[Secure-testing-commits] r7600 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Wed Dec 12 11:15:14 UTC 2007
Author: jmm-guest
Date: 2007-12-12 11:15:13 +0000 (Wed, 12 Dec 2007)
New Revision: 7600
Modified:
data/CVE/list
Log:
latest krb5 issues are harmless
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-12-12 10:53:37 UTC (rev 7599)
+++ data/CVE/list 2007-12-12 11:15:13 UTC (rev 7600)
@@ -800,8 +800,11 @@
CVE-2007-5972 (Double-free vulnerability in the krb5_def_store_mkey function in ...)
- krb5 <unfixed> (unimportant; bug #454974)
NOTE: potential attackers must have privileges to store the krb5kdc master key
+ NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5971 (Double-free vulnerability in the gss_krb5int_make_seal_token_v3 ...)
- - krb5 <unfixed> (bug #454974)
+ - krb5 <unfixed> (unimportant; bug #454974)
+ NOTE: Not exploitable in real-world circumstances:
+ NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5970 (MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote ...)
- mysql-dfsg-5.0 <unfixed>
CVE-2007-5969 (MySQL Community Server before 5.0.51, when a table relies on symlinks ...)
@@ -997,9 +1000,13 @@
CVE-2007-5903
RESERVED
CVE-2007-5902 (Integer overflow in the svcauth_gss_get_principal function in ...)
- - krb5 <unfixed> (bug #454974)
+ - krb5 <unfixed> (unimportant; bug #454974)
+ NOTE: Not exploitable in real-world circumstances:
+ NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5901 (Use-after-free vulnerability in the gss_indicate_mechs function in ...)
- - krb5 <unfixed> (bug #454974)
+ - krb5 <unfixed> (unimportant; bug #454974)
+ NOTE: Not exploitable in real-world circumstances:
+ NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection mechanisms ...)
- php5 <unfixed> (bug #453295)
NOTE: http://bugs.php.net/bug.php?id=41561
@@ -1020,7 +1027,9 @@
CVE-2007-5895
RESERVED
CVE-2007-5894 (The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 ...)
- - krb5 <unfixed> (bug #454974)
+ - krb5 <unfixed> (unimportant; bug #454974)
+ NOTE: Not exploitable in real-world circumstances:
+ NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2006-7224
REJECTED
CVE-2004-2748 (viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition ...)
More information about the Secure-testing-commits
mailing list