Secure testing commits - May 2008 - r8733 - data/CVE

Author: thijs
Date: 2008-05-08 10:34:11 +0000 (Thu, 08 May 2008)
New Revision: 8733

Modified:
   data/CVE/list
Log:
PHP issues cveified, no checking of rejected issue needed


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-05-08 09:14:17 UTC (rev 8732)
+++ data/CVE/list	2008-05-08 10:34:11 UTC (rev 8733)
@@ -1,6 +1,5 @@
 CVE-2008-6339
 	REJECTED
-	TODO: check
 CVE-2008-2112 (Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local
and ...)
 	TODO: check
 CVE-2008-2111 (The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and
...)
@@ -10,9 +9,14 @@
 CVE-2008-2109 (field.c in the libid3tag 0.15.0b library allows
context-dependent ...)
 	TODO: check
 CVE-2008-2108 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before
5.2.5, ...)
-	TODO: check
+	- php5 <unfixed> (low)
+	- php4 <unfixed> (low)	
+	NOTE: http://www.sektioneins.de/advisories/SE-2008-02.txt
+	NOTE: I don''t believe we need to address this, likely no-dsa, but
needs further checking
 CVE-2008-2107 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before
5.2.5, ...)
-	TODO: check
+	- php5 <unfixed> (low)
+	- php4 <unfixed> (low)	
+	NOTE: closely related to CVE-2008-2108
 CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote
authenticated ...)
 	TODO: check
 CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, and later versions before 3.0,
allows ...)
@@ -135,11 +139,6 @@
 	TODO: check
 CVE-2008-2043 (Multiple cross-site request forgery (CSRF) vulnerabilities in
cPanel, ...)
 	TODO: check
-CVE-2008-XXXX [php suboptimal seeding]
-	- php5 <unfixed> (low)
-	- php4 <unfixed> (low)	
-	NOTE: http://www.sektioneins.de/advisories/SE-2008-02.txt
-	NOTE: I don''t believe we need to address this, likely no-dsa, but
needs further checking
 CVE-2008-2085 [stack-based buffer overflow in get_remote_ip_media and
get_remote_ipv6_media function]
 	RESERVED
 	- sip-tester 2.0.1-1.2 (medium; bug #479039)