thr3ads.net - Secure testing commits - [Secure-testing-commits] r6755

If this information is useful, please help other people find it:
Share via:

white at alioth.debian.org

2007-Oct-01 13:44 UTC

[Secure-testing-commits] r6755 - data/CVE

Author: white
Date: 2007-10-01 13:44:18 +0000 (Mon, 01 Oct 2007)
New Revision: 6755

Modified:
   data/CVE/list
Log:
php5: CVE-2007-4657 fixed in sid, lenny should be covered by next DTSA, please
recheck etch

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-01 13:31:48 UTC (rev 6754)
+++ data/CVE/list	2007-10-01 13:44:18 UTC (rev 6755)
@@ -1063,9 +1063,11 @@
 	NOTE:
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641,
starting "Line 7667"
 	NOTE: limited format string vulnerability, the will be put into strfmon and
the format string chars are limited to i,n and %
 CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5
before ...)
-	- php5 <unfixed>
+	- php5 5.2.4-1
 	- php4 <removed>
 	NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
+	TODO: Please recheck php5/etch, the patch does not seem to be included in the
lenny version
+	NOTE:
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641
 CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides
the FTP ...)
 	- backup-manager 0.7.6-3 (bug #439392)
 CVE-2007-4655 (Multiple directory traversal vulnerabilities in CGI RESCUE
Shopping ...)

Secure testing commits - Oct 2007 - r6755 - data/CVE

[Secure-testing-commits] r6755 - data/CVE