[Secure-testing-commits] r4542 - data/CVE

[Stefan Fritsch]

Author: stef-guest
Date: 2006-08-09 19:42:07 +0000 (Wed, 09 Aug 2006)
New Revision: 4542

Modified:
   data/CVE/list
Log:
- CVE-2006-4020, CVE-2006-4023: new php issues
- CVE-2006-301[678] affect also php4


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-08-09 19:00:51 UTC (rev 4541)
+++ data/CVE/list	2006-08-09 19:42:07 UTC (rev 4542)
@@ -8,13 +8,15 @@
 CVE-2006-4024 (The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through ...)
 	- festalon <not-affected> (vuln. code introduced in 0.5.0)
 CVE-2006-4023 (The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...)
-	TODO: check
+	- php5 <unfixed> (medium; bug #382257)
+	- php4 <unfixed> (medium; bug filed)
 CVE-2006-4022 (Intel 2100 PRO/Wireless Network Connection driver PROSet before ...)
 	NOT-FOR-US: Intel
 CVE-2006-4021
 	RESERVED
 CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows ...)
-	TODO: check
+	- php5 <unfixed> (medium; bug #382256)
+	- php4 <unfixed> (medium; bug filed)
 CVE-2006-4019
 	RESERVED
 CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in Clam AntiVirus ...)
@@ -2220,10 +2222,13 @@
 	NOT-FOR-US: phpCMS
 CVE-2006-3018 (Unspecified vulnerability in the session extension functionality in ...)
 	- php5 5.1.4-0.1 (medium)
+	- php4 <unfixed> (medium)
 CVE-2006-3017 (zend_hash.c in PHP before 5.1.3 can cause the internal zend_hash_del ...)
 	- php5 5.1.4-0.1 (medium)
+	- php4 <unfixed> (medium; bug #381998)
 CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...)
 	- php5 5.1.4-0.1 (medium)
+	- php4 <unfixed> (medium; bug filed)
 CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328 allows ...)
 	NOT-FOR-US: WinSCP
 CVE-2006-3014 (Microsoft Excel allows user-complicit attackers to execute arbitrary ...)