Secure testing commits - Sep 2007 - r6624 - data/CVE

Author: stef-guest
Date: 2007-09-17 19:51:13 +0000 (Mon, 17 Sep 2007)
New Revision: 6624

Modified:
   data/CVE/list
Log:
bind 8 issue, NFU, php not affected

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-09-17 19:31:35 UTC (rev 6623)
+++ data/CVE/list	2007-09-17 19:51:13 UTC (rev 6624)
@@ -4538,7 +4538,7 @@
 CVE-2007-2931 (Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0,
and ...)
 	NOT-FOR-US: MSN Messenger
 CVE-2007-2930 (The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms
in ISC ...)
-	TODO: check
+	- bind <removed> (bug filed)
 CVE-2007-2929 (The IBM Lenovo Access Support acpRunner ActiveX control, as ...)
 	NOT-FOR-US: IBM Lenovo Access Support
 CVE-2007-2928 (Format string vulnerability in the IBM Lenovo Access Support
acpRunner ...)
@@ -7456,7 +7456,7 @@
 CVE-2007-1689 (Buffer overflow in the ISAlertDataCOM ActiveX control in
ISLALERT.DLL ...)
 	NOT-FOR-US: Norton
 CVE-2007-1688 (Buffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in
...)
-	TODO: check
+	NOT-FOR-US: PhPInfo ActiveX control
 CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation
iPIX ...)
 	NOT-FOR-US: iPIX Image Well ActiveX control
 CVE-2007-1686
@@ -8147,9 +8147,8 @@
 	- php4 <not-affected> (cpdf extension not enabled in binary build)
 	- php5 <not-affected> (cpdf extension not enabled in binary build)
 CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5
...)
-	TODO: check
-	NOTE: Haven''t been able to reproduce the issue in either php4 or php5
-	NOTE: code inspection should be the next step.
+	- php4 <not-affected> (no mssql extension in Debian)
+	- php5 <not-affected> (no mssql extension in Debian)
 CVE-2007-1410 (SQL injection vulnerability in kategori.asp in GaziYapBoz Game
Portal ...)
 	NOT-FOR-US: GaziYapBoz Game Portal
 CVE-2007-1409 (WordPress allows remote attackers to obtain sensitive
information via ...)