[Secure-testing-commits] r4953 - in data: CVE DSA

Sat, 11 Nov 2006 06:12:11 -0800 

Author: jmm-guest
Date: 2006-11-11 15:12:03 +0100 (Sat, 11 Nov 2006)
New Revision: 4953

Modified:
   data/CVE/list
   data/DSA/list
Log:
bugzilla fixed (thanks to Maulkin)
mark open_basedir violations als unimportant, now that we have a documented PHP 
security policy


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-11-11 11:16:26 UTC (rev 4952)
+++ data/CVE/list       2006-11-11 14:12:03 UTC (rev 4953)
@@ -227,9 +227,9 @@
 CVE-2006-5707 (SQL injection vulnerability in index.php in PHPEasyData Pro 
1.4.1 and ...)
        NOT-FOR-US: PHPEasyData
 CVE-2006-5706 (Unspecified vulnerabilities in PHP, probably before 5.2.0, 
allow local ...)
-       - php5 5.2.0-1
-       - php4 <unfixed> (low)
-       [sarge] - php4 <no-dsa> (open_basedir not supported)
+       - php5 5.2.0-1 (unimportant)
+       - php4 <unfixed> (unimportant)
+       NOTE: lack of basedir restrictions are not security-relevant by Debian 
PHP security policy
 CVE-2006-5705 (Directory traversal vulnerability in plugins/wp-db-backup.php 
in ...)
        - wordpress 2.0.5-0.1
 CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security 
T6533G06 ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list       2006-11-11 11:16:26 UTC (rev 4952)
+++ data/DSA/list       2006-11-11 14:12:03 UTC (rev 4953)
@@ -1,3 +1,6 @@
+[11 Nov 2006] DSA-1208-1 bugzilla
+       {CVE-2005-4534 CVE-2006-5453}
+       [sarge] - bugzilla 2.16.7-7sarge2
 [09 Nov 2006] DSA-1207-1 phpmyadmin
        {CVE-2006-1678 CVE-2006-2418 CVE-2005-3621 CVE-2005-3665 CVE-2006-5116}
        [sarge] - phpmyadmin 4:2.6.2-3sarge2


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to