[Secure-testing-commits] r3517 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Mon Feb 20 14:05:57 UTC 2006
Author: jmm-guest
Date: 2006-02-20 14:05:51 +0000 (Mon, 20 Feb 2006)
New Revision: 3517
Modified:
data/CVE/list
Log:
pybloxsom not vulnerable in Sarge
some updates on PHP
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-02-20 13:17:03 UTC (rev 3516)
+++ data/CVE/list 2006-02-20 14:05:51 UTC (rev 3517)
@@ -62,6 +62,7 @@
NOT-FOR-US: Winamp
CVE-2006-0707 (PyBlosxom before 1.3.2, when running on certain webservers, allows ...)
- pyblosxom 1.3.2-1 (high)
+ [sarge] - pyblosxom <not-affected> (Vulnerable path handling code not present)
CVE-2006-0706 (Cross-site scripting vulnerability in eintrag.php in Gästebuch ...)
NOT-FOR-US: Gaestebuch
CVE-2006-0705 (Format string vulnerability in a logging function as used by various ...)
@@ -1305,9 +1306,13 @@
CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 5.1.1, when ...)
- php5 5.1.2-1
- php4 4:4.4.2-1
+ NOTE: html_errors shouldn't be used, probably no-dsa
CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow ...)
- php5 5.1.2-1
- php4 4:4.4.2-1
+ NOTE: According to Hardened PHP advisory PHP4 isn't affected, but upstream changelog
+ NOTE: is a bit ambigious, if might be affected after all
+ TODO: Ping maintainers, Hardened PHP or upstream
CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 ...)
NOT-FOR-US: Light Weight Calendar
CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote ...)
More information about the Secure-testing-commits
mailing list