jmm-guest at alioth.debian.org
2007-May-20 20:55 UTC
[Secure-testing-commits] r5890 - data/CVE
Author: jmm-guest
Date: 2007-05-20 20:55:07 +0000 (Sun, 20 May 2007)
New Revision: 5890
Modified:
data/CVE/list
Log:
two php issues don''t affect us, as the extension are not built
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-05-20 19:19:45 UTC (rev 5889)
+++ data/CVE/list 2007-05-20 20:55:07 UTC (rev 5890)
@@ -2857,7 +2857,7 @@
{DSA-1283-1}
- php5 5.2.0-11 (medium)
CVE-2007-1452 (The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not
implement ...)
- - php5 <unfixed> (low)
+ - php5 <not-affected> (cpdf extension not enabled in binary build)
CVE-2007-1451 (GuppY 4.0 allows remote attackers to delete arbitrary files via
a ...)
NOT-FOR-US: GuppY
CVE-2007-1450 (SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and
...)
@@ -2970,8 +2970,8 @@
- php5 <unfixed> (unimportant)
NOTE: Only triggerable by malicious script
CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP
4.4.6 ...)
- - php4 <unfixed>
- - php5 <unfixed>
+ - php4 <not-affected> (cpdf extension not enabled in binary build)
+ - php5 <not-affected> (cpdf extension not enabled in binary build)
CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5
...)
TODO: check
NOTE: Haven''t been able to reproduce the issue in either php4 or php5