Author: geissert Date: 2009-08-11 00:57:23 +0000 (Tue, 11 Aug 2009) New Revision: 12559 Modified: data/CVE/list Log: Add some info regarding the recent php issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-08-10 23:59:52 UTC (rev 12558) +++ data/CVE/list 2009-08-11 00:57:23 UTC (rev 12559) @@ -71,11 +71,12 @@ - xscreensaver <unfixed> (low; bug #539699) TODO: request CVE id CVE-2009-XXXX [php5: remote information disclosure] - - php5 <unfixed> (medium; bug #540605) - TODO: determine affected versions + - php5 <unfixed> (low; bug #540605) + TODO: check php4 + NOTE: requires the script itself to set and then restore a config var CVE-2009-XXXX [php5: ''open_basedir'' bypass] - - php5 <unfixed> (low; bug #540606) - NOTE: supposedly only affects 5.3.0 + - php5 <unfixed> (unimportant; bug #540606) + NOTE: only affects 5.3.0 in experimental, open_basedir unsupported CVE-2009-XXXX [linux-2.6: do_nanosleep() null pointer dereference] - linux-2.6 <unfixed> (medium) [etch] - linux-2.6 <not-affected> (introduced in 2.6.28)