[Secure-testing-commits] r8828 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Sat May 17 21:14:19 UTC 2008 

Author: joeyh
Date: 2008-05-17 21:14:17 +0000 (Sat, 17 May 2008)
New Revision: 8828

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-05-17 14:56:00 UTC (rev 8827)
+++ data/CVE/list	2008-05-17 21:14:17 UTC (rev 8828)
@@ -116,6 +116,7 @@
 	- xemacs21 <unfixed> (low; bug #480886)
 	- emacs21 <unfixed> (low; bug #480877)
 CVE-2008-2147 (Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 ...)
+	{DTSA-132-1}
 	- vlc 0.8.6.e-2.2 (low; bug #480724)
 	NOTE: https://trac.videolan.org/vlc/ticket/1578
 	NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181
@@ -266,7 +267,7 @@
 CVE-2008-2085 (Multiple stack-based buffer overflows in the (1) get_remote_ip_media ...)
 	- sip-tester 2.0.1-1.2 (low; bug #479039)
 CVE-2008-2051 (The escapeshellcmd API function in PHP before 5.2.6 has unknown impact ...)
-	{DSA-1572-1}
+	{DSA-1578-1 DSA-1572-1}
 	- php5 5.2.6-1
 	NOTE: http://www.php.net/ChangeLog-5.php
 	NOTE: http://www.sektioneins.de/advisories/SE-2008-03.txt
@@ -5209,7 +5210,7 @@
 	{DSA-1467-1}
 	- mantis 1.0.8-4 (low; bug #458377)
 CVE-2007-6683 (The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to ...)
-	{DSA-1543-1}
+	{DSA-1543-1 DTSA-132-1}
 	- vlc 0.8.6.c-4.1 (medium; bug #458318)
 	- mozilla-browser-plugin 0.8.6.e-2.2 (bug #480370)
 	NOTE: the plugin is in the same srcpkg but has its own implementation for VLCOPT
@@ -10850,7 +10851,7 @@
 	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641, starting "Line 7667"
 	NOTE: limited format string vulnerability, the will be put into strfmon and the format string chars are limited to i,n and %
 CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...)
-	{DSA-1444-1 DTSA-61-1}
+	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
 	- php5 5.2.4-1 (unimportant)
 	- php4 <removed> (unimportant)
 	NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
@@ -12394,7 +12395,7 @@
 	- krb5 1.6.dfsg.1-7 (high)
 	[sarge] - krb5 <not-affected> (Vulnerable code not present)
 CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, ...)
-	{DSA-1444-1 DTSA-61-1}
+	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
 	- php5 5.2.4-1 (low)
 	- php4 <removed> (low)
 	NOTE: this applies to php4 as well
@@ -12838,7 +12839,7 @@
 CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum ...)
 	NOT-FOR-US: SiteScape Forum
 CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent attackers to ...)
-	{DSA-1572-1 DTSA-61-1}
+	{DSA-1578-1 DSA-1572-1 DTSA-61-1}
 	- php5 5.2.4-1 (medium; bug #441433)
 	- php4 <removed>
 	[etch] - php5 <no-dsa> (requires malicious script)
@@ -12857,7 +12858,7 @@
 CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan) component ...)
 	NOT-FOR-US: Symantec
 CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7 and ...)
-	{DSA-1444-1 DTSA-61-1}
+	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
 	NOTE: this does not affect default installs, only those who have written
 	NOTE: custom session handlers (which isn't *that* uncommon though), and
 	NOTE: also may not work if other cookie values are set.

More information about the Secure-testing-commits mailing list