thr3ads.net - Secure testing commits - [Secure-testing-commits] r16414

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2011-Mar-22 16:25 UTC
[Secure-testing-commits] r16414 - data/CVE

Author: jmm
Date: 2011-03-22 16:25:30 +0000 (Tue, 22 Mar 2011)
New Revision: 16414

Modified:
   data/CVE/list
Log:
record several php5 fixes in sid


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-03-22 16:02:52 UTC (rev 16413)
+++ data/CVE/list	2011-03-22 16:25:30 UTC (rev 16414)
@@ -787,7 +787,7 @@
 CVE-2011-1154
 	RESERVED
 CVE-2011-1153 (Multiple format string vulnerabilities in phar_object.c in the
phar ...)
-	- php5 <unfixed>
+	- php5 5.3.6-1
 CVE-2011-1152
 	RESERVED
 CVE-2011-1151
@@ -1954,13 +1954,16 @@
 CVE-2011-0756
 	RESERVED
 CVE-2011-0755 (Integer overflow in the mt_rand function in PHP before 5.3.4
might ...)
-	- php5 <unfixed>
+	- php5 5.3.5-1 (unimportant)
+	NOTE: Only exploitable with malicious script
 CVE-2011-0754 (The SplFileInfo::getType function in the Standard PHP Library
(SPL) ...)
 	- php5 <not-affected> (Only affects PHP on Windows)
 CVE-2011-0753 (Race condition in the PCNTL extension in PHP before 5.3.4, when
a ...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.3.5-1 (unimportant)
+	NOTE: Only exploitable with malicious script
 CVE-2011-0752 (The extract function in PHP before 5.2.15 does not prevent use
of the ...)
-	- php5 5.3.3-7 (low)
+	- php5 5.3.3-7 (unimportant)
+	NOTE: Only exploitable with malicious script
 CVE-2011-0751 (Directory traversal vulnerability in nhttpd (aka Nostromo
webserver) ...)
 	TODO: check
 CVE-2011-0750
@@ -2079,7 +2082,7 @@
 CVE-2011-0709 (The br_mdb_ip_get function in net/bridge/br_multicast.c in the
Linux ...)
 	- linux-2.6 <not-affected> (Introduced in 2.6.35-rc1 and fixed in
2.6.35-rc5)
 CVE-2011-0708 (exif.c in the Exif extension in PHP before 5.3.6 on 64-bit
platforms ...)
-	- php5 <unfixed>
+	- php5 5.3.6-1
 CVE-2011-0707 (Multiple cross-site scripting (XSS) vulnerabilities in
Cgi/confirm.py ...)
 	{DSA-2170-1}
 	- mailman 1:2.1.14-1
@@ -2630,11 +2633,11 @@
 CVE-2010-4700 (The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3,
when the ...)
 	- php5 <not-affected> (vuln code in mysqlnd, we use libmysqlclient)
 CVE-2010-4699 (The iconv_mime_decode_headers function in the Iconv extension in
PHP ...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.3.5-1 (unimportant)
 CVE-2010-4698 (Stack-based buffer overflow in the GD extension in PHP before
5.2.15 ...)
 	- php5 5.3.3-7 (low)
 CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before
5.2.15 ...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.3.5-1 (unimportant)
 	NOTE: requires attacker to be able to execute code already
 CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before
1.5.22 ...)
 	NOT-FOR-US: Joomla 
@@ -2848,7 +2851,7 @@
 CVE-2011-0422
 	RESERVED
 CVE-2011-0421 (The _zip_name_locate function in zip_name_locate.c in the Zip
...)
-	- php5 <unfixed>
+	- php5 5.3.6-1
 	NOTE: http://svn.php.net/viewvc?view=revision&revision=307867
 CVE-2011-0420 (The grapheme_extract function in the Internationalization
extension ...)
 	- php5 <unfixed> (low)
Secure testing commits - Mar 2011 - r16414 - data/CVE

[Secure-testing-commits] r16414 - data/CVE
