atomo64-guest at alioth.debian.org
2008-Dec-07 01:01 UTC
[Secure-testing-commits] r10639 - data/CVE
Author: atomo64-guest
Date: 2008-12-07 01:01:30 +0000 (Sun, 07 Dec 2008)
New Revision: 10639
Modified:
data/CVE/list
Log:
NFUs and new php issue
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-12-06 14:40:23 UTC (rev 10638)
+++ data/CVE/list 2008-12-07 01:01:30 UTC (rev 10639)
@@ -1,3 +1,8 @@
+CVE-2008-XXXX [php apache/2 SAPI php_getuid() overload]
+ - php5 <unfixed> (bug #508021)
+ NOTE: Fixed in php 5.2.7, not yet in the archive
+ NOTE: http://securityreason.com/achievement_securityalert/59
+ TODO: check php4
CVE-2008-XXXX [Format string vulnerability in vinagre]
- vinagre 0.5.1-2
CVE-2008-5360 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK
and JRE ...)
@@ -57,7 +62,7 @@
CVE-2008-5333 (SQL injection vulnerability in members.php in NitroTech 0.0.3a
allows ...)
NOT-FOR-US: NitroTech
CVE-2008-5332 (Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3
allow ...)
- TODO: check
+ NOT-FOR-US: Pie Web M{a,e}sher
CVE-2008-5331 (Adobe Acrobat 9 uses more efficient encryption than previous
versions, ...)
NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-5330 (Multiple cross-site scripting (XSS) vulnerabilities in the web
...)
@@ -229,8 +234,9 @@
NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82
NOTE: upstream has been notified
TODO: write proper advisory and request CVE id
-CVE-2008-XXXX [php5: inifile handler for the dba functions can be used to
truncate a file]
+CVE-2008-XXXX [php: inifile handler for the dba functions can be used to
truncate a file]
- php5 (low; bug #507101)
+ - php4 <unfixed> (low)
CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link
function in ...)
- wordpress 2.5.1-11 (low; bug #507193)
CVE-2008-5286 (Integer overflow in the _cupsImageReadPNG function in CUPS
1.1.17 ...)
@@ -2113,7 +2119,7 @@
CVE-2008-4417
RESERVED
CVE-2008-4416 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31
allows ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2008-4415 (Unspecified vulnerability in HP Service Manager (HPSM) before
7.01.71 ...)
NOT-FOR-US: HP Service Manager (HPSM)
CVE-2008-4414 (Unspecified vulnerability in the AdvFS showfile command in HP
Tru64 ...)