jmm-guest at alioth.debian.org
2007-May-19 10:42 UTC
[Secure-testing-commits] r5881 - in data: CVE DSA
Author: jmm-guest
Date: 2007-05-19 10:42:40 +0000 (Sat, 19 May 2007)
New Revision: 5881
Modified:
data/CVE/list
data/DSA/list
Log:
- php5 DSA
- no-dsa for file crash, will be fixed in a stable point update
- rewrite older php entry as unimportant instead of NFU, as php is present
in the archive
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-05-19 09:19:55 UTC (rev 5880)
+++ data/CVE/list 2007-05-19 10:42:40 UTC (rev 5881)
@@ -1507,9 +1507,8 @@
NOTE: Unrealistic attack vector, no evidence code injection is possible
CVE-2007-2026 (The gnu regular expression code in file 4.20 allows
context-dependent ...)
- file 4.20-6 (low)
+ [etch] - file <no-dsa> (Hardly any security impact)
[sarge] - file <not-affected> (version too old)
- [etch] - file <not-affected> (version too old)
- NOTE: This bug was introduced in file 4.20.
CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature
...)
- phpwiki <unfixed> (unknown)
CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature
...)
@@ -1803,7 +1802,9 @@
CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW
function ...)
NOT-FOR-US: Akamai
CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before
4.4.5 and ...)
- NOT-FOR-US: according to MOPB-43 not linux exploitable
+ - php4 <unfixed> (unimportant)
+ - php5 <unfixed> (unimportant)
+ NOTE: local code execution only, possibly only on FreeBSD
CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in
the ...)
{DSA-1283-1}
- php5 5.2.0-11 (medium)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2007-05-19 09:19:55 UTC (rev 5880)
+++ data/DSA/list 2007-05-19 10:42:40 UTC (rev 5881)
@@ -1,3 +1,6 @@
+[19 May 2007] DSA-1295-1 php5
+ {CVE-2007-2509 CVE-2007-2510}
+ [etch] - php5 5.2.0-8+etch4
[17 May 2007] DSA-1294-1 xfree86
{CVE-2007-1003 CVE-2007-1351 CVE-2007-1352 CVE-2007-1667}
[sarge] - xfree86 4.3.0.dfsg.1-14sarge4