Author: jmm-guest Date: 2007-03-18 18:08:32 +0000 (Sun, 18 Mar 2007) New Revision: 5560 Modified: data/CVE/list data/mopb.txt Log: updates on MOPB lintian/sarge not-affected one php issue unimportant rewrite acroread as NOT-FOR-US, it has been removed for ages Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-03-18 15:43:50 UTC (rev 5559) +++ data/CVE/list 2007-03-18 18:08:32 UTC (rev 5560) @@ -362,8 +362,11 @@ NOT-FOR-US: PHP Poll Creator CVE-2007-XXXX [unsafe temporary file in lintian''s objdump-info] - lintian 1.23.28 (low) + [sarge] - lintian <not-affected> (Vulnerable code not present) CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and ...) - - php4 <unfixed> (low) + - php4 <unfixed> (unimportant) + [sarge] - php4 <not-affected> (Regression introduced in 4.4.3) + NOTE: Non-issue, explicit debug feature CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote ...) - php4 <unfixed> (low) CVE-2007-1285 (The Zend Engine in PHP 4.x and 5.x allows remote attackers to cause a ...) @@ -604,7 +607,7 @@ CVE-2007-1200 RESERVED CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read ...) - - acroread <removed> (medium) + NOT-FOR-US: Acrobat Reader CVE-2007-1198 (Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 ...) NOT-FOR-US: TaskFreak! CVE-2007-1197 (Multiple unspecified vulnerabilities in Epiware before 4.7.5 have ...) Modified: data/mopb.txt ==================================================================--- data/mopb.txt 2007-03-18 15:43:50 UTC (rev 5559) +++ data/mopb.txt 2007-03-18 18:08:32 UTC (rev 5560) @@ -1,5 +1,17 @@ +21 PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability +N/A Safemode and open_basedir bypasses not supported + +20 PHP zip:// URL Wrapper safemode and open_basedir Bypass Vulnerability +N/A Safemode and open_basedir bypasses not supported + +19 PHP ext/filter Space Trimming Buffer Underflow Vulnerability +TODO for PHP5. Sarge not affected. + +18 PHP ext/filter HTML Tag Stripping Bypass Vulnerability +TODO for PHP5. Sarge not affected. + 17 PHP ext/filter FDF Post Bypass Vulnerability -TODO(low) -> ...or possibly "broken as designed". +TODO(low) -> ...or possibly "broken as designed". Sarge is not affected. 16 PHP zip:// URL Wrapper Buffer Overflow Vulnerability VERIFY -> is this CVE-2007-0906/zip? i can''t reproduce it anyway...