[Secure-testing-commits] r7538 - data/CVE

[nion at alioth.debian.org]

Author: nion
Date: 2007-12-07 13:05:10 +0000 (Fri, 07 Dec 2007)
New Revision: 7538

Modified:
   data/CVE/list
Log:
new issue: linux-ftpd-ssl (CVE-2007-6263)
NFUs
CVE-2007-6262 does only affect vlc on windows
CVE-2007-5972 unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-12-07 09:14:08 UTC (rev 7537)
+++ data/CVE/list	2007-12-07 13:05:10 UTC (rev 7538)
@@ -1,13 +1,13 @@
 CVE-2007-6264
 	RESERVED
 CVE-2007-6263 (The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, ...)
-	TODO: check
+	- linux-ftpd-ssl <unfixed> (low; bug #454733)
 CVE-2007-6262 (A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before ...)
-	TODO: check
+	- vlc <not-affected> (Windows only issue)
 CVE-2007-6261 (Integer overflow in the load_threadstack function in the Mach-O loader ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2007-6260 (The installation process for Oracle 10g and llg uses accounts with ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2004-2758 (Multiple unspecified vulnerabilities in the H.323 protocol ...)
 	TODO: check
 CVE-2007-6259
@@ -171,7 +171,7 @@
 CVE-2007-6195
 	RESERVED
 CVE-2007-6194 (Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 ...)
-	TODO: check
+	NOT-FOR-US: HP Select Identity
 CVE-2007-6193 (The web management interface in Citrix NetScaler 8.0 build 47.8 stores ...)
 	NOT-FOR-US: Citrix
 CVE-2007-6192 (The web management interface in Citrix NetScaler 8.0 build 47.8 uses ...)
@@ -687,6 +687,8 @@
 CVE-2007-5973 (SQL injection vulnerability in articles.php in JPortal 2.3.1 and ...)
 	NOT-FOR-US: JPortal
 CVE-2007-5972 (Double-free vulnerability in the krb5_def_store_mkey function in ...)
+	- krb5 <unfixed> (unimportant)
+	NOTE: potential attackers must have privileges to store the krb5kdc master key
 	TODO: check
 CVE-2007-5971 (Double-free vulnerability in the gss_krb5int_make_seal_token_v3 ...)
 	TODO: check