Author: jmm-guest Date: 2007-04-14 11:54:51 +0000 (Sat, 14 Apr 2007) New Revision: 5654 Modified: data/CVE/list data/mopb.txt Log: yet another CVE dupe for PHP Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-04-13 11:51:34 UTC (rev 5653) +++ data/CVE/list 2007-04-14 11:54:51 UTC (rev 5654) @@ -179,7 +179,9 @@ - php4 6:4.4.4-9 NOTE: Dupe of CVE-2007-0906 CVE-2007-1884 (Multiple integer signedness errors in the printf function family in ...) - - php5 <unfixed> (low) + - php5 5.2.0-9 + - php4 6:4.4.4-9 + NOTE: Dupe of CVE-2007-0909 CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...) - php4 <unfixed> (unimportant) - php5 <unfixed> (unimportant) Modified: data/mopb.txt ==================================================================--- data/mopb.txt 2007-04-13 11:51:34 UTC (rev 5653) +++ data/mopb.txt 2007-04-14 11:54:51 UTC (rev 5654) @@ -17,8 +17,7 @@ # Already fixed in DSA-1264 and the respective PHP4/PHP5 packages, dupe CVE-2007-0906/CVE-2007-1825 38 PHP printf() Family 64 Bit Casting Vulnerabilities -TODO, this smells like it can only be triggerable through malicious script, but please -double-check someone +# Already fixed in DSA-1264 and the respective PHP4/PHP5 packages, dupe CVE-2007-0909/CVE-2007-1884 37 PHP iptcembed() Interruption Information Leak Vulnerability #N/A Only triggerable by malicious script @@ -108,6 +107,7 @@ 10 PHP php_binary Session Deserialization Information Leak Vulnerability #TODO(low) -> Can only leak 127 bytes of data, CVE-2007-1380 (php4 & php5, heap leak) +Check, to which extent this was covered by our backports of 5.2.1 patches 09 PHP wddx_deserialize() String Append Buffer Overflow Vulnerability #N/A -> Only applies to a development version in CVS, not a shipped release