[Secure-testing-commits] r2626 - data/CVE

[Florian Weimer]

Author: fw
Date: 2005-10-31 18:17:10 +0000 (Mon, 31 Oct 2005)
New Revision: 2626

Modified:
   data/CVE/list
Log:
New PHP bugs.  Upgrade phpBB severity (PHP code injection could be
possible).


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-10-31 16:23:42 UTC (rev 2625)
+++ data/CVE/list	2005-10-31 18:17:10 UTC (rev 2626)
@@ -1,7 +1,22 @@
+CVE-2005-XXXX [generic XSS vulnerability in PHP's phpinfo function]
+	- php4 <unfixed> (bug filed; low)
+	- php5 <unfixed> (bug filed; low)
+	NOTE: http://www.hardened-php.net/advisory_182005.77.html
+CVE-2005-XXXX [PHP register_globals Activation Vulnerability in parse_str]
+	- php4 <unfixed> (bug filed; low)
+	- php5 <unfixed> (bug filed; low)
+	NOTE: http://www.hardened-php.net/advisory_192005.78.html
+CVE-2005-XXXX [PHP File-Upload $GLOBALS Overwrite Vulnerability]
+	- php4 <unfixed> (bug filed; high)
+	- php5 <unfixed> (bug filed; high)
+	NOTE: http://www.hardened-php.net/advisory_202005.79.html
+	NOTE: http://www.hardened-php.net/globals-problem
 CVE-2005-XXXX [phpBB issues fixed in 2.0.18]
-	- phpbb2 <unfixed> (bug #336582; medium)
+	- phpbb2 <unfixed> (bug #336582; high)
 	NOTE: http://www.hardened-php.net/advisory_172005.75.html
 	NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
+	NOTE: Remote code execution may be possible, especially in conjunction
+	NOTE: with PHP bugs.
 CVE-2005-XXXX [ntop format string vulnerability]
 	- ntop <unfixed> (bug #335996; low)
 	NOTE: Possibly not exploitable