thr3ads.net - Secure testing commits - [Secure-testing-commits] r3374

If this information is useful, please help other people find it:
Share via:

Florian Weimer

2006-Jan-26 13:09 UTC

[Secure-testing-commits] r3374 - data/CVE

Author: fw
Date: 2006-01-26 13:08:59 +0000 (Thu, 26 Jan 2006)
New Revision: 3374

Modified:
   data/CVE/list
Log:
ADOdb is in Debian after all

Note that other packages (such as Cacti) may include copies; with
p.d.o down I currently lack the infrastructure to check them.


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-01-26 10:59:18 UTC (rev 3373)
+++ data/CVE/list	2006-01-26 13:08:59 UTC (rev 3374)
@@ -47,7 +47,7 @@
 CVE-2006-0411 (claro_init_local.inc.php in Claroline 1.7.2 uses guessable
session ...)
 	TODO: check
 CVE-2006-0410 (SQL injection vulnerability in ADOdb before 4.71, when using
...)
-	TODO: check
+	- libphp-adodb <unfixed> (medium; bug #349985)
 CVE-2006-0409 (Cross-site scripting (XSS) vulnerability in index.php in
Pixelpost ...)
 	TODO: check
 CVE-2006-0408 (rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local
users ...)
@@ -655,9 +655,9 @@
 CVE-2006-0148 (NetSarang Xlpd 2.1 allows remote attackers to cause a denial of
...)
 	NOT-FOR-US: NetSarang Xlpd
 CVE-2006-0147 (Dynamic code evaluation vulnerability in tests/tmssql.php test
script ...)
-	NOT-FOR-US: ADOdb for PHP
+	- libphp-adodb <unfixed> (medium; bug #349985)
 CVE-2006-0146 (The server.php test script in ADOdb for PHP before 4.70, as used
in ...)
-	NOT-FOR-US: ADOdb for PHP
+	- libphp-adodb <unfixed> (medium; bug #349985)
 CVE-2006-0145 (The lseek system call in kernfs in NetBSD 1.6 through 2.1 does
not ...)
 	NOT-FOR-US: NetBSD
 CVE-2006-0144 (The proxy server feature in go-pear.php in PHP PEAR 0.2.2 allows
...)

Anthony DeRobertis

2006-Jan-26 13:39 UTC

head link

[Secure-testing-commits] r3374 - data/CVE

Florian Weimer wrote:
> Note that other packages (such as Cacti) may include copies; with
> p.d.o down I currently lack the infrastructure to check them.
Try packages.debian.net which seems to work (albeit a little slowly).

Also, in case that goes down / is out of date / whatever, most of the
information on p.d.o is available elsewhere.

For example, taking a random guess that you want to use the search by
filename feature, you can do that via:

$ wget http://http.us.debian.org/debian/dists/unstable/Contents-i386.gz
$ zgrep ''adodb-'' Contents-i386.gz |    \
      perl -ne ''m!/(\S+)$! and print "$1\n"'' | sort
-u

This gives:
egroupware-core
gallery2
libphp-adodb
moodle
opendb
phppgadmin
phpwiki
python2.3-adodb
python2.4-adodb
python-adodb


There are also several packages in the archive which can help (e.g.,
apt-file, auto-apt)

Hope this helps!

Secure testing commits - Jan 2006 - r3374 - data/CVE

[Secure-testing-commits] r3374 - data/CVE

[Secure-testing-commits] r3374 - data/CVE