[Secure-testing-commits] r5536 - data
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Sat Mar 10 13:24:26 CET 2007
Author: jmm-guest
Date: 2007-03-10 12:24:26 +0000 (Sat, 10 Mar 2007)
New Revision: 5536
Added:
data/mopb.txt
Log:
Tracking file for Month of PHP Bugs
Added: data/mopb.txt
===================================================================
--- data/mopb.txt 2007-03-10 12:22:00 UTC (rev 5535)
+++ data/mopb.txt 2007-03-10 12:24:26 UTC (rev 5536)
@@ -0,0 +1,39 @@
+16 PHP zip:// URL Wrapper Buffer Overflow Vulnerability
+
+15 PHP shmop Functions Resource Verification Vulnerability
+
+14 PHP substr_compare() Information Leak Vulnerability
+
+13 PHP 4 Ovrimos Extension Multiple Vulnerabilities
+
+12 mod_security POST Rules Bypass Vulnerability
+
+11 PHP WDDX Session Deserialization Information Leak Vulnerability
+
+10 PHP php_binary Session Deserialization Information Leak Vulnerability
+
+09 PHP wddx_deserialize() String Append Buffer Overflow Vulnerability
+N/A -> Only applies to a development version in CVS, not a shipped release
+
+08 PHP 4 phpinfo() XSS Vulnerability (Deja-vu)
+N/A -> phpinfo() is a debug function, not be exposed to applications
+
+07 Zend Platform ini_modifier Local Root Vulnerability (B)
+N/A -> Only affects the Zend platform
+
+06 Zend Platform Insecure File Permission Local Root Vulnerability
+N/A -> Only affects the Zend platform
+
+05 PHP unserialize() 64 bit Array Creation Denial of Service Vulnerability
+Fixed in DSA-1264. CVE-2007-0988
+
+04 PHP 4 unserialize() ZVAL Reference Counter Overflow
+
+03 PHP Variable Destructor Deep Recursion Stack Overflow
+N/A -> Applications need to impose sanity checks for maximum recursion
+
+02 PHP Executor Deep Recursion Stack Overflow
+N/A -> Applications need to impose sanity checks for maximum recursion
+
+01 PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability
+N/A -> Only triggerable by malicious script
More information about the Secure-testing-commits
mailing list