[Secure-testing-commits] r4645 - data/CVE

Sean Finney seanius at costa.debian.org
Mon Aug 28 06:43:12 UTC 2006 

Author: seanius
Date: 2006-08-28 06:43:08 +0000 (Mon, 28 Aug 2006)
New Revision: 4645

Modified:
   data/CVE/list
Log:
some no-dsa's for the php non-issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-08-27 21:43:23 UTC (rev 4644)
+++ data/CVE/list	2006-08-28 06:43:08 UTC (rev 4645)
@@ -6455,7 +6455,7 @@
 CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...)
 	- php4 <unfixed> (bug #361854; unimportant)
 	- php5 5.1.4-0.1 (bug #361917; unimportant)
-	NOTE: this is arguably not a security vulnerability.
+	[sarge] - php4 <no-dsa> (there are easier ways to segfault your own program)
 CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 ...)
 	NOT-FOR-US: BEA WebLogic
 CVE-2005-4766 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
@@ -7805,6 +7805,7 @@
 CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP ...)
 	- php4 <unfixed> (bug #361853; low)
 	- php5 5.1.4-0.1 (bug #361914)
+	[sarge] - php4 <no-dsa> (not worth an update)
 CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions ...)
 	NOT-FOR-US: EMC Dantz Retrospect
 CVE-2006-0994 (Multiple Sophos Anti-Virus products, including Anti-Virus for Windows ...)
@@ -9744,7 +9745,7 @@
 CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 5.1.1, when ...)
 	- php5 5.1.2-1
 	- php4 4:4.4.2-1 (bug #354682)
-	NOTE: html_errors shouldn't be used, probably no-dsa
+	[sarge] - php4 <no-dsa> (html_errors shouldn't be used)
 CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow ...)
 	- php5 5.1.2-1
 	- php4 4:4.4.2-1 (bug #354683)
@@ -11991,6 +11992,7 @@
 CVE-2005-3883 (CRLF injection vulnerability in the mb_send_mail function in PHP ...)
 	- php4 4:4.4.2-1 (bug #341726; medium)
 	- php5 5.1.1-1 (bug #341368; medium)
+	[sarge] - php4 <no-dsa> (application's job to sanitize input)
 CVE-2005-3882 (SQL injection vulnerability in answer.php in FAQSystems FAQRing ...)
 	NOT-FOR-US: FAQRing Knowledge Base
 CVE-2005-3881 (SQL injection vulnerability in search.php in AtlantisFAQ Knowledge ...)
@@ -13596,11 +13598,13 @@
 CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, ...)
 	- php4 4:4.4.2-1 (bug #336645; bug #354690; low)
 	- php5 5.1.1-1 (bug #336654; low)
+	[sarge] - php4 <no-dsa> (application's job to sanitize input)
 	NOTE: http://www.hardened-php.net/advisory_192005.78.html
 CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...)
 	{CVE-2002-1954}
 	- php4 4:4.4.2-1 (bug #336645; low)
 	- php5 5.1.1-1 (bug #336654; low)
+	[sarge] - php4 <no-dsa> (not worth an update)
 	NOTE: http://www.hardened-php.net/advisory_182005.77.html
 	NOTE: fixed in CVS, estimated release of PHP5.1 to fix this issue
 CVE-2005-3387 (The startup script in packages/RedHat/ntop.init in ntop before 3.2, ...)

More information about the Secure-testing-commits mailing list