[Secure-testing-commits] r15098 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Mon Aug 2 03:51:04 UTC 2010
Author: geissert
Date: 2010-08-02 03:51:03 +0000 (Mon, 02 Aug 2010)
New Revision: 15098
Modified:
data/CVE/list
Log:
mark php5 as fixed (package in experimental, but want to cleanup)
some other issues were fixed but they are unimportant, I might clean
that up later
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-08-02 03:41:41 UTC (rev 15097)
+++ data/CVE/list 2010-08-02 03:51:03 UTC (rev 15098)
@@ -1114,7 +1114,7 @@
RESERVED
CVE-2010-2484 [strrchr() interruption]
RESERVED
- - php5 <unfixed> (unimportant)
+ - php5 5.3.3-1 (unimportant)
CVE-2010-2483 (The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers ...)
- tiff <unfixed> (unimportant)
CVE-2010-2482 (LibTIFF 3.9.4 and earlier does not properly handle an invalid ...)
@@ -1761,7 +1761,7 @@
RESERVED
- linux-2.6 2.6.32-19
CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage unserializer in ...)
- - php5 <unfixed>
+ - php5 5.3.3-1
CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise ...)
NOT-FOR-US: Reh Hat Enterprise Virtualization Manager (RHEV-M)
CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...)
@@ -1840,7 +1840,7 @@
{DSA-2063-1}
- pmount 0.9.23-1
CVE-2010-2191 (The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; ...)
- - php5 <unfixed> (unimportant)
+ - php5 5.3.3-1 (unimportant)
NOTE: Only triggerable through malicious script
CVE-2010-2190 (The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions ...)
- php5 <unfixed> (unimportant)
@@ -2069,10 +2069,10 @@
CVE-2010-2095 (SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier ...)
NOT-FOR-US: CMSQlite
CVE-2010-2094 (Multiple format string vulnerabilities in the phar extension in PHP ...)
- - php5 <unfixed> (low)
+ - php5 5.3.3-1 (low)
[lenny] - php5 <not-affected> (Vulnerable code not present)
CVE-2010-2093 (Use-after-free vulnerability in the request shutdown functionality in ...)
- - php5 <unfixed> (unimportant)
+ - php5 5.3.3-1 (unimportant)
NOTE: Only triggerable through malicious script
CVE-2010-2092 (SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier ...)
{DSA-2060-1}
@@ -2593,7 +2593,7 @@
CVE-2010-1918 (SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and ...)
NOT-FOR-US: EFront ask_chat
CVE-2010-1917 (Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 ...)
- - php5 <unfixed> (low)
+ - php5 5.3.3-1 (low)
[lenny] - php5 <no-dsa> (Minor issue)
CVE-2010-1916 (The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 ...)
- serendipity 1.5.3-1
@@ -2618,12 +2618,12 @@
CVE-2010-1867 (SQL injection vulnerability in the ...)
NOT-FOR-US: Campsite
CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP ...)
- - php5 <unfixed> (low)
+ - php5 5.3.3-1 (low)
[lenny] - php5 <not-affected> (dechunk filter introduced in 5.3)
CVE-2010-1865 (Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and ...)
NOT-FOR-US: ClanSphere
CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through ...)
- - php5 <unfixed> (unimportant)
+ - php5 5.3.3-1 (unimportant)
CVE-2010-1863 (SQL injection vulnerability in the shoutbox module ...)
NOT-FOR-US: ClanTiger
CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...)
More information about the Secure-testing-commits
mailing list