Author: geissert
Date: 2010-08-01 05:58:17 +0000 (Sun, 01 Aug 2010)
New Revision: 15089
Modified:
data/CVE/list
Log:
cleanup php5 issues
remove some unimportant CVE-less issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-08-01 04:22:33 UTC (rev 15088)
+++ data/CVE/list 2010-08-01 05:58:17 UTC (rev 15089)
@@ -1760,8 +1760,6 @@
- linux-2.6 2.6.32-19
CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage
unserializer in ...)
- php5 <unfixed>
- NOTE: some vectors mitigated by suhosin patch, but more info is needed
- TODO: check
CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise ...)
NOT-FOR-US: Reh Hat Enterprise Virtualization Manager (RHEV-M)
CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...)
@@ -4858,7 +4856,6 @@
NOTE: safe_mode not supported
CVE-2010-1128 (The Linear Congruential Generator (LCG) in PHP before 5.2.13
does not ...)
- php5 5.3.2-1 (low)
- NOTE: probably no-dsa, but will see what else can be fixed in stable to make
an upload
CVE-2010-1127 (Microsoft Internet Explorer 6 and 7 does not initialize certain
data ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1126 (The JavaScript implementation in WebKit allows remote attackers
to ...)
@@ -7033,7 +7030,6 @@
CVE-2010-0397 (The xmlrpc extension in PHP 5.3.1 does not properly handle a
missing ...)
{DSA-2018-1}
- php5 5.3.2-1 (medium; bug #573573)
- NOTE: sent mail to oss-sec notifying about the id
CVE-2010-0396 (Directory traversal vulnerability in the dpkg-source component
in dpkg ...)
{DSA-2011-1}
- dpkg 1.15.6
@@ -8667,22 +8663,6 @@
- libhaml-ruby 2.2.8-1
CVE-2009-XXXX [roundup: unspecified issue]
- roundup 1.4.11-1
-CVE-2009-XXXX [php5 uksort() interruption memory corruption]
- - php5 <unfixed> (unimportant)
- NOTE: CVE requested
-CVE-2009-XXXX [php5 usort interruption memory corruption]
- - php5 5.2.11.dfsg.1-1 (unimportant)
- TODO: protection was weak in .11, re-check .12 changes
- NOTE: CVE requested
- NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
-CVE-2009-XXXX [php5 explode() information leak]
- - php5 5.2.11.dfsg.1-1 (unimportant)
- NOTE: CVE requested
- NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
-CVE-2009-XXXX [php5 serialize() information leak]
- - php5 5.2.11.dfsg.1-1 (unimportant)
- NOTE: CVE requested
- NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
CVE-2010-0065 (Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted
...)
NOT-FOR-US: Apple Disk Images
CVE-2010-0064 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves
file ...)