[Secure-testing-commits] r5537 - data

[Sean Finney]

Author: seanius
Date: 2007-03-10 15:27:40 +0000 (Sat, 10 Mar 2007)
New Revision: 5537

Modified:
   data/mopb.txt
Log:
more information and new entry for mopb.txt

Modified: data/mopb.txt
===================================================================
--- data/mopb.txt	2007-03-10 12:24:26 UTC (rev 5536)
+++ data/mopb.txt	2007-03-10 15:27:40 UTC (rev 5537)
@@ -1,16 +1,26 @@
+17  PHP ext/filter FDF Post Bypass Vulnerability
+TODO(low) -> ...or possibly "broken as designed".
+
 16  PHP zip:// URL Wrapper Buffer Overflow Vulnerability
+VERIFY -> is this CVE-2007-0906/zip? i can't reproduce it anyway...
 
 15  PHP shmop Functions Resource Verification Vulnerability
+TODO(medium) -> user-supplied data could be used to read/write arbitrary memory
 
 14  PHP substr_compare() Information Leak Vulnerability
+TODO(low) -> corner-case where length+offset > INT_MAX
 
 13  PHP 4 Ovrimos Extension Multiple Vulnerabilities
+N/A -> Ovrimos support not provided in any debian php packages
 
 12  mod_security POST Rules Bypass Vulnerability
+N/A -> applies to modsecurity, not packaged for sarge/etch/(sid?)
 
 11  PHP WDDX Session Deserialization Information Leak Vulnerability
+Fixed in DSA-1264. CVE-2007-0908
 
 10  PHP php_binary Session Deserialization Information Leak  Vulnerability
+TODO(low) -> Can only leak 127 bytes of data
 
 09  PHP wddx_deserialize() String Append Buffer Overflow Vulnerability
 N/A -> Only applies to a development version in CVS, not a shipped release
@@ -28,6 +38,7 @@
 Fixed in DSA-1264. CVE-2007-0988
 
 04  PHP 4 unserialize() ZVAL Reference Counter Overflow
+TODO(medium) -> Arguably an app bug, but we should probably grab the fix anyway
 
 03  PHP Variable Destructor Deep Recursion Stack Overflow
 N/A -> Applications need to impose sanity checks for maximum recursion