[Secure-testing-commits] r6987 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Tue Oct 16 21:13:52 UTC 2007 

Author: jmm-guest
Date: 2007-10-16 21:13:51 +0000 (Tue, 16 Oct 2007)
New Revision: 6987

Modified:
   data/CVE/list
Log:
- fix syntax for rejected entry
- openssh information leak is still a minor issue
- rewrite SuSE packaging flaws entry


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-16 21:11:28 UTC (rev 6986)
+++ data/CVE/list	2007-10-16 21:13:51 UTC (rev 6987)
@@ -78,7 +78,6 @@
 	NOT-FOR-US: Solaris Auditing
 CVE-2007-5421
 	REJECTED
-	NOT-FOR-US: Cisco
 CVE-2007-5420 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote ...)
 	NOT-FOR-US: 3Com 3CRWER100-75
 CVE-2007-5419 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an ...)
@@ -7710,7 +7709,7 @@
 CVE-2007-2244 (Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator ...)
 	NOT-FOR-US: Adobe Photoshop
 CVE-2007-2243 (OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is ...)
-	- openssh <unfixed> (bug #436571; unimportant)
+	- openssh <unfixed> (bug #436571; low)
 	[etch] - openssh <no-dsa> (Minor issue)
 	[sarge] - openssh <no-dsa> (Minor issue)
 CVE-2007-2242 (The IPv6 protocol allows remote attackers to cause a denial of service ...)
@@ -24683,14 +24682,9 @@
 CVE-2006-2019 (Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows ...)
 	NOT-FOR-US: Apple
 CVE-2005-4791 (Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 ...)
-	- liferea <unfixed> (unimportant)
-	- banshee <unfixed> (unimportant)
-	NOTE: unlikly to be exploitable, the path is checked from left to right
+	NOT-FOR-US: SuSE-specific packaging flaws
 CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and ...)
-	- tomboy <unfixed> (unimportant)
-	- blam <unfixed> (unimportant)
-	- beagle <unfixed> (unimportant)
-	NOTE: unlikly to be exploitable, the path is checked from left to right
+	NOT-FOR-US: SuSE-specific packaging flaws
 CVE-2005-4789 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...)
 	- resmgr <not-affected>
 CVE-2005-4788 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...)

More information about the Secure-testing-commits mailing list