[Secure-testing-commits] r28471 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Aug 26 06:14:14 UTC 2014
Author: jmm
Date: 2014-08-26 06:14:14 +0000 (Tue, 26 Aug 2014)
New Revision: 28471
Modified:
data/CVE/list
Log:
php/gd update
enigmail no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-26 05:14:05 UTC (rev 28470)
+++ data/CVE/list 2014-08-26 06:14:14 UTC (rev 28471)
@@ -47,7 +47,9 @@
RESERVED
CVE-2014-5369 [an email with only Bcc recipients is sent in plain text]
RESERVED
- - enigmail <unfixed>
+ - enigmail 2:1.7-1
+ [wheezy] - enigmail <no-dsa> (Minor issue)
+ [squeeze] - enigmail <no-dsa> (Icedove EOLed in squeeze)
NOTE: http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4/#b315
NOTE: and http://sourceforge.net/p/enigmail/bugs/294/
CVE-2014-5367
@@ -749,10 +751,10 @@
CVE-2014-5120 [NUL byte injection in filenames passed to image handling functions]
RESERVED
- php5 <unfixed>
- - libgd2 <unfixed>
+ [squeeze] - php5 <not-affected> (Introduced in 5.4)
+ - libgd2 <not-affected> (Specific to integration of gd in PHP)
NOTE: https://bugs.php.net/bug.php?id=67730
NOTE: https://bugs.php.net/patch-display.php?bug_id=67730&patch=gd-null-injection&revision=latest
- TODO: check, possibly does not affect the libgd library itself, only the copy in php
CVE-2014-5115 (Absolute path traversal vulnerability in DirPHP 1.0 allows remote ...)
NOT-FOR-US: DirPHP
CVE-2014-5114 (WeBid 1.1.1 allows remote attackers to conduct an LDAP injection ...)
More information about the Secure-testing-commits
mailing list