Author: jmm-guest Date: 2006-10-01 11:21:31 +0000 (Sun, 01 Oct 2006) New Revision: 4793 Modified: data/CVE/list Log: rewrite some php entries so that testing is covered as well xloadimage/libgd issue not suitable for code injection Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-10-01 10:57:52 UTC (rev 4792) +++ data/CVE/list 2006-10-01 11:21:31 UTC (rev 4793) @@ -1275,18 +1275,19 @@ - php4 <not-affected> (Vulnerable function doesn''t exist) CVE-2006-4484 (Buffer overflow in the LWZReadByte_ function in ...) - libgd2 2.0.33-5.1 (medium; bug #384838) - - xloadimage <unfixed> (low; bug #384841) + - xloadimage <unfixed> (unimportant; bug #384841) + NOTE: xloadimage is a crasher only, not a security problem CVE-2006-4483 (The cURL extension files (1) ext/curl/interface.c and (2) ...) - - php5 5.1.6-1 (low) - - php4 4:4.4.4-1 (low) - [sarge] - php4 <no-dsa> (Safe mode violations not supported, insufficient measure) + - php5 5.1.6-1 (unimportant) + - php4 4:4.4.4-1 (unimportant) + NOTE: Safe mode violations not supported, insufficient measure CVE-2006-4482 (Multiple heap-based buffer overflows in the (1) str_repeat and (2) ...) - - php5 5.1.6-1 (low) - - php4 4:4.4.4-1 (low) + - php5 5.1.6-1 (medium) + - php4 4:4.4.4-1 (medium) CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...) - - php5 5.1.6-1 (low) - - php4 4:4.4.4-1 (low) - [sarge] - php4 <no-dsa> (Basedir violations not supported, insufficient measure) + - php5 5.1.6-1 (unimportant) + - php4 4:4.4.4-1 (unimportant) + NOTE: Basedir violations not supported CVE-2006-4480 (Incomplete blacklist vulnerability in the nk_CSS function in nuked.php ...) NOT-FOR-US: Nuked-Klan CVE-2006-4479 (Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual ...)