[Secure-testing-commits] r30303 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Nov 25 11:54:07 UTC 2014
Author: jmm
Date: 2014-11-25 11:54:07 +0000 (Tue, 25 Nov 2014)
New Revision: 30303
Modified:
data/CVE/list
Log:
php updates
remove znc, only uses openssl, so it will be fixed once openssl is fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-25 10:50:44 UTC (rev 30302)
+++ data/CVE/list 2014-11-25 11:54:07 UTC (rev 30303)
@@ -8941,7 +8941,9 @@
- ntopng 1.2.1+dfsg1-1 (bug #760990)
NOTE: http://seclists.org/fulldisclosure/2014/Aug/65
CVE-2014-5459 (The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows ...)
- - php5 <unfixed> (bug #759282)
+ - php5 <unfixed> (low; bug #759282)
+ [wheezy] - php5 <no-dsa> (Minor issue)
+ [squeeze] - php5 <no-dsa> (Minor issue)
CVE-2014-5450
RESERVED
- zarafa <itp> (bug #658433)
@@ -13624,7 +13626,6 @@
- yaws <unfixed>
[wheezy] - yaws <no-dsa> (Minor issue)
[squeeze] - yaws <no-dsa> (Minor issue)
- - znc <unfixed> (bug #766957)
NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf
NOTE: http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html
NOTE: This is only about the SSLv3 CBC padding, not about any downgrade attack or support for the fallback SCSV
@@ -74144,12 +74145,11 @@
- statusnet <itp> (bug #491723)
CVE-2010-4657 [xmlTextWriterWriteAttribute heap disclosure]
RESERVED
- - php5 <unfixed> (low)
- [wheezy] - php5 <no-dsa> (Minor issue)
+ - php5 5.4.4-1 (low)
[squeeze] - php5 <no-dsa> (Minor issue)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=631551
- NOTE: This was initially reported to be a bug in libxml2, but it later showed that PHP
- NOTE: is using the libxml2 API in an incorrect manner
+ NOTE: Not sure when this was initially fixed, tested with the initial Wheezy version 5.4.4
+ NOTE: and the reproducer from https://bugs.launchpad.net/php/%2Bbug/655442
CVE-2010-4656 (The iowarrior_write function in drivers/usb/misc/iowarrior.c in the ...)
{DSA-2153-1}
- linux-2.6 2.6.37-1
More information about the Secure-testing-commits
mailing list