[Secure-testing-commits] r18347 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Tue Jan 31 18:18:45 UTC 2012


Author: geissert
Date: 2012-01-31 18:18:44 +0000 (Tue, 31 Jan 2012)
New Revision: 18347

Modified:
   data/CVE/list
Log:
remove dup suhosin issue, update the other one


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-01-31 17:15:28 UTC (rev 18346)
+++ data/CVE/list	2012-01-31 18:18:44 UTC (rev 18347)
@@ -355,11 +355,6 @@
 	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
 	[lenny] - asterisk <not-affected> (Vulnerable code not present)
 	NOTE: AST-2012-001 http://downloads.asterisk.org/pub/security/AST-2012-001.html
-CVE-2012-XXXX [php5-suhosin Transparent Cookie Encryption Stack Buffer Overflow]
-	- php5-suhosin <unfixed>
-	[squeeze] - php5-suhosin <unfixed>
-	[lenny] - php5-suhosin <unfixed>
-	NOTE: http://seclists.org/fulldisclosure/2012/Jan/295
 CVE-2012-0784
 	RESERVED
 CVE-2012-0783
@@ -9614,7 +9609,8 @@
 CVE-2011-2483 (crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain ...)
 	{DSA-2399-1 DSA-2340-1}
 	- libcrypt-eksblowfish-perl <not-affected> (discovered and corrected in initial release in 2007)
-	- php-suhosin <unfixed> (bug #631283)
+	- php-suhosin <not-affected> (bug #631283; that portion is not used since PHP 5.3)
+	[lenny] - php-suhosin <unfixed> (bug #631283)
 	- postgresql-8.4 8.4.9-1 (bug #631285)
 	- postgresql-9.0 9.0.5-1 (bug #631285)
 	- postgresql-9.1 9.1~rc1-1




More information about the Secure-testing-commits mailing list