[Secure-testing-commits] r4953 - in data: CVE DSA

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2006-11-11 15:12:03 +0100 (Sat, 11 Nov 2006)
New Revision: 4953

Modified:
   data/CVE/list
   data/DSA/list
Log:
bugzilla fixed (thanks to Maulkin)
mark open_basedir violations als unimportant, now that we have a documented PHP security policy


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-11-11 11:16:26 UTC (rev 4952)
+++ data/CVE/list	2006-11-11 14:12:03 UTC (rev 4953)
@@ -227,9 +227,9 @@
 CVE-2006-5707 (SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and ...)
 	NOT-FOR-US: PHPEasyData
 CVE-2006-5706 (Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...)
-	- php5 5.2.0-1
-	- php4 <unfixed> (low)
-	[sarge] - php4 <no-dsa> (open_basedir not supported)
+	- php5 5.2.0-1 (unimportant)
+	- php4 <unfixed> (unimportant)
+	NOTE: lack of basedir restrictions are not security-relevant by Debian PHP security policy
 CVE-2006-5705 (Directory traversal vulnerability in plugins/wp-db-backup.php in ...)
 	- wordpress 2.0.5-0.1
 CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security T6533G06 ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-11-11 11:16:26 UTC (rev 4952)
+++ data/DSA/list	2006-11-11 14:12:03 UTC (rev 4953)
@@ -1,3 +1,6 @@
+[11 Nov 2006] DSA-1208-1 bugzilla
+	{CVE-2005-4534 CVE-2006-5453}
+	[sarge] - bugzilla 2.16.7-7sarge2
 [09 Nov 2006] DSA-1207-1 phpmyadmin
 	{CVE-2006-1678 CVE-2006-2418 CVE-2005-3621 CVE-2005-3665 CVE-2006-5116}
 	[sarge] - phpmyadmin 4:2.6.2-3sarge2