[Secure-testing-team] False positives from daily report
Julien Goodwin
julien.goodwin at strategicdata.com.au
Sat Jun 24 18:29:20 UTC 2006
CVE-2006-0146 The server.php test script in ADOdb for PHP before...
<http://idssi.enyo.de/tracker/CVE-2006-0146>
- cacti (remotely exploitable)
CVE-2006-0147 Dynamic code evaluation vulnerability in...
<http://idssi.enyo.de/tracker/CVE-2006-0147>
- cacti (remotely exploitable)
(on a fully updated etch system)
This should be listed as fixed for etch and sid as well from version
0.8.6d-1 (First version where adodb code removed from source tarball).
That, or your daily report script fixed not to show this.
Also:
CVE-2006-0456 kernel: strlen_user() DoS on s390
<http://idssi.enyo.de/tracker/CVE-2006-0456>
- linux-headers-2.6.15-1-686-smp, linux-image-2.6-686-smp,
linux-image-2.6.15-1-686-smp, linux-headers-2.6.15-1,
linux-headers-2.6-686-smp
Would be nice if arch-specific issues (rare as I'm sure they are) could
be hidden if appropriate.
Thanks,
Julien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060625/95a5239f/signature.pgp
More information about the Secure-testing-team
mailing list