Author: jmm Date: 2012-02-29 22:04:59 +0000 (Wed, 29 Feb 2012) New Revision: 18565 Modified: data/CVE/list data/spu-candidates.txt Log: suhosin no-dsa Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-02-29 21:14:23 UTC (rev 18564) +++ data/CVE/list 2012-02-29 22:04:59 UTC (rev 18565) @@ -1368,7 +1368,8 @@ - as31 2.3.1-5 (bug #655496) [squeeze] - as31 <no-dsa> (The maintainer consider it a minor issue. Check comments in the bug report) CVE-2012-0807 (Stack-based buffer overflow in the suhosin_encrypt_single_cookie ...) - - php-suhosin 0.9.33-1 (bug #657190) + - php-suhosin 0.9.33-1 (low; bug #657190) + [squeeze] - php-suhosin <no-dsa> (Exploitable in rare setups) NOTE: https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa CVE-2012-0806 (Buffer overflow in Bip 0.8.8 and earlier might allow remote ...) {DSA-2393-1} Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2012-02-29 21:14:23 UTC (rev 18564) +++ data/spu-candidates.txt 2012-02-29 22:04:59 UTC (rev 18565) @@ -208,6 +208,11 @@ -- +php-suhosin (CVE-2012-0807) +#657190 + +-- + prosody (CVE-2011-2205) #579087 Also requires additional fix in lua-expat