[Secure-testing-commits] r5650 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Apr 11 21:44:27 UTC 2007 

Author: jmm-guest
Date: 2007-04-11 21:44:23 +0000 (Wed, 11 Apr 2007)
New Revision: 5650

Modified:
   data/CVE/list
   data/mopb.txt
Log:
more MOPB updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-04-11 21:34:28 UTC (rev 5649)
+++ data/CVE/list	2007-04-11 21:44:23 UTC (rev 5650)
@@ -167,9 +167,11 @@
 CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the ...)
 	TODO: check
 CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c ...)
-	TODO: check
+	- php4 <not-affected> (SQLite not enabled in PHP 4 packages)
+	TODO: check PHP 5
 CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the bundled ...)
-	TODO: check
+	- php4 <not-affected> (SQLite not enabled in PHP 4 packages)
+	TODO: check PHP 5
 CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP ...)
 	TODO: check
 CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and ...)
@@ -179,7 +181,9 @@
 CVE-2007-1884 (Multiple integer signedness errors in the printf function family in ...)
 	TODO: check
 CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...)
-	TODO: check
+	- php4 <unfixed> (unimportant)
+	- php5 <unfixed> (unimportant)
+	NOTE: Only triggerable by malicious script
 CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury ...)
 	TODO: check
 CVE-2007-1881 (Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, ...)

Modified: data/mopb.txt
===================================================================
--- data/mopb.txt	2007-04-11 21:34:28 UTC (rev 5649)
+++ data/mopb.txt	2007-04-11 21:44:23 UTC (rev 5650)
@@ -8,7 +8,7 @@
 #TODO, needs to be fixed, Sarge not affected
 
 41  PHP 5 sqlite_udf_decode_binary() Buffer Overflow Vulnerability
-TODO for PHP5, not activated in the PHP4 build
+TODO for PHP5, not activated in the PHP4 build, possible also a dupe of CVE-2007-0906
 
 40  PHP imap_mail_compose() Boundary Stack Buffer Overflow Vulnerability
 # Already fixed in DSA-1264 and the respective PHP4/PHP5 packages, dupe CVE-2007-0906/CVE-2007-1825
@@ -21,7 +21,7 @@
 double-check someone
 
 37  PHP iptcembed() Interruption Information Leak Vulnerability
-N/A Only triggerable by malicious script
+#N/A Only triggerable by malicious script
 
 36  PHP session.save_path open_basedir Bypass Vulnerability
 #N/A open_basedir bypasses not supported, CVE-2007-1461

More information about the Secure-testing-commits mailing list