[Secure-testing-commits] r13363 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Tue Nov 24 05:17:03 UTC 2009


Author: geissert
Date: 2009-11-24 05:16:58 +0000 (Tue, 24 Nov 2009)
New Revision: 13363

Modified:
   data/CVE/list
Log:
new php-net-ping issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-11-24 05:10:27 UTC (rev 13362)
+++ data/CVE/list	2009-11-24 05:16:58 UTC (rev 13363)
@@ -1,3 +1,9 @@
+CVE-2009-XXXX [Net_Ping PEAR module argument injection]
+	- php-net-ping <unfixed>
+	TODO: check
+	NOTE: http://pear.php.net/advisory20091114-01.txt
+	NOTE: the fix by upstream should be double checked,
+	NOTE: escapeshellcmd might not be the most appropriate function either
 CVE-2009-4046 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x ...)
 	NOT-FOR-US: FrontAccounting
 CVE-2009-4045 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...)




More information about the Secure-testing-commits mailing list