[Secure-testing-commits] r5613 - data
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Mon Apr 2 17:54:08 UTC 2007
Author: jmm-guest
Date: 2007-04-02 17:54:08 +0000 (Mon, 02 Apr 2007)
New Revision: 5613
Modified:
data/mopb.txt
Log:
checked some more MOPB issues
Modified: data/mopb.txt
===================================================================
--- data/mopb.txt 2007-04-02 14:34:12 UTC (rev 5612)
+++ data/mopb.txt 2007-04-02 17:54:08 UTC (rev 5613)
@@ -1,3 +1,39 @@
+44 PHP 5.2.0 Memory Manager Signed Comparision Vulnerability
+TODO
+
+43 PHP msg_receive() Memory Allocation Integer Overflow Vulnerabilty
+TODO
+
+42 PHP 5 php_stream_filter_create() Off By One Vulnerablity
+TODO, needs to be fixed, Sarge not affected
+
+41 PHP 5 sqlite_udf_decode_binary() Buffer Overflow Vulnerability
+TODO
+
+40 PHP imap_mail_compose() Boundary Stack Buffer Overflow Vulnerability
+TODO, needs to be fixed
+
+39 PHP str_replace() Memory Allocation Integer Overflow Vulnerability
+TODO
+
+38 PHP printf() Family 64 Bit Casting Vulnerabilities
+TODO
+
+37 PHP iptcembed() Interruption Information Leak Vulnerability
+N/A Only triggerable by malicious script
+
+36 PHP session.save_path open_basedir Bypass Vulnerability
+N/A open_basedir bypasses not supported, CVE-2007-1461
+
+35 PHP 4 zip_entry_read() Integer Overflow Vulnerability
+TODO
+
+34 PHP mail() Header Injection Through Subject and To Parameters
+TODO, needs to be fixed
+
+33 PHP mail() Message ASCIIZ Byte Truncation
+N/A I don't see how this can become a security problem?
+
32 PHP 4.4.5/4.4.6 session_decode() Double Free Vulnerability (U)
TODO, needs to be fixed in php/etch, sarge not affected
More information about the Secure-testing-commits
mailing list