[Secure-testing-commits] r5744 - data/CVE
Florian Weimer
fw at alioth.debian.org
Fri Apr 27 18:35:34 UTC 2007
Author: fw
Date: 2007-04-27 18:35:30 +0000 (Fri, 27 Apr 2007)
New Revision: 5744
Modified:
data/CVE/list
Log:
CVE-2007-0911: our php5 is not affected, so don't claim it is
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-04-26 21:31:44 UTC (rev 5743)
+++ data/CVE/list 2007-04-27 18:35:30 UTC (rev 5744)
@@ -3369,8 +3369,8 @@
CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php ...)
NOT-FOR-US: JPortal
CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...)
- - php5 <unfixed> (bug #410561; bug #410995; medium)
- [etch] - php5 <not-affected> (A regression only affecting 5.2.1)
+ - php5 <not-affected> (A regression only affecting 5.2.1)
+ TODO: - php5 <unfixed> (bug #410561; bug #410995; medium)
NOTE: this is a regression in the 5.2.1 release which is not yet uploaded.
NOTE: so we should just make sure we patch 5.2.1. Leaving open in the
NOTE: meantime, so we don't forget about it.
More information about the Secure-testing-commits
mailing list