[Secure-testing-commits] r16401 - in data: CVE DSA

[Raphael Geissert]

Author: geissert
Date: 2011-03-19 23:55:41 +0000 (Sat, 19 Mar 2011)
New Revision: 16401

Modified:
   data/CVE/list
   data/DSA/list
Log:
3 php issues, some fixed, some unimportant.
maradns and php5 DSA


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-03-18 09:15:40 UTC (rev 16400)
+++ data/CVE/list	2011-03-19 23:55:41 UTC (rev 16401)
@@ -637,7 +637,7 @@
 CVE-2011-1154
 	RESERVED
 CVE-2011-1153 (Multiple format string vulnerabilities in phar_object.c in the phar ...)
-	TODO: check
+	- php5 <unfixed>
 CVE-2011-1152
 	RESERVED
 CVE-2011-1151
@@ -646,8 +646,10 @@
 	RESERVED
 CVE-2011-1149
 	RESERVED
-CVE-2011-1148
+CVE-2011-1148 [substr_replace use after free]
 	RESERVED
+	- php5 <unfixed> (unimportant)
+	NOTE: only exploitable by malicious scripts
 CVE-2011-1147 (Multiple stack-based and heap-based buffer overflows in the (1) ...)
 	- asterisk <undetermined> (bug #614580)
 	TODO: check vuln versions 
@@ -2628,8 +2630,10 @@
 	NOT-FOR-US: tinyBB
 CVE-2011-0442 (The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to ...)
 	TODO: check
-CVE-2011-0441
+CVE-2011-0441 [arbitrary files removal via cronjob]
 	RESERVED
+	- php5 5.3.6-1 (bug #618489)
+	NOTE: Debian-specific
 CVE-2011-0440
 	RESERVED
 CVE-2011-0439
@@ -3038,8 +3042,9 @@
 	NOTE: CVE ID requested
 CVE-2010-4645 (strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 ...)
 	- php5 5.3.3-7 (high)
-	[lenny] - php5 <unfixed> (high)
-	NOTE: lenny9 doesn't appear to be affected, for a reason still unknown
+	[lenny] - php5 <not-affected>
+	NOTE: lenny10 includes a test for the bug. With lenny's toolchain
+	NOTE: and settings, the bug can't be reproduced.
 CVE-2011-XXXX [Crash with long HOME environment variable]
 	- toppler <unfixed> (unimportant; bug #608979)
 	NOTE: Negligable privilege escalation
@@ -20228,7 +20233,7 @@
 CVE-2009-3526
 	RESERVED
 CVE-2011-1072 (The installer in PEAR before 1.9.2 allows local users to overwrite ...)
-	- php5 <unfixed> (low; bug #546164)
+	- php5 5.3.6-1 (low; bug #546164)
 	[squeeze] - php5 <no-dsa> (Minor issue)
 	NOTE: side-effect also reported at: http://bugs.php.net/44354
 CVE-2009-XXXX [kfreebsd: Devfs / VFS NULL pointer race condition]

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2011-03-18 09:15:40 UTC (rev 16400)
+++ data/DSA/list	2011-03-19 23:55:41 UTC (rev 16401)
@@ -1,3 +1,10 @@
+[19 Mar 2011] DSA-2196-1 maradns - buffer overflow
+	{CVE-2011-0520}
+	[lenny] - maradns 1.3.07.09-2.1
+[19 Mar 2011] DSA-2195-1 php5 - several
+	{CVE-2011-0441 CVE-2010-3709 CVE-2010-3710 CVE-2010-3870 CVE-2010-4150}
+	[lenny] - php5 5.2.6.dfsg.1-1+lenny10
+	[squeeze] - php5 5.3.3-7+squeeze1
 [18 Mar 2011] DSA-2194-1 libvirt - privilege escalation
 	{CVE-2011-1146}
 	[squeeze] - libvirt 0.8.3-5+squeeze1