[Secure-testing-commits] r5695 - data/CVE
Florian Weimer
fw at alioth.debian.org
Sat Apr 21 09:03:25 UTC 2007
Author: fw
Date: 2007-04-21 09:03:22 +0000 (Sat, 21 Apr 2007)
New Revision: 5695
Modified:
data/CVE/list
Log:
NFUs, disputed CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-04-21 08:49:32 UTC (rev 5694)
+++ data/CVE/list 2007-04-21 09:03:22 UTC (rev 5695)
@@ -799,7 +799,7 @@
CVE-2007-1749
RESERVED
CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2007-1747
RESERVED
CVE-2007-1746
@@ -918,7 +918,8 @@
CVE-2007-1696 (SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter ...)
NOT-FOR-US: Active Newsletter
CVE-2007-1695 (** DISPUTED ** ...)
- TODO: check
+ - phpbb2 <not-affected> (requires register_globals to exploit)
+ NOTE: Vulnerability is disputed, but is a non-issue anyway.
CVE-2007-1694
RESERVED
CVE-2007-1693
@@ -950,7 +951,8 @@
CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference function in ...)
NOT-FOR-US: AudioConf ActiveX control
CVE-2007-1679 (** DISPUTED ** ...)
- TODO: check
+ NOTE: Allegedly a duplicate of CVE-2006-4255.
+ NOTE: The other issue needs a CSRF attack to exploit.
CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension ...)
NOT-FOR-US: Fizzle 0.5 extension for Firefox
CVE-2007-1677 (Multiple buffer overflows in the ISO network protocol support in the ...)
More information about the Secure-testing-commits
mailing list