thijs at alioth.debian.org
2008-Sep-28 16:15 UTC
[Secure-testing-commits] r9894 - data/CVE
Author: thijs
Date: 2008-09-28 16:15:38 +0000 (Sun, 28 Sep 2008)
New Revision: 9894
Modified:
data/CVE/list
Log:
php5 issues fixed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-09-28 14:40:12 UTC (rev 9893)
+++ data/CVE/list 2008-09-28 16:15:38 UTC (rev 9894)
@@ -1286,20 +1286,20 @@
CVE-2008-3661 (Drupal, probably 5.10 and 6.4, does not set the secure flag for
the ...)
TODO: check
CVE-2008-3660 (PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as a
...)
- - php5 <unfixed> (medium)
+ - php5 5.2.6-4 (medium)
- php4 <removed>
NOTE: *not* duplicate after all, needs review
NOTE:
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.57&r2=1.267.2.15.2.58&view=patch
CVE-2008-3659 (Buffer overflow in the memnstr function in PHP 4.4.x before
4.4.9 and ...)
- php4 <removed>
- - php5 <unfixed> (medium)
+ - php5 5.2.6-4 (medium)
NOTE: php5 -d memory_limit=256M -r ''$res =
explode(str_repeat("A",145999999),1);''
NOTE: (From upstream''s ext/standard/tests/strings/explode_bug.phpt)
NOTE: could not reproduce locally
NOTE: fix in pkg-php svn for both etch and sid
CVE-2008-3658 (Buffer overflow in the imageloadfont function in ext/gd/gd.c in
PHP ...)
- php4 <removed>
- - php5 <unfixed> (medium)
+ - php5 5.2.6-4 (medium)
NOTE: fix in pkg-php svn for both etch and sid
CVE-2008-3657 (The dl module in Ruby 1.8.5 and earlier, 1.8.6 through
1.8.6-p286, ...)
- ruby1.8 1.8.7.72-1 (bug #494401)