[Secure-testing-commits] r6546 - data/CVE
fw at alioth.debian.org
fw at alioth.debian.org
Fri Sep 7 22:08:13 UTC 2007
Author: fw
Date: 2007-09-07 22:08:13 +0000 (Fri, 07 Sep 2007)
New Revision: 6546
Modified:
data/CVE/list
Log:
CVE-2007-4752: openssh
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-09-07 21:33:10 UTC (rev 6545)
+++ data/CVE/list 2007-09-07 22:08:13 UTC (rev 6546)
@@ -1,3 +1,11 @@
+CVE-2007-4752 [Unsafe fallback to trusted X11 cookie in openssh]
+ - openssh <unfixed> (low)
+ [etch] - openssh <no-dsa> (minor issue in weak security measure)
+ [sarge] - openssh <no-dsa> (minor issue in weak security measure)
+ NOTE: An exploit needs limited control over the machine running a
+ NOTE: trusted X client, so this is only a slight privilege
+ NOTE: escalation. The X Security extension is merely an afterthought
+ NOTE: and is unlikely to provide strong security guarantees.
CVE-2007-4748 (Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream ...)
NOT-FOR-US: PowerPlayer
CVE-2007-4747 (The telnet service in Cisco Video Surveillance IP Gateway ...)
More information about the Secure-testing-commits
mailing list