Author: stef-guest Date: 2007-01-22 19:57:05 +0100 (Mon, 22 Jan 2007) New Revision: 5323 Modified: data/CVE/list Log: grsecurity bug seems to be exploitable after all Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-22 18:20:00 UTC (rev 5322) +++ data/CVE/list 2007-01-22 18:57:05 UTC (rev 5323) @@ -237,9 +237,8 @@ CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo ...) NOT-FOR-US: Fastilo CVE-2007-0257 (** DISPUTED ** ...) - - kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350) - NOTE: This is most possibly scam: http://www.grsecurity.net/news.php#digitalfud - NOTE: If this ever turns real we can re-raise severity. + - kernel-patch-grsecurity2 <unfixed> (bug #407350) + NOTE: exploitable as per http://grsecurity.net/pipermail/grsecurity/2007-January/000830.html CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of ...) - vlc <unfixed> (low; bug #407290) CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of ...)