Author: neilm Date: 2005-11-06 21:46:41 +0000 (Sun, 06 Nov 2005) New Revision: 2680 Modified: data/CVE/list Log: News from our local friendly php developer - this''ll be fixed in 5.1 Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-11-06 14:44:51 UTC (rev 2679) +++ data/CVE/list 2005-11-06 21:46:41 UTC (rev 2680) @@ -216,6 +216,7 @@ - php4 <unfixed> (bug #336645; low) - php5 <unfixed> (bug #336654; low) NOTE: http://www.hardened-php.net/advisory_182005.77.html + NOTE: fixed in CVS, estimated release of PHP5.1 to fix this issue CVE-2005-3387 (The startup script in packages/RedHat/ntop.init in ntop before 3.2, ...) - ntop <not-affected> (Red Hat specific packaging flaw) CVE-2005-3386 (SQL injection vulnerability in Techno Dreams Web Directory script ...) @@ -4890,6 +4891,7 @@ NOTE: php function that displays the PHP logo and version information. In the bug NOTE: log the developers seem unwilling to fix this, as it only affects a debug NOTE: function. + NOTE: fixed in CVS, estimated release of PHP5.1 to fix this issue - php4 <unfixed> (bug #336645; low) - php5 <unfixed> (bug #336654; low) CVE-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant ...)