[Secure-testing-commits] r28419 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Aug 22 07:54:19 UTC 2014
Author: carnil
Date: 2014-08-22 07:54:19 +0000 (Fri, 22 Aug 2014)
New Revision: 28419
Modified:
data/CVE/list
Log:
Add CVE-2014-5120, from external check list
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-22 04:36:21 UTC (rev 28418)
+++ data/CVE/list 2014-08-22 07:54:19 UTC (rev 28419)
@@ -697,8 +697,13 @@
RESERVED
CVE-2014-5121
RESERVED
-CVE-2014-5120
+CVE-2014-5120 [NUL byte injection in filenames passed to image handling functions]
RESERVED
+ - php5 <unfixed>
+ - libgd2 <unfixed>
+ NOTE: https://bugs.php.net/bug.php?id=67730
+ NOTE: https://bugs.php.net/patch-display.php?bug_id=67730&patch=gd-null-injection&revision=latest
+ TODO: check, possibly does not affect the libgd library itself, only the copy in php
CVE-2014-5115 (Absolute path traversal vulnerability in DirPHP 1.0 allows remote ...)
NOT-FOR-US: DirPHP
CVE-2014-5114 (WeBid 1.1.1 allows remote attackers to conduct an LDAP injection ...)
More information about the Secure-testing-commits
mailing list