[Secure-testing-commits] r5472 - data/CVE

Sean Finney seanius at alioth.debian.org
Sun Feb 18 17:09:29 UTC 2007 

Author: seanius
Date: 2007-02-18 18:09:26 +0100 (Sun, 18 Feb 2007)
New Revision: 5472

Modified:
   data/CVE/list
Log:
another chunk of comments/updates on progress with
php CVE's 2007-0906 through 2007-0911


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-02-18 17:03:14 UTC (rev 5471)
+++ data/CVE/list	2007-02-18 17:09:26 UTC (rev 5472)
@@ -180,16 +180,30 @@
 	NOTE: meantime, so we don't forget about it.
 CVE-2007-0910 (Unspecified vulnerability PHP before 5.2.1 allows attackers to ...)
 	- php5 <unfixed> (bug #410561; medium)
+	NOTE: fix is believed to be isolated, needs verification and backporting:
+	NOTE: see CVE-2007-0910_clobbering-superglobals.diff in
+	NOTE: http://people.debian.org/~seanius/security/php
 CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...)
 	- php5 <unfixed> (bug #410561; medium)
+	NOTE: half of fix (odbc part) is found, still trying to dig out the
+	NOTE: problems related to *print functions.
+	NOTE: see CVE-2007-0910_clobbering-superglobals.diff in
+	NOTE: http://people.debian.org/~seanius/security/php
+	NOTE: other half is possibly CHECKME-printfstuff-maybecve.diff and
+	NOTE: CHECKME-formattedprint-maybecve.diff and 
+	NOTE: CHECKME-main.c-precision-maybecve.diff in the same place.
 CVE-2007-0908 (The wddx extension in PHP before 5.2.1 allows remote attackers to ...)
 	NOT-FOR-US: PHP
 	NOTE: this extension is not enabled in the php packages
 CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a ...)
 	- php5 <unfixed> (bug #410561; medium)
+	NOTE: fix found, needs testing/backporting.  see:
+	NOTE: CVE-2007-0907_sapi_header_op.diff in
+	NOTE: http://people.debian.org/~seanius/security/php
 CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...)
-	NOTE: still separating the wheat from the chaff for the "unspecified"
-	NOTE: vulnerabilities.  the list of changes to be sorted through are
+	NOTE: all fixes are believed to be found, though there's still some
+	NOTE: unrelated changes in some of the patches that need to be removed.
+	NOTE: the list of changes to be sorted through are
 	NOTE: available as CVE-2007-0906_N_description.diff at
 	NOTE: http://people.debian.org/~seanius/security/php/
 	NOTE: (4) is a non-issue, as we don't use the bundled sqlite
@@ -198,8 +212,8 @@
 	- php5 <unfixed> (bug #410561; medium)
 	NOTE: we normally don't spend much time on safe_mode and open_basedir
 	NOTE: issues, but the because the attack vectors are "unspecified", it
-	NOTE: would be harder for us to try and sort out the fixes for this
-	NOTE: from the fixes in CVE-2007-0906 (see there for more info)
+	NOTE: might be harder for us to try and sort out the fixes for this
+	NOTE: from the session fixes in CVE-2007-0906 (see there for more info)
 CVE-2007-0904 (SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows ...)
 	NOT-FOR-US: LightRO CMS
 CVE-2007-0903 (Unspecified vulnerability in the mod_roster_odbc module in ejabberd ...)

More information about the Secure-testing-commits mailing list