[Secure-testing-commits] r5504 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Sun Mar 4 14:32:20 CET 2007
Author: stef-guest
Date: 2007-03-04 13:32:17 +0000 (Sun, 04 Mar 2007)
New Revision: 5504
Modified:
data/CVE/list
Log:
- new asterisk issue fixed
- php4+php5 fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-03-03 20:14:14 UTC (rev 5503)
+++ data/CVE/list 2007-03-04 13:32:17 UTC (rev 5504)
@@ -1,3 +1,5 @@
+CCVE-2007-XXXX [asterisk remote SIP security hole]
+ - asterisk 1:1.2.16~dfsg-1
CVE-2007-1160 (webSPELL 4.0, and possibly later versions, allows remote attackers to ...)
NOT-FOR-US: webSPELL
CVE-2007-1159 (Cross-site scripting (XSS) vulnerability in modules/out.php in ...)
@@ -531,8 +533,8 @@
CVE-2007-0989
RESERVED
CVE-2007-0988 (The zend_hash_init function in PHP, when running on a 64-bit platform, ...)
- - php4 <unfixed>
- - php5 <unfixed>
+ - php4 6:4.4.4-9
+ - php5 5.2.0-9
CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 ...)
NOT-FOR-US: Jupiter CMS
CVE-2007-0986 (PHP remote file inclusion vulnerability in index.php in Jupiter CMS ...)
@@ -732,12 +734,14 @@
NOTE: so we should just make sure we patch 5.2.1. Leaving open in the
NOTE: meantime, so we don't forget about it.
CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers to ...)
- - php5 <unfixed> (bug #410561; bug #410995; medium)
+ - php5 5.2.0-9 (bug #410561; bug #410995; medium)
+ - php4 6:4.4.4-9
NOTE: fix is believed to be isolated, needs verification and backporting:
NOTE: see CVE-2007-0910_clobbering-superglobals.diff in
NOTE: http://people.debian.org/~seanius/security/php
CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...)
- - php5 <unfixed> (bug #410561; bug #410995; medium)
+ - php5 5.2.0-9 (bug #410561; bug #410995; medium)
+ - php4 6:4.4.4-9
NOTE: half of fix (odbc part) is found, still trying to dig out the
NOTE: problems related to *print functions.
NOTE: see CVE-2007-0910_clobbering-superglobals.diff in
@@ -746,10 +750,12 @@
NOTE: CHECKME-formattedprint-maybecve.diff and
NOTE: CHECKME-main.c-precision-maybecve.diff in the same place.
CVE-2007-0908 (The wddx extension in PHP before 5.2.1 allows remote attackers to ...)
- NOT-FOR-US: PHP
+ - php5 5.2.0-9 (unimportant)
+ - php4 6:4.4.4-9 (unimportant)
NOTE: this extension is not enabled in the php packages
CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a ...)
- - php5 <unfixed> (bug #410561; bug #410995; medium)
+ - php5 5.2.0-9 (bug #410561; bug #410995; medium)
+ - php4 6:4.4.4-9
NOTE: fix found, needs testing/backporting. see:
NOTE: CVE-2007-0907_sapi_header_op.diff in
NOTE: http://people.debian.org/~seanius/security/php
@@ -760,7 +766,8 @@
NOTE: available as CVE-2007-0906_N_description.diff at
NOTE: http://people.debian.org/~seanius/security/php/
NOTE: (4) is a non-issue, as we don't use the bundled sqlite
- - php5 <unfixed> (bug #410561; bug #410995; medium)
+ - php5 5.2.0-9 (bug #410561; bug #410995; medium)
+ - php4 6:4.4.4-9
CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...)
- php5 <unfixed> (bug #410561; bug #410995; medium)
NOTE: we normally don't spend much time on safe_mode and open_basedir
@@ -931,9 +938,6 @@
NOT-FOR-US: GreenBrowser
CVE-2006-6983 (Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote ...)
NOT-FOR-US: MYweb4net Browser
-CVE-2007-XXXX [php: multiple issues fixed in php 5.2.1]
- - php4 <unfixed>
- - php5 <unfixed> (bug #410561; bug #410995)
CVE-2007-XXXX [ikiwiki allows web user to edit images and other non-page format files in the wiki]
- ikiwiki 1.42 (low)
[etch] - ikiwiki 1.33.1
More information about the Secure-testing-commits
mailing list