Author: fw
Date: 2005-10-31 20:02:34 +0000 (Mon, 31 Oct 2005)
New Revision: 2627
Modified:
data/CVE/list
Log:
PHP 4 bug number, status of CVE-2002-1954 now clear (unfixed).
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-10-31 18:17:10 UTC (rev 2626)
+++ data/CVE/list 2005-10-31 20:02:34 UTC (rev 2627)
@@ -1,18 +1,19 @@
CVE-2005-XXXX [generic XSS vulnerability in PHP''s phpinfo function]
- - php4 <unfixed> (bug filed; low)
+ {CVE-2002-1954}
+ - php4 <unfixed> (bug #336645; low)
- php5 <unfixed> (bug filed; low)
NOTE: http://www.hardened-php.net/advisory_182005.77.html
CVE-2005-XXXX [PHP register_globals Activation Vulnerability in parse_str]
- - php4 <unfixed> (bug filed; low)
+ - php4 <unfixed> (bug #336645; low)
- php5 <unfixed> (bug filed; low)
NOTE: http://www.hardened-php.net/advisory_192005.78.html
CVE-2005-XXXX [PHP File-Upload $GLOBALS Overwrite Vulnerability]
- - php4 <unfixed> (bug filed; high)
+ - php4 <unfixed> (bug #336645; low)
- php5 <unfixed> (bug filed; high)
NOTE: http://www.hardened-php.net/advisory_202005.79.html
NOTE: http://www.hardened-php.net/globals-problem
CVE-2005-XXXX [phpBB issues fixed in 2.0.18]
- - phpbb2 <unfixed> (bug #336582; high)
+ - phpbb2 <unfixed> (bug #336582; bug #336587; high)
NOTE: http://www.hardened-php.net/advisory_172005.75.html
NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
NOTE: Remote code execution may be possible, especially in conjunction
@@ -4587,7 +4588,8 @@
NOTE: php function that displays the PHP logo and version information. In the
bug
NOTE: log the developers seem unwilling to fix this, as it only affects a
debug
NOTE: function.
- TODO: check, whether the mentioned XSS still affects current PHP versions in
Debian
+ - php4 <unfixed> (bug #336645; low)
+ - php5 <unfixed> (bug filed; low)
CVE-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant
...)
NOT-FOR-US: AIM
CVE-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL
...)