[Secure-testing-commits] r12559 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Tue Aug 11 00:57:23 UTC 2009


Author: geissert
Date: 2009-08-11 00:57:23 +0000 (Tue, 11 Aug 2009)
New Revision: 12559

Modified:
   data/CVE/list
Log:
Add some info regarding the recent php issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-10 23:59:52 UTC (rev 12558)
+++ data/CVE/list	2009-08-11 00:57:23 UTC (rev 12559)
@@ -71,11 +71,12 @@
 	- xscreensaver <unfixed> (low; bug #539699)
 	TODO: request CVE id
 CVE-2009-XXXX [php5: remote information disclosure]
-	- php5 <unfixed> (medium; bug #540605)
-	TODO: determine affected versions
+	- php5 <unfixed> (low; bug #540605)
+	TODO: check php4
+	NOTE: requires the script itself to set and then restore a config var
 CVE-2009-XXXX [php5: 'open_basedir' bypass]
-	- php5 <unfixed> (low; bug #540606)
-	NOTE: supposedly only affects 5.3.0
+	- php5 <unfixed> (unimportant; bug #540606)
+	NOTE: only affects 5.3.0 in experimental, open_basedir unsupported
 CVE-2009-XXXX [linux-2.6: do_nanosleep() null pointer dereference]
 	- linux-2.6 <unfixed> (medium)
 	[etch] - linux-2.6 <not-affected> (introduced in 2.6.28)




More information about the Secure-testing-commits mailing list