[Secure-testing-commits] r7826 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Fri Jan 4 13:56:24 UTC 2008


Author: nion
Date: 2008-01-04 13:56:23 +0000 (Fri, 04 Jan 2008)
New Revision: 7826

Modified:
   data/CVE/list
Log:
new issue: CVE-2007-6613 (libcdio)
CVE-2007-5970 does only affect mysql in experimental


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-01-04 13:19:27 UTC (rev 7825)
+++ data/CVE/list	2008-01-04 13:56:23 UTC (rev 7826)
@@ -230,7 +230,8 @@
 CVE-2007-6614 (PHP remote file inclusion vulnerability in admin/frontpage_right.php ...)
 	NOT-FOR-US: Agares Media phpAutoVideo
 CVE-2007-6613 (Stack-based buffer overflow in the print_iso9660_recurse function in ...)
-	TODO: check
+	- libcdio <unfixed> (low; bug #459129)
+	NOTE: applications that use libcdio are not vulnerable, problem only lies in the info tool
 CVE-2007-6610 (unp 1.0.12 does not properly escape file names, which might allow ...)
 	- unp 1.0.13 (bug #448437)
 CVE-2007-6609 (Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function ...)
@@ -1798,7 +1799,10 @@
 	NOTE: Not exploitable in real-world circumstances:
 	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
 CVE-2007-5970 (MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote ...)
-	- mysql-dfsg-5.0 <unfixed>
+	- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present referring to maintainer)
+	- mysql-dfsg-4.1 <removed>
+	- mysql-dfsg <removed>
+	NOTE: version in experimental is affected by this
 	NOTE: the debian maintainers do not yet have access to this issue: http://lists.mysql.com/packagers/377
 CVE-2007-5969 (MySQL Community Server before 5.0.51, when a table relies on symlinks ...)
 	- mysql-dfsg-5.0 5.0.45-4 (low; bug #455010)




More information about the Secure-testing-commits mailing list