[Secure-testing-commits] r2772 - data/CVE

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2005-11-17 11:45:22 +0000 (Thu, 17 Nov 2005)
New Revision: 2772

Modified:
   data/CVE/list
Log:
update on mysql


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-17 11:11:25 UTC (rev 2771)
+++ data/CVE/list	2005-11-17 11:45:22 UTC (rev 2772)
@@ -14398,10 +14398,12 @@
 CVE-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat ...)
 	NOT-FOR-US: adobe acrobat
 CVE-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, ...)
-	NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version
+	TODO: Check, which 4.1 and 5.0 versions fixed this
+	- mysql-dfsg <not-affected> (Apparently 3.2 not exploitable, see #330164)
+	- mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164)
 CVE-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...)
-	TODO: Unclear if older MySQL versions are affected.  Code seems to be
-	TODO: present in a different function, but exploit does not work.
+	- mysql-dfsg <not-affected> (Apparently 3.2 not exploitable, see #330164)
+	- mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164)
 	- mysql-dfsg-4.1 4.1.11a-1 (bug #330164; medium)
 	- mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded into the archive)
 CVE-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...)