[Secure-testing-commits] r6610 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Fri Sep 14 17:31:11 UTC 2007 

Author: jmm-guest
Date: 2007-09-14 17:31:11 +0000 (Fri, 14 Sep 2007)
New Revision: 6610

Modified:
   data/CVE/list
Log:
PHP non-issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-09-14 13:49:44 UTC (rev 6609)
+++ data/CVE/list	2007-09-14 17:31:11 UTC (rev 6610)
@@ -143,11 +143,14 @@
 CVE-2007-4785 (Sony Micro Vault Fingerprint Access Software, as distributed with Sony ...)
 	NOT-FOR-US: Sony Micro Vault
 CVE-2007-4784 (The setlocale function in PHP before 5.2.4 allows context-dependent ...)
-	- php5 <unfixed> (low; bug #441972)
+	- php5 <unfixed> (unimportant; bug #441972)
+	NOTE: Only triggerable by malicious script
 CVE-2007-4783 (The iconv_substr function in PHP 5.2.4 and earlier allows ...)
-	- php5 <unfixed> (low; bug #441972)
+	- php5 <unfixed> (unimportant; bug #441972)
+	NOTE: Only triggerable by malicious script
 CVE-2007-4782 (PHP before 5.2.3 allows context-dependent attackers to cause a denial ...)
-	- php5 5.2.3-1 (low)
+	- php5 5.2.3-1 (unimportant)
+	NOTE: Only triggerable by malicious script
 CVE-2007-4781 (administrator/index.php in the installer component (com_installer) in ...)
 	- joomla <itp> (bug #326398)
 CVE-2007-4780 (Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain ...)
@@ -393,8 +396,9 @@
 CVE-2007-4671
 	RESERVED
 CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact and ...)
-	- php5 <unfixed>
-	- php4 <removed>
+	- php5 <unfixed> (unimportant)
+	- php4 <removed> (unimportant)
+	NOTE: This refers to an improved fix for MOPB 03-2007, which is CVE-2007-1285 and a non-issue
 CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote authenticated ...)
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
 	[etch] - firebird2 <unfixed>
@@ -420,11 +424,14 @@
 	[etch] - firebird2 <unfixed>
 	[sarge] - firebird2 <unfixed> 
 CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...)
-	- php5 <unfixed>
+	- php5 <unfixed> (unimportant)
+	NOTE: open_basedir not supported
 CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP before ...)
 	- php5 <unfixed>
 CVE-2007-4661 (The chunk_split function in string.c in PHP 5.2.3 does not properly ...)
-	- php5 <unfixed>
+	- php5 <unfixed> (unimportant)
+	NOTE: This CVE refers to an incomplete fix for CVE-2007-2872, an issue only
+	NOTE: triggerable by malicious script
 CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP before ...)
 	- php5 <unfixed>
 CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not ...)

More information about the Secure-testing-commits mailing list