[Secure-testing-commits] r8721 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Tue May 6 14:45:49 UTC 2008 

Author: jmm-guest
Date: 2008-05-06 14:45:47 +0000 (Tue, 06 May 2008)
New Revision: 8721

Modified:
   data/CVE/list
Log:
more php updates
plone fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-05-06 12:22:33 UTC (rev 8720)
+++ data/CVE/list	2008-05-06 14:45:47 UTC (rev 8721)
@@ -1,3 +1,12 @@
+CVE-2008-XXXX [php integer overflow in printf]
+	- php5 <unfixed> 
+	NOTE: http://www.php.net/ChangeLog-5.php
+	NOTE: Needs further details
+CVE-2008-XXXX [php suboptimal seeding]
+	- php5 <unfixed> (low)
+	- php4 <unfixed> (low)	
+	NOTE: http://www.sektioneins.de/advisories/SE-2008-02.txt
+	NOTE: I don't believe we need to address this, likely no-dsa, but needs further checking
 CVE-2008-2085 [stack-based buffer overflow in get_remote_ip_media and get_remote_ipv6_media function]
 	- sip-tester <unfixed> (medium; bug #479039)
 CVE-2008-2051 [incomplete multibyte chars inside escapeshellcmd]
@@ -3,6 +12,8 @@
 	- php5 5.2.6-1
 	NOTE: http://www.php.net/ChangeLog-5.php
+	NOTE: http://www.sektioneins.de/advisories/SE-2008-03.txt
 CVE-2008-2050 [possible stack buffer overflow in the FastCGI SAPI]
 	- php5 5.2.6-1
+	NOTE: php4 not affected, the vulnerable code isn't present
 	NOTE: http://www.php.net/ChangeLog-5.php
 CVE-2008-2042
@@ -97,7 +108,7 @@
 CVE-2008-1997 (Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 ...)
 	NOT-FOR-US: IBM DB2
 CVE-2008-1996 (licq before 1.3.6 allows remote attackers to cause a denial of service ...)
-	- licq 1.3.5-6 (unimportant; bug #479036)
+	- licq 1.3.5-6 (low; bug #479036)
 	[etch] - licq <no-dsa> (Minor issue)
 CVE-2008-1995 (Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a ...)
 	NOT-FOR-US: Sun Java System Directory Proxy Server
@@ -1508,6 +1519,7 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-1367 (gcc 4.3.x does not generate a cld instruction while compiling ...)
 	- linux-2.6 2.6.24-5 (bug #469058)
+	[etch] - linux-2.6 <not-affected> (Only exposed with GCC 4.3)
 	- kfreebsd-6 6.3-4 (bug #469564)
 	- kfreebsd-7 7.0-2 (bug #469565)
 	- gcc-4.3 4.3.0-2 (bug #469567)
@@ -4334,7 +4346,7 @@
 	{DSA-1553-1}
 	- ikiwiki 2.42
 CVE-2008-0164 (Multiple cross-site request forgery (CSRF) vulnerabilities in Plone ...)
-	- plone3 <unfixed> (bug #473571)
+	- plone3 3.1.1-1 (bug #473571)
 CVE-2008-0163 (Linux kernel 2.6, when using vservers, allows local users to access ...)
 	{DSA-1494-1}
 	- linux-2.6 <unfixed> (high)

More information about the Secure-testing-commits mailing list