Author: jmm-guest
Date: 2007-04-26 21:30:15 +0000 (Thu, 26 Apr 2007)
New Revision: 5742
Modified:
data/CVE/list
Log:
record some php5 pre-release fixes for etch
remove some historical backport notes
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-04-26 21:24:49 UTC (rev 5741)
+++ data/CVE/list 2007-04-26 21:30:15 UTC (rev 5742)
@@ -3376,44 +3376,31 @@
CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers
to ...)
{DSA-1264-1}
- php5 5.2.0-9 (bug #410561; bug #410995; medium)
+ [etch] - php5 5.2.0-8+etch1
- php4 6:4.4.4-9
[etch] - php4 6:4.4.4-8+etch1
- NOTE: fix is believed to be isolated, needs verification and backporting:
- NOTE: see CVE-2007-0910_clobbering-superglobals.diff in
- NOTE: http://people.debian.org/~seanius/security/php
CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might
allow ...)
{DSA-1264-1}
- php5 5.2.0-9 (bug #410561; bug #410995; medium)
- - php4 6:4.4.4-9
+ [etch] - php5 5.2.0-8+etch1
+3A - php4 6:4.4.4-9
[etch] - php4 6:4.4.4-8+etch1
- NOTE: half of fix (odbc part) is found, still trying to dig out the
- NOTE: problems related to *print functions.
- NOTE: see CVE-2007-0910_clobbering-superglobals.diff in
- NOTE: http://people.debian.org/~seanius/security/php
- NOTE: other half is possibly CHECKME-printfstuff-maybecve.diff and
- NOTE: CHECKME-formattedprint-maybecve.diff and
- NOTE: CHECKME-main.c-precision-maybecve.diff in the same place.
CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before
5.2.1 and ...)
- php5 5.2.0-9 (unimportant)
- - php4 6:4.4.4-9 (unimportant)
+ [etch] - php5 5.2.0-8+etch1
+3A - php4 6:4.4.4-9 (unimportant)
NOTE: this extension is not enabled in the php packages
CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a
...)
{DSA-1264-1}
- php5 5.2.0-9 (bug #410561; bug #410995; medium)
- NOTE: fix found, needs testing/backporting. see:
- NOTE: CVE-2007-0907_sapi_header_op.diff in
- NOTE: http://people.debian.org/~seanius/security/php
+ [etch] - php5 5.2.0-8+etch1
CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to
cause ...)
{DSA-1264-1}
- NOTE: all fixes are believed to be found, though there''s still some
- NOTE: unrelated changes in some of the patches that need to be removed.
- NOTE: the list of changes to be sorted through are
- NOTE: available as CVE-2007-0906_N_description.diff at
- NOTE: http://people.debian.org/~seanius/security/php/
NOTE: (4) is a non-issue, as we don''t use the bundled sqlite
- php5 5.2.0-9 (bug #410561; bug #410995; medium)
- php4 6:4.4.4-9
[etch] - php4 6:4.4.4-8+etch1
+ [etch] - php5 5.2.0-8+etch1
CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and
open_basedir ...)
- php5 <unfixed> (bug #410561; bug #410995; unimportant)
NOTE: we normally don''t spend much time on safe_mode and open_basedir