joeyh at alioth.debian.org
2008-Jan-03 21:14 UTC
[Secure-testing-commits] r7806 - data/CVE
Author: joeyh
Date: 2008-01-03 21:14:08 +0000 (Thu, 03 Jan 2008)
New Revision: 7806
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-01-03 21:11:27 UTC (rev 7805)
+++ data/CVE/list 2008-01-03 21:14:08 UTC (rev 7806)
@@ -106,6 +106,7 @@
CVE-2007-6563 (Heap-based buffer overflow in WinAce 2.65 and earlier, and
possibly ...)
NOT-FOR-US: WinAce
CVE-2007-6562 (Multiple stack-based buffer overflows in the use of FD_SET in
TCPreen ...)
+ {DSA-1443-1}
- tcpreen 1.4.3-0.3 (medium; bug #457781)
CVE-2007-6561 (Multiple stack-based buffer overflows in PDFLib allow
user-assisted ...)
NOT-FOR-US: PDFLib
@@ -1760,10 +1761,12 @@
NOTE: http://bugs.php.net/bug.php?id=41561
NOTE: having trouble fetching the diffs for this...
CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5 rewrites
local ...)
+ {DSA-1444-1}
- php5 <unfixed> (bug #453295)
NOTE:
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/url_scanner_ex.re?r1=1.76.2.2.2.1&r2=1.76.2.2.2.2&view=patch
NOTE: fixed in php5/etch svn
CVE-2007-5898 (The (1) htmlentities and (2) htmlspecialchars functions in PHP
before ...)
+ {DSA-1444-1}
- php5 <unfixed> (bug #453295)
NOTE:
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.14&r2=1.111.2.2.2.15&view=patch
NOTE: fixed in php5/etch svn
@@ -5575,7 +5578,7 @@
- php5 <unfixed> (unimportant)
NOTE: open_basedir not supported
CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP
before ...)
- {DTSA-61-1}
+ {DSA-1444-1 DTSA-61-1}
- php5 5.2.4-1
NOTE: fixed in php5/etch svn
NOTE: fix is at
http://cvs.php.net/viewcvs.cgi/php-src/ext/openssl/openssl.c?r1=1.146&r2=1.147
@@ -5584,23 +5587,23 @@
NOTE: This CVE refers to an incomplete fix for CVE-2007-2872, an issue only
NOTE: triggerable by malicious script
CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP
before ...)
- {DTSA-61-1}
+ {DSA-1444-1 DTSA-61-1}
- php5 5.2.4-1
NOTE: fixed in php5/etch svn
NOTE:
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.60&r2=1.445.2.14.2.61&pathrev=PHP_5_2
NOTE:
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.61&r2=1.445.2.14.2.62&pathrev=PHP_5_2
CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not
...)
- {DTSA-61-1}
+ {DSA-1444-1 DTSA-61-1}
- php5 5.2.4-1
NOTE: fixed in php5/etch svn
CVE-2007-4658 (The money_format function in PHP before 5.2.4 permits multiple
(1) %i ...)
- {DTSA-61-1}
+ {DSA-1444-1 DTSA-61-1}
- php5 5.2.4-1 (low)
NOTE: fixed in php5/etch svn
NOTE:
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641,
starting "Line 7667"
NOTE: limited format string vulnerability, the will be put into strfmon and
the format string chars are limited to i,n and %
CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5
before ...)
- {DTSA-61-1}
+ {DSA-1444-1 DTSA-61-1}
- php5 5.2.4-1
- php4 <removed>
NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
@@ -7118,7 +7121,7 @@
- krb5 1.6.dfsg.1-7 (high)
[sarge] - krb5 <not-affected> (Vulnerable code not present)
CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before
5.2.4, ...)
- {DTSA-61-1}
+ {DSA-1444-1 DTSA-61-1}
- php5 5.2.4-1 (low)
- php4 <removed> (low)
NOTE: this applies to php4 as well
@@ -7575,7 +7578,7 @@
CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan)
component ...)
NOT-FOR-US: Symantec
CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7
and ...)
- {DTSA-61-1}
+ {DSA-1444-1 DTSA-61-1}
NOTE: this does not affect default installs, only those who have written
NOTE: custom session handlers (which isn''t *that* uncommon though),
and
NOTE: also may not work if other cookie values are set.