[Secure-testing-commits] r5697 - data/CVE

Florian Weimer fw at alioth.debian.org
Sat Apr 21 09:16:54 UTC 2007 

Author: fw
Date: 2007-04-21 09:16:51 +0000 (Sat, 21 Apr 2007)
New Revision: 5697

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-04-21 09:14:15 UTC (rev 5696)
+++ data/CVE/list	2007-04-21 09:16:51 UTC (rev 5697)
@@ -84,7 +84,7 @@
 CVE-2007-2069 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
 	NOT-FOR-US: openMairie
 CVE-2007-2068 (Multiple PHP remote file inclusion vulnerabilities in the StoreFront ...)
-	TODO: check
+	NOT-FOR-US: StoreFront extension for Gallery
 CVE-2007-2067 (Multiple PHP remote file inclusion vulnerabilities in Marco Antonio ...)
 	NOT-FOR-US: WebSlider
 CVE-2007-2066 (UseBB before 1.0.6 allows remote attackers to obtain sensitive ...)
@@ -1227,7 +1227,7 @@
 	- squid 2.6.5-6 (low)
 	[sarge] - squid <not-affected> (Vulnerable code not present)
 CVE-2007-1559 (Stack-based buffer overflow in SonicDVDDashVRNav.dll in Roxio ...)
-	TODO: check
+	NOT-FOR-US: Roxio
 CVE-2007-1558 (The APOP protocol allows remote attackers to guess the first 3 ...)
 	NOT-FOR-US: No practical security implications
 CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security ...)
@@ -1938,13 +1938,13 @@
 CVE-2007-1280
 	RESERVED
 CVE-2007-1279 (Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 ...)
 	NOT-FOR-US: Adobe JRun and Coldfusion
 CVE-2007-1277 (WordPress 2.1.1, as downloaded from some official distribution sites ...)
 	- wordpress <not-affected> (orig.tar.gz not compromised)
 CVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in ...)
-	NOT-FOR-US: Webmin
+	- webmin <removed>
 CVE-2007-1275
 	RESERVED
 CVE-2007-1274
@@ -3619,7 +3619,7 @@
 CVE-2007-0727
 	RESERVED
 CVE-2007-0726 (The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and ...)
-	TODO: check
+	NOT-FOR-US: Apple OpenSSH
 CVE-2007-0725
 	RESERVED
 CVE-2007-0724 (The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through ...)
@@ -5748,7 +5748,8 @@
 CVE-2006-6731 (Multiple buffer overflows in Sun Java Development Kit (JDK) and Java ...)
 	- sun-java5 1.5.0-08-1
 CVE-2006-6730 (OpenBSD and NetBSD permit usermode code to kill the display server and ...)
-	TODO: check, this probably also affects linux
+	NOTE: Access to DMA-capable hardware such as graphics cards can,
+	NOTE: by design, bypass security restrictions.  Not a real issue.
 CVE-2006-6729 (Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier ...)
 	NOT-FOR-US: a-blog
 CVE-2006-6728 (Unspecified vulnerability in the info request mechanism in LAN ...)

More information about the Secure-testing-commits mailing list