[Secure-testing-commits] r2874 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Sun Nov 27 19:38:33 UTC 2005


Author: stef-guest
Date: 2005-11-27 19:38:29 +0000 (Sun, 27 Nov 2005)
New Revision: 2874

Modified:
   data/CVE/list
Log:
php5 issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-27 19:35:40 UTC (rev 2873)
+++ data/CVE/list	2005-11-27 19:38:29 UTC (rev 2874)
@@ -1212,12 +1212,10 @@
 	- openvpn 2.0.5-1 (bug #336751; medium)
 CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...)
 	- php4 <unfixed> (bug #336645; unknown)
-	TODO: check PHP5
-	NOTE: pinged maintainers
+	- php5 <unfixed> (bug #336654; unknown)
 CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...)
 	- php4 <unfixed> (bug #336645; unknown)
-	TODO: check PHP5
-	NOTE: pinged maintainers
+	- php5 <unfixed> (bug #336654; unknown)
 CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ...)
 	- php4 <unfixed> (bug #336645; high)
 	- php5 <unfixed> (bug #336654; high)
@@ -2515,7 +2513,7 @@
 CVE-2005-2950 (Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through ...)
 	NOT-FOR-US: Sawmill
 CVE-2005-2949 (pam_per_user before 0.4 does not verify if the user name changes ...)
-	TODO: check
+	NOT-FOR-US: pam_per_user (not in Debian)
 CVE-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill list ...)
 	NOT-FOR-US: KillProcess
 CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-complicit ...)




More information about the Secure-testing-commits mailing list