[Secure-testing-commits] r12559 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Tue Aug 11 00:57:23 UTC 2009
Author: geissert
Date: 2009-08-11 00:57:23 +0000 (Tue, 11 Aug 2009)
New Revision: 12559
Modified:
data/CVE/list
Log:
Add some info regarding the recent php issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-10 23:59:52 UTC (rev 12558)
+++ data/CVE/list 2009-08-11 00:57:23 UTC (rev 12559)
@@ -71,11 +71,12 @@
- xscreensaver <unfixed> (low; bug #539699)
TODO: request CVE id
CVE-2009-XXXX [php5: remote information disclosure]
- - php5 <unfixed> (medium; bug #540605)
- TODO: determine affected versions
+ - php5 <unfixed> (low; bug #540605)
+ TODO: check php4
+ NOTE: requires the script itself to set and then restore a config var
CVE-2009-XXXX [php5: 'open_basedir' bypass]
- - php5 <unfixed> (low; bug #540606)
- NOTE: supposedly only affects 5.3.0
+ - php5 <unfixed> (unimportant; bug #540606)
+ NOTE: only affects 5.3.0 in experimental, open_basedir unsupported
CVE-2009-XXXX [linux-2.6: do_nanosleep() null pointer dereference]
- linux-2.6 <unfixed> (medium)
[etch] - linux-2.6 <not-affected> (introduced in 2.6.28)
More information about the Secure-testing-commits
mailing list