white at alioth.debian.org
2007-Oct-01 13:04 UTC
[Secure-testing-commits] r6752 - data/CVE
Author: white Date: 2007-10-01 13:04:55 +0000 (Mon, 01 Oct 2007) New Revision: 6752 Modified: data/CVE/list Log: php5: CVE-2007-3998 fixed in sid, patch should be ready for etch and lenny Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-10-01 12:33:30 UTC (rev 6751) +++ data/CVE/list 2007-10-01 13:04:55 UTC (rev 6752) @@ -2525,7 +2525,7 @@ - krb5 1.6.dfsg.1-7 (high) [sarge] - krb5 <not-affected> (Vulnerable code not present) CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, ...) - - php5 <unfixed> + - php5 5.2.4-1 (medium) NOTE: i think it is medium since it can be easily used to DoS on shared hosting systems NOTE: a diff between 5.2.3 (debian) and 5.2.4 (upstream) of ext/standard/string.c NOTE: so maybe this is already fixed in 5.2.3, not sure