Author: geissert
Date: 2009-12-11 18:22:16 +0000 (Fri, 11 Dec 2009)
New Revision: 13512
Modified:
data/CVE/list
Log:
updates on the php-net-ping issue
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-12-11 05:48:01 UTC (rev 13511)
+++ data/CVE/list 2009-12-11 18:22:16 UTC (rev 13512)
@@ -534,11 +534,8 @@
CVE-2009-4025 (Argument injection vulnerability in the traceroute function in
...)
NOT-FOR-US: Net_Traceroute PEAR module
CVE-2009-4024 (Argument injection vulnerability in the ping function in
Ping.php in ...)
- - php-net-ping <unfixed>
- TODO: check
- NOTE: http://pear.php.net/advisory20091114-01.txt
- NOTE: the fix by upstream should be double checked,
- NOTE: escapeshellcmd might not be the most appropriate function either
+ - php-net-ping <unfixed> (medium)
+ NOTE: fix applied by upstream is incomplete, reported to oss-sec
CVE-2009-4111 (Argument injection vulnerability in Mail/sendmail.php in the
Mail ...)
{DSA-1938-1}
- php-mail 1.1.14-2 (medium; bug #557121)