seanius at alioth.debian.org
2007-Sep-18 21:54 UTC
[Secure-testing-commits] r6637 - data/CVE
Author: seanius Date: 2007-09-18 21:54:35 +0000 (Tue, 18 Sep 2007) New Revision: 6637 Modified: data/CVE/list Log: CVE-2007-4840 is actually a libc6 bug, bugs reassigned and merged. Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-09-18 21:14:08 UTC (rev 6636) +++ data/CVE/list 2007-09-18 21:54:35 UTC (rev 6637) @@ -193,12 +193,10 @@ NOTE: this vulnerability is unspecified NOTE: likely affects only windows and Mac OS CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a ...) - - php5 <unfixed> (low; bug #442247) - - php4 <unfixed> (low; bug #442250) - NOTE: can be reproduced on etch, lenny and sid - NOTE: this might not be a vulnerability in most web server environments - NOTE: that support multiple threads, unless these issues can be demonstrated for - NOTE: code execution. + - libc6 <unfixed> (low; bug #442247) + NOTE: was originally reported as a php vulnerability, but is actually + NOTE: a problem with the libc iconv_* functions, which allocate copies + NOTE: of strings on the stack without first checking the size. CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...) NOT-FOR-US: IBM WebSphere CVE-2007-4838 (Multiple buffer overflows in CellFactor Revolution 1.03 and earlier ...)