[Secure-testing-team] PHP bugs: fixed or not?
Stefan Fritsch
sf at sfritsch.de
Mon Apr 30 21:44:24 UTC 2007
Hi,
On Montag, 30. April 2007, Francesco Poli wrote:
> The following ones are claimed to be fixed for sid in php5 version
> 5.2.0-11 by DSA 1283-1, but are still considered unfixed in sid by
> the tracker:
>
> CVE-2007-1375 CVE-2007-1376 CVE-2007-1380 CVE-2007-1453
> CVE-2007-1454 CVE-2007-1521 CVE-2007-1583 CVE-2007-1711
> CVE-2007-1718 CVE-2007-1824 CVE-2007-1887 CVE-2007-1889
> CVE-2007-1900
>
CVE-2007-1711 does not seem to be fixed (but is unimportant). The rest
are fixed. There is a typo in the changelog though:
CVE-2007-1453-MOPB-18 should be ...-1454-...
I have updated the tracker accordingly.
> The following ones are claimed to be fixed for sid in php4 version
> 4.4.6-1 by DSA 1282-1, but are still considered unfixed in sid by
> the tracker:
>
> CVE-2007-1286 CVE-2007-1380 CVE-2007-1521 CVE-2007-1711
> CVE-2007-1718 CVE-2007-1777
I could only find information that CVE-2007-1286, CVE-2007-1380, and
CVE-2007-1777 are fixed. I don't think the rest are fixed.
@Sean: do you have more information? Thanks.
Cheers,
Stefan
More information about the Secure-testing-team
mailing list