[Secure-testing-commits] r6241 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Sun Aug 5 19:10:00 UTC 2007
Author: jmm-guest
Date: 2007-08-05 19:09:59 +0000 (Sun, 05 Aug 2007)
New Revision: 6241
Modified:
data/CVE/list
Log:
smbd regression in SuSE
another icefoo issue fixed
reported kernel issue isn't sufficiently attacker controllable to
warrant calling it a security problem
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-08-05 19:07:41 UTC (rev 6240)
+++ data/CVE/list 2007-08-05 19:09:59 UTC (rev 6241)
@@ -155,13 +155,13 @@
CVE-2007-4045 (The CUPS service on SUSE Linux before 20070720 allows remote attackers ...)
TODO: check
CVE-2007-4044 (Incomplete blacklist vulnerability in the MS-RPC functionality in smbd ...)
- TODO: check
+ NOTE: I've contacted SuSE: It's a functional regression in SuSE, not a security problem
CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...)
NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape Navigator 9 ...)
- TODO: check
+ NOT-FOR-US: Netscape Navigator
CVE-2007-4041 (Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 ...)
- TODO: check
+ - iceweasel 2.0.0.6-1
CVE-2007-4040 (Argument injection vulnerability involving Microsoft Outlook and ...)
NOT-FOR-US: Micrsoft Outlook
CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when certain URIs ...)
@@ -2307,7 +2307,8 @@
CVE-2007-3108
RESERVED
CVE-2007-3107 (The signal handling in the Linux kernel 2.6.2 and later, when run on ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 <unfixed> (unimportant)
+ NOTE: Not reproducibly reliably by an attacker, mostly a bug
CVE-2007-3106 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...)
TODO: check
CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG) ...)
More information about the Secure-testing-commits
mailing list