[Secure-testing-commits] r6554 - data/CVE

[nion at alioth.debian.org]

Author: nion
Date: 2007-09-09 19:31:41 +0000 (Sun, 09 Sep 2007)
New Revision: 6554

Modified:
   data/CVE/list
Log:
informed maintainer for CVE-2007-2519, CVE-2007-3799 and CVE-2007-3806


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-09-09 19:14:33 UTC (rev 6553)
+++ data/CVE/list	2007-09-09 19:31:41 UTC (rev 6554)
@@ -2069,7 +2069,7 @@
 CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum ...)
 	NOT-FOR-US: SiteScape Forum
 CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent attackers to ...)
-	- php5 <unfixed>
+	- php5 <unfixed> (medium; bug #441433)
 	- php4 <removed>
 	[etch] - php5 <no-dsa> (requires malicious script)
 	[etch] - php4 <no-dsa> (requires malicious script)
@@ -2093,7 +2093,7 @@
 	NOTE: fix sneaked into php 5.2.3 sans-mention:
 	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.36&r2=1.417.2.8.2.37&pathrev=PHP_5_2
 	- php4 <unfixed> (low)
-	- php5 <unfixed> (low)
+	- php5 <unfixed> (low; bug #441433)
 CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 ...)
 	{DSA-1353-1}
 	- tcpdump 3.9.5-3 (bug #434030)
@@ -5136,7 +5136,7 @@
 CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when ...)
 	NOT-FOR-US: MyNews
 CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0 through ...)
-	- php5 <unfixed> (low)
+	- php5 <unfixed> (low; bug #441433)
 	- php4 <removed> (low)
 	[sarge] - php5 <no-dsa> (minor issue)
 	[sarge] - php4 <no-dsa> (minor issue)