[Secure-testing-commits] r5260 - data/CVE
Alex de Oliveira Silva
enerv-guest at alioth.debian.org
Sun Jan 14 01:48:08 CET 2007
Author: enerv-guest
Date: 2007-01-14 01:48:06 +0100 (Sun, 14 Jan 2007)
New Revision: 5260
Modified:
data/CVE/list
Log:
Added NOTEs to help in CVE-2007-0160.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-13 10:36:05 UTC (rev 5259)
+++ data/CVE/list 2007-01-14 00:48:06 UTC (rev 5260)
@@ -108,6 +108,11 @@
NOT-FOR-US: HP all-in-one drivers
CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support ...)
TODO: check centericq
+ NOTE: The bug really exist but, is not exploitable because the LiveJournal server
+ NOTE: has a length restriction on both the username (15 characters) and the real name
+ NOTE: (50 characters). In my opnion is only exploitable if the user try connect in
+ NOTE: fake LiveJournal server. All version of Debian centericq packages have a
+ NOTE: compromised code. My opnion is "- centericq (low)"
CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...)
- libgeoip1 <unfixed> (bug #406628; medium)
CVE-2007-0158
More information about the Secure-testing-commits
mailing list