jmm-guest at alioth.debian.org
2007-Aug-05 19:10 UTC
[Secure-testing-commits] r6241 - data/CVE
Author: jmm-guest Date: 2007-08-05 19:09:59 +0000 (Sun, 05 Aug 2007) New Revision: 6241 Modified: data/CVE/list Log: smbd regression in SuSE another icefoo issue fixed reported kernel issue isn''t sufficiently attacker controllable to warrant calling it a security problem Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-05 19:07:41 UTC (rev 6240) +++ data/CVE/list 2007-08-05 19:09:59 UTC (rev 6241) @@ -155,13 +155,13 @@ CVE-2007-4045 (The CUPS service on SUSE Linux before 20070720 allows remote attackers ...) TODO: check CVE-2007-4044 (Incomplete blacklist vulnerability in the MS-RPC functionality in smbd ...) - TODO: check + NOTE: I''ve contacted SuSE: It''s a functional regression in SuSE, not a security problem CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...) NOT-FOR-US: Secure Computing SecurityReporter CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape Navigator 9 ...) - TODO: check + NOT-FOR-US: Netscape Navigator CVE-2007-4041 (Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 ...) - TODO: check + - iceweasel 2.0.0.6-1 CVE-2007-4040 (Argument injection vulnerability involving Microsoft Outlook and ...) NOT-FOR-US: Micrsoft Outlook CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when certain URIs ...) @@ -2307,7 +2307,8 @@ CVE-2007-3108 RESERVED CVE-2007-3107 (The signal handling in the Linux kernel 2.6.2 and later, when run on ...) - - linux-2.6 <unfixed> + - linux-2.6 <unfixed> (unimportant) + NOTE: Not reproducibly reliably by an attacker, mostly a bug CVE-2007-3106 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...) TODO: check CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG) ...)