Author: geissert
Date: 2010-08-02 03:51:03 +0000 (Mon, 02 Aug 2010)
New Revision: 15098
Modified:
data/CVE/list
Log:
mark php5 as fixed (package in experimental, but want to cleanup)
some other issues were fixed but they are unimportant, I might clean
that up later
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-08-02 03:41:41 UTC (rev 15097)
+++ data/CVE/list 2010-08-02 03:51:03 UTC (rev 15098)
@@ -1114,7 +1114,7 @@
RESERVED
CVE-2010-2484 [strrchr() interruption]
RESERVED
- - php5 <unfixed> (unimportant)
+ - php5 5.3.3-1 (unimportant)
CVE-2010-2483 (The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote
attackers ...)
- tiff <unfixed> (unimportant)
CVE-2010-2482 (LibTIFF 3.9.4 and earlier does not properly handle an invalid
...)
@@ -1761,7 +1761,7 @@
RESERVED
- linux-2.6 2.6.32-19
CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage
unserializer in ...)
- - php5 <unfixed>
+ - php5 5.3.3-1
CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise ...)
NOT-FOR-US: Reh Hat Enterprise Virtualization Manager (RHEV-M)
CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...)
@@ -1840,7 +1840,7 @@
{DSA-2063-1}
- pmount 0.9.23-1
CVE-2010-2191 (The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack
functions; ...)
- - php5 <unfixed> (unimportant)
+ - php5 5.3.3-1 (unimportant)
NOTE: Only triggerable through malicious script
CVE-2010-2190 (The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace
functions ...)
- php5 <unfixed> (unimportant)
@@ -2069,10 +2069,10 @@
CVE-2010-2095 (SQL injection vulnerability in index.php in CMSQlite 1.2 and
earlier ...)
NOT-FOR-US: CMSQlite
CVE-2010-2094 (Multiple format string vulnerabilities in the phar extension in
PHP ...)
- - php5 <unfixed> (low)
+ - php5 5.3.3-1 (low)
[lenny] - php5 <not-affected> (Vulnerable code not present)
CVE-2010-2093 (Use-after-free vulnerability in the request shutdown
functionality in ...)
- - php5 <unfixed> (unimportant)
+ - php5 5.3.3-1 (unimportant)
NOTE: Only triggerable through malicious script
CVE-2010-2092 (SQL injection vulnerability in graph.php in Cacti 0.8.7e and
earlier ...)
{DSA-2060-1}
@@ -2593,7 +2593,7 @@
CVE-2010-1918 (SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and
...)
NOT-FOR-US: EFront ask_chat
CVE-2010-1917 (Stack consumption vulnerability in PHP 5.2 through 5.2.13 and
5.3 ...)
- - php5 <unfixed> (low)
+ - php5 5.3.3-1 (low)
[lenny] - php5 <no-dsa> (Minor issue)
CVE-2010-1916 (The dynamic configuration feature in Xinha WYSIWYG editor 0.96
Beta 2 ...)
- serendipity 1.5.3-1
@@ -2618,12 +2618,12 @@
CVE-2010-1867 (SQL injection vulnerability in the ...)
NOT-FOR-US: Campsite
CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an
HTTP ...)
- - php5 <unfixed> (low)
+ - php5 5.3.3-1 (low)
[lenny] - php5 <not-affected> (dechunk filter introduced in 5.3)
CVE-2010-1865 (Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3
and ...)
NOT-FOR-US: ClanSphere
CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3
through ...)
- - php5 <unfixed> (unimportant)
+ - php5 5.3.3-1 (unimportant)
CVE-2010-1863 (SQL injection vulnerability in the shoutbox module ...)
NOT-FOR-US: ClanTiger
CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3
through ...)