[Secure-testing-commits] r6556 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Sun Sep 9 19:53:07 UTC 2007 

Author: nion
Date: 2007-09-09 19:53:06 +0000 (Sun, 09 Sep 2007)
New Revision: 6556

Modified:
   data/CVE/list
Log:
php5 issues confirmed
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-09-09 19:37:16 UTC (rev 6555)
+++ data/CVE/list	2007-09-09 19:53:06 UTC (rev 6556)
@@ -200,19 +200,20 @@
 	[etch] - firebird2 <unfixed>
 	[sarge] - firebird2 <unfixed> 
 CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...)
-	TODO: check
+	- php5 <unfixed> (medium)
 CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP before ...)
-	TODO: check
+	- php5 <unfixed> (medium)
 CVE-2007-4661 (The chunk_split function in string.c in PHP 5.2.3 does not properly ...)
-	TODO: check
+	- php5 <unfixed> (medium)
 CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP before ...)
-	TODO: check
+	- php5 <unfixed> (low)
 CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not ...)
-	TODO: check
+	- php5 <unfixed> (low)
 CVE-2007-4658 (The money_format function in PHP before 5.2.4 permits multiple (1) %i ...)
-	TODO: check
+	- php5 <unfixed>
 CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...)
-	TODO: check
+	- php5 <unfixed>
+	- php4 <removed>
 CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides the FTP ...)
 	- backup-manager 0.7.6-3 (bug #439392)
 CVE-2007-4655 (Multiple directory traversal vulnerabilities in CGI RESCUE Shopping ...)
@@ -222,7 +223,7 @@
 CVE-2007-4653 (SQL injection vulnerability in links.php in the Links MOD 1.2.2 and ...)
 	NOT-FOR-US: Cisco Content Services Switch
 CVE-2007-4652 (PHP before 5.2.4 might allow local users to bypass open_basedir ...)
-	TODO: check
+	- php5 <unfixed> (low)
 CVE-2007-4651
 	RESERVED
 CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow ...)
@@ -584,7 +585,7 @@
 CVE-2007-4490 (Multiple buffer overflows in EarthAgent.exe in Trend Micro ...)
 	NOT-FOR-US: Trend Micro
 CVE-2007-4489 (Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 ...)
-	TODO: check
+	NOT-FOR-US: eCentrex VOIP
 CVE-2007-4488 (Multiple cross-site scripting (XSS) vulnerabilities in the Siemens ...)
 	NOT-FOR-US: Siemens GigaSet firmware
 CVE-2007-4487 (Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision ...)

More information about the Secure-testing-commits mailing list