[Secure-testing-commits] r16420 - data/CVE

[Raphael Geissert]

Author: geissert
Date: 2011-03-23 15:31:57 +0000 (Wed, 23 Mar 2011)
New Revision: 16420

Modified:
   data/CVE/list
Log:
php5 updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-03-23 09:16:19 UTC (rev 16419)
+++ data/CVE/list	2011-03-23 15:31:57 UTC (rev 16420)
@@ -1,20 +1,25 @@
 CVE-2011-1471 (Integer signedness error in zip_stream.c in the Zip extension in PHP ...)
 	- php5 5.3.6-1
 CVE-2011-1470 (The Zip extension in PHP before 5.3.6 allows context-dependent ...)
-	- php5 5.3.6-1
+	- php5 5.3.6-1 (unimportant)
+	NOTE: exploitable by malicious scripts only
 CVE-2011-1469 (Unspecified vulnerability in the Streams component in PHP before 5.3.6 ...)
-	- php5 5.3.6-1
+	- php5 5.3.6-1 (unimportant)
+	NOTE: exploitable by malicious scripts only
 CVE-2011-1468 (Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 ...)
-	- php5 5.3.6-1
+	- php5 5.3.6-1 (unimportant)
+	NOTE: under normal conditions the amount of memory leaked is insignificant
 CVE-2011-1467 (Unspecified vulnerability in the NumberFormatter::setSymbol (aka ...)
 	- php5 5.3.6-1
 CVE-2011-1466 (Integer overflow in the SdnToJulian function in the Calendar extension ...)
 	- php5 5.3.6-1
+	NOTE: null pointer deref because of int overflow. Fix has a bug
 CVE-2011-1465 (The SPDY implementation in net/http/http_network_transaction.cc in ...)
 	- chromium-browser <undetermined>
 	- webkit <undetermined>
 CVE-2011-1464 (Buffer overflow in the strval function in PHP before 5.3.6, when the ...)
-	- php5 5.3.6-1
+	- php5 5.3.6-1 (unimportant)
+	NOTE: ini setting needs to be modified.
 CVE-2011-1463
 	RESERVED
 CVE-2011-1462