[Secure-testing-commits] r2627 - data/CVE

Florian Weimer fw at costa.debian.org
Mon Oct 31 20:02:39 UTC 2005 

Author: fw
Date: 2005-10-31 20:02:34 +0000 (Mon, 31 Oct 2005)
New Revision: 2627

Modified:
   data/CVE/list
Log:
PHP 4 bug number, status of CVE-2002-1954 now clear (unfixed).


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-10-31 18:17:10 UTC (rev 2626)
+++ data/CVE/list	2005-10-31 20:02:34 UTC (rev 2627)
@@ -1,18 +1,19 @@
 CVE-2005-XXXX [generic XSS vulnerability in PHP's phpinfo function]
-	- php4 <unfixed> (bug filed; low)
+	{CVE-2002-1954}
+	- php4 <unfixed> (bug #336645; low)
 	- php5 <unfixed> (bug filed; low)
 	NOTE: http://www.hardened-php.net/advisory_182005.77.html
 CVE-2005-XXXX [PHP register_globals Activation Vulnerability in parse_str]
-	- php4 <unfixed> (bug filed; low)
+	- php4 <unfixed> (bug #336645; low)
 	- php5 <unfixed> (bug filed; low)
 	NOTE: http://www.hardened-php.net/advisory_192005.78.html
 CVE-2005-XXXX [PHP File-Upload $GLOBALS Overwrite Vulnerability]
-	- php4 <unfixed> (bug filed; high)
+	- php4 <unfixed> (bug #336645; low)
 	- php5 <unfixed> (bug filed; high)
 	NOTE: http://www.hardened-php.net/advisory_202005.79.html
 	NOTE: http://www.hardened-php.net/globals-problem
 CVE-2005-XXXX [phpBB issues fixed in 2.0.18]
-	- phpbb2 <unfixed> (bug #336582; high)
+	- phpbb2 <unfixed> (bug #336582; bug #336587; high)
 	NOTE: http://www.hardened-php.net/advisory_172005.75.html
 	NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
 	NOTE: Remote code execution may be possible, especially in conjunction
@@ -4587,7 +4588,8 @@
 	NOTE: php function that displays the PHP logo and version information. In the bug
 	NOTE: log the developers seem unwilling to fix this, as it only affects a debug
 	NOTE: function.
-	TODO: check, whether the mentioned XSS still affects current PHP versions in Debian
+	- php4 <unfixed> (bug #336645; low)
+	- php5 <unfixed> (bug filed; low)
 CVE-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant ...)
 	NOT-FOR-US: AIM
 CVE-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...)

More information about the Secure-testing-commits mailing list