[Secure-testing-team] unrelated notes for CVE-2007-3163
Nico Golde
debian-secure-testing+ml at ngolde.de
Mon Oct 22 13:01:30 UTC 2007
Hi,
CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in Frederico ...)
- moin 1.5.8-4.1 (unimportant; bug #429205)
- knowledgeroot 0.9.8.2-2 (unimportant; bug #429204)
- karrigell <unfixed> (unimportant; bug #429207)
NOTE: This is only exploitable on NTFS filesystems
NOTE: Given the state of Linux' NTFS support it seems highly unlikely
NOTE: and given the state of ext3/XFS highly stupid to run a Debian-based
NOTE: web server with NTFS
TODO: Check, whether NTFS on Linux is affected at all, I doubt so
The TODO and NOTES do not belong to this CVE but I don't want to remove them
since they might be missing somewhere else. Anyone knows where they belong to?
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20071022/2b2ec1d8/attachment.pgp
More information about the Secure-testing-team
mailing list