[Secure-testing-commits] r34369 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2015-05-20 14:18:18 +0000 (Wed, 20 May 2015)
New Revision: 34369

Modified:
   data/CVE/list
Log:
Add CVE-2015-4025 and CVE-2015-4026 in php5

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-05-20 14:15:24 UTC (rev 34368)
+++ data/CVE/list	2015-05-20 14:18:18 UTC (rev 34369)
@@ -1,10 +1,6 @@
 CVE-2015-XXXX [denial-of-service]
 	- ipsec-tools <unfixed> (bug #785778)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/20/1
-CVE-2015-4026
-	RESERVED
-CVE-2015-4025
-	RESERVED
 CVE-2015-4023
 	RESERVED
 CVE-2015-4020
@@ -89,12 +85,14 @@
 	TODO: check
 CVE-2014-9719
 	RESERVED
-CVE-2015-XXXX [various functions allow \0 in paths where they shouldn't]
+CVE-2015-4026 [pcntl_exec() should not allow null char]
 	- php5 <unfixed>
-	NOTE: https://bugs.php.net/bug.php?id=69418
 	NOTE: https://bugs.php.net/bug.php?id=68598
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/18/2
 	TODO: check
+CVE-2015-4025 [CVE-2006-7243 fix regressions in 5.4+]
+	- php5 <unfixed>
+	NOTE: https://bugs.php.net/bug.php?id=69418
+	TODO: check
 CVE-2015-4024 [DoS possibility due to ineffective parsing of form data]
 	- php5 <unfixed>
 	NOTE: https://bugs.php.net/bug.php?id=69364