seanius at alioth.debian.org
2007-Dec-02 15:54 UTC
[Secure-testing-commits] r7469 - data/CVE
Author: seanius Date: 2007-12-02 15:54:43 +0000 (Sun, 02 Dec 2007) New Revision: 7469 Modified: data/CVE/list Log: php: - one CVE non-issue - two new patches in svn - one still todo (CVE-2007-5900) Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-12-02 14:23:54 UTC (rev 7468) +++ data/CVE/list 2007-12-02 15:54:43 UTC (rev 7469) @@ -310,6 +310,7 @@ NOT-FOR-US: Belkin F5D7230-4 Wireless G Router CVE-2007-6039 (PHP 5.2.5 and earlier allows context-dependent attackers to cause a ...) - php5 <unfixed> (bug #453295) + [etch] - php5 <no-dsa> (requires negligent/malicious local user) [etch] - php4 <not-affected> (detects memory exhaustion and quits) CVE-2007-6077 (The session fixation protection mechanism in cgi_process.rb in Rails ...) - rails 1.2.6-1 (low; bug #452748) @@ -701,10 +702,16 @@ RESERVED CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection mechanisms ...) - php5 <unfixed> (bug #453295) + NOTE: http://bugs.php.net/bug.php?id=41561 + NOTE: having trouble fetching the diffs for this... CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...) - php5 <unfixed> (bug #453295) + NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/url_scanner_ex.re?r1=1.76.2.2.2.1&r2=1.76.2.2.2.2&view=patch + NOTE: fixed in php5/etch svn CVE-2007-5898 (The (1) htmlentities and (2) htmlspecialchars functions in PHP before ...) - php5 <unfixed> (bug #453295) + NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.14&r2=1.111.2.2.2.15&view=patch + NOTE: fixed in php5/etch svn CVE-2007-5897 (Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, ...) NOT-FOR-US: Oracle CVE-2007-5896 (Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of ...)