[Secure-testing-commits] r6631 - data/CVE
seanius at alioth.debian.org
seanius at alioth.debian.org
Mon Sep 17 22:59:14 UTC 2007
Author: seanius
Date: 2007-09-17 22:59:13 +0000 (Mon, 17 Sep 2007)
New Revision: 6631
Modified:
data/CVE/list
Log:
update on statuses of php5 / etch issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-09-17 22:42:26 UTC (rev 6630)
+++ data/CVE/list 2007-09-17 22:59:13 UTC (rev 6631)
@@ -183,7 +183,8 @@
- quagga 0.99.9-1 (low; bug #442133)
NOTE: Upstream says that this can only be exploited by configured peers.
CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier allows ...)
- - php5 <unfixed> (medium)
+ - php5 <unfixed> (unimportant)
+ [etch] - php5 <no-dsa> (open_basedir not supported)
- php4 <not-affected> (error message "Allowed memory size of 8388608 bytes exhausted...")
NOTE: php5 PoC can be reproduced
CVE-2007-4824 (Multiple cross-application scripting (XAS) vulnerabilities in Google ...)
@@ -554,19 +555,24 @@
NOTE: open_basedir not supported
CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP before ...)
- php5 <unfixed>
+ NOTE: fixed in php5/etch svn
CVE-2007-4661 (The chunk_split function in string.c in PHP 5.2.3 does not properly ...)
- php5 <unfixed> (unimportant)
NOTE: This CVE refers to an incomplete fix for CVE-2007-2872, an issue only
NOTE: triggerable by malicious script
CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP before ...)
- php5 <unfixed>
+ NOTE: fixed in php5/etch svn
CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not ...)
- php5 <unfixed>
+ NOTE: fixed in php5/etch svn
CVE-2007-4658 (The money_format function in PHP before 5.2.4 permits multiple (1) %i ...)
- php5 <unfixed>
+ NOTE: fixed in php5/etch svn
CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...)
- php5 <unfixed>
- php4 <removed>
+ NOTE: fixed in php5/etch svn
CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides the FTP ...)
- backup-manager 0.7.6-3 (bug #439392)
CVE-2007-4655 (Multiple directory traversal vulnerabilities in CGI RESCUE Shopping ...)
@@ -2026,6 +2032,7 @@
NOTE: a diff between 5.2.3 (debian) and 5.2.4 (upstream) of ext/standard/string.c
NOTE: so maybe this is already fixed in 5.2.3, not sure
TODO: check php4, contact upstream
+ NOTE: fixed in php5/etch svn
CVE-2007-3997 (The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ...)
- php5 <unfixed> (unimportant)
- php4 <unfixed> (unimportant)
@@ -2463,6 +2470,7 @@
NOTE: also may not work if other cookie values are set.
NOTE: fix sneaked into php 5.2.3 sans-mention:
NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.36&r2=1.417.2.8.2.37&pathrev=PHP_5_2
+ NOTE: fixed in php5/etch svn
- php4 <unfixed> (low)
- php5 <unfixed> (low; bug #441433)
CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 ...)
More information about the Secure-testing-commits
mailing list