[Secure-testing-commits] r9888 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Sat Sep 27 09:00:12 UTC 2008
Author: thijs
Date: 2008-09-27 09:00:06 +0000 (Sat, 27 Sep 2008)
New Revision: 9888
Modified:
data/CVE/list
Log:
phpbb2 issue fixed in unstable, doesn't apply to phpbb3, issue is not really
in phpbb in my view, but should be fixed in php itself
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-09-27 08:51:53 UTC (rev 9887)
+++ data/CVE/list 2008-09-27 09:00:06 UTC (rev 9888)
@@ -134,8 +134,10 @@
CVE-2008-4126 (PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use ...)
- python-dns 2.3.1-5 (bug #490217)
CVE-2008-4125 (The search function in phpBB 2.x provides a search_id value that leaks ...)
- - phpbb2 <unfixed> (bug #500086)
- TODO: check phpbb3
+ - phpbb2 2.0.23+repack-3 (low; bug #500086)
+ - phpbb3 <not-affected> (vulnerable code not present)
+ NOTE: this is actually a bug in the seeding by PHP, not phpBB per se, but
+ NOTE: fixing it nonetheless as a workaround.
CVE-2008-4124
RESERVED
CVE-2008-4123
More information about the Secure-testing-commits
mailing list