[Secure-testing-commits] r4793 - data/CVE

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2006-10-01 11:21:31 +0000 (Sun, 01 Oct 2006)
New Revision: 4793

Modified:
   data/CVE/list
Log:
rewrite some php entries so that testing is covered as well
xloadimage/libgd issue not suitable for code injection


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-10-01 10:57:52 UTC (rev 4792)
+++ data/CVE/list	2006-10-01 11:21:31 UTC (rev 4793)
@@ -1275,18 +1275,19 @@
 	- php4 <not-affected> (Vulnerable function doesn't exist)
 CVE-2006-4484 (Buffer overflow in the LWZReadByte_ function in ...)
 	- libgd2 2.0.33-5.1 (medium; bug #384838)
-	- xloadimage <unfixed> (low; bug #384841)
+	- xloadimage <unfixed> (unimportant; bug #384841)
+	NOTE: xloadimage is a crasher only, not a security problem
 CVE-2006-4483 (The cURL extension files (1) ext/curl/interface.c and (2) ...)
-	- php5 5.1.6-1 (low)
-	- php4 4:4.4.4-1 (low)
-	[sarge] - php4 <no-dsa> (Safe mode violations not supported, insufficient measure)
+	- php5 5.1.6-1 (unimportant)
+	- php4 4:4.4.4-1 (unimportant)
+	NOTE: Safe mode violations not supported, insufficient measure
 CVE-2006-4482 (Multiple heap-based buffer overflows in the (1) str_repeat and (2) ...)
-	- php5 5.1.6-1 (low)
-	- php4 4:4.4.4-1 (low)
+	- php5 5.1.6-1 (medium)
+	- php4 4:4.4.4-1 (medium)
 CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...)
-	- php5 5.1.6-1 (low)
-	- php4 4:4.4.4-1 (low)
-	[sarge] - php4 <no-dsa> (Basedir violations not supported, insufficient measure)
+	- php5 5.1.6-1 (unimportant)
+	- php4 4:4.4.4-1 (unimportant)
+	NOTE: Basedir violations not supported
 CVE-2006-4480 (Incomplete blacklist vulnerability in the nk_CSS function in nuked.php ...)
 	NOT-FOR-US: Nuked-Klan
 CVE-2006-4479 (Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual ...)