[Secure-testing-team] Bug#778634: CVE-2008-7313 / CVE-2014-5008

Moritz Muehlenhoff jmm at debian.org
Tue Feb 17 18:08:55 UTC 2015


Package: libphp-snoopy
Severity: grave
Tags: security

That's all fairly messy:

The fix for CVE-2008-4796 was incomplete in several ways:

- First attempt to fix it was this
http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27
The fix was assigned CVE-2008-7313.

- But this one was incomplete as well:
http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/
The second fix was assigned CVE-2014-5008:
http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.29
(it's full of whitespace noise, though).

Cheers,
        Moritz



More information about the Secure-testing-team mailing list