Author: geissert Date: 2009-10-01 04:19:30 +0000 (Thu, 01 Oct 2009) New Revision: 12913 Modified: data/CVE/list Log: php issues update Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-09-30 21:14:17 UTC (rev 12912) +++ data/CVE/list 2009-10-01 04:19:30 UTC (rev 12913) @@ -445,14 +445,22 @@ CVE-2009-3294 (The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11, when ...) - php5 <not-affected> (win32-specific) CVE-2009-3293 (Unspecified vulnerability in the imagecolortransparent function in PHP ...) - - php5 5.2.11.dfsg.1-1 - TODO: check etch, lenny and php4 + - php5 <not-affected> (the php packages use the system libgd2) + - php4 <not-affected> (the php packages use the system libgd2) + NOTE: the transparent colours functionality is only on php5''s bundled libgd2 + TODO: watch for possible merge of the transparent colours functionality into libgd2 CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11 has unknown impact and ...) - - php5 5.2.11.dfsg.1-1 - TODO: check etch, lenny and php4 + - php5 5.2.11.dfsg.1-1 (low) + NOTE: unknown impact, it is related to missing sanity checks + NOTE: when determining the length of sections of jpg headers + NOTE: and a missing limit on the nesting level of TIFF files + NOTE: experimental is likely to be affected (as of 5.3.0) + TODO: check php4 CVE-2009-3291 (The php_openssl_apply_verification_policy function in PHP before ...) - - php5 5.2.11.dfsg.1-1 - TODO: check etch, lenny and php4 + - php5 5.2.11.dfsg.1-1 (medium) + NOTE: seems to be related to handling of \0 on CN, might worth a dsa + NOTE: experimental is likely to be affected (as of 5.3.0) + TODO: check php4 CVE-2009-3289 (The g_file_copy function in glib 2.0 sets the permissions of a target ...) - glib2.0 2.22.0-1 (low) NOTE: no-dsa candidate, minor issue