[Secure-testing-commits] r6752 - data/CVE
white at alioth.debian.org
white at alioth.debian.org
Mon Oct 1 13:04:55 UTC 2007
Author: white
Date: 2007-10-01 13:04:55 +0000 (Mon, 01 Oct 2007)
New Revision: 6752
Modified:
data/CVE/list
Log:
php5: CVE-2007-3998 fixed in sid, patch should be ready for etch and lenny
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-01 12:33:30 UTC (rev 6751)
+++ data/CVE/list 2007-10-01 13:04:55 UTC (rev 6752)
@@ -2525,7 +2525,7 @@
- krb5 1.6.dfsg.1-7 (high)
[sarge] - krb5 <not-affected> (Vulnerable code not present)
CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, ...)
- - php5 <unfixed>
+ - php5 5.2.4-1 (medium)
NOTE: i think it is medium since it can be easily used to DoS on shared hosting systems
NOTE: a diff between 5.2.3 (debian) and 5.2.4 (upstream) of ext/standard/string.c
NOTE: so maybe this is already fixed in 5.2.3, not sure
More information about the Secure-testing-commits
mailing list