[Secure-testing-commits] r11581 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Tue Apr 7 23:13:19 UTC 2009
Author: gilbert-guest
Date: 2009-04-07 23:13:19 +0000 (Tue, 07 Apr 2009)
New Revision: 11581
Modified:
data/CVE/list
Log:
sumbitted bug reports for mapserver and php issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-07 22:45:11 UTC (rev 11580)
+++ data/CVE/list 2009-04-07 23:13:19 UTC (rev 11581)
@@ -345,9 +345,9 @@
CVE-2009-1178 (Unspecified vulnerability in the server in IBM Tivoli Storage Manager ...)
NOT-FOR-US: Tivoli
CVE-2009-1177 (Multiple stack-based buffer overflows in maptemplate.c in mapserv in ...)
- - mapserver 5.2.2-1 (medium)
+ - mapserver 5.2.2-1 (medium; bug #523027)
CVE-2009-1176 (mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before ...)
- - mapserver 5.2.2-1 (low)
+ - mapserver 5.2.2-1 (low; bug #523027)
CVE-2008-6572 (SQL injection vulnerability in search_results.php in ABK-Soft ...)
NOT-FOR-US: ABK-Soft AbleDating
CVE-2008-6571 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...)
@@ -1365,17 +1365,17 @@
CVE-2009-0844
RESERVED
CVE-2009-0843 (The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and ...)
- - mapserver 5.2.2-1 (unimportant)
+ - mapserver 5.2.2-1 (unimportant; bug #523027)
NOTE: this can only probe for files that are not present, useless when not
NOTE: in combination with another attack
CVE-2009-0842 (mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows ...)
- - mapserver 5.2.2-1 (low)
+ - mapserver 5.2.2-1 (low; bug #523027)
CVE-2009-0841 (Directory traversal vulnerability in mapserv.c in mapserv in MapServer ...)
- - mapserver 5.2.2-1 (low)
+ - mapserver 5.2.2-1 (low; bug #523027)
CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in cgiutil.c ...)
- - mapserver 5.2.2-1 (medium)
+ - mapserver 5.2.2-1 (medium; bug #523027)
CVE-2009-0839 (Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x ...)
- - mapserver 5.2.2-1 (medium)
+ - mapserver 5.2.2-1 (medium; bug #523027)
CVE-2009-0838 (The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris ...)
NOT-FOR-US: Solaris
CVE-2009-0837 (Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, ...)
@@ -1693,7 +1693,7 @@
[etch] - poppler <no-dsa> (Application crash only, could be fixed with further issues)
CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows ...)
- php4 <removed> (low)
- - php5 <unfixed> (low)
+ - php5 <unfixed> (low; bug #523028)
TODO: File bug
CVE-2008-6398 (sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary ...)
- sng 1.0.2-6 (bug #496407; unimportant)
@@ -4599,7 +4599,7 @@
CVE-2008-5815 (SQL injection vulnerability in Acomment.php in phpAlumni allows remote ...)
NOT-FOR-US: phpAlumni
CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and ...)
- - php5 <unfixed> (low)
+ - php5 <unfixed> (low; bug #523028)
TODO: check php4
NOTE: there's not enough information available, no known bug, no known fix
CVE-2008-5813 (SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before ...)
@@ -5247,6 +5247,8 @@
CVE-2008-5557 (Heap-based buffer overflow in ...)
{DTSA-188-1}
- php5 5.2.6.dfsg.1-1 (bug #511493)
+ [lenny] - php5 5.2.6.dfsg.1-1+lenny1
+ NOTE: according to bug report, this was fixed in lenny prior to the release, but was not marked as such at the time
CVE-2008-6506 (Unspecified vulnerability in phpBB before 3.0.4 allows attackers to ...)
- phpbb3 3.0.2-4 (low; bug #508872)
CVE-2008-5556 (** DISPUTED ** ...)
More information about the Secure-testing-commits
mailing list