[Secure-testing-commits] r18565 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Feb 29 22:05:00 UTC 2012


Author: jmm
Date: 2012-02-29 22:04:59 +0000 (Wed, 29 Feb 2012)
New Revision: 18565

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
suhosin no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-02-29 21:14:23 UTC (rev 18564)
+++ data/CVE/list	2012-02-29 22:04:59 UTC (rev 18565)
@@ -1368,7 +1368,8 @@
 	- as31 2.3.1-5 (bug #655496)
 	[squeeze] - as31 <no-dsa> (The maintainer consider it a minor issue. Check comments in the bug report)
 CVE-2012-0807 (Stack-based buffer overflow in the suhosin_encrypt_single_cookie ...)
-	- php-suhosin 0.9.33-1 (bug #657190)
+	- php-suhosin 0.9.33-1 (low; bug #657190)
+	[squeeze] - php-suhosin <no-dsa> (Exploitable in rare setups)
 	NOTE: https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa
 CVE-2012-0806 (Buffer overflow in Bip 0.8.8 and earlier might allow remote ...)
 	{DSA-2393-1}

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2012-02-29 21:14:23 UTC (rev 18564)
+++ data/spu-candidates.txt	2012-02-29 22:04:59 UTC (rev 18565)
@@ -208,6 +208,11 @@
 
 --
 
+php-suhosin (CVE-2012-0807)
+#657190
+
+--
+
 prosody (CVE-2011-2205)
 #579087
 Also requires additional fix in lua-expat




More information about the Secure-testing-commits mailing list