[Secure-testing-commits] r5571 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Mar 21 22:51:19 CET 2007 

Author: jmm-guest
Date: 2007-03-21 21:51:17 +0000 (Wed, 21 Mar 2007)
New Revision: 5571

Modified:
   data/CVE/list
   data/mopb.txt
Log:
MOPB update
remove stray <unfixed> tag for postgres/sarge


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-03-21 21:14:22 UTC (rev 5570)
+++ data/CVE/list	2007-03-21 21:51:17 UTC (rev 5571)
@@ -2608,7 +2608,6 @@
 	- postgresql-8.1 8.1.7-1
 	- postgresql-7.4 1:7.4.16-1
 	- postgresql <not-affected> (only transitional package)
-	[sarge] - postgresql <unfixed>
 CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting System ...)
 	NOT-FOR-US: Guos Posting System
 CVE-2007-0553 (Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php ...)

Modified: data/mopb.txt
===================================================================
--- data/mopb.txt	2007-03-21 21:14:22 UTC (rev 5570)
+++ data/mopb.txt	2007-03-21 21:51:17 UTC (rev 5571)
@@ -1,3 +1,24 @@
+28  PHP hash_update_file() Already Freed Resource Access Vulnerability
+N/A Only triggerable by malicious script
+
+27  PHP ext/gd Already Freed Resource Access Vulnerability
+N/A Only triggerable by malicious script
+
+26  PHP mb_parse_str() register_globals Activation Vulnerability
+TODO Should be fixed
+
+25  PHP header() Space Trimming Buffer Underflow Vulnerability
+TODO Should be fixed for PHP5, Sarge is not affected
+
+24  PHP array_user_key_compare() Double DTOR Vulnerability
+N/A Internal function, only triggerable by malicious script
+
+23  PHP 5 Rejected Session Identifier Double Free Vulnerability
+TODO It's not yet clear, whether this can be exploited from a remote attacker
+
+22  PHP session_regenerate_id() Double Free Vulnerability
+TODO It's not yet clear, whether this can be exploited from a remote attacker
+
 21  PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability
 N/A Safemode and open_basedir bypasses not supported
 
@@ -15,12 +36,13 @@
 
 16  PHP zip:// URL Wrapper Buffer Overflow Vulnerability
 VERIFY -> is this CVE-2007-0906/zip? i can't reproduce it anyway...
+This is CVE-2007-1399
 
 15  PHP shmop Functions Resource Verification Vulnerability
 TODO(medium) -> user-supplied data could be used to read/write arbitrary memory
 
 14  PHP substr_compare() Information Leak Vulnerability
-TODO(low) -> corner-case where length+offset > INT_MAX
+TODO -> corner-case where length+offset > INT_MAX
 
 13  PHP 4 Ovrimos Extension Multiple Vulnerabilities
 N/A -> Ovrimos support not provided in any debian php packages

More information about the Secure-testing-commits mailing list