[Secure-testing-commits] r7826 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Fri Jan 4 13:56:24 UTC 2008
Author: nion
Date: 2008-01-04 13:56:23 +0000 (Fri, 04 Jan 2008)
New Revision: 7826
Modified:
data/CVE/list
Log:
new issue: CVE-2007-6613 (libcdio)
CVE-2007-5970 does only affect mysql in experimental
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-01-04 13:19:27 UTC (rev 7825)
+++ data/CVE/list 2008-01-04 13:56:23 UTC (rev 7826)
@@ -230,7 +230,8 @@
CVE-2007-6614 (PHP remote file inclusion vulnerability in admin/frontpage_right.php ...)
NOT-FOR-US: Agares Media phpAutoVideo
CVE-2007-6613 (Stack-based buffer overflow in the print_iso9660_recurse function in ...)
- TODO: check
+ - libcdio <unfixed> (low; bug #459129)
+ NOTE: applications that use libcdio are not vulnerable, problem only lies in the info tool
CVE-2007-6610 (unp 1.0.12 does not properly escape file names, which might allow ...)
- unp 1.0.13 (bug #448437)
CVE-2007-6609 (Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function ...)
@@ -1798,7 +1799,10 @@
NOTE: Not exploitable in real-world circumstances:
NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5970 (MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote ...)
- - mysql-dfsg-5.0 <unfixed>
+ - mysql-dfsg-5.0 <not-affected> (Vulnerable code not present referring to maintainer)
+ - mysql-dfsg-4.1 <removed>
+ - mysql-dfsg <removed>
+ NOTE: version in experimental is affected by this
NOTE: the debian maintainers do not yet have access to this issue: http://lists.mysql.com/packagers/377
CVE-2007-5969 (MySQL Community Server before 5.0.51, when a table relies on symlinks ...)
- mysql-dfsg-5.0 5.0.45-4 (low; bug #455010)
More information about the Secure-testing-commits
mailing list