[Secure-testing-commits] r6637 - data/CVE
seanius at alioth.debian.org
seanius at alioth.debian.org
Tue Sep 18 21:54:36 UTC 2007
Author: seanius
Date: 2007-09-18 21:54:35 +0000 (Tue, 18 Sep 2007)
New Revision: 6637
Modified:
data/CVE/list
Log:
CVE-2007-4840 is actually a libc6 bug, bugs reassigned and merged.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-09-18 21:14:08 UTC (rev 6636)
+++ data/CVE/list 2007-09-18 21:54:35 UTC (rev 6637)
@@ -193,12 +193,10 @@
NOTE: this vulnerability is unspecified
NOTE: likely affects only windows and Mac OS
CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a ...)
- - php5 <unfixed> (low; bug #442247)
- - php4 <unfixed> (low; bug #442250)
- NOTE: can be reproduced on etch, lenny and sid
- NOTE: this might not be a vulnerability in most web server environments
- NOTE: that support multiple threads, unless these issues can be demonstrated for
- NOTE: code execution.
+ - libc6 <unfixed> (low; bug #442247)
+ NOTE: was originally reported as a php vulnerability, but is actually
+ NOTE: a problem with the libc iconv_* functions, which allocate copies
+ NOTE: of strings on the stack without first checking the size.
CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...)
NOT-FOR-US: IBM WebSphere
CVE-2007-4838 (Multiple buffer overflows in CellFactor Revolution 1.03 and earlier ...)
More information about the Secure-testing-commits
mailing list