Author: nion
Date: 2007-09-09 19:31:41 +0000 (Sun, 09 Sep 2007)
New Revision: 6554
Modified:
data/CVE/list
Log:
informed maintainer for CVE-2007-2519, CVE-2007-3799 and CVE-2007-3806
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-09-09 19:14:33 UTC (rev 6553)
+++ data/CVE/list 2007-09-09 19:31:41 UTC (rev 6554)
@@ -2069,7 +2069,7 @@
CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape
Forum ...)
NOT-FOR-US: SiteScape Forum
CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent
attackers to ...)
- - php5 <unfixed>
+ - php5 <unfixed> (medium; bug #441433)
- php4 <removed>
[etch] - php5 <no-dsa> (requires malicious script)
[etch] - php4 <no-dsa> (requires malicious script)
@@ -2093,7 +2093,7 @@
NOTE: fix sneaked into php 5.2.3 sans-mention:
NOTE:
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.36&r2=1.417.2.8.2.37&pathrev=PHP_5_2
- php4 <unfixed> (low)
- - php5 <unfixed> (low)
+ - php5 <unfixed> (low; bug #441433)
CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump
3.9.6 ...)
{DSA-1353-1}
- tcpdump 3.9.5-3 (bug #434030)
@@ -5136,7 +5136,7 @@
CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when
...)
NOT-FOR-US: MyNews
CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0
through ...)
- - php5 <unfixed> (low)
+ - php5 <unfixed> (low; bug #441433)
- php4 <removed> (low)
[sarge] - php5 <no-dsa> (minor issue)
[sarge] - php4 <no-dsa> (minor issue)