[Secure-testing-commits] r16414 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Mar 22 16:25:31 UTC 2011
Author: jmm
Date: 2011-03-22 16:25:30 +0000 (Tue, 22 Mar 2011)
New Revision: 16414
Modified:
data/CVE/list
Log:
record several php5 fixes in sid
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-03-22 16:02:52 UTC (rev 16413)
+++ data/CVE/list 2011-03-22 16:25:30 UTC (rev 16414)
@@ -787,7 +787,7 @@
CVE-2011-1154
RESERVED
CVE-2011-1153 (Multiple format string vulnerabilities in phar_object.c in the phar ...)
- - php5 <unfixed>
+ - php5 5.3.6-1
CVE-2011-1152
RESERVED
CVE-2011-1151
@@ -1954,13 +1954,16 @@
CVE-2011-0756
RESERVED
CVE-2011-0755 (Integer overflow in the mt_rand function in PHP before 5.3.4 might ...)
- - php5 <unfixed>
+ - php5 5.3.5-1 (unimportant)
+ NOTE: Only exploitable with malicious script
CVE-2011-0754 (The SplFileInfo::getType function in the Standard PHP Library (SPL) ...)
- php5 <not-affected> (Only affects PHP on Windows)
CVE-2011-0753 (Race condition in the PCNTL extension in PHP before 5.3.4, when a ...)
- - php5 <unfixed> (unimportant)
+ - php5 5.3.5-1 (unimportant)
+ NOTE: Only exploitable with malicious script
CVE-2011-0752 (The extract function in PHP before 5.2.15 does not prevent use of the ...)
- - php5 5.3.3-7 (low)
+ - php5 5.3.3-7 (unimportant)
+ NOTE: Only exploitable with malicious script
CVE-2011-0751 (Directory traversal vulnerability in nhttpd (aka Nostromo webserver) ...)
TODO: check
CVE-2011-0750
@@ -2079,7 +2082,7 @@
CVE-2011-0709 (The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux ...)
- linux-2.6 <not-affected> (Introduced in 2.6.35-rc1 and fixed in 2.6.35-rc5)
CVE-2011-0708 (exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms ...)
- - php5 <unfixed>
+ - php5 5.3.6-1
CVE-2011-0707 (Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py ...)
{DSA-2170-1}
- mailman 1:2.1.14-1
@@ -2630,11 +2633,11 @@
CVE-2010-4700 (The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...)
- php5 <not-affected> (vuln code in mysqlnd, we use libmysqlclient)
CVE-2010-4699 (The iconv_mime_decode_headers function in the Iconv extension in PHP ...)
- - php5 <unfixed> (unimportant)
+ - php5 5.3.5-1 (unimportant)
CVE-2010-4698 (Stack-based buffer overflow in the GD extension in PHP before 5.2.15 ...)
- php5 5.3.3-7 (low)
CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 ...)
- - php5 <unfixed> (unimportant)
+ - php5 5.3.5-1 (unimportant)
NOTE: requires attacker to be able to execute code already
CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...)
NOT-FOR-US: Joomla
@@ -2848,7 +2851,7 @@
CVE-2011-0422
RESERVED
CVE-2011-0421 (The _zip_name_locate function in zip_name_locate.c in the Zip ...)
- - php5 <unfixed>
+ - php5 5.3.6-1
NOTE: http://svn.php.net/viewvc?view=revision&revision=307867
CVE-2011-0420 (The grapheme_extract function in the Internationalization extension ...)
- php5 <unfixed> (low)
More information about the Secure-testing-commits
mailing list