 <no-dsa> (Non-free not supported)
- - sun-java5 1.5.0-11-1 (medium)
- - sun-java6 6-01-0ubuntu1 (medium)
CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and
earlier ...)
NOT-FOR-US: myBloggie
CVE-2007-3002 (PHP JackKnife (PHPJK) allows remote attackers to obtain
sensitive ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
