Package: libphp-snoopy Severity: grave Tags: security That's all fairly messy:
The fix for CVE-2008-4796 was incomplete in several ways: - First attempt to fix it was this http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27 The fix was assigned CVE-2008-7313. - But this one was incomplete as well: http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/ The second fix was assigned CVE-2014-5008: http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.29 (it's full of whitespace noise, though). Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
