[Secure-testing-commits] r6755 - data/CVE

white at alioth.debian.org white at alioth.debian.org
Mon Oct 1 13:44:18 UTC 2007


Author: white
Date: 2007-10-01 13:44:18 +0000 (Mon, 01 Oct 2007)
New Revision: 6755

Modified:
   data/CVE/list
Log:
php5: CVE-2007-4657 fixed in sid, lenny should be covered by next DTSA, please recheck etch

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-01 13:31:48 UTC (rev 6754)
+++ data/CVE/list	2007-10-01 13:44:18 UTC (rev 6755)
@@ -1063,9 +1063,11 @@
 	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641, starting "Line 7667"
 	NOTE: limited format string vulnerability, the will be put into strfmon and the format string chars are limited to i,n and %
 CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...)
-	- php5 <unfixed>
+	- php5 5.2.4-1
 	- php4 <removed>
 	NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
+	TODO: Please recheck php5/etch, the patch does not seem to be included in the lenny version
+	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641
 CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides the FTP ...)
 	- backup-manager 0.7.6-3 (bug #439392)
 CVE-2007-4655 (Multiple directory traversal vulnerabilities in CGI RESCUE Shopping ...)




More information about the Secure-testing-commits mailing list