seanius at alioth.debian.org
2007-Aug-23 22:36 UTC
[Secure-testing-commits] r6384 - data/CVE
Author: seanius
Date: 2007-08-23 22:36:54 +0000 (Thu, 23 Aug 2007)
New Revision: 6384
Modified:
data/CVE/list
Log:
notes on CVE-2007-3799 (php4/php5 session/cookie injection).
low severity, fix found.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-08-23 21:08:14 UTC (rev 6383)
+++ data/CVE/list 2007-08-23 22:36:54 UTC (rev 6384)
@@ -1426,8 +1426,13 @@
CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan)
component ...)
NOT-FOR-US: Symantec
CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7
and ...)
- - php4 <unfixed>
- - php5 <unfixed>
+ NOTE: this does not affect default installs, only those who have written
+ NOTE: custom session handlers (which isn''t *that* uncommon though),
and
+ NOTE: also may not work if other cookie values are set.
+ NOTE: fix sneaked into php 5.2.3 sans-mention:
+ NOTE:
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.36&r2=1.417.2.8.2.37&pathrev=PHP_5_2
+ - php4 <unfixed> (low)
+ - php5 <unfixed> (low)
CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump
3.9.6 ...)
{DSA-1353-1}
- tcpdump 3.9.5-3 (bug #434030)