[Secure-testing-commits] r29704 - in data: . CVE

[Raphaël Hertzog]

Author: hertzog
Date: 2014-10-28 11:19:43 +0000 (Tue, 28 Oct 2014)
New Revision: 29704

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
For Squeeze LTS handle dokuwiki privilege escalation at the php level

I would suggest to do the same for wheezy.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-10-28 10:02:22 UTC (rev 29703)
+++ data/CVE/list	2014-10-28 11:19:43 UTC (rev 29704)
@@ -460,10 +460,14 @@
 	NOT-FOR-US: Voice Of Web AllMyGuests
 CVE-2014-8764 (DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP ...)
 	- dokuwiki <unfixed> (bug #766545)
+	[squeeze] - dokuwiki <no-dsa> (Will be fixed at the php level)
 	NOTE: only fixed in Security Hotfix 2014-05-05b
+	NOTE: Better fixed at the php5 level: http://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c
 CVE-2014-8763 (DokuWiki before 2014-05-05b, when using Active Directory for LDAP ...)
 	- dokuwiki <unfixed> (bug #766545)
+	[squeeze] - dokuwiki <no-dsa> (Will be fixed at the php level)
 	NOTE: only fixed in Security Hotfix 2014-05-05b
+	NOTE: Better fixed at the php5 level: http://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c
 CVE-2014-8762 (The ajax_mediadiff function in DokuWiki before 2014-05-05a allows ...)
 	- dokuwiki 0.0.20140505.a+dfsg-1 (bug #766545)
 CVE-2014-8761 (inc/template.php in DokuWiki before 2014-05-05a only checks for access ...)

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2014-10-28 10:02:22 UTC (rev 29703)
+++ data/dla-needed.txt	2014-10-28 11:19:43 UTC (rev 29704)
@@ -55,6 +55,9 @@
 --
 openjdk-6
 --
+php5
+ NOTE: Please include http://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c to fix issues with other PHP apps (see CVE-2014-8763/CVE-2014-8764 for example)
+--
 qemu
 --
 qt4-x11