[Secure-testing-commits] r7806 - data/CVE

Thu Jan 3 21:14:09 UTC 2008

Author: joeyh
Date: 2008-01-03 21:14:08 +0000 (Thu, 03 Jan 2008)
New Revision: 7806

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2008-01-03 21:11:27 UTC (rev 7805)
+++ data/CVE/list	2008-01-03 21:14:08 UTC (rev 7806)
@@ -106,6 +106,7 @@
 CVE-2007-6563 (Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly ...)
 	NOT-FOR-US: WinAce
 CVE-2007-6562 (Multiple stack-based buffer overflows in the use of FD_SET in TCPreen ...)
+	{DSA-1443-1}
 	- tcpreen 1.4.3-0.3 (medium; bug #457781)
 CVE-2007-6561 (Multiple stack-based buffer overflows in PDFLib allow user-assisted ...)
 	NOT-FOR-US: PDFLib
@@ -1760,10 +1761,12 @@
 	NOTE: http://bugs.php.net/bug.php?id=41561
 	NOTE: having trouble fetching the diffs for this...
 CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...)
+	{DSA-1444-1}
 	- php5 <unfixed> (bug #453295)
 	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/url_scanner_ex.re?r1=1.76.2.2.2.1&r2=1.76.2.2.2.2&view=patch
 	NOTE: fixed in php5/etch svn
 CVE-2007-5898 (The (1) htmlentities and (2) htmlspecialchars functions in PHP before ...)
+	{DSA-1444-1}
 	- php5 <unfixed> (bug #453295)
 	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.14&r2=1.111.2.2.2.15&view=patch
 	NOTE: fixed in php5/etch svn
@@ -5575,7 +5578,7 @@
 	- php5 <unfixed> (unimportant)
 	NOTE: open_basedir not supported
 CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP before ...)
-	{DTSA-61-1}
+	{DSA-1444-1 DTSA-61-1}
 	- php5 5.2.4-1
 	NOTE: fixed in php5/etch svn
 	NOTE: fix is at http://cvs.php.net/viewcvs.cgi/php-src/ext/openssl/openssl.c?r1=1.146&r2=1.147
@@ -5584,23 +5587,23 @@
 	NOTE: This CVE refers to an incomplete fix for CVE-2007-2872, an issue only
 	NOTE: triggerable by malicious script
 CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP before ...)
-	{DTSA-61-1}
+	{DSA-1444-1 DTSA-61-1}
 	- php5 5.2.4-1
 	NOTE: fixed in php5/etch svn
 	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.60&r2=1.445.2.14.2.61&pathrev=PHP_5_2
 	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.61&r2=1.445.2.14.2.62&pathrev=PHP_5_2
 CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not ...)
-	{DTSA-61-1}
+	{DSA-1444-1 DTSA-61-1}
 	- php5 5.2.4-1
 	NOTE: fixed in php5/etch svn
 CVE-2007-4658 (The money_format function in PHP before 5.2.4 permits multiple (1) %i ...)
-	{DTSA-61-1}
+	{DSA-1444-1 DTSA-61-1}
 	- php5 5.2.4-1 (low)
 	NOTE: fixed in php5/etch svn
 	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641, starting "Line 7667"
 	NOTE: limited format string vulnerability, the will be put into strfmon and the format string chars are limited to i,n and %
 CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...)
-	{DTSA-61-1}
+	{DSA-1444-1 DTSA-61-1}
 	- php5 5.2.4-1
 	- php4 <removed>
 	NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
@@ -7118,7 +7121,7 @@
 	- krb5 1.6.dfsg.1-7 (high)
 	[sarge] - krb5 <not-affected> (Vulnerable code not present)
 CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, ...)
-	{DTSA-61-1}
+	{DSA-1444-1 DTSA-61-1}
 	- php5 5.2.4-1 (low)
 	- php4 <removed> (low)
 	NOTE: this applies to php4 as well
@@ -7575,7 +7578,7 @@
 CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan) component ...)
 	NOT-FOR-US: Symantec
 CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7 and ...)
-	{DTSA-61-1}
+	{DSA-1444-1 DTSA-61-1}
 	NOTE: this does not affect default installs, only those who have written
 	NOTE: custom session handlers (which isn't *that* uncommon though), and
 	NOTE: also may not work if other cookie values are set.


