Author: jmm-guest
Date: 2006-01-18 17:25:08 +0000 (Wed, 18 Jan 2006)
New Revision: 3318
Modified:
data/CVE/list
Log:
php4 fixed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-18 09:15:37 UTC (rev 3317)
+++ data/CVE/list 2006-01-18 17:25:08 UTC (rev 3318)
@@ -30,8 +30,10 @@
TODO: check
CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 5.1.1
allow ...)
- php5 5.1.2-1
+ - php4 4:4.4.2-1
CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1
allow ...)
- php5 5.1.2-1
+ - php4 4:4.4.2-1
CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0
...)
TODO: check
CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow
remote ...)
@@ -235,7 +237,7 @@
CVE-2005-4640 (SQL injection vulnerability in index.php in class-1 Poll
Software 0.4 ...)
NOT-FOR-US: class-1 Poll
CVE-2005-4639 (Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST ...)
- NOT-FOR-US: TwinHan DST
+ - linux-2.6 2.6.15-1 (low)
CVE-2005-4638 (index.php in Kayako SupportSuite 3.00.26 and earlier allow
remote ...)
NOT-FOR-US: Kayako SupportSuite
CVE-2005-4637 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
@@ -2213,7 +2215,7 @@
CVE-2005-3884 (Multiple SQL injection vulnerabilities in the search action in
Zainu ...)
NOT-FOR-US: Zaimu
CVE-2005-3883 (CRLF injection vulnerability in the mb_send_mail function in PHP
...)
- - php4 <unfixed> (bug #341726; medium)
+ - php4 4:4.4.2-1 (bug #341726; medium)
- php5 5.1.1-1 (bug #341368; medium)
CVE-2005-3882 (SQL injection vulnerability in answer.php in FAQSystems FAQRing
...)
NOT-FOR-US: FAQRing Knowledge Base
@@ -3773,27 +3775,27 @@
{DSA-885-1}
- openvpn 2.0.5-1 (bug #336751; medium)
CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the
virtual ...)
- - php4 <unfixed> (bug #336645; low)
+ - php4 4:4.4.2-1 (bug #336645; low)
- php5 5.1.1-1 (bug #336654; low)
NOTE: According to CVE, this is a safe mode violation,
NOTE: therefore low impact. (According to SuSE, it''s an
NOTE: information leak.)
CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote
attackers to ...)
- - php4 <unfixed> (bug #336645; low)
+ - php4 4:4.4.2-1 (bug #336645; low)
- php5 5.1.1-1 (bug #336654; low)
NOTE: This is a safe mode violation, therefore low impact.
CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x
up to ...)
- - php4 <unfixed> (bug #336645; high)
+ - php4 4:4.4.2-1 (bug #336645; low)
- php5 5.1.1-1 (bug #336654; high)
NOTE: http://www.hardened-php.net/advisory_202005.79.html
NOTE: http://www.hardened-php.net/globals-problem
CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to
5.0.5, ...)
- - php4 <unfixed> (bug #336645; low)
+ - php4 4:4.4.2-1 (bug #336645; low)
- php5 5.1.1-1 (bug #336654; low)
NOTE: http://www.hardened-php.net/advisory_192005.78.html
CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function
in ...)
{CVE-2002-1954}
- - php4 <unfixed> (bug #336645; low)
+ - php4 4:4.4.2-1 (bug #336645; low)
- php5 5.1.1-1 (bug #336654; low)
NOTE: http://www.hardened-php.net/advisory_182005.77.html
NOTE: fixed in CVS, estimated release of PHP5.1 to fix this issue
@@ -3873,7 +3875,7 @@
- sylpheed-claws 1.0.5-2 (bug #338436; medium)
- sylpheed-claws-gtk2 1.9.100-1 (bug #339529; medium)
CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before
4.4.1 ...)
- - php4 <unfixed> (bug #339577; medium)
+ - php4 4:4.4.2-1 (bug #339577; medium)
- php5 5.1.1-1 (bug #336654; medium)
CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module
of ...)
- apache 1.3.34-2 (bug #343466; low)
@@ -3989,7 +3991,7 @@
CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain
Manager ...)
NOT-FOR-US: SiteTurn Domain Manager
CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module
...)
- - php4 <unfixed> (bug #336004; low)
+ - php4 4:4.4.2-1 (bug #336004; low)
- php5 5.1.1-1 (bug #336005; low)
CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM lib
...)
{DSA-886-1}