Author: joeyh
Date: 2012-06-15 09:14:28 +0000 (Fri, 15 Jun 2012)
New Revision: 19493
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-06-15 08:16:43 UTC (rev 19492)
+++ data/CVE/list 2012-06-15 09:14:28 UTC (rev 19493)
@@ -13549,6 +13549,7 @@
[squeeze] - php5 <not-affected> (Only affected 5.3.7)
[lenny] - php5 <not-affected> (Only affected 5.3.7)
CVE-2011-3267 (PHP before 5.3.7 does not properly implement the error_log
function, ...)
+ {DSA-2408-1}
- php5 5.3.7-1
[squeeze] - php5 <not-affected> (Vulnerable code not present)
[lenny] - php5 <not-affected> (Vulnerable code not present)
@@ -13806,6 +13807,7 @@
RESERVED
NOT-FOR-US: Concrete CMS
CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of
the ...)
+ {DSA-2408-1}
- php5 5.3.7-1 (unimportant)
NOTE: exploitable by malicious scripts only
CVE-2011-3181 (Multiple cross-site scripting (XSS) vulnerabilities in the
Tracking ...)
@@ -18268,6 +18270,7 @@
- eglibc 2.13-33 (low; bug #672119)
[squeeze] - eglibc <no-dsa> (Minor issue)
CVE-2011-1657 (The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern
functions ...)
+ {DSA-2408-1}
- php5 <unfixed> (unimportant)
NOTE: safe mode not supported
CVE-2011-1656
@@ -18853,15 +18856,19 @@
{DSA-2266-1}
- php5 5.3.6-1
CVE-2011-1470 (The Zip extension in PHP before 5.3.6 allows context-dependent
...)
+ {DSA-2408-1}
- php5 5.3.6-1 (unimportant)
NOTE: exploitable by malicious scripts only
CVE-2011-1469 (Unspecified vulnerability in the Streams component in PHP before
5.3.6 ...)
+ {DSA-2408-1}
- php5 5.3.6-1 (unimportant)
NOTE: exploitable by malicious scripts only
CVE-2011-1468 (Multiple memory leaks in the OpenSSL extension in PHP before
5.3.6 ...)
+ {DSA-2408-1}
- php5 5.3.6-1 (unimportant)
NOTE: under normal conditions the amount of memory leaked is insignificant
CVE-2011-1467 (Unspecified vulnerability in the NumberFormatter::setSymbol (aka
...)
+ {DSA-2408-1}
- php5 5.3.6-1 (unimportant)
[lenny] - php5 <not-affected> (intl extension included since 5.3)
NOTE: Only triggerable with malicious script
@@ -18873,6 +18880,7 @@
- chromium-browser <not-affected> (only the dev version was affected)
- webkit <not-affected> (chromium specific)
CVE-2011-1464 (Buffer overflow in the strval function in PHP before 5.3.6, when
the ...)
+ {DSA-2408-1}
- php5 5.3.6-1 (unimportant)
NOTE: ini setting needs to be modified.
CVE-2011-1463
@@ -19826,6 +19834,7 @@
CVE-2011-1149 (Android before 2.3 does not properly restrict access to the
system ...)
NOT-FOR-US: Android
CVE-2011-1148 (Use-after-free vulnerability in the substr_replace function in
PHP ...)
+ {DSA-2408-1}
- php5 <unfixed> (unimportant)
NOTE: only exploitable by malicious scripts
CVE-2011-1147 (Multiple stack-based and heap-based buffer overflows in the (1)
...)
@@ -20058,6 +20067,7 @@
- linux-2.6 2.6.38-1 (low)
[squeeze] - linux-2.6 2.6.32-31
CVE-2011-1092 (Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows
...)
+ {DSA-2408-1}
- php5 <unfixed> (unimportant)
NOTE: only exploitable by malicious scripts
NOTE: http://seclists.org/oss-sec/2011/q1/430
@@ -21784,6 +21794,7 @@
- php5 5.3.3-7 (unimportant)
NOTE: Only exloitable with malicious script
CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before
5.2.15 ...)
+ {DSA-2408-1}
- php5 5.3.5-1 (unimportant)
NOTE: requires attacker to be able to execute code already
CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before
1.5.22 ...)