[Secure-testing-commits] r5583 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sat Mar 24 11:59:40 CET 2007 

Author: jmm-guest
Date: 2007-03-24 10:59:38 +0000 (Sat, 24 Mar 2007)
New Revision: 5583

Modified:
   data/CVE/list
   data/mopb.txt
Log:
more investigation of MOPB, merge more information into tracker


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-03-24 10:28:40 UTC (rev 5582)
+++ data/CVE/list	2007-03-24 10:59:38 UTC (rev 5583)
@@ -16,9 +16,12 @@
 	- php5 <unfixed> (medium)
 	- php4 <unfixed> (medium)
 CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
-	TODO: check
+	- php5 <unfixed> (unimportant)
+	- php4 <unfixed> (unimportant)
+	NOTE: Only triggerable by malicious script
 CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows ...)
-	TODO: check
+	- php5 <unfixed> (unimportant)
+	NOTE: Only triggerable by malicious script
 CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service ...)
 	TODO: check
 CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote ...)
@@ -277,7 +280,7 @@
 CVE-2007-1462 (The luci server component in conga preserves the password between page ...)
 	NOT-FOR-US: conga
 CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...)
-	- php5 <unfixed> (low)
+	- php5 <unfixed> (unimportant)
 	NOTE: Safemode and open_basedir bypasses not supported
 CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP 5.2.0 ...)
 	- php5 <unfixed> (low)
@@ -460,11 +463,12 @@
 CVE-2007-1384 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...)
 	- ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium)
 CVE-2007-1383 (Integer overflow in the 16 bit variable reference counter in PHP 4 ...)
-	TODO: check
+	- php4 <unfixed> (unimportant)
+	NOTE: Only triggerable by malicious PHP scripts, PHP5 not "affected"
 CVE-2007-1382 (The PHP COM extensions for PHP on Windows systems allow ...)
 	NOT-FOR-US: Windows PHP COM extensions
 CVE-2007-1381 (The wddx_deserialize function in wddx.c in PHP CVS as of 20070304 ...)
-	TODO: check
+	- php5 <not-affected> (Affected only a php5 CVS version, not a release)
 CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP ...)
 	TODO: check
 CVE-2007-1379 (The ovrimos_close function in the Ovrimos extension for PHP before ...)

Modified: data/mopb.txt
===================================================================
--- data/mopb.txt	2007-03-24 10:28:40 UTC (rev 5582)
+++ data/mopb.txt	2007-03-24 10:59:38 UTC (rev 5583)
@@ -1,14 +1,17 @@
+29  PHP 5.2.1 unserialize() Information Leak Vulnerability
+N/A Only affects PHP 5.2.1
+
 28  PHP hash_update_file() Already Freed Resource Access Vulnerability
-N/A Only triggerable by malicious script
+#N/A Only triggerable by malicious script, CVE-2007-1581
 
 27  PHP ext/gd Already Freed Resource Access Vulnerability
-N/A Only triggerable by malicious script
+#N/A Only triggerable by malicious script, CVE-2007-1582
 
 26  PHP mb_parse_str() register_globals Activation Vulnerability
-TODO Should be fixed
+#TODO Should be fixed, CVE-2007-1583
 
 25  PHP header() Space Trimming Buffer Underflow Vulnerability
-TODO Should be fixed for PHP5, Sarge is not affected
+#TODO Should be fixed for PHP5, Sarge is not affected, CVE-2007-1584
 
 24  PHP array_user_key_compare() Double DTOR Vulnerability
 N/A Internal function, only triggerable by malicious script
@@ -57,7 +60,7 @@
 TODO(low) -> Can only leak 127 bytes of data
 
 09  PHP wddx_deserialize() String Append Buffer Overflow Vulnerability
-N/A -> Only applies to a development version in CVS, not a shipped release
+#N/A -> Only applies to a development version in CVS, not a shipped release
 
 08  PHP 4 phpinfo() XSS Vulnerability (Deja-vu)
 N/A -> phpinfo() is a debug function, not be exposed to applications
@@ -81,4 +84,6 @@
 N/A -> Applications need to impose sanity checks for maximum recursion
 
 01  PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability
-N/A -> Only triggerable by malicious script
+#N/A -> Only triggerable by malicious script, CVE-2007-1383
+
+(Comments starting with # indicate that information has been fed to the tracker)
\ No newline at end of file

More information about the Secure-testing-commits mailing list