[Secure-testing-commits] r5674 - in data: . CVE
Kees Cook
keescook-guest at alioth.debian.org
Wed Apr 18 22:24:37 UTC 2007
Author: keescook-guest
Date: 2007-04-18 22:24:35 +0000 (Wed, 18 Apr 2007)
New Revision: 5674
Modified:
data/CVE/list
data/mopb.txt
Log:
updating CVE list from mopb.txt
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-04-18 21:09:43 UTC (rev 5673)
+++ data/CVE/list 2007-04-18 22:24:35 UTC (rev 5674)
@@ -848,9 +848,9 @@
- php4 <unfixed> (medium)
- php5 <unfixed> (medium)
CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
- - php4 <unfixed> (low)
- - php5 <unfixed> (low)
- NOTE: Barely a security problem.
+ - php4 <unfixed> (unimportant)
+ - php5 <unfixed> (unimportant)
+ NOTE: This is a regular bug, not a security problem
CVE-2007-1716 (pam_console does not properly restore ownership for certain console ...)
NOT-FOR-US: pam_console
CVE-2007-1715 (PHP remote file inclusion vulnerability in frontpage.php in Free Image ...)
Modified: data/mopb.txt
===================================================================
--- data/mopb.txt 2007-04-18 21:09:43 UTC (rev 5673)
+++ data/mopb.txt 2007-04-18 22:24:35 UTC (rev 5674)
@@ -92,7 +92,7 @@
#N/A -> open_basedir bypasses not supported, CVE-2007-1461
33 PHP mail() Message ASCIIZ Byte Truncation
-N/A This is a bug, but not security-relevant, CVE-2007-1717 (php4 & php5)
+#N/A -> This is a bug, but not security-relevant, CVE-2007-1717 (php4 & php5)
31 PHP _SESSION Deserialization Overwrite Vulnerability
#N/A -> register_globals not supported, already fixed in DSA-1264, dupe CVE-2007-0910/CVE-2007-1701 (php4 & php5, very hard to trigger remotely, code execution)
@@ -110,13 +110,13 @@
#Fixed in Etch as part of the 5.2.1 backport, dupe CVE-2007-0907/CVE-2007-1584
24 PHP array_user_key_compare() Double DTOR Vulnerability
-N/A Only triggerable by malicious script, CVE-2007-1484 (php4 & php5, code execution)
+#N/A -> Only triggerable by malicious script, CVE-2007-1484 (php4 & php5, code execution)
21 PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability
#N/A -> Safemode and open_basedir bypasses not supported, CVE-2007-1461
20 PHP zip:// URL Wrapper safemode and open_basedir Bypass Vulnerability
-#N/A Safemode and open_basedir bypasses not supported, CVE-2007-1460
+#N/A -> Safemode and open_basedir bypasses not supported, CVE-2007-1460
15 PHP shmop Functions Resource Verification Vulnerability
N/A Only triggerable by malicious script, could be used to read/write arbitrary memory, CVE-2007-1376 (php4 & php5, arbitrary memory leakage)
More information about the Secure-testing-commits
mailing list