[Secure-testing-commits] r5682 - data
Kees Cook
keescook-guest at alioth.debian.org
Thu Apr 19 20:50:23 UTC 2007
Author: keescook-guest
Date: 2007-04-19 20:50:22 +0000 (Thu, 19 Apr 2007)
New Revision: 5682
Modified:
data/mopb.txt
Log:
I am dumb: no php5 in sarge :)
Modified: data/mopb.txt
===================================================================
--- data/mopb.txt 2007-04-19 20:43:48 UTC (rev 5681)
+++ data/mopb.txt 2007-04-19 20:50:22 UTC (rev 5682)
@@ -195,25 +195,25 @@
/ = not affected
# PHP5 checklist....
-MOPB Sarge, Etch, Unstable Dapper, Edgy, Feisty PATCH
-10 X X X X X X *
-14 X X X X X X *
-15 i i i X X X *
-16 - X X - - -
-17 - X X - - -
-18 - X X - - -
-19 - X X - - -
-22 - X X X X X [1] *
-23 - X X X X X ?
-24 i i i X X X *
-26 - X X X X X ?
-29 - - - - - X *
-30 - X X X X X ?
-34 X X X X X X *
-41 - X X X X X [2] !
-42 X X X X X - *
-44 - X X - - -
-45 - X X - - X [3] !
+MOPB Etch, Unstable Dapper, Edgy, Feisty PATCH
+10 X X X X X *
+14 X X X X X *
+15 i i X X X *
+16 X X - - -
+17 X X - - -
+18 X X - - -
+19 X X - - -
+22 X X X X X *
+23 X X X X X ?
+24 i i X X X *
+26 X X X X X ?
+29 - - - - X *
+30 X X X X X ?
+34 X X X X X *
+41 X X X X X [1] !
+42 X X X X - *
+44 X X - - -
+45 X X - - X [2] !
* = patch extracted from upstream
? = no upstream patch found
@@ -225,12 +225,8 @@
- = fix n/a
i = fix skipped
-[1] this is listed in mopb.txt as "PHP4 only", but I read it as applying
- to both PHP4 and PHP5.
-[2] discussed below, but the fix is unclear: php5 or sqlite? Here's the
- in-trunk "fix":
+[1] but the fix in php5 is not right, the call (not the SQLite API) needs
+ to be changed. For references, here is the upstream "fix":
http://cvs.php.net/viewvc.cgi/php-src/ext/sqlite/libsqlite/src/encode.c?r1=1.5.4.1&r2=1.5.4.1.2.1&pathrev=PHP_5_2
-[3] this needs a CVE assigned
+[2] this needs a CVE assigned
-
-
More information about the Secure-testing-commits
mailing list