[Secure-testing-commits] r47974 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Jan 13 13:29:07 UTC 2017
Author: carnil
Date: 2017-01-13 13:29:07 +0000 (Fri, 13 Jan 2017)
New Revision: 47974
Modified:
data/CVE/list
Log:
php5 removed from unstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-13 12:03:13 UTC (rev 47973)
+++ data/CVE/list 2017-01-13 13:29:07 UTC (rev 47974)
@@ -905,7 +905,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/01/08/1
CVE-2017-5340 (Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles ...)
- php7.0 <unfixed> (bug #850158)
- - php5 <unfixed>
+ - php5 <removed>
NOTE: https://bugs.php.net/bug.php?id=73832
CVE-2016-10109 [pcsc-lite use-after-free]
RESERVED
@@ -3963,7 +3963,7 @@
CVE-2016-9935 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP before ...)
{DSA-3737-1}
- php7.0 7.0.14-1
- - php5 <unfixed>
+ - php5 <removed>
NOTE: Fixed in PHP 5.6.29 and 7.0.14
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73631
NOTE: Fixed by: https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0
@@ -3971,7 +3971,7 @@
CVE-2016-9934 (ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows ...)
{DSA-3732-1}
- php7.0 7.0.13-1
- - php5 <unfixed>
+ - php5 <removed>
NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73331
NOTE: Fixed by: https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d
@@ -3985,7 +3985,7 @@
NOTE: Scope of CVE is only the missing "color < 0" test in older versions.
NOTE: GD release info: https://libgd.github.io/release-2.2.2.html
- php7.0 7.0.13-1 (unimportant)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72696
NOTE: Fixed by: https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
@@ -14943,13 +14943,13 @@
CVE-2016-9138 (PHP through 5.6.27 and 7.x through 7.0.12 mishandles property ...)
{DSA-3732-1}
- php7.0 7.0.12-1
- - php5 <unfixed>
+ - php5 <removed>
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
NOTE: http://www.openwall.com/lists/oss-security/2016/11/01/7
CVE-2016-9137 (Use-after-free vulnerability in the CURLFile implementation in ...)
{DSA-3698-1}
- php7.0 7.0.12-1
- - php5 <unfixed>
+ - php5 <removed>
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f
NOTE: NOTE: Fixed in 7.0.12, 5.6.27
@@ -18700,7 +18700,7 @@
NOTE: libgd bug: https://github.com/libgd/libgd/issues/308
NOTE: Fixed by: https://github.com/libgd/libgd/commit/2806adfdc27a94d333199345394d7c302952b95f
- php7.0 7.0.12-1 (unimportant)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
[jessie] - php5 5.6.27+dfsg-0+deb8u1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73003
NOTE: https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6
@@ -18876,11 +18876,11 @@
NOTE: Fixed in 7.0.12
CVE-2016-7479 (In all versions of PHP 7, during the unserialization process, resizing ...)
- php7.0 <unfixed>
- - php5 <unfixed>
+ - php5 <removed>
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73092
CVE-2016-7478 (Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x ...)
- php7.0 <unfixed>
- - php5 <unfixed>
+ - php5 <removed>
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73093
CVE-2016-7477
RESERVED
@@ -27577,7 +27577,7 @@
NOTE: Fixed by: https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4 (gd-2.2.0)
NOTE: Introduced by: https://github.com/libgd/libgd/commit/decf4407d41230fc54dea8058bf887a2696fd4c2 (gd-2.1.0-alpha1)
NOTE: https://github.com/libgd/libgd/issues/211
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72115
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
NOTE: http://www.openwall.com/lists/oss-security/2016/05/29/3
@@ -46760,7 +46760,7 @@
- gtk+2.0 2.21.5-1
NOTE: gtk+2.0 2.21.5-1 removed the embedded copy of gdk-pixbuf and build-depends on external gdk-pixbuf
CVE-2015-XXXX [trivial hash complexity DoS attack]
- - php5 <unfixed> (bug #800564)
+ - php5 <removed> (bug #800564)
[jessie] - php5 <no-dsa> (Too intrusive to backport)
[wheezy] - php5 <no-dsa> (Too intrusive to backport)
[squeeze] - php5 <no-dsa> (Too intrusive to backport)
@@ -69085,7 +69085,7 @@
[wheezy] - xen <not-affected> (Only affects 4.2 and later)
[squeeze] - xen <not-affected> (Only affects 4.2 and later)
CVE-2014-9425 (Double free vulnerability in the zend_ts_hash_graceful_destroy ...)
- - php5 <unfixed> (unimportant; bug #774154)
+ - php5 <removed> (unimportant; bug #774154)
NOTE: php5 binary packages not built with --with-maintainer-zts
CVE-2014-9424 (Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext ...)
- libressl <itp> (bug #754513)
@@ -80071,7 +80071,7 @@
- ntopng 1.2.1+dfsg1-1 (bug #760990)
NOTE: http://seclists.org/fulldisclosure/2014/Aug/65
CVE-2014-5459 (The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows ...)
- - php5 <unfixed> (low; bug #682157; bug #759282)
+ - php5 <removed> (low; bug #682157; bug #759282)
[jessie] - php5 <no-dsa> (Minor issue)
[wheezy] - php5 <no-dsa> (Minor issue)
[squeeze] - php5 <no-dsa> (Minor issue)
@@ -96648,7 +96648,7 @@
CVE-2013-6502
RESERVED
CVE-2013-6501 (The default soap.wsdl_cache_dir setting in (1) php.ini-production and ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: Rendererd unexpoitable by kernel level hardening for tmp races
CVE-2013-6500
REJECTED
@@ -104104,7 +104104,7 @@
CVE-2013-3736 (Cross-site scripting (XSS) vulnerability in the MobileUI (aka ...)
NOT-FOR-US: Request Tracker extension MobileUI
CVE-2013-3735 (** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: exploitable by malicious scripts only
CVE-2013-3734 [Datasource password visible to administrator]
RESERVED
@@ -123026,7 +123026,7 @@
{DSA-2503-1}
- bcfg2 1.2.2-2 (bug #679272)
CVE-2012-3365 (The SQLite functionality in PHP before 5.3.15 allows remote attackers ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: open_basedir not supported
CVE-2012-3364 (Multiple stack-based buffer overflows in the Near Field Communication ...)
- linux 3.2.23-1
@@ -128447,7 +128447,7 @@
{DSA-2465-1}
- php5 5.4.0-1 (bug #663760)
CVE-2012-1171 (The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: according to php's security statement, safemode bypass issues are not treated as security-relevant
CVE-2012-1170
RESERVED
@@ -151053,13 +151053,13 @@
CVE-2010-3066 (The io_submit_one function in fs/aio.c in the Linux kernel before ...)
- linux-2.6 2.6.23-1
CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write function in ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: mysqlnd not used in squeeze/sid
CVE-2010-3063 (The php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: mysqlnd not used in squeeze/sid
CVE-2010-3062 (mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: mysqlnd not used in squeeze/sid
CVE-2010-3061 (Unspecified vulnerability in the message-protocol implementation in ...)
NOT-FOR-US: Tivoli
@@ -153425,7 +153425,7 @@
- php5 5.3.3-1 (unimportant)
NOTE: Only triggerable through malicious script
CVE-2010-2190 (The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: Only triggerable through malicious script
CVE-2010-2189 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
NOT-FOR-US: Adobe Flash
@@ -153634,17 +153634,17 @@
CVE-2010-2102 (Buffer overflow in Webby Webserver 1.01 allows remote attackers to ...)
NOT-FOR-US: Webby Webserver
CVE-2010-2101 (The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: Only triggerable through malicious script
CVE-2010-2100 (The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: Only triggerable through malicious script
CVE-2010-2099 (bbcode/php.bb in e107 0.7.20 and earlier does not perform access ...)
NOT-FOR-US: e107
CVE-2010-2098 (Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 ...)
NOT-FOR-US: e107
CVE-2010-2097 (The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: Only triggerable through malicious script
CVE-2010-2096 (Directory traversal vulnerability in index.php in CMSQlite 1.2 and ...)
NOT-FOR-US: CMSQlite
@@ -154190,9 +154190,9 @@
- openacs <not-affected> (Doesn't use the PHP interface, see bug #585163)
- dotlrn <not-affected> (Doesn't use the PHP interface, see bug #585164)
CVE-2010-1915 (The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
CVE-2010-1914 (The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
CVE-2010-1871 (JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-1870 (The OGNL extensive expression evaluation capability in XWork in Struts ...)
@@ -154203,7 +154203,7 @@
- ghostscript 8.71~dfsg-4
NOTE: http://www.openwall.com/lists/oss-security/2010/05/11/3
CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
CVE-2010-1867 (SQL injection vulnerability in the ...)
NOT-FOR-US: Campsite
CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP ...)
@@ -154216,9 +154216,9 @@
CVE-2010-1863 (SQL injection vulnerability in the shoutbox module ...)
NOT-FOR-US: ClanTiger
CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 ...)
- php5 5.3.3-1 (unimportant)
CVE-2010-1859 (SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and ...)
@@ -160153,7 +160153,7 @@
CVE-2009-4419 (Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the ...)
NOT-FOR-US: Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets
CVE-2009-4418 (The unserialize function in PHP 5.3.0 and earlier allows ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: Only exploitable by malicious script, not treated as a security issue
NOTE: per Debian PHP security policy
CVE-2009-4417 (The shutdown function in the Zend_Log_Writer_Mail class in Zend ...)
@@ -162954,7 +162954,7 @@
- vnc4 <not-affected> (Not affected, see bug #560949)
- xotcl <not-affected> (Vulnerable code not present in embedded Expat copy)
CVE-2009-3559 (** DISPUTED ** ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: safe_mode regression
CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 ...)
- php5 5.2.12.dfsg.1-1 (unimportant)
@@ -177198,7 +177198,7 @@
{DSA-1672-1}
- imlib2 1.4.0-1.2 (bug #505714)
CVE-2008-5625 (PHP 5 before 5.2.7 does not enforce the error_log safe_mode ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: http://securityreason.com/achievement_securityalert/57
CVE-2008-5312 (mailscanner 4.55.10 and other versions before 4.74.16-1 might allow ...)
- mailscanner 4.74.16-1 (bug #506353)
@@ -179726,7 +179726,7 @@
CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in ...)
NOT-FOR-US: Microsoft
CVE-2008-4107 (The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...)
- - php5 <unfixed> (unimportant; bug #500087)
+ - php5 <removed> (unimportant; bug #500087)
NOTE: the rand() and mt_rand() functions were never said to be cryptographically strong
NOTE: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html
CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings about ...)
@@ -183354,7 +183354,7 @@
CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 ...)
NOT-FOR-US: yBlog
CVE-2008-2666 (Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: safe mode not supported
CVE-2008-2665 (Directory traversal vulnerability in the posix_access function in PHP ...)
- php5 5.2.6.dfsg.1-3 (unimportant)
@@ -193442,7 +193442,7 @@
NOT-FOR-US: ActiveKB NX
CVE-2007-5424 (The disable_functions feature in PHP 4 and 5 allows attackers to ...)
- php4 <removed> (unimportant)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: if the function is blacklisted but not its alias it is a configuration
NOTE: issue of the site not a vulnerability in php
CVE-2007-5423 (tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to ...)
@@ -195013,7 +195013,7 @@
CVE-2007-4890 (Absolute directory traversal vulnerability in a certain ActiveX ...)
NOT-FOR-US: Microsoft Visual Studio
CVE-2007-4889 (The MySQL extension in PHP 5.2.4 and earlier allows remote attackers ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: basedir and safemode not supported
CVE-2007-4888 (The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 ...)
NOT-FOR-US: Xwiki
@@ -195737,7 +195737,7 @@
CVE-2007-4597 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop ...)
NOT-FOR-US: SunShop Shopping Cart
CVE-2007-4596 (The perl extension in PHP does not follow safe_mode restrictions, ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: Safe mode violations not treated as vulnerabilities
CVE-2007-4595 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows ...)
NOT-FOR-US: Mayaa
@@ -196547,7 +196547,7 @@
CVE-2007-4256 (Directory traversal vulnerability in showpage.cgi in YNP Portal System ...)
NOT-FOR-US: YNP Portal System
CVE-2007-4255 (Buffer overflow in the mSQL extension in PHP 5.2.3 allows ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
- php4 <removed> (unimportant)
NOTE: Only exploitable by malicious script
CVE-2007-4254 (Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL ...)
@@ -198901,7 +198901,7 @@
CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...)
NOT-FOR-US: YaBB
CVE-2007-3294 (Multiple buffer overflows in libtidy, as used in the Tidy extension ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: Only exploitable by malicious script
CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and ...)
NOT-FOR-US: LiveCMS
@@ -199117,7 +199117,7 @@
RESERVED
CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ...)
- php4 <removed> (unimportant)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: That's by design
CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network ...)
NOTE: This is an jffnms ID, which has been wrongly reported by an external party,
@@ -200112,7 +200112,7 @@
- krb5 1.6.dfsg.1-5 (high; bug #430785)
CVE-2006-7205 (The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...)
- php4 <removed> (unimportant)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: local DoS when Apache memory limit is set high
CVE-2006-7204 (The imap_body function in PHP before 4.4.4 does not implement safemode ...)
- php4 <removed> (unimportant)
@@ -202281,7 +202281,7 @@
NOT-FOR-US: Akamai
CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...)
- php4 <removed> (unimportant)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: local code execution only, possibly only on FreeBSD
CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the ...)
{DSA-1283-1 DTSA-39-1}
@@ -202304,7 +202304,7 @@
NOTE: Dupe of CVE-2007-0909; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...)
- php4 <removed> (unimportant)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: Only triggerable by malicious script
CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury ...)
NOT-FOR-US: HP Mercury Quality Center
@@ -202430,7 +202430,7 @@
NOT-FOR-US: Data Domain OS
CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...)
- php4 <removed> (unimportant)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: open_basedir bypasses not supported
CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco ...)
NOT-FOR-US: Cisco
@@ -202740,7 +202740,7 @@
NOTE: register_globals not supported
CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...)
- php4 <removed> (unimportant)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: Safe mode violations not supported, insufficient measure
CVE-2007-1709 (Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC ...)
NOT-FOR-US: PECL phpDOC
@@ -203075,11 +203075,11 @@
- php5 5.2.0-11 (medium)
- php4 <removed> (medium)
CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
- php4 <removed> (unimportant)
NOTE: Only triggerable by malicious script
CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: Only triggerable by malicious script
CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service ...)
NOT-FOR-US: FTPDMIN
@@ -203511,7 +203511,7 @@
NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension in PHP ...)
- php4 <removed> (unimportant)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: Only triggerable by malicious script
CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 ...)
- php4 <not-affected> (cpdf extension not enabled in binary build)
@@ -206285,7 +206285,7 @@
CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve ...)
NOT-FOR-US: CA BrightStor
CVE-2007-0448 (The fopen function in PHP 5.2.0 does not properly handle invalid URI ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: open_basedir bypasses not supported
CVE-2007-0447 (Heap-based buffer overflow in the Decomposer component in multiple ...)
NOT-FOR-US: Symantec
@@ -208667,7 +208667,7 @@
CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before ...)
NOT-FOR-US: abitwhizzy.php
CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...)
- - php5 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
- php4 <removed> (unimportant)
NOTE: safe-mode and basedir violations not treated as security issues
CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0 RC3 ...)
@@ -213947,7 +213947,7 @@
CVE-2006-4024 (The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through ...)
- festalon <not-affected> (vuln. code introduced in 0.5.0)
CVE-2006-4023 (The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...)
- - php5 <unfixed> (unimportant; bug #382257)
+ - php5 <removed> (unimportant; bug #382257)
- php4 <removed> (unimportant; bug #382270)
NOTE: Not every lack of protection of programmer's flaws is a vulnerability
NOTE: See notes by Sean for details
@@ -221340,7 +221340,7 @@
CVE-2006-0932 (Directory traversal vulnerability in zip.lib.php 0.1.1 in ...)
NOT-FOR-US: zip.lib.php
CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...)
- - php5 <unfixed> (bug #368545; unimportant)
+ - php5 <removed> (bug #368545; unimportant)
- php4 <removed> (bug #368545; unimportant)
NOTE: is this really a vulnerability in pear? it seems it should be a bug
NOTE: in any application not checking for such archives.
More information about the Secure-testing-commits
mailing list