thr3ads.net - Secure testing commits - [Secure-testing-commits] r13415

If this information is useful, please help other people find it:
Share via:
Raphael Geissert
2009-Dec-01 15:00 UTC
[Secure-testing-commits] r13415 - data/CVE

Author: geissert
Date: 2009-12-01 15:00:40 +0000 (Tue, 01 Dec 2009)
New Revision: 13415

Modified:
   data/CVE/list
Log:
mark php4 as removed in some unfixed issues


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-12-01 14:15:42 UTC (rev 13414)
+++ data/CVE/list	2009-12-01 15:00:40 UTC (rev 13415)
@@ -360,7 +360,7 @@
 CVE-2009-4017 (PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number
of ...)
 	{DSA-1940-1}
 	- php5 5.2.11.dfsg.1-2 (medium)
-	- php4 <unfixed> (medium)
+	- php4 <removed> (medium)
 	NOTE: workarounds include using 5.3.1 or php5-suhosin
 	NOTE: 4B068517.802 at acunetix.com on bugtraq explains it
 CVE-2009-3080 (Array index error in the gdth_read_event function in ...)
@@ -5576,7 +5576,7 @@
 CVE-2009-2687 (The exif_read_data function in the Exif module in PHP before
5.2.10 ...)
 	{DSA-1940-1}
 	- php5 5.2.10.dfsg.1-2 (low; bug #535888)
-	- php4 <unfixed> (low; bug #535897)
+	- php4 <removed> (low; bug #535897)
 	NOTE: 5.3.0 (in experimental) is not affected
 CVE-2009-XXXX [apache2: htaccess override]
 	- apache2 2.2.9-1 (low; bug #535886)
@@ -13616,7 +13616,7 @@
 CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7
and ...)
 	{DSA-1789-1}
 	- php5 <unfixed> (low; bug #523028)
-	- php4 <unfixed> (low; bug #523028)
+	- php4 <removed> (low; bug #523028)
 CVE-2008-5813 (SQL injection vulnerability in inc/rubriques.php in SPIP 1.8
before ...)
 	- spip 2.0.6-1
 CVE-2008-5812 (Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b,
1.9 ...)
@@ -27480,7 +27480,7 @@
 CVE-2008-0146 (Cross-site scripting (XSS) vulnerability in the error page in
W3-mSQL ...)
 	NOT-FOR-US: W3-mSQL
 CVE-2008-0145 (Unspecified vulnerability in glob in PHP before 4.4.8, when ...)
-	- php4 <unfixed> (unimportant)
+	- php4 <removed> (unimportant)
 	NOTE: open_basedir bypasses not supported
 CVE-2008-0144 (PHP remote file inclusion vulnerability in index.php in NetRisk
1.9.7 ...)
 	NOT-FOR-US: NetRisk
@@ -31537,7 +31537,7 @@
 CVE-2007-5425 (SQL injection vulnerability in admin/index.php in Interspire
ActiveKB ...)
 	NOT-FOR-US: ActiveKB NX
 CVE-2007-5424 (The disable_functions feature in PHP 4 and 5 allows attackers to
...)
-	- php4 <unfixed> (unimportant)
+	- php4 <removed> (unimportant)
 	- php5 <unfixed> (unimportant)
 	NOTE: if the function is blacklisted but not its alias it is a configuration
 	NOTE: issue of the site not a vulnerability in php
@@ -35234,7 +35234,7 @@
 	NOTE:
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.63&r2=1.445.2.14.2.64
 CVE-2007-3997 (The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8,
and PHP ...)
 	- php5 5.2.4-1 (unimportant)
-	- php4 <unfixed> (unimportant)
+	- php4 <removed> (unimportant)
 	NOTE: only exploitable by malicious script
 CVE-2007-3996 (Multiple integer overflows in libgd in PHP before 5.2.4 allow
remote ...)
 	{DSA-1613-1}
Secure testing commits - Dec 2009 - r13415 - data/CVE

[Secure-testing-commits] r13415 - data/CVE
