[Secure-testing-commits] r12705 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Sat Aug 29 16:33:49 UTC 2009
Author: geissert
Date: 2009-08-29 16:33:49 +0000 (Sat, 29 Aug 2009)
New Revision: 12705
Modified:
data/CVE/list
Log:
Merge a dup
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-29 09:14:18 UTC (rev 12704)
+++ data/CVE/list 2009-08-29 16:33:49 UTC (rev 12705)
@@ -174,11 +174,6 @@
TODO: check
CVE-2008-7069 (All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information ...)
NOT-FOR-US: All Club CMS (ACCMS)
-CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...)
- {DTSA-188-1}
- - php5 5.2.6.dfsg.1-3 (low; bug #507101)
- - php4 <removed> (low)
- NOTE: no-dsa candidate, if a user has write access to a file he simply can use fopen()
CVE-2008-7067 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: PageTree CMS
CVE-2008-7066 (OpenForum 0.66 Beta allows remote attackers to bypass authentication ...)
@@ -11746,11 +11741,12 @@
NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82
NOTE: upstream has been notified
TODO: write proper advisory and request CVE id
-CVE-2008-XXXX [php: inifile handler for the dba functions can be used to truncate a file]
+CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...)
+ {DTSA-188-1}
- php5 5.2.6.dfsg.1-3 (low; bug #507101)
[lenny] - php5 5.2.6.dfsg.1-1+lenny2
- - php4 <unfixed> (low)
- NOTE: CVE id requested denied
+ - php4 <removed> (low)
+ NOTE: no-dsa candidate, if a user has write access to a file he simply can use fopen()
CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link function in ...)
- wordpress 2.5.1-11 (low; bug #507193)
[etch] - wordpress <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list