[Secure-testing-commits] r19493 - data/CVE

Fri Jun 15 09:14:29 UTC 2012

Author: joeyh
Date: 2012-06-15 09:14:28 +0000 (Fri, 15 Jun 2012)
New Revision: 19493

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2012-06-15 08:16:43 UTC (rev 19492)
+++ data/CVE/list	2012-06-15 09:14:28 UTC (rev 19493)
@@ -13549,6 +13549,7 @@
 	[squeeze] - php5 <not-affected> (Only affected 5.3.7)
 	[lenny] - php5 <not-affected> (Only affected 5.3.7)
 CVE-2011-3267 (PHP before 5.3.7 does not properly implement the error_log function, ...)
+	{DSA-2408-1}
 	- php5 5.3.7-1
 	[squeeze] - php5 <not-affected> (Vulnerable code not present)
 	[lenny] - php5 <not-affected> (Vulnerable code not present)
@@ -13806,6 +13807,7 @@
 	RESERVED
 	NOT-FOR-US: Concrete CMS
 CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of the ...)
+	{DSA-2408-1}
 	- php5 5.3.7-1 (unimportant)
 	NOTE: exploitable by malicious scripts only
 CVE-2011-3181 (Multiple cross-site scripting (XSS) vulnerabilities in the Tracking ...)
@@ -18268,6 +18270,7 @@
 	- eglibc 2.13-33 (low; bug #672119)
 	[squeeze] - eglibc <no-dsa> (Minor issue)
 CVE-2011-1657 (The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions ...)
+	{DSA-2408-1}
 	- php5 <unfixed> (unimportant)
 	NOTE: safe mode not supported
 CVE-2011-1656
@@ -18853,15 +18856,19 @@
 	{DSA-2266-1}
 	- php5 5.3.6-1
 CVE-2011-1470 (The Zip extension in PHP before 5.3.6 allows context-dependent ...)
+	{DSA-2408-1}
 	- php5 5.3.6-1 (unimportant)
 	NOTE: exploitable by malicious scripts only
 CVE-2011-1469 (Unspecified vulnerability in the Streams component in PHP before 5.3.6 ...)
+	{DSA-2408-1}
 	- php5 5.3.6-1 (unimportant)
 	NOTE: exploitable by malicious scripts only
 CVE-2011-1468 (Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 ...)
+	{DSA-2408-1}
 	- php5 5.3.6-1 (unimportant)
 	NOTE: under normal conditions the amount of memory leaked is insignificant
 CVE-2011-1467 (Unspecified vulnerability in the NumberFormatter::setSymbol (aka ...)
+	{DSA-2408-1}
 	- php5 5.3.6-1 (unimportant)
 	[lenny] - php5 <not-affected> (intl extension included since 5.3)
 	NOTE: Only triggerable with malicious script
@@ -18873,6 +18880,7 @@
 	- chromium-browser <not-affected> (only the dev version was affected)
 	- webkit <not-affected> (chromium specific)
 CVE-2011-1464 (Buffer overflow in the strval function in PHP before 5.3.6, when the ...)
+	{DSA-2408-1}
 	- php5 5.3.6-1 (unimportant)
 	NOTE: ini setting needs to be modified.
 CVE-2011-1463
@@ -19826,6 +19834,7 @@
 CVE-2011-1149 (Android before 2.3 does not properly restrict access to the system ...)
 	NOT-FOR-US: Android
 CVE-2011-1148 (Use-after-free vulnerability in the substr_replace function in PHP ...)
+	{DSA-2408-1}
 	- php5 <unfixed> (unimportant)
 	NOTE: only exploitable by malicious scripts
 CVE-2011-1147 (Multiple stack-based and heap-based buffer overflows in the (1) ...)
@@ -20058,6 +20067,7 @@
 	- linux-2.6 2.6.38-1 (low)
 	[squeeze] - linux-2.6 2.6.32-31
 CVE-2011-1092 (Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows ...)
+	{DSA-2408-1}
 	- php5 <unfixed> (unimportant)
 	NOTE: only exploitable by malicious scripts
 	NOTE: http://seclists.org/oss-sec/2011/q1/430
@@ -21784,6 +21794,7 @@
 	- php5 5.3.3-7 (unimportant)
 	NOTE: Only exloitable with malicious script
 CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 ...)
+	{DSA-2408-1}
 	- php5 5.3.5-1 (unimportant)
 	NOTE: requires attacker to be able to execute code already
 CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...)


