[Secure-testing-commits] r5583 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Sat Mar 24 11:59:40 CET 2007
Author: jmm-guest
Date: 2007-03-24 10:59:38 +0000 (Sat, 24 Mar 2007)
New Revision: 5583
Modified:
data/CVE/list
data/mopb.txt
Log:
more investigation of MOPB, merge more information into tracker
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-03-24 10:28:40 UTC (rev 5582)
+++ data/CVE/list 2007-03-24 10:59:38 UTC (rev 5583)
@@ -16,9 +16,12 @@
- php5 <unfixed> (medium)
- php4 <unfixed> (medium)
CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
- TODO: check
+ - php5 <unfixed> (unimportant)
+ - php4 <unfixed> (unimportant)
+ NOTE: Only triggerable by malicious script
CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows ...)
- TODO: check
+ - php5 <unfixed> (unimportant)
+ NOTE: Only triggerable by malicious script
CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service ...)
TODO: check
CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote ...)
@@ -277,7 +280,7 @@
CVE-2007-1462 (The luci server component in conga preserves the password between page ...)
NOT-FOR-US: conga
CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...)
- - php5 <unfixed> (low)
+ - php5 <unfixed> (unimportant)
NOTE: Safemode and open_basedir bypasses not supported
CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP 5.2.0 ...)
- php5 <unfixed> (low)
@@ -460,11 +463,12 @@
CVE-2007-1384 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...)
- ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium)
CVE-2007-1383 (Integer overflow in the 16 bit variable reference counter in PHP 4 ...)
- TODO: check
+ - php4 <unfixed> (unimportant)
+ NOTE: Only triggerable by malicious PHP scripts, PHP5 not "affected"
CVE-2007-1382 (The PHP COM extensions for PHP on Windows systems allow ...)
NOT-FOR-US: Windows PHP COM extensions
CVE-2007-1381 (The wddx_deserialize function in wddx.c in PHP CVS as of 20070304 ...)
- TODO: check
+ - php5 <not-affected> (Affected only a php5 CVS version, not a release)
CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP ...)
TODO: check
CVE-2007-1379 (The ovrimos_close function in the Ovrimos extension for PHP before ...)
Modified: data/mopb.txt
===================================================================
--- data/mopb.txt 2007-03-24 10:28:40 UTC (rev 5582)
+++ data/mopb.txt 2007-03-24 10:59:38 UTC (rev 5583)
@@ -1,14 +1,17 @@
+29 PHP 5.2.1 unserialize() Information Leak Vulnerability
+N/A Only affects PHP 5.2.1
+
28 PHP hash_update_file() Already Freed Resource Access Vulnerability
-N/A Only triggerable by malicious script
+#N/A Only triggerable by malicious script, CVE-2007-1581
27 PHP ext/gd Already Freed Resource Access Vulnerability
-N/A Only triggerable by malicious script
+#N/A Only triggerable by malicious script, CVE-2007-1582
26 PHP mb_parse_str() register_globals Activation Vulnerability
-TODO Should be fixed
+#TODO Should be fixed, CVE-2007-1583
25 PHP header() Space Trimming Buffer Underflow Vulnerability
-TODO Should be fixed for PHP5, Sarge is not affected
+#TODO Should be fixed for PHP5, Sarge is not affected, CVE-2007-1584
24 PHP array_user_key_compare() Double DTOR Vulnerability
N/A Internal function, only triggerable by malicious script
@@ -57,7 +60,7 @@
TODO(low) -> Can only leak 127 bytes of data
09 PHP wddx_deserialize() String Append Buffer Overflow Vulnerability
-N/A -> Only applies to a development version in CVS, not a shipped release
+#N/A -> Only applies to a development version in CVS, not a shipped release
08 PHP 4 phpinfo() XSS Vulnerability (Deja-vu)
N/A -> phpinfo() is a debug function, not be exposed to applications
@@ -81,4 +84,6 @@
N/A -> Applications need to impose sanity checks for maximum recursion
01 PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability
-N/A -> Only triggerable by malicious script
+#N/A -> Only triggerable by malicious script, CVE-2007-1383
+
+(Comments starting with # indicate that information has been fed to the tracker)
\ No newline at end of file
More information about the Secure-testing-commits
mailing list