[Secure-testing-commits] r4697 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Thu Sep 7 20:16:15 UTC 2006
Author: jmm-guest
Date: 2006-09-07 20:16:14 +0000 (Thu, 07 Sep 2006)
New Revision: 4697
Modified:
data/CVE/list
Log:
more php not-affected/no-dsa as researched by Sean
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-07 17:37:32 UTC (rev 4696)
+++ data/CVE/list 2006-09-07 20:16:14 UTC (rev 4697)
@@ -78,19 +78,21 @@
- php4 4:4.4.4-1
CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and attack ...)
- php5 5.1.6-1
- - php4 4:4.4.4-1
+ - php4 <not-affected> (Vulnerable function doesn't exist)
CVE-2006-4484 (Buffer overflow in the LWZReadByte_ function in ...)
- libgd2 <unfixed> (medium; bug #384838)
- xloadimage <unfixed> (low; bug #384841)
CVE-2006-4483 (The cURL extension files (1) ext/curl/interface.c and (2) ...)
- php5 5.1.6-1 (low)
- php4 4:4.4.4-1 (low)
+ [sarge] - php4 <no-dsa> (Safe mode violations not supported, insufficient measure)
CVE-2006-4482 (Multiple heap-based buffer overflows in the (1) str_repeat and (2) ...)
- php5 5.1.6-1 (low)
- php4 4:4.4.4-1 (low)
CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...)
- php5 5.1.6-1 (low)
- php4 4:4.4.4-1 (low)
+ [sarge] - php4 <no-dsa> (Basedir violations not supported, insufficient measure)
CVE-2006-4480 (Incomplete blacklist vulnerability in the nk_CSS function in nuked.php ...)
NOT-FOR-US: Nuked-Klan
CVE-2006-4479 (Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual ...)
More information about the Secure-testing-commits
mailing list