[Secure-testing-commits] r4452 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Jul 24 18:37:07 UTC 2006 

Author: jmm-guest
Date: 2006-07-24 18:37:04 +0000 (Mon, 24 Jul 2006)
New Revision: 4452

Modified:
   data/CVE/list
Log:
php4 no-dsa
one of the ethereal issues doesn't affect sarge


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-07-24 18:35:44 UTC (rev 4451)
+++ data/CVE/list	2006-07-24 18:37:04 UTC (rev 4452)
@@ -230,6 +230,7 @@
 	- ethereal <unfixed> (bug #378745; high)
 CVE-2006-3627 (Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark ...)
 	- ethereal <unfixed> (bug #378745; high)
+	[sarge] - ethereal <no-dsa> (Vulnerable code not present)
 CVE-2006-3625 (FLV Players 8 allows remote attackers to obtain sensitive information ...)
 	NOT-FOR-US: FLV Players
 CVE-2006-3624 (Multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 ...)
@@ -5205,6 +5206,7 @@
 CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 ...)
 	- php4 <unfixed> (bug #361855)
 	- php5 5.1.4-0.1 (bug #361916)
+	[sarge] - php4 <no-dsa> (open_basedir violations not supported)
 CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP ...)
 	NOT-FOR-US: Explorer XP
 CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP allows ...)
@@ -12107,6 +12109,7 @@
 CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ...)
 	- php4 4:4.4.2-1 (bug #336645; bug #354680; low)
 	- php5 5.1.1-1 (bug #336654; high)
+	[sarge] - php4 <no-dsa> (Operation with register_globals not supported)
 	NOTE: http://www.hardened-php.net/advisory_202005.79.html
 	NOTE: http://www.hardened-php.net/globals-problem
 CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, ...)
@@ -13214,6 +13217,7 @@
 CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...)
 	- php4 4:4.4.0-3 (bug #353585; bug #354685; medium)
 	- php5 5.0.5-2 (bug #353585; medium)
+	[sarge] - php4 <no-dsa> (open_basedir violations not supported)
 CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x ...)
 	{DSA-1017-1}
 	- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)

More information about the Secure-testing-commits mailing list