Author: nion
Date: 2007-10-07 07:59:02 +0000 (Sun, 07 Oct 2007)
New Revision: 6844
Modified:
data/CVE/list
Log:
CVE-2007-3998 affects php4 as well
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-10-07 07:55:13 UTC (rev 6843)
+++ data/CVE/list 2007-10-07 07:59:02 UTC (rev 6844)
@@ -2748,11 +2748,11 @@
[sarge] - krb5 <not-affected> (Vulnerable code not present)
CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before
5.2.4, ...)
{DTSA-61-1}
- - php5 5.2.4-1 (medium)
+ - php5 5.2.4-1 (low)
+ - php4 <unfixed> (low)
NOTE: i think it is medium since it can be easily used to DoS on shared
hosting systems
NOTE: a diff between 5.2.3 (debian) and 5.2.4 (upstream) of
ext/standard/string.c
NOTE: so maybe this is already fixed in 5.2.3, not sure
- TODO: check php4, contact upstream
NOTE: fixed in php5/etch svn
NOTE:
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.63&r2=1.445.2.14.2.64
CVE-2007-3997 (The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8,
and PHP ...)