CVE-2008-4796: snoopy triage

Hi

I thought I'd share the outcome of my snoopy triage for debian.
I had a look at upstream's patch[0] and compared it with packages in debian.

We had 6 packages including the file Snoopy.class.php, all were vulnerable.
List of packages:
ampache: /usr/share/ampache/www/modules/infotools/Snoopy.class.php
libphp-snoopy: /usr/share/php/libphp-snoopy/Snoopy.class.php
mahara: /usr/share/mahara/lib/snoopy/Snoopy.class.php
mediamate: /usr/share/mediamate/Snoopy.class.php
opendb: /usr/share/opendb/functions/Snoopy.class.php
pixelpost: /usr/share/pixelpost/addons/_defensio/libraries/Snoopy.class.php

I haven't checked, how they depend on the Snoopy.class.php file yet.
Of course there might be more out there and included in other distributions, 
so don't assume that this is all. The packages in debian duplicating the 
source should just depend on the libphp-snoopy package, which in debian is 
the snoopy upstream package.

Steve, do you want to update the CVE description to reflect that the file is 
included in several other packages?

Cheers
Steffen

[0]: http://klecker.debian.org/~white/libphp-snoopy/CVE-2008-4796.patch