updates for php5 issues, based on Sean's info

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@11745 e39458fd-73e7-0310-bf30-c45bca0a0e42

2 files changed, 3 insertions, 1 deletions

diff --git a/data/CVE/list b/data/CVE/list
index 4b49a8801d..4b504ff363 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -648,6 +648,7 @@ CVE-2009-1273 (pam_ssh 1.92 and possibly other versions, as used when PAM is com
 	- pam <not-affected> (we don't compile pam with USE=ssh)
 CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x ...)
 	- php5 5.2.6.dfsg.1-3
+	[etch] - php5 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4)
 	- php4 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4)
 CVE-2009-1271 (The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before ...)
 	{DSA-1775-1}
@@ -12842,6 +12843,7 @@ CVE-2008-2830 (Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4,
 CVE-2008-2829 (php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete ...)
 	{DTSA-144-1}
 	- php5 5.2.6-2 (low)
+	[etch] - php5 <no-dsa> (Fix not feasible for etch, low priority issue)
 	NOTE: the fix sent to t-s and unstable does not seem possible in etch due to
 	NOTE: missing api features from the version of libc-client in etch.
 CVE-2008-2826 (Integer overflow in the sctp_getsockopt_local_addrs_old function in ...)
diff --git a/data/DTSA/list b/data/DTSA/list
index 24ca23bb9a..cfd4e63309 100644
--- a/data/DTSA/list
+++ b/data/DTSA/list
@@ -561,7 +561,7 @@
 	{CVE-2009-0260 CVE-2009-0312}
 	[lenny] - moin 1.7.1-3+lenny1
 [January 28th, 2009] DTSA-188-1 php5 - several vulnerabilities
-	{CVE-2008-5658 CVE-2008-5557 CVE-2008-5624}
+	{CVE-2008-5658 CVE-2008-5557 CVE-2008-5624 CVE-2009-1272}
 	[lenny] - php5 5.2.6.dfsg.1-1+lenny2
 [February 1st, 2009] DTSA-189-1 avahi - denial of service
 	{CVE-2008-5081}