[Secure-testing-commits] r7352 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Sun Nov 18 18:23:16 UTC 2007
Author: nion
Date: 2007-11-18 18:23:15 +0000 (Sun, 18 Nov 2007)
New Revision: 7352
Modified:
data/CVE/list
Log:
CVE-2007-5908, contacted mitre
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-11-18 17:01:41 UTC (rev 7351)
+++ data/CVE/list 2007-11-18 18:23:15 UTC (rev 7352)
@@ -251,8 +251,10 @@
CVE-2007-5909 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) ...)
NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others
CVE-2007-5908 (Buffer overflow in the (1) sysfs_show_available_clocksources and (2) ...)
- TODO: check
- NOTE: how can a user specify clocksource name values?
+ - linux-2.6 <unfixed> (unimportant)
+ NOTE: there is a list of possible clocksource names which consits of short enough names
+ NOTE: this is a bug in the kernel but not a security issue, there is no way for a user to
+ NOTE: exploit this, they can only chose an item from the list
CVE-2007-5907 (Xen 3.1.1 does not prevent modification of the CR4 TSC from ...)
- xen-3 <unfixed> (medium; bug #451626)
- xen-3.0 <unfixed>
More information about the Secure-testing-commits
mailing list