[Secure-testing-commits] r5323 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Mon Jan 22 19:57:07 CET 2007
Author: stef-guest
Date: 2007-01-22 19:57:05 +0100 (Mon, 22 Jan 2007)
New Revision: 5323
Modified:
data/CVE/list
Log:
grsecurity bug seems to be exploitable after all
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-22 18:20:00 UTC (rev 5322)
+++ data/CVE/list 2007-01-22 18:57:05 UTC (rev 5323)
@@ -237,9 +237,8 @@
CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo ...)
NOT-FOR-US: Fastilo
CVE-2007-0257 (** DISPUTED ** ...)
- - kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350)
- NOTE: This is most possibly scam: http://www.grsecurity.net/news.php#digitalfud
- NOTE: If this ever turns real we can re-raise severity.
+ - kernel-patch-grsecurity2 <unfixed> (bug #407350)
+ NOTE: exploitable as per http://grsecurity.net/pipermail/grsecurity/2007-January/000830.html
CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of ...)
- vlc <unfixed> (low; bug #407290)
CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of ...)
More information about the Secure-testing-commits
mailing list