Author: jmm-guest Date: 2006-10-29 11:08:17 +0100 (Sun, 29 Oct 2006) New Revision: 4893 Modified: data/CVE/list Log: php fixed no-dsa for contrib and non-free packages Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-10-28 19:14:21 UTC (rev 4892) +++ data/CVE/list 2006-10-29 10:08:17 UTC (rev 4893) @@ -284,6 +284,7 @@ NOT-FOR-US: Contenido CMS CVE-2006-5379 (The accelerated rendering functionality of NVIDIA Binary Graphics ...) - nvidia-graphics-drivers 1.0.8776-1 (bug #393573) + [sarge] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) CVE-2006-5378 (Unspecified vulnerability in JD Edwards HTML Server in JD Edwards ...) NOT-FOR-US: EnterpriseOne CVE-2006-5377 (Unspecified vulnerability in PeopleSoft component in Oracle PeopleSoft ...) @@ -382,6 +383,7 @@ RESERVED CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 for ...) - flashplugin-nonfree <unfixed> (medium) + [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported, only installer package) TODO: file bug when upstream fix is released CVE-2006-5329 RESERVED @@ -1469,7 +1471,7 @@ - linux-2.6 2.6.13-1 CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...) - php4 <not-affected> - - php5 <unfixed> (bug #391586) + - php5 5.1.6-5 (bug #391586) CVE-2006-4811 (Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 ...) - qt-x11-free 3:3.3.7-1 (bug #394192; bug #394313) - qt4-x11 4.2.1-1 (bug #394192)