[Secure-testing-commits] r11745 - in data: CVE DTSA

[Thijs Kinkhorst]

Author: thijs
Date: 2009-04-30 14:46:31 +0000 (Thu, 30 Apr 2009)
New Revision: 11745

Modified:
   data/CVE/list
   data/DTSA/list
Log:
updates for php5 issues, based on Sean's info


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-29 21:14:15 UTC (rev 11744)
+++ data/CVE/list	2009-04-30 14:46:31 UTC (rev 11745)
@@ -648,6 +648,7 @@
 	- pam <not-affected> (we don't compile pam with USE=ssh)
 CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x ...)
 	- php5 5.2.6.dfsg.1-3
+	[etch] - php5 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4)
 	- php4 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4)
 CVE-2009-1271 (The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before ...)
 	{DSA-1775-1}
@@ -12842,6 +12843,7 @@
 CVE-2008-2829 (php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete ...)
 	{DTSA-144-1}
 	- php5 5.2.6-2 (low)
+	[etch] - php5 <no-dsa> (Fix not feasible for etch, low priority issue)
 	NOTE: the fix sent to t-s and unstable does not seem possible in etch due to
 	NOTE: missing api features from the version of libc-client in etch.
 CVE-2008-2826 (Integer overflow in the sctp_getsockopt_local_addrs_old function in ...)

Modified: data/DTSA/list
===================================================================
--- data/DTSA/list	2009-04-29 21:14:15 UTC (rev 11744)
+++ data/DTSA/list	2009-04-30 14:46:31 UTC (rev 11745)
@@ -561,7 +561,7 @@
 	{CVE-2009-0260 CVE-2009-0312}
 	[lenny] - moin 1.7.1-3+lenny1
 [January 28th, 2009] DTSA-188-1 php5 - several vulnerabilities
-	{CVE-2008-5658 CVE-2008-5557 CVE-2008-5624}
+	{CVE-2008-5658 CVE-2008-5557 CVE-2008-5624 CVE-2009-1272}
 	[lenny] - php5 5.2.6.dfsg.1-1+lenny2
 [February 1st, 2009] DTSA-189-1 avahi - denial of service
 	{CVE-2008-5081}