Author: nion Date: 2008-01-04 13:56:23 +0000 (Fri, 04 Jan 2008) New Revision: 7826 Modified: data/CVE/list Log: new issue: CVE-2007-6613 (libcdio) CVE-2007-5970 does only affect mysql in experimental Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-01-04 13:19:27 UTC (rev 7825) +++ data/CVE/list 2008-01-04 13:56:23 UTC (rev 7826) @@ -230,7 +230,8 @@ CVE-2007-6614 (PHP remote file inclusion vulnerability in admin/frontpage_right.php ...) NOT-FOR-US: Agares Media phpAutoVideo CVE-2007-6613 (Stack-based buffer overflow in the print_iso9660_recurse function in ...) - TODO: check + - libcdio <unfixed> (low; bug #459129) + NOTE: applications that use libcdio are not vulnerable, problem only lies in the info tool CVE-2007-6610 (unp 1.0.12 does not properly escape file names, which might allow ...) - unp 1.0.13 (bug #448437) CVE-2007-6609 (Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function ...) @@ -1798,7 +1799,10 @@ NOTE: Not exploitable in real-world circumstances: NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html CVE-2007-5970 (MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote ...) - - mysql-dfsg-5.0 <unfixed> + - mysql-dfsg-5.0 <not-affected> (Vulnerable code not present referring to maintainer) + - mysql-dfsg-4.1 <removed> + - mysql-dfsg <removed> + NOTE: version in experimental is affected by this NOTE: the debian maintainers do not yet have access to this issue: http://lists.mysql.com/packagers/377 CVE-2007-5969 (MySQL Community Server before 5.0.51, when a table relies on symlinks ...) - mysql-dfsg-5.0 5.0.45-4 (low; bug #455010)