[Secure-testing-commits] r16370 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Sat Mar 12 19:23:11 UTC 2011 

Author: geissert
Date: 2011-03-12 19:23:05 +0000 (Sat, 12 Mar 2011)
New Revision: 16370

Modified:
   data/CVE/list
Log:
php5: PEAR issue CVEified, 1 not-affected, 1 unimportant
glibc: glob DoS


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-03-12 11:30:36 UTC (rev 16369)
+++ data/CVE/list	2011-03-12 19:23:05 UTC (rev 16370)
@@ -607,7 +607,7 @@
 	- unixodbc <unfixed> (low; bug #617655)
 	NOTE: http://seclists.org/oss-sec/2011/q1/446
 CVE-2011-1144 (The installer in PEAR 1.9.2 and earlier allows local users to ...)
-	TODO: apparenty not in Debian. Raphael, can you confirm?
+	- php5 <not-affected> (incomplete never used in Debian packages)
 CVE-2011-1143 (epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark ...)
 	- wireshark 1.4.4-1 (unimportant)
 CVE-2011-1142 (Stack consumption vulnerability in the dissect_ber_choice function in ...)
@@ -635,6 +635,8 @@
 CVE-2011-1126
 	RESERVED
 CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or libc6) ...)
+	- glibc <removed>
+	- eglibc <unfixed>
 	TODO: check
 CVE-2010-4755 (The (1) remote_glob function in sftp-glob.c and the (2) process_put ...)
 	NOTE: That's essentially shooting yourself in your own foot:
@@ -804,9 +806,9 @@
 	RESERVED
 CVE-2011-1092 [PHP: shmop_read, missing sanity check]
 	RESERVED
-	- php5 <unfixed>
+	- php5 <unfixed> (unimportant)
+	NOTE: only exploitable by malicious scripts
 	NOTE: http://seclists.org/oss-sec/2011/q1/430
-	TODO: determine severity. file a bts bug.
 CVE-2011-1091
 	RESERVED
 CVE-2011-1090
@@ -858,8 +860,6 @@
 	- cron <not-affected> (Debian's cron not affected)
 CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users ...)
 	- cron <not-affected> (Debian's cron not affected)
-CVE-2011-1072 (The installer in PEAR before 1.9.2 allows local users to overwrite ...)
-	TODO: apparenty not in Debian. Raphael, can you confirm?
 CVE-2011-1071 [eglibc: memory corruption]
 	RESERVED
 	- glibc <removed>
@@ -20172,12 +20172,10 @@
 	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
 CVE-2009-3526
 	RESERVED
-CVE-2009-XXXX [php5's pear is vulnerable to symlink attacks]
+CVE-2011-1072 [php5's pear is vulnerable to symlink attacks]
 	- php5 <unfixed> (low; bug #546164)
 	[squeeze] - php5 <no-dsa> (Minor issue)
-	NOTE: side-effect reported to upstream: http://bugs.php.net/44354
-	NOTE: but they apparently only fixed the issue at build time
-	NOTE: needs re-testing, as I don't remember the test conditions
+	NOTE: side-effect also reported at: http://bugs.php.net/44354
 CVE-2009-XXXX [kfreebsd: Devfs / VFS NULL pointer race condition]
 	- kfreebsd-6 <removed>
 	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)

More information about the Secure-testing-commits mailing list