Author: nion Date: 2007-09-14 12:03:41 +0000 (Fri, 14 Sep 2007) New Revision: 6608 Modified: data/CVE/list Log: CVE-2007-4849,CVE-2007-4840,CVE-2007-4828 maintainer informed Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-09-13 22:01:40 UTC (rev 6607) +++ data/CVE/list 2007-09-14 12:03:41 UTC (rev 6608) @@ -1,7 +1,8 @@ CVE-2007-4850 RESERVED CVE-2007-4849 (JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly ...) - - linux-2.6 <unfixed> + - linux-2.6 <unfixed> (bug #442245; low) + TODO: check 2.4 kernel CVE-2007-4848 (Microsoft Internet Explorer 4.0 through 7 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-4847 (Google Picasa allows remote attackers to read image files stored by ...) @@ -20,8 +21,8 @@ TODO: check NOTE: this vulnerability is unspecified CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a ...) - - php5 <unfixed> (low) - - php4 <unfixed> (low) + - php5 <unfixed> (low; bug #442247) + - php4 <unfixed> (low; bug #442250) NOTE: can be reproduced on etch, lenny and sid NOTE: this might not be a vulnerability in most web server environments NOTE: that support multiple threads, unless these issues can be demonstrated for @@ -49,7 +50,7 @@ CVE-2007-4829 RESERVED CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API pretty-printing ...) - - mediawiki <unfixed> (low) + - mediawiki <unfixed> (low; bug #442255) [etch] - mediawiki <not-affected> (Does not include the vulnerable code) CVE-2007-4827 RESERVED