seanius at alioth.debian.org
2007-Jul-08 22:23 UTC
[Secure-testing-commits] r6120 - data/CVE
Author: seanius
Date: 2007-07-08 22:23:17 +0000 (Sun, 08 Jul 2007)
New Revision: 6120
Modified:
data/CVE/list
Log:
DSAs for php issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-07-08 20:25:16 UTC (rev 6119)
+++ data/CVE/list 2007-07-08 22:23:17 UTC (rev 6120)
@@ -3749,6 +3749,7 @@
CVE-2007-1865
RESERVED
CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before
4.4.7, ...)
+ {DSA-1330-1 DSA-1331-1}
- php4 <unfixed>
- php5 5.2.2-1
CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server
(httpd), ...)
@@ -4897,6 +4898,7 @@
CVE-2007-1400 (Plash permits sandboxed processes to open /dev/tty, which allows
local ...)
NOT-FOR-US: Plash
CVE-2007-1399 (Stack-based buffer overflow in the zip:// URL wrapper in PECL
ZIP ...)
+ {DSA-1330-1}
- php5 5.2.2-1 (medium)
CVE-2007-1398 (The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0
beta, when ...)
- snort <not-affected> (Vulnerable code not present)
@@ -14124,6 +14126,7 @@
CVE-2006-4487 (DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the
web ...)
NOT-FOR-US: DUpoll
CVE-2006-4486 (Integer overflow in memory allocation routines in PHP before
5.1.6, ...)
+ {DSA-1331-1}
- php5 5.1.6-1
- php4 4:4.4.4-1
CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and
attack ...)
@@ -24362,9 +24365,9 @@
- php4 4:4.4.2-1 (bug #354682; low)
[sarge] - php4 <no-dsa> (html_errors shouldn''t be used)
CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1
allow ...)
+ {DSA-1331-1}
- php5 5.1.2-1
- php4 4:4.4.2-1 (bug #354683)
- NOTE: the second part (header function) affects also php4
CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0
...)
NOT-FOR-US: Light Weight Calendar
CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow
remote ...)