[Secure-testing-commits] r13586 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Thu Dec 17 18:21:53 UTC 2009
Author: geissert
Date: 2009-12-17 18:21:53 +0000 (Thu, 17 Dec 2009)
New Revision: 13586
Modified:
data/CVE/list
Log:
new round of php issues
also start tracking some other issues that were not treated by upstream
as risky and went unnoticed by almost everyone
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-17 18:19:44 UTC (rev 13585)
+++ data/CVE/list 2009-12-17 18:21:53 UTC (rev 13586)
@@ -1,3 +1,17 @@
+CVE-2009-XXXX [php5 uksort interruption memory corruption]
+ - php5 <unfixed> (low)
+ NOTE: fixed by upstream at a different moment, it's probably
+ NOTE: going to get a separate CVE
+ TODO: request CVE
+CVE-2009-XXXX [php5 usort interruption memory corruption]
+ - php5 5.2.11.dfsg.1-1 (low)
+ TODO: protection was weak in .11, re-check .12 changes
+ TODO: request CVE
+ NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
+CVE-2009-XXXX [php5 explode() information leak]
+ - php5 5.2.11.dfsg.1-1 (low)
+ TODO: request CVE
+ NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
CVE-2010-0065
RESERVED
CVE-2010-0064
@@ -566,10 +580,13 @@
- network-manager-gnome <unfixed>
TODO: check
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=546117
-CVE-2009-4143
+CVE-2009-4143 [$_SESSION interruption memory corruption]
RESERVED
-CVE-2009-4142
+ - php5 <unfixed> (low)
+CVE-2009-4142 [insufficient string validation in htmlspecialchars()]
RESERVED
+ - php5 <unfixed>
+ TODO: determine real impact
CVE-2009-4141
RESERVED
CVE-2009-4140
More information about the Secure-testing-commits
mailing list