[Secure-testing-commits] r12705 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Sat Aug 29 16:33:49 UTC 2009


Author: geissert
Date: 2009-08-29 16:33:49 +0000 (Sat, 29 Aug 2009)
New Revision: 12705

Modified:
   data/CVE/list
Log:
Merge a dup


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-29 09:14:18 UTC (rev 12704)
+++ data/CVE/list	2009-08-29 16:33:49 UTC (rev 12705)
@@ -174,11 +174,6 @@
 	TODO: check
 CVE-2008-7069 (All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information ...)
 	NOT-FOR-US: All Club CMS (ACCMS)
-CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...)
-	{DTSA-188-1}
-	- php5 5.2.6.dfsg.1-3 (low; bug #507101)
-	- php4 <removed> (low)
-	NOTE: no-dsa candidate, if a user has write access to a file he simply can use fopen()
 CVE-2008-7067 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: PageTree CMS 
 CVE-2008-7066 (OpenForum 0.66 Beta allows remote attackers to bypass authentication ...)
@@ -11746,11 +11741,12 @@
 	NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82
 	NOTE: upstream has been notified
 	TODO: write proper advisory and request CVE id
-CVE-2008-XXXX [php: inifile handler for the dba functions can be used to truncate a file]
+CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...)
+	{DTSA-188-1}
 	- php5 5.2.6.dfsg.1-3 (low; bug #507101)
 	[lenny] - php5 5.2.6.dfsg.1-1+lenny2
-	- php4 <unfixed> (low)
-	NOTE: CVE id requested denied
+	- php4 <removed> (low)
+	NOTE: no-dsa candidate, if a user has write access to a file he simply can use fopen()
 CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link function in ...)
 	- wordpress 2.5.1-11 (low; bug #507193)
 	[etch] - wordpress <not-affected> (Vulnerable code not present)




More information about the Secure-testing-commits mailing list