Author: jmm-guest Date: 2007-03-21 21:51:17 +0000 (Wed, 21 Mar 2007) New Revision: 5571 Modified: data/CVE/list data/mopb.txt Log: MOPB update remove stray <unfixed> tag for postgres/sarge Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-03-21 21:14:22 UTC (rev 5570) +++ data/CVE/list 2007-03-21 21:51:17 UTC (rev 5571) @@ -2608,7 +2608,6 @@ - postgresql-8.1 8.1.7-1 - postgresql-7.4 1:7.4.16-1 - postgresql <not-affected> (only transitional package) - [sarge] - postgresql <unfixed> CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting System ...) NOT-FOR-US: Guos Posting System CVE-2007-0553 (Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php ...) Modified: data/mopb.txt ==================================================================--- data/mopb.txt 2007-03-21 21:14:22 UTC (rev 5570) +++ data/mopb.txt 2007-03-21 21:51:17 UTC (rev 5571) @@ -1,3 +1,24 @@ +28 PHP hash_update_file() Already Freed Resource Access Vulnerability +N/A Only triggerable by malicious script + +27 PHP ext/gd Already Freed Resource Access Vulnerability +N/A Only triggerable by malicious script + +26 PHP mb_parse_str() register_globals Activation Vulnerability +TODO Should be fixed + +25 PHP header() Space Trimming Buffer Underflow Vulnerability +TODO Should be fixed for PHP5, Sarge is not affected + +24 PHP array_user_key_compare() Double DTOR Vulnerability +N/A Internal function, only triggerable by malicious script + +23 PHP 5 Rejected Session Identifier Double Free Vulnerability +TODO It''s not yet clear, whether this can be exploited from a remote attacker + +22 PHP session_regenerate_id() Double Free Vulnerability +TODO It''s not yet clear, whether this can be exploited from a remote attacker + 21 PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability N/A Safemode and open_basedir bypasses not supported @@ -15,12 +36,13 @@ 16 PHP zip:// URL Wrapper Buffer Overflow Vulnerability VERIFY -> is this CVE-2007-0906/zip? i can''t reproduce it anyway... +This is CVE-2007-1399 15 PHP shmop Functions Resource Verification Vulnerability TODO(medium) -> user-supplied data could be used to read/write arbitrary memory 14 PHP substr_compare() Information Leak Vulnerability -TODO(low) -> corner-case where length+offset > INT_MAX +TODO -> corner-case where length+offset > INT_MAX 13 PHP 4 Ovrimos Extension Multiple Vulnerabilities N/A -> Ovrimos support not provided in any debian php packages