[Secure-testing-commits] r5629 - data/CVE
Florian Weimer
fw at alioth.debian.org
Thu Apr 5 17:45:06 UTC 2007
Author: fw
Date: 2007-04-05 17:45:03 +0000 (Thu, 05 Apr 2007)
New Revision: 5629
Modified:
data/CVE/list
Log:
CVE-2007-1614: zziplib is likely not exploitable through non-broken callers
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-04-05 17:31:55 UTC (rev 5628)
+++ data/CVE/list 2007-04-05 17:45:03 UTC (rev 5629)
@@ -498,9 +498,10 @@
CVE-2007-1615 (SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and ...)
NOT-FOR-US: ScriptMagix
CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in ...)
- - zziplib <unfixed> (unknown)
+ - zziplib <unfixed> (low)
NOTE: http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187
- TODO: Needs to be checked in sources, if filename is taken from cmd args, this is bogus
+ NOTE: If an attacker can supply arbitrary file names, we likely suffer from
+ NOTE: an information disclosure issue anyway.
CVE-2007-1613 (Directory traversal vulnerability in view.php in MPM Chat 2.5 allows ...)
NOT-FOR-US: MPM Chat
CVE-2007-1612 (SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and ...)
More information about the Secure-testing-commits
mailing list