Author: keescook-guest Date: 2007-04-18 22:24:35 +0000 (Wed, 18 Apr 2007) New Revision: 5674 Modified: data/CVE/list data/mopb.txt Log: updating CVE list from mopb.txt Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-04-18 21:09:43 UTC (rev 5673) +++ data/CVE/list 2007-04-18 22:24:35 UTC (rev 5674) @@ -848,9 +848,9 @@ - php4 <unfixed> (medium) - php5 <unfixed> (medium) CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...) - - php4 <unfixed> (low) - - php5 <unfixed> (low) - NOTE: Barely a security problem. + - php4 <unfixed> (unimportant) + - php5 <unfixed> (unimportant) + NOTE: This is a regular bug, not a security problem CVE-2007-1716 (pam_console does not properly restore ownership for certain console ...) NOT-FOR-US: pam_console CVE-2007-1715 (PHP remote file inclusion vulnerability in frontpage.php in Free Image ...) Modified: data/mopb.txt ==================================================================--- data/mopb.txt 2007-04-18 21:09:43 UTC (rev 5673) +++ data/mopb.txt 2007-04-18 22:24:35 UTC (rev 5674) @@ -92,7 +92,7 @@ #N/A -> open_basedir bypasses not supported, CVE-2007-1461 33 PHP mail() Message ASCIIZ Byte Truncation -N/A This is a bug, but not security-relevant, CVE-2007-1717 (php4 & php5) +#N/A -> This is a bug, but not security-relevant, CVE-2007-1717 (php4 & php5) 31 PHP _SESSION Deserialization Overwrite Vulnerability #N/A -> register_globals not supported, already fixed in DSA-1264, dupe CVE-2007-0910/CVE-2007-1701 (php4 & php5, very hard to trigger remotely, code execution) @@ -110,13 +110,13 @@ #Fixed in Etch as part of the 5.2.1 backport, dupe CVE-2007-0907/CVE-2007-1584 24 PHP array_user_key_compare() Double DTOR Vulnerability -N/A Only triggerable by malicious script, CVE-2007-1484 (php4 & php5, code execution) +#N/A -> Only triggerable by malicious script, CVE-2007-1484 (php4 & php5, code execution) 21 PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability #N/A -> Safemode and open_basedir bypasses not supported, CVE-2007-1461 20 PHP zip:// URL Wrapper safemode and open_basedir Bypass Vulnerability -#N/A Safemode and open_basedir bypasses not supported, CVE-2007-1460 +#N/A -> Safemode and open_basedir bypasses not supported, CVE-2007-1460 15 PHP shmop Functions Resource Verification Vulnerability N/A Only triggerable by malicious script, could be used to read/write arbitrary memory, CVE-2007-1376 (php4 & php5, arbitrary memory leakage)