[Secure-testing-commits] r5881 - in data: CVE DSA

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Sat May 19 10:42:41 UTC 2007 

Author: jmm-guest
Date: 2007-05-19 10:42:40 +0000 (Sat, 19 May 2007)
New Revision: 5881

Modified:
   data/CVE/list
   data/DSA/list
Log:
- php5 DSA
- no-dsa for file crash, will be fixed in a stable point update
- rewrite older php entry as unimportant instead of NFU, as php is present
  in the archive


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-05-19 09:19:55 UTC (rev 5880)
+++ data/CVE/list	2007-05-19 10:42:40 UTC (rev 5881)
@@ -1507,9 +1507,8 @@
 	NOTE: Unrealistic attack vector, no evidence code injection is possible
 CVE-2007-2026 (The gnu regular expression code in file 4.20 allows context-dependent ...)
 	- file 4.20-6 (low)
+	[etch] - file <no-dsa> (Hardly any security impact)
 	[sarge] - file <not-affected> (version too old)
-	[etch] - file <not-affected> (version too old)
-	NOTE: This bug was introduced in file 4.20.
 CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature ...)
 	- phpwiki <unfixed> (unknown)
 CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature ...)
@@ -1803,7 +1802,9 @@
 CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW function ...)
 	NOT-FOR-US: Akamai
 CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...)
-	NOT-FOR-US: according to MOPB-43 not linux exploitable
+	- php4 <unfixed> (unimportant)
+	- php5 <unfixed> (unimportant)
+	NOTE: local code execution only, possibly only on FreeBSD
 CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the ...)
 	{DSA-1283-1}
 	- php5 5.2.0-11 (medium)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2007-05-19 09:19:55 UTC (rev 5880)
+++ data/DSA/list	2007-05-19 10:42:40 UTC (rev 5881)
@@ -1,3 +1,6 @@
+[19 May 2007] DSA-1295-1 php5
+	{CVE-2007-2509 CVE-2007-2510}
+	[etch] - php5 5.2.0-8+etch4
 [17 May 2007] DSA-1294-1 xfree86
 	{CVE-2007-1003 CVE-2007-1351 CVE-2007-1352 CVE-2007-1667}
 	[sarge] - xfree86 4.3.0.dfsg.1-14sarge4

More information about the Secure-testing-commits mailing list