jmm-guest at alioth.debian.org
2007-Sep-14 17:31 UTC
[Secure-testing-commits] r6610 - data/CVE
Author: jmm-guest Date: 2007-09-14 17:31:11 +0000 (Fri, 14 Sep 2007) New Revision: 6610 Modified: data/CVE/list Log: PHP non-issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-09-14 13:49:44 UTC (rev 6609) +++ data/CVE/list 2007-09-14 17:31:11 UTC (rev 6610) @@ -143,11 +143,14 @@ CVE-2007-4785 (Sony Micro Vault Fingerprint Access Software, as distributed with Sony ...) NOT-FOR-US: Sony Micro Vault CVE-2007-4784 (The setlocale function in PHP before 5.2.4 allows context-dependent ...) - - php5 <unfixed> (low; bug #441972) + - php5 <unfixed> (unimportant; bug #441972) + NOTE: Only triggerable by malicious script CVE-2007-4783 (The iconv_substr function in PHP 5.2.4 and earlier allows ...) - - php5 <unfixed> (low; bug #441972) + - php5 <unfixed> (unimportant; bug #441972) + NOTE: Only triggerable by malicious script CVE-2007-4782 (PHP before 5.2.3 allows context-dependent attackers to cause a denial ...) - - php5 5.2.3-1 (low) + - php5 5.2.3-1 (unimportant) + NOTE: Only triggerable by malicious script CVE-2007-4781 (administrator/index.php in the installer component (com_installer) in ...) - joomla <itp> (bug #326398) CVE-2007-4780 (Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain ...) @@ -393,8 +396,9 @@ CVE-2007-4671 RESERVED CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact and ...) - - php5 <unfixed> - - php4 <removed> + - php5 <unfixed> (unimportant) + - php4 <removed> (unimportant) + NOTE: This refers to an improved fix for MOPB 03-2007, which is CVE-2007-1285 and a non-issue CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote authenticated ...) - firebird2.0 2.0.3.12981.ds1-1 (bug #441405) [etch] - firebird2 <unfixed> @@ -420,11 +424,14 @@ [etch] - firebird2 <unfixed> [sarge] - firebird2 <unfixed> CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...) - - php5 <unfixed> + - php5 <unfixed> (unimportant) + NOTE: open_basedir not supported CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP before ...) - php5 <unfixed> CVE-2007-4661 (The chunk_split function in string.c in PHP 5.2.3 does not properly ...) - - php5 <unfixed> + - php5 <unfixed> (unimportant) + NOTE: This CVE refers to an incomplete fix for CVE-2007-2872, an issue only + NOTE: triggerable by malicious script CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP before ...) - php5 <unfixed> CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not ...)