[Secure-testing-team] PHP bugs: fixed or not?
Francesco Poli
frx at firenze.linux.it
Tue May 1 09:43:10 UTC 2007
On Mon, 30 Apr 2007 23:44:24 +0200 Stefan Fritsch wrote:
> Hi,
>
> On Montag, 30. April 2007, Francesco Poli wrote:
> > The following ones are claimed to be fixed for sid in php5 version
> > 5.2.0-11 by DSA 1283-1, but are still considered unfixed in sid by
> > the tracker:
> >
> > CVE-2007-1375 CVE-2007-1376 CVE-2007-1380 CVE-2007-1453
> > CVE-2007-1454 CVE-2007-1521 CVE-2007-1583 CVE-2007-1711
> > CVE-2007-1718 CVE-2007-1824 CVE-2007-1887 CVE-2007-1889
> > CVE-2007-1900
> >
>
> CVE-2007-1711 does not seem to be fixed (but is unimportant).
That is to say?
Is DSA 1283-1 *lying* ?!?
[...]
> I have updated the tracker accordingly.
Fine.
>
>
> > The following ones are claimed to be fixed for sid in php4 version
> > 4.4.6-1 by DSA 1282-1, but are still considered unfixed in sid by
> > the tracker:
> >
> > CVE-2007-1286 CVE-2007-1380 CVE-2007-1521 CVE-2007-1711
> > CVE-2007-1718 CVE-2007-1777
>
> I could only find information that CVE-2007-1286, CVE-2007-1380, and
> CVE-2007-1777 are fixed. I don't think the rest are fixed.
Again, is DSA 1282-1 *lying* ?!?
--
http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html
Need to read a Debian testing installation walk-through?
..................................................... Francesco Poli .
GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070501/34a32835/attachment.pgp
More information about the Secure-testing-team
mailing list