[Secure-testing-commits] r5886 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Sun May 20 13:04:39 UTC 2007 

Author: jmm-guest
Date: 2007-05-20 13:04:38 +0000 (Sun, 20 May 2007)
New Revision: 5886

Modified:
   data/CVE/list
Log:
xserver crash not a security problem
browser crashes not considered security problems
record kernel fix for unstable
fix bugnum for wu-ftpd


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-05-19 21:14:09 UTC (rev 5885)
+++ data/CVE/list	2007-05-20 13:04:38 UTC (rev 5886)
@@ -261,7 +261,7 @@
 CVE-2007-2589 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...)
 	- squirrelmail 2:1.4.10a-1 (low)
 CVE-2003-1327 (Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and ...)
-	- wu-ftpd <unfixed> (bug #423524) 
+	- wu-ftpd <unfixed> (bug #425162) 
 CVE-2006-XXXX [PHP SOAP Extension HTTP Authentication Weak Nonce]
 	NOTE: see http://secunia.com/advisories/25306/
 	- php5 <unfixed> (low)
@@ -591,10 +591,13 @@
 	- vim <unfixed> (medium)
 	NOTE: Exploitable through modelines.
 CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0, 7.1, ...)
-	- xorg-server 2:1.3.0.0.dfsg-4 (medium; bug #422936)
+	- xorg-server 2:1.3.0.0.dfsg-4 (unimportant; bug #422936)
 	NOTE: etch vulnerable (patch below applies)
 	NOTE: git url to fix the issue 
 	NOTE: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=71fc5b3e9309182978ead676965d65ca93a4e3b9
+	NOTE: Not considered a security problem, only exploitable by authenticated users
+	NOTE: If an attacker convinces such a user to run his exploit code blindly she could
+	NOTE: just as well provide a binary which does more harm
 CVE-2007-2436
 	REJECTED
 	NOTE: duplicate of CVE-2007-1861
@@ -1199,11 +1202,13 @@
 CVE-2007-2165 (The Auth API in ProFTPD before 20070417, when multiple simultaneous ...)
 	- proftpd 1.3.0-22 (low)
 CVE-2007-2164 (Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial ...)
-	- kdelibs <unfixed> (low)
+	- kdelibs <unfixed> (unimportant)
+	NOTE: Browser crashes are not treated as security problems
 CVE-2007-2163 (Apple Safari allows remote attackers to cause a denial of service ...)
 	NOT-FOR-US: Apple Safari
 CVE-2007-2162 ((1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote ...)
-	- iceweasel <unfixed> (low)
+	- iceweasel <unfixed> (unimportant)
+	NOTE: Browser crashes are not treated as security problems
 CVE-2007-2161 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-2160 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
@@ -1874,7 +1879,7 @@
 	RESERVED
 CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel ...)
 	{DSA-1289-1}
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.21-1
 CVE-2007-1860
 	RESERVED
 CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for ...)

More information about the Secure-testing-commits mailing list