[Secure-testing-commits] r5944 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Mon May 28 21:14:09 UTC 2007 

Author: joeyh
Date: 2007-05-28 21:14:08 +0000 (Mon, 28 May 2007)
New Revision: 5944

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-05-28 20:53:22 UTC (rev 5943)
+++ data/CVE/list	2007-05-28 21:14:08 UTC (rev 5944)
@@ -609,13 +609,14 @@
 CVE-2007-2512
 	RESERVED
 CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in PHP ...)
+	{DTSA-39-1}
 	- php5 5.2.2-1 (unimportant)
 	NOTE: Only triggerable by malicious script
 CVE-2007-2510 (Buffer overflow in the make_http_soap_request function in PHP before ...)
-	{DSA-1295-1}
+	{DSA-1295-1 DTSA-39-1}
 	- php5 5.2.2-1 (low)
 CVE-2007-2509 (CRLF injection vulnerability in the ftp_putcmd function in PHP before ...)
-	{DSA-1296-1 DSA-1295-1}
+	{DSA-1296-1 DSA-1295-1 DTSA-39-1 DTSA-40-1}
 	- php5 5.2.2-1 (low)
 	- php4 4.4.7-1 (low)
 CVE-2007-2508 (Multiple stack-based buffer overflows in Trend Micro ServerProtect ...)
@@ -1975,7 +1976,7 @@
 CVE-2007-1901 (SonicBB 1.0 allows remote attackers to obtain sensitive information ...)
 	NOT-FOR-US: SonicBB
 CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ...)
-	{DSA-1283-1}
+	{DSA-1283-1 DTSA-39-1}
 	- php5 5.2.0-11 (low)
 CVE-2007-1899
 	RESERVED
@@ -2003,14 +2004,14 @@
 	- php5 <unfixed> (unimportant)
 	NOTE: local code execution only, possibly only on FreeBSD
 CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the ...)
-	{DSA-1283-1}
+	{DSA-1283-1 DTSA-39-1}
 	- php5 5.2.0-11 (medium)
 CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c ...)
 	- sqlite <unfixed> (medium)
 	NOTE: this is really just an "unsafe" API, not really a security issue against sqlite itself.
 	NOTE: SQLite 3 no longer contains the affected function.
 CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the bundled ...)
-	{DSA-1283-1}
+	{DSA-1283-1 DTSA-39-1}
 	- php4 <not-affected> (SQLite not enabled in PHP 4 packages)
 	- php5 5.2.0-11 (medium)
 	NOTE: php5 is vulnerable due to improper use of the system sqlite libs
@@ -2160,7 +2161,7 @@
 CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before ...)
 	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
 CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 ...)
-	{DSA-1283-1}
+	{DSA-1283-1 DTSA-39-1}
 	- php5 5.2.0-11 (medium)
 CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or ...)
 	NOT-FOR-US: T-Mobile
@@ -2285,7 +2286,7 @@
 CVE-2007-1778 (PHP remote file inclusion vulnerability in db/mysql.php in the ...)
 	NOT-FOR-US: Eve-Nuke
 CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ...)
-	{DSA-1283-1 DSA-1282-1}
+	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
 	- php4 6:4.4.6-1 (medium)
 CVE-2007-1776 (SQL injection vulnerability in index.php in the DesignForJoomla.com ...)
 	NOT-FOR-US: D4J eZine
@@ -2407,7 +2408,7 @@
 CVE-2007-1719 (Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, ...)
 	NOT-FOR-US: mcweject
 CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...)
-	{DSA-1283-1 DSA-1282-1}
+	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
 	- php4 <unfixed> (medium)
 	[sarge] - php4 <not-affected> (Vulnerable code not present)
 	- php5 5.2.0-11 (medium)
@@ -2456,7 +2457,7 @@
 	NOTE: register_globals not supported
 	NOTE: Dupe of CVE-2007-0910
 CVE-2007-1700 (The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, ...)
-	{DSA-1283-1}
+	{DSA-1283-1 DTSA-39-1}
 	- php5 5.2.0-9
 	- php4 6:4.4.4-9
 	[etch] - php5 5.2.0-8+etch1
@@ -2734,7 +2735,7 @@
 CVE-2007-1584 (Buffer underflow in the header function in PHP 5.2.0 allows ...)
 	NOTE: Dupe of CVE-2007-0907; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
 CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ...)
-	{DSA-1283-1 DSA-1282-1}
+	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
 	- php5 5.2.0-11 (medium)
 	- php4 <unfixed> (medium)
 CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
@@ -2876,7 +2877,7 @@
 	{DSA-1283-1}
 	- php5 <unfixed> (medium)
 CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, ...)
-	{DSA-1283-1 DSA-1282-1}
+	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
 	- php5 5.2.0-11 (medium)
 	- php4 <unfixed> (medium)
 CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 does ...)
@@ -3041,10 +3042,10 @@
 CVE-2007-1455 (Multiple absolute path traversal vulnerabilities in Fantastico, as ...)
 	NOT-FOR-US: Fantastico
 CVE-2007-1454 (ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the ...)
-	{DSA-1283-1}
+	{DSA-1283-1 DTSA-39-1}
 	- php5 5.2.0-11 (medium)
 CVE-2007-1453 (Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...)
-	{DSA-1283-1}
+	{DSA-1283-1 DTSA-39-1}
 	- php5 5.2.0-11 (medium)
 CVE-2007-1452 (The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ...)
 	- php5 <not-affected> (cpdf extension not enabled in binary build)
@@ -3234,7 +3235,7 @@
 CVE-2007-1381 (The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and ...)
 	- php5 <not-affected> (Affected only a php5 CVS version, not a release)
 CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP ...)
-	{DSA-1283-1 DSA-1282-1}
+	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
 	[etch] - php5 5.2.0-8+etch1
 	- php4 6:4.4.6-1 (low)
 	- php5 5.2.0-11 (low)
@@ -3245,12 +3246,12 @@
 CVE-2007-1377 (AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x ...)
-	{DSA-1283-1}
+	{DSA-1283-1 DTSA-39-1}
 	- php4 <unfixed> (unimportant)
 	- php5 5.2.0-11 (unimportant)
 	NOTE: Only triggerable by malicious script
 CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and ...)
-	{DSA-1283-1}
+	{DSA-1283-1 DTSA-39-1}
 	- php5 5.2.0-11 (low)
 	NOTE: Should be fixed, could be used as a stepstone for further attacks
 CVE-2007-1374 (Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz ...)
@@ -3512,7 +3513,7 @@
 	[sarge] - php4 <not-affected> (Regression introduced in 4.4.3)
 	NOTE: Non-issue, explicit debug feature
 CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote ...)
-	{DSA-1283-1 DSA-1282-1}
+	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
 	- php4 6:4.4.6-1 (low)
 CVE-2007-1285 (The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ...)
 	- php5 <unfixed> (unimportant)

More information about the Secure-testing-commits mailing list