Author: nion Date: 2007-11-18 18:23:15 +0000 (Sun, 18 Nov 2007) New Revision: 7352 Modified: data/CVE/list Log: CVE-2007-5908, contacted mitre Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-11-18 17:01:41 UTC (rev 7351) +++ data/CVE/list 2007-11-18 18:23:15 UTC (rev 7352) @@ -251,8 +251,10 @@ CVE-2007-5909 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) ...) NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others CVE-2007-5908 (Buffer overflow in the (1) sysfs_show_available_clocksources and (2) ...) - TODO: check - NOTE: how can a user specify clocksource name values? + - linux-2.6 <unfixed> (unimportant) + NOTE: there is a list of possible clocksource names which consits of short enough names + NOTE: this is a bug in the kernel but not a security issue, there is no way for a user to + NOTE: exploit this, they can only chose an item from the list CVE-2007-5907 (Xen 3.1.1 does not prevent modification of the CR4 TSC from ...) - xen-3 <unfixed> (medium; bug #451626) - xen-3.0 <unfixed>