Author: enerv-guest Date: 2007-01-14 01:48:06 +0100 (Sun, 14 Jan 2007) New Revision: 5260 Modified: data/CVE/list Log: Added NOTEs to help in CVE-2007-0160. Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-13 10:36:05 UTC (rev 5259) +++ data/CVE/list 2007-01-14 00:48:06 UTC (rev 5260) @@ -108,6 +108,11 @@ NOT-FOR-US: HP all-in-one drivers CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support ...) TODO: check centericq + NOTE: The bug really exist but, is not exploitable because the LiveJournal server + NOTE: has a length restriction on both the username (15 characters) and the real name + NOTE: (50 characters). In my opnion is only exploitable if the user try connect in + NOTE: fake LiveJournal server. All version of Debian centericq packages have a + NOTE: compromised code. My opnion is "- centericq (low)" CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...) - libgeoip1 <unfixed> (bug #406628; medium) CVE-2007-0158