[Secure-testing-commits] r5654 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Sat Apr 14 11:54:54 UTC 2007
Author: jmm-guest
Date: 2007-04-14 11:54:51 +0000 (Sat, 14 Apr 2007)
New Revision: 5654
Modified:
data/CVE/list
data/mopb.txt
Log:
yet another CVE dupe for PHP
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-04-13 11:51:34 UTC (rev 5653)
+++ data/CVE/list 2007-04-14 11:54:51 UTC (rev 5654)
@@ -179,7 +179,9 @@
- php4 6:4.4.4-9
NOTE: Dupe of CVE-2007-0906
CVE-2007-1884 (Multiple integer signedness errors in the printf function family in ...)
- - php5 <unfixed> (low)
+ - php5 5.2.0-9
+ - php4 6:4.4.4-9
+ NOTE: Dupe of CVE-2007-0909
CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...)
- php4 <unfixed> (unimportant)
- php5 <unfixed> (unimportant)
Modified: data/mopb.txt
===================================================================
--- data/mopb.txt 2007-04-13 11:51:34 UTC (rev 5653)
+++ data/mopb.txt 2007-04-14 11:54:51 UTC (rev 5654)
@@ -17,8 +17,7 @@
# Already fixed in DSA-1264 and the respective PHP4/PHP5 packages, dupe CVE-2007-0906/CVE-2007-1825
38 PHP printf() Family 64 Bit Casting Vulnerabilities
-TODO, this smells like it can only be triggerable through malicious script, but please
-double-check someone
+# Already fixed in DSA-1264 and the respective PHP4/PHP5 packages, dupe CVE-2007-0909/CVE-2007-1884
37 PHP iptcembed() Interruption Information Leak Vulnerability
#N/A Only triggerable by malicious script
@@ -108,6 +107,7 @@
10 PHP php_binary Session Deserialization Information Leak Vulnerability
#TODO(low) -> Can only leak 127 bytes of data, CVE-2007-1380 (php4 & php5, heap leak)
+Check, to which extent this was covered by our backports of 5.2.1 patches
09 PHP wddx_deserialize() String Append Buffer Overflow Vulnerability
#N/A -> Only applies to a development version in CVS, not a shipped release
More information about the Secure-testing-commits
mailing list