[Secure-testing-commits] r5266 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Mon Jan 15 21:41:59 CET 2007
Author: jmm-guest
Date: 2007-01-15 21:41:57 +0100 (Mon, 15 Jan 2007)
New Revision: 5266
Modified:
data/CVE/list
Log:
new kernel issue fixed in Etch
xpdf non-issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-15 17:21:56 UTC (rev 5265)
+++ data/CVE/list 2007-01-15 20:41:57 UTC (rev 5266)
@@ -243,9 +243,17 @@
CVE-2007-0105 (Stack-based buffer overflow in the CSAdmin service in Cisco Secure ...)
NOT-FOR-US: Cisco
CVE-2007-0104 (The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, ...)
- TODO: check
+ - kdegraphics <unfixed> (unimportant)
+ - koffice <unfixed> (unimportant)
+ NOTE: hardly a security issue; if someone sends someone a crafted PDF file triggering
+ NOTE: such an endless loop the user will simply abort kpdf and never look at
+ NOTE: that file again, this is only denial of service by a _very_ far stretch
+ NOTE: of imagination. I suppose KDE Security only issued an update for it
+ NOTE: because the shared underlying code was part of the Month of Apple Bugs
+ NOTE: and they wanted to debunk claims of code injection.
+ TODO: Check the other usual suspects
CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat ...)
- TODO: check
+ NOT-FOR-US: Acrobat Reader
CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X ...)
TODO: check
CVE-2007-0101 (Cross-site request forgery (CSRF) vulnerability in SPINE allows remote ...)
@@ -3053,7 +3061,7 @@
CVE-2006-5756
RESERVED
CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does not ...)
- TODO: check
+ - linux-2.6 2.6.18-1
CVE-2006-5754
RESERVED
CVE-2006-5753
More information about the Secure-testing-commits
mailing list