Author: jmm-guest Date: 2010-12-07 21:48:42 +0000 (Tue, 07 Dec 2010) New Revision: 15659 Modified: data/CVE/list Log: php5 fixed let awstats maints sort out the mess, bug filed Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-12-07 21:22:48 UTC (rev 15658) +++ data/CVE/list 2010-12-07 21:48:42 UTC (rev 15659) @@ -155,11 +155,11 @@ CVE-2010-XXXX [gnash: insecure temp files handling in configure script] - gnash <unfixed> (unimportant; bug #605419) CVE-2010-XXXX [php and NUL handling on file ops] - - php5 <unfixed> (low) + - php5 5.3.3-6 (low) NOTE: old, known, issue -- Pierre already requested an id NOTE: http://svn.php.net/viewvc?view=revision&revision=305507 CVE-2010-4409 (Integer overflow in the NumberFormatter::getSymbol (aka ...) - - php5 <unfixed> + - php5 5.3.3-6 [lenny] - php5 <not-affected> (intl extension included since 5.3) NOTE: http://www.kb.cert.org/vuls/id/479900 CVE-2010-4407 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) @@ -239,17 +239,14 @@ CVE-2010-4370 (Multiple integer overflows in the in_midi plugin in Winamp before 5.6 ...) NOT-FOR-US: Winamp CVE-2010-4369 (Directory traversal vulnerability in AWStats before 7.0 allows remote ...) - - awstats <unfixed> - TODO: check + - awstats <unfixed> (bug #606263) CVE-2010-4368 (awstats.cgi in AWStats before 7.0 on Windows accepts a configdir ...) - awstats <not-affected> (Windows-specific issue) NOTE: looks like it''s the same as CVE-2010-4367 CVE-2010-4367 (awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the ...) - - awstats <unfixed> - TODO: check + - awstats <unfixed> (bug #606263) CVE-2009-5020 (Open redirect vulnerability in awredir.pl in AWStats before 6.95 ...) - - awstats <unfixed> - TODO: check + - awstats 6.9.5~dfsg-1 CVE-2010-XXXX [ocrodjvu insecure temp files handling] - ocrodjvu 0.4.6-2 (low; bug #598134) CVE-2010-XXXX [hypermail XSS]