[Secure-testing-commits] r10639 - data/CVE

atomo64-guest at alioth.debian.org atomo64-guest at alioth.debian.org
Sun Dec 7 01:01:31 UTC 2008


Author: atomo64-guest
Date: 2008-12-07 01:01:30 +0000 (Sun, 07 Dec 2008)
New Revision: 10639

Modified:
   data/CVE/list
Log:
NFUs and new php issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-12-06 14:40:23 UTC (rev 10638)
+++ data/CVE/list	2008-12-07 01:01:30 UTC (rev 10639)
@@ -1,3 +1,8 @@
+CVE-2008-XXXX [php apache/2 SAPI php_getuid() overload]
+	- php5 <unfixed> (bug #508021)
+	NOTE: Fixed in php 5.2.7, not yet in the archive
+	NOTE: http://securityreason.com/achievement_securityalert/59
+	TODO: check php4
 CVE-2008-XXXX [Format string vulnerability in vinagre]
 	- vinagre 0.5.1-2
 CVE-2008-5360 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE ...)
@@ -57,7 +62,7 @@
 CVE-2008-5333 (SQL injection vulnerability in members.php in NitroTech 0.0.3a allows ...)
 	NOT-FOR-US: NitroTech
 CVE-2008-5332 (Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow ...)
-	TODO: check
+	NOT-FOR-US: Pie Web M{a,e}sher
 CVE-2008-5331 (Adobe Acrobat 9 uses more efficient encryption than previous versions, ...)
 	NOT-FOR-US: Adobe Acrobat Reader
 CVE-2008-5330 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
@@ -229,8 +234,9 @@
 	NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82
 	NOTE: upstream has been notified
 	TODO: write proper advisory and request CVE id
-CVE-2008-XXXX [php5: inifile handler for the dba functions can be used to truncate a file]
+CVE-2008-XXXX [php: inifile handler for the dba functions can be used to truncate a file]
 	- php5 (low; bug #507101)
+	- php4 <unfixed> (low)
 CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link function in ...)
 	- wordpress 2.5.1-11 (low; bug #507193)
 CVE-2008-5286 (Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 ...)
@@ -2113,7 +2119,7 @@
 CVE-2008-4417
 	RESERVED
 CVE-2008-4416 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows ...)
-	TODO: check
+	NOT-FOR-US: HP-UX
 CVE-2008-4415 (Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 ...)
 	NOT-FOR-US: HP Service Manager (HPSM)
 CVE-2008-4414 (Unspecified vulnerability in the AdvFS showfile command in HP Tru64 ...)




More information about the Secure-testing-commits mailing list