[Secure-testing-commits] r5742 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Apr 26 21:30:19 UTC 2007 

Author: jmm-guest
Date: 2007-04-26 21:30:15 +0000 (Thu, 26 Apr 2007)
New Revision: 5742

Modified:
   data/CVE/list
Log:
record some php5 pre-release fixes for etch
remove some historical backport notes


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-04-26 21:24:49 UTC (rev 5741)
+++ data/CVE/list	2007-04-26 21:30:15 UTC (rev 5742)
@@ -3376,44 +3376,31 @@
 CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers to ...)
 	{DSA-1264-1}
 	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
+	[etch] - php5 5.2.0-8+etch1
 	- php4 6:4.4.4-9
 	[etch] - php4 6:4.4.4-8+etch1
-	NOTE: fix is believed to be isolated, needs verification and backporting:
-	NOTE: see CVE-2007-0910_clobbering-superglobals.diff in
-	NOTE: http://people.debian.org/~seanius/security/php
 CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...)
 	{DSA-1264-1}
 	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
-	- php4 6:4.4.4-9
+	[etch] - php5 5.2.0-8+etch1
+3A	- php4 6:4.4.4-9
 	[etch] - php4 6:4.4.4-8+etch1
-	NOTE: half of fix (odbc part) is found, still trying to dig out the
-	NOTE: problems related to *print functions.
-	NOTE: see CVE-2007-0910_clobbering-superglobals.diff in
-	NOTE: http://people.debian.org/~seanius/security/php
-	NOTE: other half is possibly CHECKME-printfstuff-maybecve.diff and
-	NOTE: CHECKME-formattedprint-maybecve.diff and 
-	NOTE: CHECKME-main.c-precision-maybecve.diff in the same place.
 CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ...)
 	- php5 5.2.0-9 (unimportant)
-	- php4 6:4.4.4-9 (unimportant)
+	[etch] - php5 5.2.0-8+etch1
+3A	- php4 6:4.4.4-9 (unimportant)
 	NOTE: this extension is not enabled in the php packages
 CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a ...)
 	{DSA-1264-1}
 	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
-	NOTE: fix found, needs testing/backporting.  see:
-	NOTE: CVE-2007-0907_sapi_header_op.diff in
-	NOTE: http://people.debian.org/~seanius/security/php
+	[etch] - php5 5.2.0-8+etch1
 CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...)
 	{DSA-1264-1}
-	NOTE: all fixes are believed to be found, though there's still some
-	NOTE: unrelated changes in some of the patches that need to be removed.
-	NOTE: the list of changes to be sorted through are
-	NOTE: available as CVE-2007-0906_N_description.diff at
-	NOTE: http://people.debian.org/~seanius/security/php/
 	NOTE: (4) is a non-issue, as we don't use the bundled sqlite
 	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
 	- php4 6:4.4.4-9
 	[etch] - php4 6:4.4.4-8+etch1
+	[etch] - php5 5.2.0-8+etch1
 CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...)
 	- php5 <unfixed> (bug #410561; bug #410995; unimportant)
 	NOTE: we normally don't spend much time on safe_mode and open_basedir

More information about the Secure-testing-commits mailing list