thijs at alioth.debian.org
2008-May-08 20:38 UTC
[Secure-testing-commits] r8749 - data/CVE
Author: thijs Date: 2008-05-08 20:38:15 +0000 (Thu, 08 May 2008) New Revision: 8749 Modified: data/CVE/list Log: GENERATE_SEED problem not present in php versions we ship in stable Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-05-08 20:14:38 UTC (rev 8748) +++ data/CVE/list 2008-05-08 20:38:15 UTC (rev 8749) @@ -10,13 +10,14 @@ - libid3tag 0.15.1b-8 (low; bug #480187) NOTE: totally different approach to fix the bug, see Kurts comments in the bug report CVE-2008-2108 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...) - - php5 <unfixed> (low) - - php4 <unfixed> (low) + - php5 5.2.6-1 (low) + [etch] - php4 <not-affected> (Vulnerable code not present) + [etch] - php5 <not-affected> (Vulnerable code not present) NOTE: http://www.sektioneins.de/advisories/SE-2008-02.txt - NOTE: I don''t believe we need to address this, likely no-dsa, but needs further checking CVE-2008-2107 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...) - - php5 <unfixed> (low) - - php4 <unfixed> (low) + - php5 5.2.6-1 (low) + [etch] - php4 <not-affected> (Vulnerable code not present) + [etch] - php5 <not-affected> (Vulnerable code not present) NOTE: closely related to CVE-2008-2108 CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated ...) NOT-FOR-US: Call of Duty