[Secure-testing-commits] r6177 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Thu Jul 26 17:08:13 UTC 2007 

Author: jmm-guest
Date: 2007-07-26 17:08:13 +0000 (Thu, 26 Jul 2007)
New Revision: 6177

Modified:
   data/CVE/list
Log:
iceweasel status checks
fck editor appears to be a non-issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-07-26 11:10:10 UTC (rev 6176)
+++ data/CVE/list	2007-07-26 17:08:13 UTC (rev 6177)
@@ -1607,9 +1607,14 @@
 CVE-2007-3164 (Microsoft Internet Explorer 7, when prompting for HTTP Basic ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in Frederico ...)
-	- moin <unfixed> (bug #429205)
-	- knowledgeroot 0.9.8.2-2 (bug #429204)
-	- karrigell <unfixed> (bug #429207)
+	- moin <unfixed> (unimportant; bug #429205)
+	- knowledgeroot 0.9.8.2-2 (unimportant; bug #429204)
+	- karrigell <unfixed> (unimportant; bug #429207)
+	NOTE: This is only exploitable on NTFS filesystems 
+	NOTE: Given the state of Linux' NTFS support it seems highly unlikely
+	NOTE: and given the state of ext3/XFS highly stupid to run a Debian-based
+	NOTE: web server with NTFS
+	TODO: Check, whether NTFS on Linux is affected at all, I doubt so
 CVE-2007-3162 (Buffer overflow in the NotSafe function in the idaiehlp ActiveX ...)
 	NOT-FOR-US: Internet Download Accelerator
 CVE-2007-3161 (Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote ...)
@@ -6194,7 +6199,8 @@
 CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, ...)
 	NOT-FOR-US: Cisco
 CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address ...)
-	- iceweasel <unfixed> (medium)
+	- iceweasel <unfixed> (unimportant)
+	NOTE: Not exploitable
 CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in ...)
 	NOT-FOR-US: Connectix Boards
 CVE-2007-1254 (SQL injection vulnerability in part.userprofile.php in Connectix ...)
@@ -6579,6 +6585,7 @@
 	NOT-FOR-US: VirtueMart
 CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload ...)
 	- iceweasel <unfixed> (low)
+	NOTE: Pending for upcoming security releases
 CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
 	NOT-FOR-US: Microsoft IE
 CVE-2007-1093 (Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager ...)

More information about the Secure-testing-commits mailing list