[Secure-testing-commits] r7257 - data/CVE

[nion at alioth.debian.org]

Author: nion
Date: 2007-11-09 10:55:42 +0000 (Fri, 09 Nov 2007)
New Revision: 7257

Modified:
   data/CVE/list
Log:
NFUs
CVE-2004-2148 fixed in fprobe 1.1-4


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-11-09 10:37:56 UTC (rev 7256)
+++ data/CVE/list	2007-11-09 10:55:42 UTC (rev 7257)
@@ -5804,9 +5804,9 @@
 CVE-2007-3752 (Heap-based buffer overflow in Apple iTunes before 7.4 allows remote ...)
 	NOT-FOR-US: iTunes
 CVE-2007-3751 (Unspecified vulnerability in QuickTime for Java in Apple QuickTime ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2007-3750 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2007-3749
 	RESERVED
 CVE-2007-3748 (Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized ...)
@@ -9072,7 +9072,7 @@
 CVE-2007-2396 (The JDirect support in QuickTime for Java in Apple Quicktime before ...)
 	NOT-FOR-US: Apple Quicktime
 CVE-2007-2395 (Unspecified vulnerability in Apple QuickTime before 7.3 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and ...)
 	NOT-FOR-US: Apple Quicktime
 CVE-2007-2393 (The design of QuickTime for Java in Apple Quicktime before 7.2 allows ...)
@@ -39548,7 +39548,9 @@
 	- mysql-dfsg-4.1 4.1.5-1
 CVE-2004-2148 (Unknown local vulnerability in the "change user" feature of Slava ...)
 	- fprobe-ng 1.1-1
-	TODO: Check, whether fprobe is affected as well
+	- fprobe 1.1-4
+	NOTE: fprobe was fixed in upstrem release 1.0.6 and since 1.1-4 fprobe-ng package
+	NOTE: replaced fprobe therefore marking as fixed in 1.1-4
 CVE-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook ...)
 	NOT-FOR-US: Symantec Antivirus
 CVE-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...)