[Secure-testing-commits] r15659 - data/CVE

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2010-12-07 21:48:42 +0000 (Tue, 07 Dec 2010)
New Revision: 15659

Modified:
   data/CVE/list
Log:
php5 fixed
let awstats maints sort out the mess, bug filed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-12-07 21:22:48 UTC (rev 15658)
+++ data/CVE/list	2010-12-07 21:48:42 UTC (rev 15659)
@@ -155,11 +155,11 @@
 CVE-2010-XXXX [gnash: insecure temp files handling in configure script]
 	- gnash <unfixed> (unimportant; bug #605419)
 CVE-2010-XXXX [php and NUL handling on file ops]
-	- php5 <unfixed> (low)
+	- php5 5.3.3-6 (low)
 	NOTE: old, known, issue -- Pierre already requested an id
 	NOTE: http://svn.php.net/viewvc?view=revision&revision=305507
 CVE-2010-4409 (Integer overflow in the NumberFormatter::getSymbol (aka ...)
-	- php5 <unfixed>
+	- php5 5.3.3-6
 	[lenny] - php5 <not-affected> (intl extension included since 5.3)
 	NOTE: http://www.kb.cert.org/vuls/id/479900
 CVE-2010-4407 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
@@ -239,17 +239,14 @@
 CVE-2010-4370 (Multiple integer overflows in the in_midi plugin in Winamp before 5.6 ...)
 	NOT-FOR-US: Winamp
 CVE-2010-4369 (Directory traversal vulnerability in AWStats before 7.0 allows remote ...)
-	- awstats <unfixed>
-	TODO: check
+	- awstats <unfixed> (bug #606263)
 CVE-2010-4368 (awstats.cgi in AWStats before 7.0 on Windows accepts a configdir ...)
 	- awstats <not-affected> (Windows-specific issue)
 	NOTE: looks like it's the same as CVE-2010-4367
 CVE-2010-4367 (awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the ...)
-	- awstats <unfixed>
-	TODO: check
+	- awstats <unfixed> (bug #606263)
 CVE-2009-5020 (Open redirect vulnerability in awredir.pl in AWStats before 6.95 ...)
-	- awstats <unfixed>
-	TODO: check
+	- awstats 6.9.5~dfsg-1
 CVE-2010-XXXX [ocrodjvu insecure temp files handling]
 	- ocrodjvu 0.4.6-2 (low; bug #598134)
 CVE-2010-XXXX [hypermail XSS]