thijs at alioth.debian.org
2008-May-04 20:44 UTC
[Secure-testing-commits] r8707 - data/CVE
Author: thijs
Date: 2008-05-04 20:44:36 +0000 (Sun, 04 May 2008)
New Revision: 8707
Modified:
data/CVE/list
Log:
update some php5 issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-05-04 17:05:47 UTC (rev 8706)
+++ data/CVE/list 2008-05-04 20:44:36 UTC (rev 8707)
@@ -1448,7 +1448,7 @@
- serendipity 1.3.1-1 (low)
NOTE: etch affected, but only in specific plugin.
CVE-2008-1384 (Integer overflow in PHP 5.2.5 and earlier allows
context-dependent ...)
- - php5 <unfixed> (unimportant)
+ - php5 5.2.6-1 (unimportant)
NOTE: http://securityreason.com/achievement_securityalert/52
NOTE: Only exploitable through malicious script
CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile
or ...)
@@ -3254,7 +3254,7 @@
- linux-2.6 2.6.24-4 (high)
CVE-2008-0599 [unknown PHP issue]
RESERVED
- - php5 <unfixed>
+ - php5 5.2.6-1
NOTE: http://www.php.net/releases/5_2_6.php
TODO: get details, check php4 affectedness
CVE-2008-0598
@@ -10040,7 +10040,7 @@
NOT-FOR-US: Xwiki
CVE-2007-4850 (curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4
and ...)
- php4 <removed> (unimportant)
- - php5 <unfixed> (unimportant)
+ - php5 5.2.6-1 (unimportant)
NOTE: Safe mode bypasses not treated as security problems
CVE-2007-4849 (JFFS2, as used on One Laptop Per Child (OLPC) build 542 and
possibly ...)
{DSA-1378-2 DSA-1378-1}
@@ -10189,7 +10189,7 @@
CVE-2007-4785 (Sony Micro Vault Fingerprint Access Software, as distributed
with Sony ...)
NOT-FOR-US: Sony Micro Vault
CVE-2007-4784 (The setlocale function in PHP before 5.2.4 allows
context-dependent ...)
- - php5 <unfixed> (unimportant; bug #441972)
+ - php5 5.2.5-1 (unimportant; bug #441972)
NOTE: Only triggerable by malicious script
CVE-2007-4783 (The iconv_substr function in PHP 5.2.4 and earlier allows ...)
- php5 5.2.5-1 (unimportant; bug #441972)
@@ -10463,7 +10463,7 @@
CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and
Safari ...)
NOT-FOR-US: Safari
CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact
and ...)
- - php5 <unfixed> (unimportant)
+ - php5 5.2.4-1 (unimportant)
- php4 <removed> (unimportant)
NOTE: This refers to an improved fix for MOPB 03-2007, which is CVE-2007-1285
and a non-issue
CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote
authenticated ...)
@@ -10491,7 +10491,7 @@
[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows
attackers ...)
- - php5 <unfixed> (unimportant)
+ - php5 5.2.4-1 (unimportant)
NOTE: open_basedir not supported
CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP
before ...)
{DSA-1444-1 DTSA-61-1}