Author: nion Date: 2007-12-01 11:49:58 +0000 (Sat, 01 Dec 2007) New Revision: 7452 Modified: data/CVE/list Log: rsync got CVE-2007-6200 and CVE-2007-6199 Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-12-01 09:41:15 UTC (rev 7451) +++ data/CVE/list 2007-12-01 11:49:58 UTC (rev 7452) @@ -1,7 +1,7 @@ CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when running a ...) - TODO: check + - rsync <unfixed> (low; bug #453652) CVE-2007-6199 (rsync before 3.0.0pre6, when running a writable rsync daemon that is ...) - TODO: check + - rsync <unfixed> (low; bug #453652) CVE-2007-6198 (portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction ...) TODO: check CVE-2007-6197 (The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 ...) @@ -136,8 +136,6 @@ [etch] - asterisk <not-affected> (Vulnerable code not present) CVE-2007-6170 (SQL injection vulnerability in the Call Detail Record Postgres logging ...) - asterisk <unfixed> (medium) -CVE-2007-XXXX [rsync is prone to symlink attacks] - - rsync <unfixed> (low; bug #453652) CVE-2007-6150 (The "internal state tracking" code for the random and urandom devices ...) NOT-FOR-US: FreeBSD CVE-2007-6132