[Secure-testing-commits] r14684 - in data: . CVE
Raphael Geissert
geissert at alioth.debian.org
Wed May 12 02:52:48 UTC 2010
Author: geissert
Date: 2010-05-12 02:52:48 +0000 (Wed, 12 May 2010)
New Revision: 14684
Modified:
data/CVE/list
data/mops.txt
Log:
MOPS update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-05-12 00:55:43 UTC (rev 14683)
+++ data/CVE/list 2010-05-12 02:52:48 UTC (rev 14684)
@@ -1,18 +1,14 @@
-CVE-2010-1918 [MOPS-2010-018]
- - php5 <undetermined>
- TODO: check
-CVE-2010-1917 [MOPS-2010-021]
- - php5 <undetermined>
- TODO: check
-CVE-2010-1916 [MOPS-2010-019]
- - php5 <undetermined>
- TODO: check
-CVE-2010-1915 [MOPS-2010-017]
- - php5 <undetermined>
- TODO: check
+CVE-2010-1918 [MOPS-2010-018 EFront ask_chat]
+ NOT-FOR-US: EFront ask_chat
+CVE-2010-1917 [MOPS-2010-021 fnmatch stack exhaustion]
+ - php5 <unfixed> (low)
+ [lenny] - php5 <no-dsa> (low)
+CVE-2010-1916 [MOPS-2010-019 xinha config injection]
+ TODO: check the embedded copies
+CVE-2010-1915 [MOPS-2010-017 preg_quote]
+ - php5 <unfixed> (unimportant)
CVE-2010-1914 [MOPS-2010-014,15,16]
- - php5 <undetermined>
- TODO: check
+ - php5 <unfixed> (unimportant)
CVE-2010-1871
RESERVED
CVE-2010-1870
@@ -23,29 +19,24 @@
NOTE: http://www.openwall.com/lists/oss-security/2010/05/11/3
TODO: check
CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ...)
- - php5 <undetermined>
- TODO: check
+ - php5 <unfixed> (unimportant)
CVE-2010-1867 (SQL injection vulnerability in the ...)
NOT-FOR-US: Campsite
CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP ...)
- - php5 <undetermined>
- TODO: check
+ - php5 <unfixed> (low)
+ [lenny] - php5 <not-affected> (dechunk filter introduced in 5.3)
CVE-2010-1865 (Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and ...)
NOT-FOR-US: ClanSphere
CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through ...)
- - php5 <undetermined>
- TODO: check
+ - php5 <unfixed> (unimportant)
CVE-2010-1863 (SQL injection vulnerability in the shoutbox module ...)
NOT-FOR-US: ClanTiger
CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...)
- - php5 <undetermined>
- TODO: check
+ - php5 <unfixed> (unimportant)
CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...)
- - php5 <undetermined>
- TODO: check
+ - php5 <unfixed> (unimportant)
CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 ...)
- - php5 <undetermined>
- TODO: check
+ - php5 <unfixed> (unimportant)
CVE-2010-1859 (SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and ...)
NOT-FOR-US: DeluxeBB
CVE-2010-1858 (Directory traversal vulnerability in the SMEStorage (com_smestorage) ...)
Modified: data/mops.txt
===================================================================
--- data/mops.txt 2010-05-12 00:55:43 UTC (rev 14683)
+++ data/mops.txt 2010-05-12 02:52:48 UTC (rev 14684)
@@ -17,7 +17,7 @@
015: CVE-2010-1914; Only triggerable by malicious script
016: CVE-2010-1914; Only triggerable by malicious script
017: CVE-2010-1915; Only triggerable by malicious script
-018: External app not in Debian: MeFront
+018: External app not in Debian: EFront
019: CVE-2010-1916; Serendipity, doesn't affect Lenny (1.4 onwards), pinged Thijs
-020: External app; xinha, Just an ITP: #479708, there might be embedders according to the bug
+020: CVE-2010-1916; External app; xinha, Just an ITP: #479708, there are embedders
021: CVE-2010-1917; PHP fnmatch() Stack Exhaustion Vulnerability
More information about the Secure-testing-commits
mailing list