Moritz Muehlenhoff
2006-Nov-11 15:12 UTC
[Secure-testing-commits] r4953 - in data: CVE DSA
Author: jmm-guest
Date: 2006-11-11 15:12:03 +0100 (Sat, 11 Nov 2006)
New Revision: 4953
Modified:
data/CVE/list
data/DSA/list
Log:
bugzilla fixed (thanks to Maulkin)
mark open_basedir violations als unimportant, now that we have a documented PHP
security policy
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-11-11 11:16:26 UTC (rev 4952)
+++ data/CVE/list 2006-11-11 14:12:03 UTC (rev 4953)
@@ -227,9 +227,9 @@
CVE-2006-5707 (SQL injection vulnerability in index.php in PHPEasyData Pro
1.4.1 and ...)
NOT-FOR-US: PHPEasyData
CVE-2006-5706 (Unspecified vulnerabilities in PHP, probably before 5.2.0, allow
local ...)
- - php5 5.2.0-1
- - php4 <unfixed> (low)
- [sarge] - php4 <no-dsa> (open_basedir not supported)
+ - php5 5.2.0-1 (unimportant)
+ - php4 <unfixed> (unimportant)
+ NOTE: lack of basedir restrictions are not security-relevant by Debian PHP
security policy
CVE-2006-5705 (Directory traversal vulnerability in plugins/wp-db-backup.php in
...)
- wordpress 2.0.5-0.1
CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security
T6533G06 ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-11-11 11:16:26 UTC (rev 4952)
+++ data/DSA/list 2006-11-11 14:12:03 UTC (rev 4953)
@@ -1,3 +1,6 @@
+[11 Nov 2006] DSA-1208-1 bugzilla
+ {CVE-2005-4534 CVE-2006-5453}
+ [sarge] - bugzilla 2.16.7-7sarge2
[09 Nov 2006] DSA-1207-1 phpmyadmin
{CVE-2006-1678 CVE-2006-2418 CVE-2005-3621 CVE-2005-3665 CVE-2006-5116}
[sarge] - phpmyadmin 4:2.6.2-3sarge2