Author: geissert
Date: 2009-11-20 17:17:46 +0000 (Fri, 20 Nov 2009)
New Revision: 13327
Modified:
data/CVE/list
Log:
new kdelibs and php issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-11-20 06:09:31 UTC (rev 13326)
+++ data/CVE/list 2009-11-20 17:17:46 UTC (rev 13327)
@@ -1,3 +1,8 @@
+CVE-2009-XXXX [php temporary files exhaustion DoS]
+ - php5 <unfixed> (medium)
+ - php4 <unfixed> (medium)
+ NOTE: workarounds include using 5.3.1 or php5-suhosin
+ NOTE: 4B068517.802 at acunetix.com on bugtraq explains it
CVE-2009-XXXX [array indexing error in gdth_read_event() in
drivers/scsi/gdth.c]
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
@@ -1032,10 +1037,16 @@
RESERVED
CVE-2009-3559
RESERVED
+ - php5 <unfixed> (unimportant)
+ NOTE: safe_mode regression
CVE-2009-3558
RESERVED
+ - php5 <unfixed> (unimportant)
+ NOTE: open_basedir bypass
CVE-2009-3557
RESERVED
+ - php5 <unfixed> (unimportant)
+ NOTE: safe_mode bypass
CVE-2009-3556
RESERVED
CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier,
as ...)
@@ -10546,7 +10557,10 @@
CVE-2009-0690 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for
Foxit ...)
NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on
CVE-2009-0689 (The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc
in ...)
- NOT-FOR-US: FreeBSD
+ - kdelibs <unfixed>
+ TODO: check and merge with 2009-1563?
+ NOTE: This is CVE-2009-1563
+ NOTE: http://securityreason.com/achievement_securityalert/74
CVE-2009-0688 (Multiple buffer overflows in the CMU Cyrus SASL library before
2.1.23 ...)
{DSA-1807-1 DTSA-200-1 DTSA-201-1}
- cyrus-sasl2 2.1.23.dfsg1-1 (bug #528749)