thr3ads.net - Secure testing commits - [Secure-testing-commits] r4660

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Sep-01 15:33 UTC
[Secure-testing-commits] r4660 - data/CVE

Author: stef-guest
Date: 2006-09-01 15:32:35 +0000 (Fri, 01 Sep 2006)
New Revision: 4660

Modified:
   data/CVE/list
Log:
new php4 and php5

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-09-01 14:57:36 UTC (rev 4659)
+++ data/CVE/list	2006-09-01 15:32:35 UTC (rev 4660)
@@ -894,8 +894,8 @@
 CVE-2006-4021 (The cryptographic module in ScatterChat 1.0.x allows attackers
to ...)
 	TODO: check
 CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows
...)
-	- php5 <unfixed> (medium; bug #382256)
-	- php4 <unfixed> (medium; bug #382261)
+	- php5 5.1.6-1 (medium; bug #382256)
+	- php4 4:4.4.4-1 (medium; bug #382261)
 CVE-2006-4019 (Dynamic variable evaluation vulnerability in compose.php in ...)
 	{DSA-1154}
 	- squirrelmail 2:1.4.8-1
@@ -3120,10 +3120,10 @@
 	- php4 <unfixed> (medium)
 CVE-2006-3017 (zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3
and 5.x ...)
 	- php5 5.1.4-0.1 (medium)
-	- php4 <unfixed> (medium; bug #381998)
+	- php4 4:4.4.4-1 (medium; bug #381998)
 CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has
unknown ...)
 	- php5 5.1.4-0.1 (medium)
-	- php4 <unfixed> (medium; bug #382259)
+	- php4 4:4.4.4-1 (medium; bug #382259)
 CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328
allows ...)
 	NOT-FOR-US: WinSCP
 CVE-2006-3014 (Microsoft Excel allows user-assisted attackers to execute
arbitrary ...)
@@ -3133,8 +3133,8 @@
 CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0
Update 6 ...)
 	NOT-FOR-US: phpBannerExchange
 CVE-2006-3011 (The error_log function in basic_functions.c in PHP 5.1.4 and
4.4.2 ...)
-	- php4 <unfixed> (low)
-	- php5 <unfixed> (low)
+	- php4 4:4.4.4-1 (low)
+	- php5 5.1.6-1 (low)
 	[sarge] - php4 <no-dsa> (Safe mode not supported)
 	NOTE: only safe mode bypass
 CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP
...)
@@ -3985,8 +3985,8 @@
 	{DSA-1095-1}
 	- freetype 2.2.1-1 (medium)
 CVE-2006-2660 (Buffer consumption vulnerability in the tempnam function in PHP
5.1.4 ...)
-	- php4 <unfixed> (low)
-	- php5 <unfixed> (low)
+	- php4 4:4.4.4-1 (low)
+	- php5 5.1.6-1 (low)
 CVE-2006-2658
 	RESERVED
 CVE-2006-2657
@@ -4211,7 +4211,7 @@
 CVE-2006-2564 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
 	NOT-FOR-US: Alstrasoft Article Manager Pro
 CVE-2006-2563 (The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows
attackers to ...)
-	- php4 <unfixed> (bug #370166; low)
+	- php4 4:4.4.4-1 (bug #370166; low)
 	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
 	- php5 5.1.6-1 (bug #370165; low)
 CVE-2006-2562 (ZyXEL P-335WT router allows remote attackers to bypass access
...)
@@ -6532,7 +6532,7 @@
 CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA,
XFIT/S/ZGN, ...)
 	NOT-FOR-US: Hitachi XFIT
 CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local
users ...)
-	- php4 <unfixed> (bug #361856)
+	- php4 4:4.4.4-1 (bug #361856)
 	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
 	- php5 5.1.4-0.1 (bug #361915)
 CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS
before ...)
@@ -6676,7 +6676,7 @@
 CVE-2006-1551 (Eval injection vulnerability in pajax_call_dispatcher.php in
PAJAX ...)
 	NOT-FOR-US: PAJAX
 CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash
(segmentation ...)
-	- php4 <unfixed> (bug #361854; unimportant)
+	- php4 4:4.4.4-1 (bug #361854; unimportant)
 	- php5 5.1.4-0.1 (bug #361917; unimportant)
 	[sarge] - php4 <no-dsa> (there are easier ways to segfault your own
program)
 CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier,
and 7.0 ...)
@@ -6874,7 +6874,7 @@
 CVE-2006-1495 (SQL injection vulnerability in general/sendpassword.php in (1)
...)
 	NOT-FOR-US: PHPCollab / NetOffice
 CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and
5.1.2 ...)
-	- php4 <unfixed> (bug #361855)
+	- php4 4:4.4.4-1 (bug #361855)
 	- php5 5.1.4-0.1 (bug #361916)
 	[sarge] - php4 <no-dsa> (open_basedir violations not supported)
 CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer
XP ...)
@@ -8028,7 +8028,7 @@
 CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5
and ...)
 	NOT-FOR-US: Novell
 CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in
PHP ...)
-	- php4 <unfixed> (bug #361853; low)
+	- php4 4:4.4.4-1 (bug #361853; low)
 	- php5 5.1.4-0.1 (bug #361914)
 	[sarge] - php4 <no-dsa> (not worth an update)
 CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions
...)
Secure testing commits - Sep 2006 - r4660 - data/CVE

[Secure-testing-commits] r4660 - data/CVE
