[Secure-testing-commits] r6844 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Sun Oct 7 07:59:02 UTC 2007
Author: nion
Date: 2007-10-07 07:59:02 +0000 (Sun, 07 Oct 2007)
New Revision: 6844
Modified:
data/CVE/list
Log:
CVE-2007-3998 affects php4 as well
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-07 07:55:13 UTC (rev 6843)
+++ data/CVE/list 2007-10-07 07:59:02 UTC (rev 6844)
@@ -2748,11 +2748,11 @@
[sarge] - krb5 <not-affected> (Vulnerable code not present)
CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, ...)
{DTSA-61-1}
- - php5 5.2.4-1 (medium)
+ - php5 5.2.4-1 (low)
+ - php4 <unfixed> (low)
NOTE: i think it is medium since it can be easily used to DoS on shared hosting systems
NOTE: a diff between 5.2.3 (debian) and 5.2.4 (upstream) of ext/standard/string.c
NOTE: so maybe this is already fixed in 5.2.3, not sure
- TODO: check php4, contact upstream
NOTE: fixed in php5/etch svn
NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.63&r2=1.445.2.14.2.64
CVE-2007-3997 (The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ...)
More information about the Secure-testing-commits
mailing list