Author: jmm-guest Date: 2006-02-20 14:05:51 +0000 (Mon, 20 Feb 2006) New Revision: 3517 Modified: data/CVE/list Log: pybloxsom not vulnerable in Sarge some updates on PHP Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-02-20 13:17:03 UTC (rev 3516) +++ data/CVE/list 2006-02-20 14:05:51 UTC (rev 3517) @@ -62,6 +62,7 @@ NOT-FOR-US: Winamp CVE-2006-0707 (PyBlosxom before 1.3.2, when running on certain webservers, allows ...) - pyblosxom 1.3.2-1 (high) + [sarge] - pyblosxom <not-affected> (Vulnerable path handling code not present) CVE-2006-0706 (Cross-site scripting vulnerability in eintrag.php in Gästebuch ...) NOT-FOR-US: Gaestebuch CVE-2006-0705 (Format string vulnerability in a logging function as used by various ...) @@ -1305,9 +1306,13 @@ CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 5.1.1, when ...) - php5 5.1.2-1 - php4 4:4.4.2-1 + NOTE: html_errors shouldn''t be used, probably no-dsa CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow ...) - php5 5.1.2-1 - php4 4:4.4.2-1 + NOTE: According to Hardened PHP advisory PHP4 isn''t affected, but upstream changelog + NOTE: is a bit ambigious, if might be affected after all + TODO: Ping maintainers, Hardened PHP or upstream CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 ...) NOT-FOR-US: Light Weight Calendar CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote ...)