[Secure-testing-commits] r13415 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Tue Dec 1 15:00:41 UTC 2009 

Author: geissert
Date: 2009-12-01 15:00:40 +0000 (Tue, 01 Dec 2009)
New Revision: 13415

Modified:
   data/CVE/list
Log:
mark php4 as removed in some unfixed issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-01 14:15:42 UTC (rev 13414)
+++ data/CVE/list	2009-12-01 15:00:40 UTC (rev 13415)
@@ -360,7 +360,7 @@
 CVE-2009-4017 (PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of ...)
 	{DSA-1940-1}
 	- php5 5.2.11.dfsg.1-2 (medium)
-	- php4 <unfixed> (medium)
+	- php4 <removed> (medium)
 	NOTE: workarounds include using 5.3.1 or php5-suhosin
 	NOTE: 4B068517.802 at acunetix.com on bugtraq explains it
 CVE-2009-3080 (Array index error in the gdth_read_event function in ...)
@@ -5576,7 +5576,7 @@
 CVE-2009-2687 (The exif_read_data function in the Exif module in PHP before 5.2.10 ...)
 	{DSA-1940-1}
 	- php5 5.2.10.dfsg.1-2 (low; bug #535888)
-	- php4 <unfixed> (low; bug #535897)
+	- php4 <removed> (low; bug #535897)
 	NOTE: 5.3.0 (in experimental) is not affected
 CVE-2009-XXXX [apache2: htaccess override]
 	- apache2 2.2.9-1 (low; bug #535886)
@@ -13616,7 +13616,7 @@
 CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and ...)
 	{DSA-1789-1}
 	- php5 <unfixed> (low; bug #523028)
-	- php4 <unfixed> (low; bug #523028)
+	- php4 <removed> (low; bug #523028)
 CVE-2008-5813 (SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before ...)
 	- spip 2.0.6-1
 CVE-2008-5812 (Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 ...)
@@ -27480,7 +27480,7 @@
 CVE-2008-0146 (Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL ...)
 	NOT-FOR-US: W3-mSQL
 CVE-2008-0145 (Unspecified vulnerability in glob in PHP before 4.4.8, when ...)
-	- php4 <unfixed> (unimportant)
+	- php4 <removed> (unimportant)
 	NOTE: open_basedir bypasses not supported
 CVE-2008-0144 (PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 ...)
 	NOT-FOR-US: NetRisk
@@ -31537,7 +31537,7 @@
 CVE-2007-5425 (SQL injection vulnerability in admin/index.php in Interspire ActiveKB ...)
 	NOT-FOR-US: ActiveKB NX
 CVE-2007-5424 (The disable_functions feature in PHP 4 and 5 allows attackers to ...)
-	- php4 <unfixed> (unimportant)
+	- php4 <removed> (unimportant)
 	- php5 <unfixed> (unimportant)
 	NOTE: if the function is blacklisted but not its alias it is a configuration
 	NOTE: issue of the site not a vulnerability in php
@@ -35234,7 +35234,7 @@
 	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.63&r2=1.445.2.14.2.64
 CVE-2007-3997 (The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ...)
 	- php5 5.2.4-1 (unimportant)
-	- php4 <unfixed> (unimportant)
+	- php4 <removed> (unimportant)
 	NOTE: only exploitable by malicious script
 CVE-2007-3996 (Multiple integer overflows in libgd in PHP before 5.2.4 allow remote ...)
 	{DSA-1613-1}

More information about the Secure-testing-commits mailing list