[Secure-testing-commits] r4660 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Fri Sep 1 15:32:37 UTC 2006
Author: stef-guest
Date: 2006-09-01 15:32:35 +0000 (Fri, 01 Sep 2006)
New Revision: 4660
Modified:
data/CVE/list
Log:
new php4 and php5
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-01 14:57:36 UTC (rev 4659)
+++ data/CVE/list 2006-09-01 15:32:35 UTC (rev 4660)
@@ -894,8 +894,8 @@
CVE-2006-4021 (The cryptographic module in ScatterChat 1.0.x allows attackers to ...)
TODO: check
CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows ...)
- - php5 <unfixed> (medium; bug #382256)
- - php4 <unfixed> (medium; bug #382261)
+ - php5 5.1.6-1 (medium; bug #382256)
+ - php4 4:4.4.4-1 (medium; bug #382261)
CVE-2006-4019 (Dynamic variable evaluation vulnerability in compose.php in ...)
{DSA-1154}
- squirrelmail 2:1.4.8-1
@@ -3120,10 +3120,10 @@
- php4 <unfixed> (medium)
CVE-2006-3017 (zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x ...)
- php5 5.1.4-0.1 (medium)
- - php4 <unfixed> (medium; bug #381998)
+ - php4 4:4.4.4-1 (medium; bug #381998)
CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...)
- php5 5.1.4-0.1 (medium)
- - php4 <unfixed> (medium; bug #382259)
+ - php4 4:4.4.4-1 (medium; bug #382259)
CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328 allows ...)
NOT-FOR-US: WinSCP
CVE-2006-3014 (Microsoft Excel allows user-assisted attackers to execute arbitrary ...)
@@ -3133,8 +3133,8 @@
CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 ...)
NOT-FOR-US: phpBannerExchange
CVE-2006-3011 (The error_log function in basic_functions.c in PHP 5.1.4 and 4.4.2 ...)
- - php4 <unfixed> (low)
- - php5 <unfixed> (low)
+ - php4 4:4.4.4-1 (low)
+ - php5 5.1.6-1 (low)
[sarge] - php4 <no-dsa> (Safe mode not supported)
NOTE: only safe mode bypass
CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP ...)
@@ -3985,8 +3985,8 @@
{DSA-1095-1}
- freetype 2.2.1-1 (medium)
CVE-2006-2660 (Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 ...)
- - php4 <unfixed> (low)
- - php5 <unfixed> (low)
+ - php4 4:4.4.4-1 (low)
+ - php5 5.1.6-1 (low)
CVE-2006-2658
RESERVED
CVE-2006-2657
@@ -4211,7 +4211,7 @@
CVE-2006-2564 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2563 (The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ...)
- - php4 <unfixed> (bug #370166; low)
+ - php4 4:4.4.4-1 (bug #370166; low)
[sarge] - php4 <no-dsa> (Safe mode violations not supported)
- php5 5.1.6-1 (bug #370165; low)
CVE-2006-2562 (ZyXEL P-335WT router allows remote attackers to bypass access ...)
@@ -6532,7 +6532,7 @@
CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, ...)
NOT-FOR-US: Hitachi XFIT
CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ...)
- - php4 <unfixed> (bug #361856)
+ - php4 4:4.4.4-1 (bug #361856)
[sarge] - php4 <no-dsa> (Safe mode violations not supported)
- php5 5.1.4-0.1 (bug #361915)
CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS before ...)
@@ -6676,7 +6676,7 @@
CVE-2006-1551 (Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX ...)
NOT-FOR-US: PAJAX
CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...)
- - php4 <unfixed> (bug #361854; unimportant)
+ - php4 4:4.4.4-1 (bug #361854; unimportant)
- php5 5.1.4-0.1 (bug #361917; unimportant)
[sarge] - php4 <no-dsa> (there are easier ways to segfault your own program)
CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 ...)
@@ -6874,7 +6874,7 @@
CVE-2006-1495 (SQL injection vulnerability in general/sendpassword.php in (1) ...)
NOT-FOR-US: PHPCollab / NetOffice
CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 ...)
- - php4 <unfixed> (bug #361855)
+ - php4 4:4.4.4-1 (bug #361855)
- php5 5.1.4-0.1 (bug #361916)
[sarge] - php4 <no-dsa> (open_basedir violations not supported)
CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP ...)
@@ -8028,7 +8028,7 @@
CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
NOT-FOR-US: Novell
CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP ...)
- - php4 <unfixed> (bug #361853; low)
+ - php4 4:4.4.4-1 (bug #361853; low)
- php5 5.1.4-0.1 (bug #361914)
[sarge] - php4 <no-dsa> (not worth an update)
CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions ...)
More information about the Secure-testing-commits
mailing list