[Secure-testing-commits] r9818 - data/CVE

seanius at alioth.debian.org seanius at alioth.debian.org
Sun Sep 14 12:36:03 UTC 2008


Author: seanius
Date: 2008-09-14 12:36:01 +0000 (Sun, 14 Sep 2008)
New Revision: 9818

Modified:
   data/CVE/list
Log:
updates on some php CVEs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-09-14 11:08:12 UTC (rev 9817)
+++ data/CVE/list	2008-09-14 12:36:01 UTC (rev 9818)
@@ -900,14 +900,22 @@
 CVE-2008-3661
 	RESERVED
 CVE-2008-3660 (PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as a ...)
-	TODO: check
+	{DSA-1572-1 DTSA-135-1}
+	- php5 5.2.6-1
+	NOTE: believed to be a duplicate of CVE-2008-2050.
+	NOTE: php4 not affected, the vulnerable code isn't present
+	NOTE: http://www.php.net/ChangeLog-5.php
 CVE-2008-3659 (Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and ...)
 	- php4 <removed>
 	- php5 <unfixed> (medium)
 	NOTE: php5 -d memory_limit=256M -r '$res = explode(str_repeat("A",145999999),1);'
 	NOTE: (From upstream's ext/standard/tests/strings/explode_bug.phpt)
+	NOTE: could not reproduce locally
+	NOTE: fix in pkg-php svn for both etch and sid
 CVE-2008-3658 (Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP ...)
-	TODO: check
+	- php4 <removed>
+	- php5 <unfixed> (medium)
+	NOTE: fix in pkg-php svn for both etch and sid
 CVE-2008-3657 (The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, ...)
 	- ruby1.8 1.8.7.72-1 (bug #494401)
 	- ruby1.9 1.9.0.2-6 (bug #494402)




More information about the Secure-testing-commits mailing list