[Secure-testing-commits] r5524 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Mar 8 10:14:21 CET 2007
Author: joeyh
Date: 2007-03-08 09:14:17 +0000 (Thu, 08 Mar 2007)
New Revision: 5524
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-03-08 06:58:35 UTC (rev 5523)
+++ data/CVE/list 2007-03-08 09:14:17 UTC (rev 5524)
@@ -889,6 +889,7 @@
CVE-2007-0989
RESERVED
CVE-2007-0988 (The zend_hash_init function in PHP, when running on a 64-bit platform, ...)
+ {DSA-1264-1}
- php4 6:4.4.4-9
- php5 5.2.0-9
CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 ...)
@@ -1091,12 +1092,14 @@
NOTE: so we should just make sure we patch 5.2.1. Leaving open in the
NOTE: meantime, so we don't forget about it.
CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers to ...)
+ {DSA-1264-1}
- php5 5.2.0-9 (bug #410561; bug #410995; medium)
- php4 6:4.4.4-9
NOTE: fix is believed to be isolated, needs verification and backporting:
NOTE: see CVE-2007-0910_clobbering-superglobals.diff in
NOTE: http://people.debian.org/~seanius/security/php
CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...)
+ {DSA-1264-1}
- php5 5.2.0-9 (bug #410561; bug #410995; medium)
- php4 6:4.4.4-9
NOTE: half of fix (odbc part) is found, still trying to dig out the
@@ -1111,12 +1114,14 @@
- php4 6:4.4.4-9 (unimportant)
NOTE: this extension is not enabled in the php packages
CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a ...)
+ {DSA-1264-1}
- php5 5.2.0-9 (bug #410561; bug #410995; medium)
- php4 6:4.4.4-9
NOTE: fix found, needs testing/backporting. see:
NOTE: CVE-2007-0907_sapi_header_op.diff in
NOTE: http://people.debian.org/~seanius/security/php
CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...)
+ {DSA-1264-1}
NOTE: all fixes are believed to be found, though there's still some
NOTE: unrelated changes in some of the patches that need to be removed.
NOTE: the list of changes to be sorted through are
@@ -1148,9 +1153,11 @@
- clamav 0.90-1
[etch] - clamav 0.88.7-2
CVE-2007-0898 (Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before ...)
+ {DSA-1263-1}
- clamav 0.90-1 (bug #411117)
[etch] - clamav 0.88.7-2
CVE-2007-0897 (Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under ...)
+ {DSA-1263-1}
- clamav 0.90-1 (bug #411118)
[etch] - clamav 0.88.7-2
CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before ...)
@@ -17305,6 +17312,7 @@
CVE-2006-0909 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers ...)
NOT-FOR-US: Invision Power Board
CVE-2006-0908 (PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL ...)
+ {DSA-1264-1}
NOT-FOR-US: PHP-Nuke
CVE-2006-0907 (SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows ...)
NOT-FOR-US: PHP-Nuke
More information about the Secure-testing-commits
mailing list