[Secure-testing-commits] r5263 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Sun Jan 14 19:54:29 CET 2007
Author: jmm-guest
Date: 2007-01-14 19:54:27 +0100 (Sun, 14 Jan 2007)
New Revision: 5263
Modified:
data/CVE/list
Log:
update centericq status
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-14 14:25:53 UTC (rev 5262)
+++ data/CVE/list 2007-01-14 18:54:27 UTC (rev 5263)
@@ -107,12 +107,13 @@
CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as ...)
NOT-FOR-US: HP all-in-one drivers
CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support ...)
- TODO: check centericq
+ - centericq 4.21.0-17 (low)
+ [sarge] - centericq <no-dsa> (Not exploitable with official LiveJournal server)
NOTE: The bug really exist but, is not exploitable because the LiveJournal server
NOTE: has a length restriction on both the username (15 characters) and the real name
NOTE: (50 characters). In my opnion is only exploitable if the user try connect in
NOTE: fake LiveJournal server. All version of Debian centericq packages have a
- NOTE: compromised code. My opnion is "- centericq (low)"
+ NOTE: compromised code.
CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...)
- libgeoip1 <unfixed> (bug #406628; medium)
CVE-2007-0158
More information about the Secure-testing-commits
mailing list