[Secure-testing-commits] r5524 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu Mar 8 10:14:21 CET 2007 

Author: joeyh
Date: 2007-03-08 09:14:17 +0000 (Thu, 08 Mar 2007)
New Revision: 5524

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-03-08 06:58:35 UTC (rev 5523)
+++ data/CVE/list	2007-03-08 09:14:17 UTC (rev 5524)
@@ -889,6 +889,7 @@
 CVE-2007-0989
 	RESERVED
 CVE-2007-0988 (The zend_hash_init function in PHP, when running on a 64-bit platform, ...)
+	{DSA-1264-1}
 	- php4 6:4.4.4-9
 	- php5 5.2.0-9
 CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 ...)
@@ -1091,12 +1092,14 @@
 	NOTE: so we should just make sure we patch 5.2.1.  Leaving open in the
 	NOTE: meantime, so we don't forget about it.
 CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers to ...)
+	{DSA-1264-1}
 	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
 	- php4 6:4.4.4-9
 	NOTE: fix is believed to be isolated, needs verification and backporting:
 	NOTE: see CVE-2007-0910_clobbering-superglobals.diff in
 	NOTE: http://people.debian.org/~seanius/security/php
 CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...)
+	{DSA-1264-1}
 	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
 	- php4 6:4.4.4-9
 	NOTE: half of fix (odbc part) is found, still trying to dig out the
@@ -1111,12 +1114,14 @@
 	- php4 6:4.4.4-9 (unimportant)
 	NOTE: this extension is not enabled in the php packages
 CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a ...)
+	{DSA-1264-1}
 	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
 	- php4 6:4.4.4-9
 	NOTE: fix found, needs testing/backporting.  see:
 	NOTE: CVE-2007-0907_sapi_header_op.diff in
 	NOTE: http://people.debian.org/~seanius/security/php
 CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...)
+	{DSA-1264-1}
 	NOTE: all fixes are believed to be found, though there's still some
 	NOTE: unrelated changes in some of the patches that need to be removed.
 	NOTE: the list of changes to be sorted through are
@@ -1148,9 +1153,11 @@
 	- clamav 0.90-1
 	[etch] - clamav	0.88.7-2
 CVE-2007-0898 (Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before ...)
+	{DSA-1263-1}
 	- clamav 0.90-1 (bug #411117)
 	[etch] - clamav	0.88.7-2
 CVE-2007-0897 (Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under ...)
+	{DSA-1263-1}
 	- clamav 0.90-1 (bug #411118)
 	[etch] - clamav	0.88.7-2
 CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before ...)
@@ -17305,6 +17312,7 @@
 CVE-2006-0909 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers ...)
 	NOT-FOR-US: Invision Power Board
 CVE-2006-0908 (PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL ...)
+	{DSA-1264-1}
 	NOT-FOR-US: PHP-Nuke
 CVE-2006-0907 (SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows ...)
 	NOT-FOR-US: PHP-Nuke

More information about the Secure-testing-commits mailing list