[Secure-testing-commits] r13363 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Tue Nov 24 05:17:03 UTC 2009
Author: geissert
Date: 2009-11-24 05:16:58 +0000 (Tue, 24 Nov 2009)
New Revision: 13363
Modified:
data/CVE/list
Log:
new php-net-ping issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-11-24 05:10:27 UTC (rev 13362)
+++ data/CVE/list 2009-11-24 05:16:58 UTC (rev 13363)
@@ -1,3 +1,9 @@
+CVE-2009-XXXX [Net_Ping PEAR module argument injection]
+ - php-net-ping <unfixed>
+ TODO: check
+ NOTE: http://pear.php.net/advisory20091114-01.txt
+ NOTE: the fix by upstream should be double checked,
+ NOTE: escapeshellcmd might not be the most appropriate function either
CVE-2009-4046 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x ...)
NOT-FOR-US: FrontAccounting
CVE-2009-4045 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...)
More information about the Secure-testing-commits
mailing list