Author: jmm-guest
Date: 2007-05-19 10:42:40 +0000 (Sat, 19 May 2007)
New Revision: 5881

Modified:
   data/CVE/list
   data/DSA/list
Log:
- php5 DSA
- no-dsa for file crash, will be fixed in a stable point update
- rewrite older php entry as unimportant instead of NFU, as php is present
  in the archive


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-05-19 09:19:55 UTC (rev 5880)
+++ data/CVE/list       2007-05-19 10:42:40 UTC (rev 5881)
@@ -1507,9 +1507,8 @@
        NOTE: Unrealistic attack vector, no evidence code injection is possible
 CVE-2007-2026 (The gnu regular expression code in file 4.20 allows 
context-dependent ...)
        - file 4.20-6 (low)
+       [etch] - file <no-dsa> (Hardly any security impact)
        [sarge] - file <not-affected> (version too old)
-       [etch] - file <not-affected> (version too old)
-       NOTE: This bug was introduced in file 4.20.
 CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature 
...)
        - phpwiki <unfixed> (unknown)
 CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature 
...)
@@ -1803,7 +1802,9 @@
 CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW 
function ...)
        NOT-FOR-US: Akamai
 CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 
4.4.5 and ...)
-       NOT-FOR-US: according to MOPB-43 not linux exploitable
+       - php4 <unfixed> (unimportant)
+       - php5 <unfixed> (unimportant)
+       NOTE: local code execution only, possibly only on FreeBSD
 CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in 
the ...)
        {DSA-1283-1}
        - php5 5.2.0-11 (medium)

Modified: data/DSA/list
===================================================================
--- data/DSA/list       2007-05-19 09:19:55 UTC (rev 5880)
+++ data/DSA/list       2007-05-19 10:42:40 UTC (rev 5881)
@@ -1,3 +1,6 @@
+[19 May 2007] DSA-1295-1 php5
+       {CVE-2007-2509 CVE-2007-2510}
+       [etch] - php5 5.2.0-8+etch4
 [17 May 2007] DSA-1294-1 xfree86
        {CVE-2007-1003 CVE-2007-1351 CVE-2007-1352 CVE-2007-1667}
        [sarge] - xfree86 4.3.0.dfsg.1-14sarge4


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to