[Secure-testing-commits] r5291 - data/CVE
SALVETTI Djoumé
djoume-guest at alioth.debian.org
Wed Jan 17 23:55:59 CET 2007
Author: djoume-guest
Date: 2007-01-17 23:55:56 +0100 (Wed, 17 Jan 2007)
New Revision: 5291
Modified:
data/CVE/list
Log:
- 2 bogus CVE
- NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-17 20:58:39 UTC (rev 5290)
+++ data/CVE/list 2007-01-17 22:55:56 UTC (rev 5291)
@@ -73,7 +73,7 @@
CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit when ...)
NOT-FOR-US: sNews
CVE-2007-0260 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Naig
CVE-2007-0259 (Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to ...)
NOT-FOR-US: Ezboxx Portal
CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo ...)
@@ -87,11 +87,15 @@
CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of ...)
- xine-ui <unfixed> (low)
CVE-2007-0254 (Format string vulnerability in the errors_create_window function in ...)
- TODO: check
+ - xine-ui <unfixed>
+ NOTE: My understanding is that this CVE is bogus.
+ NOTE: I failed to see where the format string vulnerability is, I have report
+ NOTE: a bug in case I have missed something.
CVE-2007-0253 (Unspecified vulnerability in the grsecurity patch has unspecified ...)
- TODO: check
+ - kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350)
+ NOTE: See CVE-2007-0257
CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows remote ...)
- TODO: check
+ NOT-FOR-US: easy-content
CVE-2007-0251 (Integer underflow in the DecodeGRE function in src/decode.c in Snort ...)
TODO: check
CVE-2007-0250 (index.php in Nwom topsites 3.0 allows remote attackers to obtain ...)
More information about the Secure-testing-commits
mailing list