** Description changed:
in http://www.ubuntu.com/usn/USN-720-1
** This is not security issue. trivial. **
- USN header and package's debchanges said "CVE-2008-5624".
+ USN header and package's debchanges said "CVE-2008-5625".
>CVE-2007-3996, CVE-2007-5900, CVE-2008-3658, CVE-2008-3659,
- >CVE-2008-3660,CVE-2008-5557, CVE-2008-5624, CVE-2008-5625,
- CVE-2008-5658
+ >CVE-2008-3660,CVE-2008-5557, CVE-2008-5624,
+
+ CVE-2008-5625,
+
+ > CVE-2008-5658
> * SECURITY UPDATE: arbitrary file write by placing a "php_value error_log"
>entry in a .htaccess file.
>- debian/patches/126_SECURITY_CVE-2008-5625.patch: enforce restrictions
> when merging in dir entry in sapi/apache/mod_php5.c and
> sapi/apache2handler/apache_config.c.
>- CVE-2008-5625
But, description said...
> It was dicovered that PHP did not properly enforce error_log safe_mode
restrictions when set by
> php_admin_flag in the Apache configuration file. A local attacker could
create a specially crafted
> PHP script that would overwrite arbitrary files. (CVE-2007-5625)
- It is CVE-200*8*-5625. Plase Fix.
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5625
+ > Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site Search
+ > SearchSimon Lite 1.0 allows remote attackers to inject arbitrary web script
+ > or HTML via the QUERY parameter.
+
+ .It is CVE-200*8*-5625. Please Fix.
--
USN-720-1 's description has a wrong CVE ID(it is not CVE-2007-5625)
https://bugs.launchpad.net/bugs/331045
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs