[Secure-testing-commits] r7557 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Sat Dec 8 14:36:30 UTC 2007 

Author: nion
Date: 2007-12-08 14:36:29 +0000 (Sat, 08 Dec 2007)
New Revision: 7557

Modified:
   data/CVE/list
Log:
note for CVE-2007-5969
CVE-2007-5769 does not affect netkit-ftp
new issues in krb5 (CVE-2007-590[1-2], CVE-2007-5971, CVE-2007-5894, CVE-2007-5972


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-12-08 13:35:41 UTC (rev 7556)
+++ data/CVE/list	2007-12-08 14:36:29 UTC (rev 7557)
@@ -364,6 +364,7 @@
 	[sarge] - htdig <not-affected> (Vulnerable code not present)
 CVE-2007-6109 (Buffer overflow in emacs allows attackers to have an unknown impact, ...)
 	TODO: check
+	NOTE: poked Marcus from Novell for the patch
 CVE-2007-6108
 	RESERVED
 CVE-2007-6107
@@ -722,15 +723,15 @@
 CVE-2007-5973 (SQL injection vulnerability in articles.php in JPortal 2.3.1 and ...)
 	NOT-FOR-US: JPortal
 CVE-2007-5972 (Double-free vulnerability in the krb5_def_store_mkey function in ...)
-	- krb5 <unfixed> (unimportant)
+	- krb5 <unfixed> (unimportant; bug #454974)
 	NOTE: potential attackers must have privileges to store the krb5kdc master key
-	TODO: check
 CVE-2007-5971 (Double-free vulnerability in the gss_krb5int_make_seal_token_v3 ...)
-	TODO: check
+	- krb5 <unfixed> (bug #454974)
 CVE-2007-5970
 	RESERVED
 CVE-2007-5969
 	RESERVED
+	NOTE: this is mysql, poked nobse about the status
 CVE-2007-5968
 	RESERVED
 CVE-2007-5967
@@ -914,9 +915,9 @@
 CVE-2007-5903
 	RESERVED
 CVE-2007-5902 (Integer overflow in the svcauth_gss_get_principal function in ...)
-	TODO: check
+	- krb5 <unfixed> (bug #454974)
 CVE-2007-5901 (Use-after-free vulnerability in the gss_indicate_mechs function in ...)
-	TODO: check
+	- krb5 <unfixed> (bug #454974)
 CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection mechanisms ...)
 	- php5 <unfixed> (bug #453295)
 	NOTE: http://bugs.php.net/bug.php?id=41561
@@ -937,7 +938,7 @@
 CVE-2007-5895
 	RESERVED
 CVE-2007-5894 (The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 ...)
-	TODO: check
+	- krb5 <unfixed> (bug #454974)
 CVE-2006-7224
 	REJECTED
 CVE-2004-2748 (viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition ...)
@@ -1222,7 +1223,7 @@
 	- ruby1.9 1.9.0+20071016-1
 	- ruby1.8 1.8.6.111-1 (low; bug #451374)
 CVE-2007-5769 (Double-free vulnerability in the getreply function in ftp.c in netkit ...)
-	TODO: check
+	- netkit-ftp <not-affected> (Vulnerable code not present)
 CVE-2007-5768 (The Globe7 soft phone client 7.3 sends username and password ...)
 	NOT-FOR-US: Globe7 soft phone client
 CVE-2007-5767 (Heap-based buffer overflow in the Client Trust application ...)

More information about the Secure-testing-commits mailing list