Author: nion Date: 2007-10-01 13:31:48 +0000 (Mon, 01 Oct 2007) New Revision: 6754 Modified: data/CVE/list Log: CVE-2007-4658 fixed in php5 5.2.4-1 (low) Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-10-01 13:12:43 UTC (rev 6753) +++ data/CVE/list 2007-10-01 13:31:48 UTC (rev 6754) @@ -1058,8 +1058,10 @@ - php5 5.2.4-1 NOTE: fixed in php5/etch svn CVE-2007-4658 (The money_format function in PHP before 5.2.4 permits multiple (1) %i ...) - - php5 <unfixed> + - php5 5.2.4-1 (low) NOTE: fixed in php5/etch svn + NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641, starting "Line 7667" + NOTE: limited format string vulnerability, the will be put into strfmon and the format string chars are limited to i,n and % CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...) - php5 <unfixed> - php4 <removed>