Author: thijs
Date: 2009-04-30 14:46:31 +0000 (Thu, 30 Apr 2009)
New Revision: 11745
Modified:
data/CVE/list
data/DTSA/list
Log:
updates for php5 issues, based on Sean''s info
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-04-29 21:14:15 UTC (rev 11744)
+++ data/CVE/list 2009-04-30 14:46:31 UTC (rev 11745)
@@ -648,6 +648,7 @@
- pam <not-affected> (we don''t compile pam with USE=ssh)
CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP
5.2.x ...)
- php5 5.2.6.dfsg.1-3
+ [etch] - php5 <not-affected> (this is caused by the fix for
CVE-2008-5658, which was not applied to php4)
- php4 <not-affected> (this is caused by the fix for CVE-2008-5658,
which was not applied to php4)
CVE-2009-1271 (The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x
before ...)
{DSA-1775-1}
@@ -12842,6 +12843,7 @@
CVE-2008-2829 (php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses
obsolete ...)
{DTSA-144-1}
- php5 5.2.6-2 (low)
+ [etch] - php5 <no-dsa> (Fix not feasible for etch, low priority issue)
NOTE: the fix sent to t-s and unstable does not seem possible in etch due to
NOTE: missing api features from the version of libc-client in etch.
CVE-2008-2826 (Integer overflow in the sctp_getsockopt_local_addrs_old function
in ...)
Modified: data/DTSA/list
==================================================================---
data/DTSA/list 2009-04-29 21:14:15 UTC (rev 11744)
+++ data/DTSA/list 2009-04-30 14:46:31 UTC (rev 11745)
@@ -561,7 +561,7 @@
{CVE-2009-0260 CVE-2009-0312}
[lenny] - moin 1.7.1-3+lenny1
[January 28th, 2009] DTSA-188-1 php5 - several vulnerabilities
- {CVE-2008-5658 CVE-2008-5557 CVE-2008-5624}
+ {CVE-2008-5658 CVE-2008-5557 CVE-2008-5624 CVE-2009-1272}
[lenny] - php5 5.2.6.dfsg.1-1+lenny2
[February 1st, 2009] DTSA-189-1 avahi - denial of service
{CVE-2008-5081}