[Secure-testing-commits] r6120 - data/CVE

Sun, 08 Jul 2007 15:23:21 -0700 

Author: seanius
Date: 2007-07-08 22:23:17 +0000 (Sun, 08 Jul 2007)
New Revision: 6120

Modified:
   data/CVE/list
Log:
DSAs for php issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-07-08 20:25:16 UTC (rev 6119)
+++ data/CVE/list       2007-07-08 22:23:17 UTC (rev 6120)
@@ -3749,6 +3749,7 @@
 CVE-2007-1865
        RESERVED
 CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 
4.4.7, ...)
+       {DSA-1330-1 DSA-1331-1}
        - php4 <unfixed>
        - php5 5.2.2-1
 CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server 
(httpd), ...)
@@ -4897,6 +4898,7 @@
 CVE-2007-1400 (Plash permits sandboxed processes to open /dev/tty, which 
allows local ...)
        NOT-FOR-US: Plash
 CVE-2007-1399 (Stack-based buffer overflow in the zip:// URL wrapper in PECL 
ZIP ...)
+       {DSA-1330-1}
        - php5 5.2.2-1 (medium)
 CVE-2007-1398 (The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 
beta, when ...)
        - snort <not-affected> (Vulnerable code not present)
@@ -14124,6 +14126,7 @@
 CVE-2006-4487 (DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the 
web ...)
        NOT-FOR-US: DUpoll
 CVE-2006-4486 (Integer overflow in memory allocation routines in PHP before 
5.1.6, ...)
+       {DSA-1331-1}
        - php5 5.1.6-1
        - php4 4:4.4.4-1
 CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and 
attack ...)
@@ -24362,9 +24365,9 @@
        - php4 4:4.4.2-1 (bug #354682; low)
        [sarge] - php4 <no-dsa> (html_errors shouldn't be used)
 CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 
allow ...)
+       {DSA-1331-1}
        - php5 5.1.2-1
        - php4 4:4.4.2-1 (bug #354683)
-       NOTE: the second part (header function) affects also php4
 CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 
...)
        NOT-FOR-US: Light Weight Calendar
 CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow 
remote ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to