Re: [Secure-testing-team] unrelated notes for CVE-2007-3163

To: debian-security-tracker@lists.debian.org
Subject: Re: [Secure-testing-team] unrelated notes for CVE-2007-3163
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 22 Oct 2007 18:10:19 +0200
Message-id: <[🔎] 20071022161019.GB3699@galadriel.inutil.org>
In-reply-to: <20071022130130.GD8884@ngolde.de>
References: <20071022130130.GD8884@ngolde.de>

(Replying to the correct list.)

On Mon, Oct 22, 2007 at 03:01:30PM +0200, Nico Golde wrote:
> Hi,
> CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in Frederico ...)
>     - moin 1.5.8-4.1 (unimportant; bug #429205)
>     - knowledgeroot 0.9.8.2-2 (unimportant; bug #429204)
>     - karrigell <unfixed> (unimportant; bug #429207)
>     NOTE: This is only exploitable on NTFS filesystems
>     NOTE: Given the state of Linux' NTFS support it seems highly unlikely
>     NOTE: and given the state of ext3/XFS highly stupid to run a Debian-based
>     NOTE: web server with NTFS
>     TODO: Check, whether NTFS on Linux is affected at all, I doubt so
> 
> The TODO and NOTES do not belong to this CVE but I don't want to remove them
> since they might be missing somewhere else. Anyone knows where they belong to?

No, they're alright, see the refs in the CVE entry.
 
Someone should package fckeditor and file bugs against all packages embedding it,
though.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: [Secure-testing-team] unrelated notes for CVE-2007-3163
  - From: Nico Golde <nico@ngolde.de>

Prev by Date: Re: New tracker inconsistencies
Next by Date: Re: [Secure-testing-team] unrelated notes for CVE-2007-3163
Previous by thread: Re: New tracker inconsistencies
Next by thread: Re: [Secure-testing-team] unrelated notes for CVE-2007-3163
Index(es):
- Date
- Thread