Author: nion
Date: 2007-09-20 17:57:54 +0000 (Thu, 20 Sep 2007)
New Revision: 6653
Modified:
data/CVE/list
Log:
CVE-2007-3806, CVE-2007-3799 and CVE-2007-2519 fixed in php5 5.2.4-1
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-09-20 17:40:00 UTC (rev 6652)
+++ data/CVE/list 2007-09-20 17:57:54 UTC (rev 6653)
@@ -2596,7 +2596,7 @@
CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape
Forum ...)
NOT-FOR-US: SiteScape Forum
CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent
attackers to ...)
- - php5 <unfixed> (medium; bug #441433)
+ - php5 5.2.4-1 (medium; bug #441433)
- php4 <removed>
[etch] - php5 <no-dsa> (requires malicious script)
[etch] - php4 <no-dsa> (requires malicious script)
@@ -2621,7 +2621,7 @@
NOTE:
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.36&r2=1.417.2.8.2.37&pathrev=PHP_5_2
NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
- php4 <unfixed> (low)
- - php5 <unfixed> (low; bug #441433)
+ - php5 5.2.4-1 (low; bug #441433)
CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump
3.9.6 ...)
{DSA-1353-1}
- tcpdump 3.9.5-3 (bug #434030)
@@ -5677,7 +5677,7 @@
CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when
...)
NOT-FOR-US: MyNews
CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0
through ...)
- - php5 <unfixed> (low; bug #441433)
+ - php5 5.2.4-1 (low; bug #441433)
- php4 <removed> (low)
[sarge] - php5 <no-dsa> (minor issue)
[sarge] - php4 <no-dsa> (minor issue)