jmm-guest at alioth.debian.org
2007-Dec-12 11:15 UTC
[Secure-testing-commits] r7600 - data/CVE
Author: jmm-guest Date: 2007-12-12 11:15:13 +0000 (Wed, 12 Dec 2007) New Revision: 7600 Modified: data/CVE/list Log: latest krb5 issues are harmless Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-12-12 10:53:37 UTC (rev 7599) +++ data/CVE/list 2007-12-12 11:15:13 UTC (rev 7600) @@ -800,8 +800,11 @@ CVE-2007-5972 (Double-free vulnerability in the krb5_def_store_mkey function in ...) - krb5 <unfixed> (unimportant; bug #454974) NOTE: potential attackers must have privileges to store the krb5kdc master key + NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html CVE-2007-5971 (Double-free vulnerability in the gss_krb5int_make_seal_token_v3 ...) - - krb5 <unfixed> (bug #454974) + - krb5 <unfixed> (unimportant; bug #454974) + NOTE: Not exploitable in real-world circumstances: + NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html CVE-2007-5970 (MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote ...) - mysql-dfsg-5.0 <unfixed> CVE-2007-5969 (MySQL Community Server before 5.0.51, when a table relies on symlinks ...) @@ -997,9 +1000,13 @@ CVE-2007-5903 RESERVED CVE-2007-5902 (Integer overflow in the svcauth_gss_get_principal function in ...) - - krb5 <unfixed> (bug #454974) + - krb5 <unfixed> (unimportant; bug #454974) + NOTE: Not exploitable in real-world circumstances: + NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html CVE-2007-5901 (Use-after-free vulnerability in the gss_indicate_mechs function in ...) - - krb5 <unfixed> (bug #454974) + - krb5 <unfixed> (unimportant; bug #454974) + NOTE: Not exploitable in real-world circumstances: + NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection mechanisms ...) - php5 <unfixed> (bug #453295) NOTE: http://bugs.php.net/bug.php?id=41561 @@ -1020,7 +1027,9 @@ CVE-2007-5895 RESERVED CVE-2007-5894 (The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 ...) - - krb5 <unfixed> (bug #454974) + - krb5 <unfixed> (unimportant; bug #454974) + NOTE: Not exploitable in real-world circumstances: + NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html CVE-2006-7224 REJECTED CVE-2004-2748 (viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition ...)