[Secure-testing-commits] r8707 - data/CVE

thijs at alioth.debian.org thijs at alioth.debian.org
Sun May 4 20:44:37 UTC 2008 

Author: thijs
Date: 2008-05-04 20:44:36 +0000 (Sun, 04 May 2008)
New Revision: 8707

Modified:
   data/CVE/list
Log:
update some php5 issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-05-04 17:05:47 UTC (rev 8706)
+++ data/CVE/list	2008-05-04 20:44:36 UTC (rev 8707)
@@ -1448,7 +1448,7 @@
 	- serendipity 1.3.1-1 (low)
 	NOTE: etch affected, but only in specific plugin.
 CVE-2008-1384 (Integer overflow in PHP 5.2.5 and earlier allows context-dependent ...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.6-1 (unimportant)
 	NOTE: http://securityreason.com/achievement_securityalert/52
 	NOTE: Only exploitable through malicious script
 CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile or ...)
@@ -3254,7 +3254,7 @@
 	- linux-2.6 2.6.24-4 (high)
 CVE-2008-0599 [unknown PHP issue]
 	RESERVED
-	- php5 <unfixed>
+	- php5 5.2.6-1
 	NOTE: http://www.php.net/releases/5_2_6.php
 	TODO: get details, check php4 affectedness
 CVE-2008-0598
@@ -10040,7 +10040,7 @@
 	NOT-FOR-US: Xwiki
 CVE-2007-4850 (curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and ...)
 	- php4 <removed> (unimportant)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.6-1 (unimportant)
 	NOTE: Safe mode bypasses not treated as security problems
 CVE-2007-4849 (JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly ...)
 	{DSA-1378-2 DSA-1378-1}
@@ -10189,7 +10189,7 @@
 CVE-2007-4785 (Sony Micro Vault Fingerprint Access Software, as distributed with Sony ...)
 	NOT-FOR-US: Sony Micro Vault
 CVE-2007-4784 (The setlocale function in PHP before 5.2.4 allows context-dependent ...)
-	- php5 <unfixed> (unimportant; bug #441972)
+	- php5 5.2.5-1 (unimportant; bug #441972)
 	NOTE: Only triggerable by malicious script
 CVE-2007-4783 (The iconv_substr function in PHP 5.2.4 and earlier allows ...)
 	- php5 5.2.5-1 (unimportant; bug #441972)
@@ -10463,7 +10463,7 @@
 CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari ...)
 	NOT-FOR-US: Safari
 CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact and ...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.4-1 (unimportant)
 	- php4 <removed> (unimportant)
 	NOTE: This refers to an improved fix for MOPB 03-2007, which is CVE-2007-1285 and a non-issue
 CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote authenticated ...)
@@ -10491,7 +10491,7 @@
 	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
 	[sarge] - firebird2 <unfixed>
 CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.4-1 (unimportant)
 	NOTE: open_basedir not supported
 CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP before ...)
 	{DSA-1444-1 DTSA-61-1}

More information about the Secure-testing-commits mailing list