Author: jmm-guest Date: 2007-01-14 19:54:27 +0100 (Sun, 14 Jan 2007) New Revision: 5263 Modified: data/CVE/list Log: update centericq status Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-14 14:25:53 UTC (rev 5262) +++ data/CVE/list 2007-01-14 18:54:27 UTC (rev 5263) @@ -107,12 +107,13 @@ CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as ...) NOT-FOR-US: HP all-in-one drivers CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support ...) - TODO: check centericq + - centericq 4.21.0-17 (low) + [sarge] - centericq <no-dsa> (Not exploitable with official LiveJournal server) NOTE: The bug really exist but, is not exploitable because the LiveJournal server NOTE: has a length restriction on both the username (15 characters) and the real name NOTE: (50 characters). In my opnion is only exploitable if the user try connect in NOTE: fake LiveJournal server. All version of Debian centericq packages have a - NOTE: compromised code. My opnion is "- centericq (low)" + NOTE: compromised code. CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...) - libgeoip1 <unfixed> (bug #406628; medium) CVE-2007-0158