Author: nion Date: 2007-12-08 14:36:29 +0000 (Sat, 08 Dec 2007) New Revision: 7557 Modified: data/CVE/list Log: note for CVE-2007-5969 CVE-2007-5769 does not affect netkit-ftp new issues in krb5 (CVE-2007-590[1-2], CVE-2007-5971, CVE-2007-5894, CVE-2007-5972 Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-12-08 13:35:41 UTC (rev 7556) +++ data/CVE/list 2007-12-08 14:36:29 UTC (rev 7557) @@ -364,6 +364,7 @@ [sarge] - htdig <not-affected> (Vulnerable code not present) CVE-2007-6109 (Buffer overflow in emacs allows attackers to have an unknown impact, ...) TODO: check + NOTE: poked Marcus from Novell for the patch CVE-2007-6108 RESERVED CVE-2007-6107 @@ -722,15 +723,15 @@ CVE-2007-5973 (SQL injection vulnerability in articles.php in JPortal 2.3.1 and ...) NOT-FOR-US: JPortal CVE-2007-5972 (Double-free vulnerability in the krb5_def_store_mkey function in ...) - - krb5 <unfixed> (unimportant) + - krb5 <unfixed> (unimportant; bug #454974) NOTE: potential attackers must have privileges to store the krb5kdc master key - TODO: check CVE-2007-5971 (Double-free vulnerability in the gss_krb5int_make_seal_token_v3 ...) - TODO: check + - krb5 <unfixed> (bug #454974) CVE-2007-5970 RESERVED CVE-2007-5969 RESERVED + NOTE: this is mysql, poked nobse about the status CVE-2007-5968 RESERVED CVE-2007-5967 @@ -914,9 +915,9 @@ CVE-2007-5903 RESERVED CVE-2007-5902 (Integer overflow in the svcauth_gss_get_principal function in ...) - TODO: check + - krb5 <unfixed> (bug #454974) CVE-2007-5901 (Use-after-free vulnerability in the gss_indicate_mechs function in ...) - TODO: check + - krb5 <unfixed> (bug #454974) CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection mechanisms ...) - php5 <unfixed> (bug #453295) NOTE: http://bugs.php.net/bug.php?id=41561 @@ -937,7 +938,7 @@ CVE-2007-5895 RESERVED CVE-2007-5894 (The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 ...) - TODO: check + - krb5 <unfixed> (bug #454974) CVE-2006-7224 REJECTED CVE-2004-2748 (viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition ...) @@ -1222,7 +1223,7 @@ - ruby1.9 1.9.0+20071016-1 - ruby1.8 1.8.6.111-1 (low; bug #451374) CVE-2007-5769 (Double-free vulnerability in the getreply function in ftp.c in netkit ...) - TODO: check + - netkit-ftp <not-affected> (Vulnerable code not present) CVE-2007-5768 (The Globe7 soft phone client 7.3 sends username and password ...) NOT-FOR-US: Globe7 soft phone client CVE-2007-5767 (Heap-based buffer overflow in the Client Trust application ...)