[Secure-testing-commits] r7469 - data/CVE
seanius at alioth.debian.org
seanius at alioth.debian.org
Sun Dec 2 15:54:43 UTC 2007
Author: seanius
Date: 2007-12-02 15:54:43 +0000 (Sun, 02 Dec 2007)
New Revision: 7469
Modified:
data/CVE/list
Log:
php:
- one CVE non-issue
- two new patches in svn
- one still todo (CVE-2007-5900)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-12-02 14:23:54 UTC (rev 7468)
+++ data/CVE/list 2007-12-02 15:54:43 UTC (rev 7469)
@@ -310,6 +310,7 @@
NOT-FOR-US: Belkin F5D7230-4 Wireless G Router
CVE-2007-6039 (PHP 5.2.5 and earlier allows context-dependent attackers to cause a ...)
- php5 <unfixed> (bug #453295)
+ [etch] - php5 <no-dsa> (requires negligent/malicious local user)
[etch] - php4 <not-affected> (detects memory exhaustion and quits)
CVE-2007-6077 (The session fixation protection mechanism in cgi_process.rb in Rails ...)
- rails 1.2.6-1 (low; bug #452748)
@@ -701,10 +702,16 @@
RESERVED
CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection mechanisms ...)
- php5 <unfixed> (bug #453295)
+ NOTE: http://bugs.php.net/bug.php?id=41561
+ NOTE: having trouble fetching the diffs for this...
CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...)
- php5 <unfixed> (bug #453295)
+ NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/url_scanner_ex.re?r1=1.76.2.2.2.1&r2=1.76.2.2.2.2&view=patch
+ NOTE: fixed in php5/etch svn
CVE-2007-5898 (The (1) htmlentities and (2) htmlspecialchars functions in PHP before ...)
- php5 <unfixed> (bug #453295)
+ NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.14&r2=1.111.2.2.2.15&view=patch
+ NOTE: fixed in php5/etch svn
CVE-2007-5897 (Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, ...)
NOT-FOR-US: Oracle
CVE-2007-5896 (Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of ...)
More information about the Secure-testing-commits
mailing list