[Secure-testing-commits] r6120 - data/CVE

Sun Jul 8 22:23:18 UTC 2007

Author: seanius
Date: 2007-07-08 22:23:17 +0000 (Sun, 08 Jul 2007)
New Revision: 6120

Modified:
   data/CVE/list
Log:
DSAs for php issues

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2007-07-08 20:25:16 UTC (rev 6119)
+++ data/CVE/list	2007-07-08 22:23:17 UTC (rev 6120)
@@ -3749,6 +3749,7 @@
 CVE-2007-1865
 	RESERVED
 CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ...)
+	{DSA-1330-1 DSA-1331-1}
 	- php4 <unfixed>
 	- php5 5.2.2-1
 CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server (httpd), ...)
@@ -4897,6 +4898,7 @@
 CVE-2007-1400 (Plash permits sandboxed processes to open /dev/tty, which allows local ...)
 	NOT-FOR-US: Plash
 CVE-2007-1399 (Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP ...)
+	{DSA-1330-1}
 	- php5 5.2.2-1 (medium)
 CVE-2007-1398 (The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when ...)
 	- snort <not-affected> (Vulnerable code not present)
@@ -14124,6 +14126,7 @@
 CVE-2006-4487 (DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web ...)
 	NOT-FOR-US: DUpoll
 CVE-2006-4486 (Integer overflow in memory allocation routines in PHP before 5.1.6, ...)
+	{DSA-1331-1}
 	- php5 5.1.6-1
 	- php4 4:4.4.4-1
 CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and attack ...)
@@ -24362,9 +24365,9 @@
 	- php4 4:4.4.2-1 (bug #354682; low)
 	[sarge] - php4 <no-dsa> (html_errors shouldn't be used)
 CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow ...)
+	{DSA-1331-1}
 	- php5 5.1.2-1
 	- php4 4:4.4.2-1 (bug #354683)
-	NOTE: the second part (header function) affects also php4
 CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 ...)
 	NOT-FOR-US: Light Weight Calendar
 CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote ...)


