[Secure-testing-commits] r15089 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Sun Aug 1 05:58:18 UTC 2010 

Author: geissert
Date: 2010-08-01 05:58:17 +0000 (Sun, 01 Aug 2010)
New Revision: 15089

Modified:
   data/CVE/list
Log:
cleanup php5 issues
remove some unimportant CVE-less issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-08-01 04:22:33 UTC (rev 15088)
+++ data/CVE/list	2010-08-01 05:58:17 UTC (rev 15089)
@@ -1760,8 +1760,6 @@
 	- linux-2.6 2.6.32-19
 CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage unserializer in ...)
 	- php5 <unfixed>
-	NOTE: some vectors mitigated by suhosin patch, but more info is needed
-	TODO: check
 CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise ...)
 	NOT-FOR-US: Reh Hat Enterprise Virtualization Manager (RHEV-M)
 CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...)
@@ -4858,7 +4856,6 @@
 	NOTE: safe_mode not supported
 CVE-2010-1128 (The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not ...)
 	- php5 5.3.2-1 (low)
-	NOTE: probably no-dsa, but will see what else can be fixed in stable to make an upload
 CVE-2010-1127 (Microsoft Internet Explorer 6 and 7 does not initialize certain data ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-1126 (The JavaScript implementation in WebKit allows remote attackers to ...)
@@ -7033,7 +7030,6 @@
 CVE-2010-0397 (The xmlrpc extension in PHP 5.3.1 does not properly handle a missing ...)
 	{DSA-2018-1}
 	- php5 5.3.2-1 (medium; bug #573573)
-	NOTE: sent mail to oss-sec notifying about the id
 CVE-2010-0396 (Directory traversal vulnerability in the dpkg-source component in dpkg ...)
 	{DSA-2011-1}
 	- dpkg 1.15.6
@@ -8667,22 +8663,6 @@
 	- libhaml-ruby 2.2.8-1
 CVE-2009-XXXX [roundup: unspecified issue]
 	- roundup 1.4.11-1
-CVE-2009-XXXX [php5 uksort() interruption memory corruption]
-	- php5 <unfixed> (unimportant)
-	NOTE: CVE requested
-CVE-2009-XXXX [php5 usort interruption memory corruption]
-	- php5 5.2.11.dfsg.1-1 (unimportant)
-	TODO: protection was weak in .11, re-check .12 changes
-	NOTE: CVE requested
-	NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
-CVE-2009-XXXX [php5 explode() information leak]
-	- php5 5.2.11.dfsg.1-1 (unimportant)
-	NOTE: CVE requested
-	NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
-CVE-2009-XXXX [php5 serialize() information leak]
-	- php5 5.2.11.dfsg.1-1 (unimportant)
-	NOTE: CVE requested
-	NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
 CVE-2010-0065 (Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted ...)
 	NOT-FOR-US: Apple Disk Images
 CVE-2010-0064 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ...)

More information about the Secure-testing-commits mailing list