thijs at alioth.debian.org
2008-Sep-27 09:00 UTC
[Secure-testing-commits] r9888 - data/CVE
Author: thijs Date: 2008-09-27 09:00:06 +0000 (Sat, 27 Sep 2008) New Revision: 9888 Modified: data/CVE/list Log: phpbb2 issue fixed in unstable, doesn''t apply to phpbb3, issue is not really in phpbb in my view, but should be fixed in php itself Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-09-27 08:51:53 UTC (rev 9887) +++ data/CVE/list 2008-09-27 09:00:06 UTC (rev 9888) @@ -134,8 +134,10 @@ CVE-2008-4126 (PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use ...) - python-dns 2.3.1-5 (bug #490217) CVE-2008-4125 (The search function in phpBB 2.x provides a search_id value that leaks ...) - - phpbb2 <unfixed> (bug #500086) - TODO: check phpbb3 + - phpbb2 2.0.23+repack-3 (low; bug #500086) + - phpbb3 <not-affected> (vulnerable code not present) + NOTE: this is actually a bug in the seeding by PHP, not phpBB per se, but + NOTE: fixing it nonetheless as a workaround. CVE-2008-4124 RESERVED CVE-2008-4123