[Secure-testing-team] Bug#778634: CVE-2008-7313 / CVE-2014-5008
Moritz Muehlenhoff
jmm at debian.org
Tue Feb 17 18:08:55 UTC 2015
Package: libphp-snoopy
Severity: grave
Tags: security
That's all fairly messy:
The fix for CVE-2008-4796 was incomplete in several ways:
- First attempt to fix it was this
http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27
The fix was assigned CVE-2008-7313.
- But this one was incomplete as well:
http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/
The second fix was assigned CVE-2014-5008:
http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.29
(it's full of whitespace noise, though).
Cheers,
Moritz
More information about the Secure-testing-team
mailing list