Author: joeyh
Date: 2007-04-29 21:14:23 +0000 (Sun, 29 Apr 2007)
New Revision: 5749
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-04-29 20:18:59 UTC (rev 5748)
+++ data/CVE/list 2007-04-29 21:14:23 UTC (rev 5749)
@@ -916,6 +916,7 @@
CVE-2007-1901
RESERVED
CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter
in ...)
+ {DSA-1283-1}
- php5 <unfixed> (low)
CVE-2007-1899
RESERVED
@@ -940,12 +941,14 @@
- php5 <unfixed> (unimportant)
NOTE: local code execution only, possibly only on FreeBSD
CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in
the ...)
+ {DSA-1283-1}
- php5 <unfixed> (medium)
CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in
src/encode.c ...)
- sqlite <unfixed> (medium)
NOTE: this is really just an "unsafe" API, not really a security
issue against sqlite itself.
NOTE: SQLite 3 no longer contains the affected function.
CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the
bundled ...)
+ {DSA-1283-1}
- php4 <not-affected> (SQLite not enabled in PHP 4 packages)
- php5 <unfixed> (medium)
NOTE: php5 is vulnerable due to improper use of the system sqlite libs
@@ -1087,6 +1090,7 @@
CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5
before ...)
NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP
5 ...)
+ {DSA-1283-1}
- php5 <unfixed> (medium)
CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve
or ...)
NOT-FOR-US: T-Mobile
@@ -1210,7 +1214,7 @@
CVE-2007-1778 (PHP remote file inclusion vulnerability in db/mysql.php in the
...)
NOT-FOR-US: Eve-Nuke
CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before
4.4.5 ...)
- {DSA-1282-1}
+ {DSA-1283-1 DSA-1282-1}
- php4 <unfixed> (medium)
CVE-2007-1776 (SQL injection vulnerability in index.php in the
DesignForJoomla.com ...)
NOT-FOR-US: D4J eZine
@@ -1330,7 +1334,7 @@
CVE-2007-1719 (Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on
FreeBSD, ...)
NOT-FOR-US: mcweject
CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0
through ...)
- {DSA-1282-1}
+ {DSA-1283-1 DSA-1282-1}
- php4 <unfixed> (medium)
[sarge] - php4 <not-affected> (Vulnerable code not present)
- php5 <unfixed> (medium)
@@ -1349,7 +1353,7 @@
CVE-2007-1712 (SQL injection vulnerability in default.asp in ActiveWebSoftwares
...)
NOT-FOR-US: Active Auction Pro
CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and
4.4.6 ...)
- {DSA-1282-1}
+ {DSA-1283-1 DSA-1282-1}
- php4 <unfixed> (unimportant)
- php5 <unfixed> (unimportant)
NOTE: register_globals not supported
@@ -1379,6 +1383,7 @@
NOTE: register_globals not supported
NOTE: Dupe of CVE-2007-0910
CVE-2007-1700 (The session extension in PHP 4 before 4.4.5, and PHP 5 before
5.2.1, ...)
+ {DSA-1283-1}
- php4 <unfixed> (low)
- php5 <unfixed> (low)
NOTE: Should be fixed, if remotely exploitable
@@ -1648,6 +1653,7 @@
- php5 5.2.0-9 (bug #410561; bug #410995; medium)
NOTE: Dupe of CVE-2007-1584
CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0
through ...)
+ {DSA-1283-1}
- php5 <unfixed> (medium)
- php4 <unfixed> (medium)
CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through
5.2.1 ...)
@@ -1788,7 +1794,7 @@
CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0
and ...)
- php5 <unfixed> (medium)
CVE-2007-1521 (Double free vulnerability in PHP 5.2.1 and earlier allows ...)
- {DSA-1282-1}
+ {DSA-1283-1 DSA-1282-1}
- php5 <unfixed> (medium)
- php4 <unfixed> (medium)
CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0
does ...)
@@ -1948,8 +1954,10 @@
CVE-2007-1455 (Multiple absolute path traversal vulnerabilities in Fantastico,
as ...)
NOT-FOR-US: Fantastico
CVE-2007-1454 (ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used
with the ...)
+ {DSA-1283-1}
- php5 <unfixed> (medium)
CVE-2007-1453 (Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the
filtering ...)
+ {DSA-1283-1}
- php5 <unfixed> (medium)
CVE-2007-1452 (The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not
implement ...)
- php5 <unfixed> (low)
@@ -2133,7 +2141,7 @@
CVE-2007-1381 (The wddx_deserialize function in wddx.c in PHP CVS as of
20070304 ...)
- php5 <not-affected> (Affected only a php5 CVS version, not a release)
CVE-2007-1380 (The php_binary serialization handler in the session extension in
PHP ...)
- {DSA-1282-1}
+ {DSA-1283-1 DSA-1282-1}
[etch] - php5 5.2.0-8+etch1
- php4 <unfixed> (low)
- php5 <unfixed> (low)
@@ -2144,10 +2152,12 @@
CVE-2007-1377 (AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla
Firefox, ...)
NOT-FOR-US: Adobe Reader
CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the
5.x ...)
+ {DSA-1283-1}
- php4 <unfixed> (unimportant)
- php5 <unfixed> (unimportant)
NOTE: Only triggerable by malicious script
CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and
...)
+ {DSA-1283-1}
- php5 <unfixed> (low)
NOTE: Should be fixed, could be used as a stepstone for further attacks
CVE-2007-1374 (Cross-site scripting (XSS) vulnerability in pop_profile.asp in
Snitz ...)
@@ -2398,7 +2408,7 @@
[sarge] - php4 <not-affected> (Regression introduced in 4.4.3)
NOTE: Non-issue, explicit debug feature
CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote ...)
- {DSA-1282-1}
+ {DSA-1283-1 DSA-1282-1}
- php4 <unfixed> (low)
CVE-2007-1285 (The Zend Engine in PHP 4.x and 5.x allows remote attackers to
cause a ...)
- php5 <unfixed> (unimportant)