Author: jmm-guest Date: 2005-11-17 11:45:22 +0000 (Thu, 17 Nov 2005) New Revision: 2772 Modified: data/CVE/list Log: update on mysql Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-11-17 11:11:25 UTC (rev 2771) +++ data/CVE/list 2005-11-17 11:45:22 UTC (rev 2772) @@ -14398,10 +14398,12 @@ CVE-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat ...) NOT-FOR-US: adobe acrobat CVE-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, ...) - NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version + TODO: Check, which 4.1 and 5.0 versions fixed this + - mysql-dfsg <not-affected> (Apparently 3.2 not exploitable, see #330164) + - mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164) CVE-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...) - TODO: Unclear if older MySQL versions are affected. Code seems to be - TODO: present in a different function, but exploit does not work. + - mysql-dfsg <not-affected> (Apparently 3.2 not exploitable, see #330164) + - mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164) - mysql-dfsg-4.1 4.1.11a-1 (bug #330164; medium) - mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded into the archive) CVE-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...)