[Secure-testing-commits] r5724 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Apr 24 16:29:43 UTC 2007 

Author: jmm-guest
Date: 2007-04-24 16:29:40 +0000 (Tue, 24 Apr 2007)
New Revision: 5724

Modified:
   data/CVE/list
Log:
rewrite PHP dupe entries
record older PHP fixes for etch


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-04-24 06:45:52 UTC (rev 5723)
+++ data/CVE/list	2007-04-24 16:29:40 UTC (rev 5724)
@@ -481,13 +481,9 @@
 CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP ...)
 	NOT-FOR-US: Duplicate of CVE-2007-1885
 CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and ...)
-	- php5 5.2.0-9
-	- php4 6:4.4.4-9
-	NOTE: Dupe of CVE-2007-0906
+	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
 CVE-2007-1884 (Multiple integer signedness errors in the printf function family in ...)
-	- php5 5.2.0-9
-	- php4 6:4.4.4-9
-	NOTE: Dupe of CVE-2007-0909
+	NOTE: Dupe of CVE-2007-0909; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
 CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...)
 	- php4 <unfixed> (unimportant)
 	- php5 <unfixed> (unimportant)
@@ -625,9 +621,7 @@
 CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco ...)
 	NOT-FOR-US: Cisco Unified CallManager
 CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before ...)
-	- php5 5.2.0-9
-	- php4 6:4.4.4-9
-	NOTE: Dupe of CVE-2007-0906
+	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
 CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 ...)
 	- php5 <unfixed> (medium)
 CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or ...)
@@ -2854,6 +2848,7 @@
 	RESERVED
 CVE-2007-0988 (The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before ...)
 	{DSA-1264-1}
+	[etch] - php4 6:4.4.4-8+etch1
 	- php4 6:4.4.4-9
 	- php5 5.2.0-9
 CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 ...)
@@ -3054,6 +3049,7 @@
 	{DSA-1264-1}
 	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
 	- php4 6:4.4.4-9
+	[etch] 	- php4 6:4.4.4-8+etch1
 	NOTE: fix is believed to be isolated, needs verification and backporting:
 	NOTE: see CVE-2007-0910_clobbering-superglobals.diff in
 	NOTE: http://people.debian.org/~seanius/security/php
@@ -3061,6 +3057,7 @@
 	{DSA-1264-1}
 	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
 	- php4 6:4.4.4-9
+	[etch] 	- php4 6:4.4.4-8+etch1
 	NOTE: half of fix (odbc part) is found, still trying to dig out the
 	NOTE: problems related to *print functions.
 	NOTE: see CVE-2007-0910_clobbering-superglobals.diff in
@@ -3088,6 +3085,7 @@
 	NOTE: (4) is a non-issue, as we don't use the bundled sqlite
 	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
 	- php4 6:4.4.4-9
+	[etch] 	- php4 6:4.4.4-8+etch1
 CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...)
 	- php5 <unfixed> (bug #410561; bug #410995; unimportant)
 	NOTE: we normally don't spend much time on safe_mode and open_basedir

More information about the Secure-testing-commits mailing list