joeyh at alioth.debian.org
2008-May-17 21:14 UTC
[Secure-testing-commits] r8828 - data/CVE
Author: joeyh
Date: 2008-05-17 21:14:17 +0000 (Sat, 17 May 2008)
New Revision: 8828
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-05-17 14:56:00 UTC (rev 8827)
+++ data/CVE/list 2008-05-17 21:14:17 UTC (rev 8828)
@@ -116,6 +116,7 @@
- xemacs21 <unfixed> (low; bug #480886)
- emacs21 <unfixed> (low; bug #480877)
CVE-2008-2147 (Untrusted search path vulnerability in VideoLAN VLC before 0.9.0
...)
+ {DTSA-132-1}
- vlc 0.8.6.e-2.2 (low; bug #480724)
NOTE: https://trac.videolan.org/vlc/ticket/1578
NOTE:
http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181
@@ -266,7 +267,7 @@
CVE-2008-2085 (Multiple stack-based buffer overflows in the (1)
get_remote_ip_media ...)
- sip-tester 2.0.1-1.2 (low; bug #479039)
CVE-2008-2051 (The escapeshellcmd API function in PHP before 5.2.6 has unknown
impact ...)
- {DSA-1572-1}
+ {DSA-1578-1 DSA-1572-1}
- php5 5.2.6-1
NOTE: http://www.php.net/ChangeLog-5.php
NOTE: http://www.sektioneins.de/advisories/SE-2008-03.txt
@@ -5209,7 +5210,7 @@
{DSA-1467-1}
- mantis 1.0.8-4 (low; bug #458377)
CVE-2007-6683 (The browser plugin in VideoLAN VLC 0.8.6d allows remote
attackers to ...)
- {DSA-1543-1}
+ {DSA-1543-1 DTSA-132-1}
- vlc 0.8.6.c-4.1 (medium; bug #458318)
- mozilla-browser-plugin 0.8.6.e-2.2 (bug #480370)
NOTE: the plugin is in the same srcpkg but has its own implementation for
VLCOPT
@@ -10850,7 +10851,7 @@
NOTE:
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641,
starting "Line 7667"
NOTE: limited format string vulnerability, the will be put into strfmon and
the format string chars are limited to i,n and %
CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5
before ...)
- {DSA-1444-1 DTSA-61-1}
+ {DSA-1578-1 DSA-1444-1 DTSA-61-1}
- php5 5.2.4-1 (unimportant)
- php4 <removed> (unimportant)
NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
@@ -12394,7 +12395,7 @@
- krb5 1.6.dfsg.1-7 (high)
[sarge] - krb5 <not-affected> (Vulnerable code not present)
CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before
5.2.4, ...)
- {DSA-1444-1 DTSA-61-1}
+ {DSA-1578-1 DSA-1444-1 DTSA-61-1}
- php5 5.2.4-1 (low)
- php4 <removed> (low)
NOTE: this applies to php4 as well
@@ -12838,7 +12839,7 @@
CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape
Forum ...)
NOT-FOR-US: SiteScape Forum
CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent
attackers to ...)
- {DSA-1572-1 DTSA-61-1}
+ {DSA-1578-1 DSA-1572-1 DTSA-61-1}
- php5 5.2.4-1 (medium; bug #441433)
- php4 <removed>
[etch] - php5 <no-dsa> (requires malicious script)
@@ -12857,7 +12858,7 @@
CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan)
component ...)
NOT-FOR-US: Symantec
CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7
and ...)
- {DSA-1444-1 DTSA-61-1}
+ {DSA-1578-1 DSA-1444-1 DTSA-61-1}
NOTE: this does not affect default installs, only those who have written
NOTE: custom session handlers (which isn''t *that* uncommon though),
and
NOTE: also may not work if other cookie values are set.