[Secure-testing-commits] r5560 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sun Mar 18 19:08:35 CET 2007 

Author: jmm-guest
Date: 2007-03-18 18:08:32 +0000 (Sun, 18 Mar 2007)
New Revision: 5560

Modified:
   data/CVE/list
   data/mopb.txt
Log:
updates on MOPB
lintian/sarge not-affected
one php issue unimportant
rewrite acroread as NOT-FOR-US, it has been removed for ages


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-03-18 15:43:50 UTC (rev 5559)
+++ data/CVE/list	2007-03-18 18:08:32 UTC (rev 5560)
@@ -362,8 +362,11 @@
 	NOT-FOR-US: PHP Poll Creator
 CVE-2007-XXXX [unsafe temporary file in lintian's objdump-info]
 	- lintian 1.23.28 (low)
+	[sarge] - lintian <not-affected> (Vulnerable code not present)
 CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and ...)
-	- php4 <unfixed> (low)
+	- php4 <unfixed> (unimportant)
+	[sarge] - php4 <not-affected> (Regression introduced in 4.4.3)
+	NOTE: Non-issue, explicit debug feature
 CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote ...)
 	- php4 <unfixed> (low)
 CVE-2007-1285 (The Zend Engine in PHP 4.x and 5.x allows remote attackers to cause a ...)
@@ -604,7 +607,7 @@
 CVE-2007-1200
 	RESERVED
 CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read ...)
-	- acroread <removed> (medium)
+	NOT-FOR-US: Acrobat Reader
 CVE-2007-1198 (Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 ...)
 	NOT-FOR-US: TaskFreak!
 CVE-2007-1197 (Multiple unspecified vulnerabilities in Epiware before 4.7.5 have ...)

Modified: data/mopb.txt
===================================================================
--- data/mopb.txt	2007-03-18 15:43:50 UTC (rev 5559)
+++ data/mopb.txt	2007-03-18 18:08:32 UTC (rev 5560)
@@ -1,5 +1,17 @@
+21  PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability
+N/A Safemode and open_basedir bypasses not supported
+
+20  PHP zip:// URL Wrapper safemode and open_basedir Bypass Vulnerability
+N/A Safemode and open_basedir bypasses not supported
+
+19 PHP ext/filter Space Trimming Buffer Underflow Vulnerability
+TODO for PHP5. Sarge not affected.
+
+18  PHP ext/filter HTML Tag Stripping Bypass Vulnerability
+TODO for PHP5. Sarge not affected.
+
 17  PHP ext/filter FDF Post Bypass Vulnerability
-TODO(low) -> ...or possibly "broken as designed".
+TODO(low) -> ...or possibly "broken as designed". Sarge is not affected.
 
 16  PHP zip:// URL Wrapper Buffer Overflow Vulnerability
 VERIFY -> is this CVE-2007-0906/zip? i can't reproduce it anyway...

More information about the Secure-testing-commits mailing list