Hi Moritz, On Tuesday 6 May 2008 12:16, Moritz Naumann wrote: > http://www.php.net/ChangeLog-5.php lists several security fixes which are > included in upstream PHP 5.2.6: Thanks for your help in matching the changelog issues to CVE names, I've put your suggestions into the tracker. > * Fixed a safe_mode bypass in cURL identified by Maksymilian > Arciemowicz. (Ilia) > --> CVE-2007-4850 (acc. to > http://securityreason.com/achievement_securityalert/51) > --> already tracked at > http://security-tracker.debian.net/tracker/CVE-2007-4850 > --> missing source package reference at > http://security-tracker.debian.net/tracker/source-package/php5 It is not really missing, we track the issue but it's marked as a non-issue (we treat safe mode bypasses as non-issues) and thus not shown in that overview. > * Upgraded PCRE to version 7.6 (Nuno) > --> CVE-2008-0674 (best match, no reference found) > --> not tracked yet > --> possibly missing reference at > http://security-tracker.debian.net/tracker/CVE-2008-0674 > (but should really be tracked seperately) > --> local code execution through buffer overflow The php5 package in Debian uses the system copy of PCRE, so this isn't an open issue. I've updated the tracker to add this information to that CVE. cheers, Thijs
Attachment:
pgpg5EuJHDjjA.pgp
Description: PGP signature