[Secure-testing-commits] r13588 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Thu Dec 17 19:34:39 UTC 2009
Author: geissert
Date: 2009-12-17 19:34:39 +0000 (Thu, 17 Dec 2009)
New Revision: 13588
Modified:
data/CVE/list
Log:
requested CVEs for php issues
there are more issues but this is tiresome, will wait until they get
CVE ids before adding them
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-17 18:39:59 UTC (rev 13587)
+++ data/CVE/list 2009-12-17 19:34:39 UTC (rev 13588)
@@ -1,17 +1,19 @@
-CVE-2009-XXXX [php5 uksort interruption memory corruption]
+CVE-2009-XXXX [php5 uksort() interruption memory corruption]
- php5 <unfixed> (low)
- NOTE: fixed by upstream at a different moment, it's probably
- NOTE: going to get a separate CVE
- TODO: request CVE
+ NOTE: CVE requested
CVE-2009-XXXX [php5 usort interruption memory corruption]
- php5 5.2.11.dfsg.1-1 (low)
TODO: protection was weak in .11, re-check .12 changes
- TODO: request CVE
+ NOTE: CVE requested
NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
CVE-2009-XXXX [php5 explode() information leak]
- php5 5.2.11.dfsg.1-1 (low)
- TODO: request CVE
+ NOTE: CVE requested
NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
+CVE-2009-XXXX [php5 serialize() information leak]
+ - php5 5.2.11.dfsg.1-1 (low)
+ NOTE: CVE requested
+ NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
CVE-2010-0065
RESERVED
CVE-2010-0064
More information about the Secure-testing-commits
mailing list