Author: jmm-guest
Date: 2007-09-14 17:31:11 +0000 (Fri, 14 Sep 2007)
New Revision: 6610
Modified:
data/CVE/list
Log:
PHP non-issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-09-14 13:49:44 UTC (rev 6609)
+++ data/CVE/list 2007-09-14 17:31:11 UTC (rev 6610)
@@ -143,11 +143,14 @@
CVE-2007-4785 (Sony Micro Vault Fingerprint Access Software, as distributed
with Sony ...)
NOT-FOR-US: Sony Micro Vault
CVE-2007-4784 (The setlocale function in PHP before 5.2.4 allows
context-dependent ...)
- - php5 <unfixed> (low; bug #441972)
+ - php5 <unfixed> (unimportant; bug #441972)
+ NOTE: Only triggerable by malicious script
CVE-2007-4783 (The iconv_substr function in PHP 5.2.4 and earlier allows ...)
- - php5 <unfixed> (low; bug #441972)
+ - php5 <unfixed> (unimportant; bug #441972)
+ NOTE: Only triggerable by malicious script
CVE-2007-4782 (PHP before 5.2.3 allows context-dependent attackers to cause a
denial ...)
- - php5 5.2.3-1 (low)
+ - php5 5.2.3-1 (unimportant)
+ NOTE: Only triggerable by malicious script
CVE-2007-4781 (administrator/index.php in the installer component
(com_installer) in ...)
- joomla <itp> (bug #326398)
CVE-2007-4780 (Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to
obtain ...)
@@ -393,8 +396,9 @@
CVE-2007-4671
RESERVED
CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown
impact and ...)
- - php5 <unfixed>
- - php4 <removed>
+ - php5 <unfixed> (unimportant)
+ - php4 <removed> (unimportant)
+ NOTE: This refers to an improved fix for MOPB 03-2007, which is
CVE-2007-1285 and a non-issue
CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote
authenticated ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
[etch] - firebird2 <unfixed>
@@ -420,11 +424,14 @@
[etch] - firebird2 <unfixed>
[sarge] - firebird2 <unfixed>
CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows
attackers ...)
- - php5 <unfixed>
+ - php5 <unfixed> (unimportant)
+ NOTE: open_basedir not supported
CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP
before ...)
- php5 <unfixed>
CVE-2007-4661 (The chunk_split function in string.c in PHP 5.2.3 does not
properly ...)
- - php5 <unfixed>
+ - php5 <unfixed> (unimportant)
+ NOTE: This CVE refers to an incomplete fix for CVE-2007-2872, an issue
only
+ NOTE: triggerable by malicious script
CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP
before ...)
- php5 <unfixed>
CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not
...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
