[Secure-testing-commits] r6754 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Mon Oct 1 13:31:48 UTC 2007
Author: nion
Date: 2007-10-01 13:31:48 +0000 (Mon, 01 Oct 2007)
New Revision: 6754
Modified:
data/CVE/list
Log:
CVE-2007-4658 fixed in php5 5.2.4-1 (low)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-01 13:12:43 UTC (rev 6753)
+++ data/CVE/list 2007-10-01 13:31:48 UTC (rev 6754)
@@ -1058,8 +1058,10 @@
- php5 5.2.4-1
NOTE: fixed in php5/etch svn
CVE-2007-4658 (The money_format function in PHP before 5.2.4 permits multiple (1) %i ...)
- - php5 <unfixed>
+ - php5 5.2.4-1 (low)
NOTE: fixed in php5/etch svn
+ NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641, starting "Line 7667"
+ NOTE: limited format string vulnerability, the will be put into strfmon and the format string chars are limited to i,n and %
CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...)
- php5 <unfixed>
- php4 <removed>
More information about the Secure-testing-commits
mailing list