[Secure-testing-commits] r6755 - data/CVE
white at alioth.debian.org
white at alioth.debian.org
Mon Oct 1 13:44:18 UTC 2007
Author: white
Date: 2007-10-01 13:44:18 +0000 (Mon, 01 Oct 2007)
New Revision: 6755
Modified:
data/CVE/list
Log:
php5: CVE-2007-4657 fixed in sid, lenny should be covered by next DTSA, please recheck etch
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-01 13:31:48 UTC (rev 6754)
+++ data/CVE/list 2007-10-01 13:44:18 UTC (rev 6755)
@@ -1063,9 +1063,11 @@
NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641, starting "Line 7667"
NOTE: limited format string vulnerability, the will be put into strfmon and the format string chars are limited to i,n and %
CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...)
- - php5 <unfixed>
+ - php5 5.2.4-1
- php4 <removed>
NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
+ TODO: Please recheck php5/etch, the patch does not seem to be included in the lenny version
+ NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641
CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides the FTP ...)
- backup-manager 0.7.6-3 (bug #439392)
CVE-2007-4655 (Multiple directory traversal vulnerabilities in CGI RESCUE Shopping ...)
More information about the Secure-testing-commits
mailing list