[Secure-testing-commits] r13103 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Tue Oct 27 06:27:50 UTC 2009
Author: geissert
Date: 2009-10-27 06:27:46 +0000 (Tue, 27 Oct 2009)
New Revision: 13103
Modified:
data/CVE/list
Log:
updates regarding the php5 issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-27 06:12:49 UTC (rev 13102)
+++ data/CVE/list 2009-10-27 06:27:46 UTC (rev 13103)
@@ -1145,12 +1145,16 @@
- php5 5.2.11.dfsg.1-1 (low)
NOTE: unknown impact, it is related to missing sanity checks
NOTE: when determining the length of sections of jpg headers
- NOTE: and a missing limit on the nesting level of TIFF files
+ NOTE: a missing limit on the nesting level of TIFF files, and
+ NOTE: missing EOF checks, possibly leading to NULL dereferences
NOTE: experimental is likely to be affected (as of 5.3.0)
TODO: check php4
CVE-2009-3291 (The php_openssl_apply_verification_policy function in PHP before ...)
- - php5 5.2.11.dfsg.1-1 (medium)
- NOTE: seems to be related to handling of \0 on CN, might worth a dsa
+ - php5 5.2.11.dfsg.1-1 (low)
+ [lenny] - php5 <no-dsa> (rather unimportant)
+ [etch] - php5 <no-dsa> (rather unimportant)
+ NOTE: seems to be related to handling of \0 on CN
+ NOTE: not worth a dsa on its own, php doesn't verify certificates by default
NOTE: experimental is likely to be affected (as of 5.3.0)
TODO: check php4
CVE-2009-3289 (The g_file_copy function in glib 2.0 sets the permissions of a target ...)
More information about the Secure-testing-commits
mailing list