thr3ads.net - Secure testing commits - [Secure-testing-commits] r8046

If this information is useful, please help other people find it:
Share via:
thijs at alioth.debian.org
2008-Jan-28 10:33 UTC
[Secure-testing-commits] r8046 - data/CVE

Author: thijs
Date: 2008-01-28 10:33:27 +0000 (Mon, 28 Jan 2008)
New Revision: 8046

Modified:
   data/CVE/list
Log:
update php5 issues


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-01-28 09:14:11 UTC (rev 8045)
+++ data/CVE/list	2008-01-28 10:33:27 UTC (rev 8046)
@@ -2830,12 +2830,12 @@
 	NOTE: http://bugs.php.net/bug.php?id=41561
 CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5 rewrites
local ...)
 	{DSA-1444-1}
-	- php5 <unfixed> (bug #453295)
+	- php5 5.2.5-1 (bug #453295)
 	NOTE:
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/url_scanner_ex.re?r1=1.76.2.2.2.1&r2=1.76.2.2.2.2&view=patch
 	NOTE: fixed in php5/etch svn
 CVE-2007-5898 (The (1) htmlentities and (2) htmlspecialchars functions in PHP
before ...)
 	{DSA-1444-1}
-	- php5 <unfixed> (bug #453295)
+	- php5 5.2.5-1 (bug #453295)
 	NOTE:
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.14&r2=1.111.2.2.2.15&view=patch
 	NOTE: fixed in php5/etch svn
 CVE-2007-5897 (Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3,
9iR1, ...)
@@ -6142,7 +6142,7 @@
 CVE-2007-4888 (The &quot;You are not allowed...&quot; error handler in
XWiki 1.0 B1 and 1.0 B2 ...)
 	NOT-FOR-US: Xwiki
 CVE-2007-4887 (The dl function in PHP 5.2.4 and earlier allows
context-dependent ...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.5-1 (unimportant)
 	NOTE: Only triggerable by malicious script
 CVE-2007-4886 (Incomplete blacklist vulnerability in index.php in AuraCMS 1.x
and ...)
 	NOT-FOR-US: Aura CMS
@@ -6288,7 +6288,7 @@
 	- quagga 0.99.9-1 (low; bug #442133)
 	NOTE: Upstream says that this can only be exploited by configured peers.
 CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier
allows ...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.5-1 (unimportant)
 	- php4 <not-affected> (error message "Allowed memory size of
8388608 bytes exhausted...")
 	NOTE: php5 PoC can be reproduced, basedir violations not treated as security
problems
 CVE-2007-4824 (Multiple cross-application scripting (XAS) vulnerabilities in
Google ...)
@@ -6376,7 +6376,7 @@
 	- php5 <unfixed> (unimportant; bug #441972)
 	NOTE: Only triggerable by malicious script
 CVE-2007-4783 (The iconv_substr function in PHP 5.2.4 and earlier allows ...)
-	- php5 <unfixed> (unimportant; bug #441972)
+	- php5 5.2.5-1 (unimportant; bug #441972)
 	NOTE: Only triggerable by malicious script
 CVE-2007-4782 (PHP before 5.2.3 allows context-dependent attackers to cause a
denial ...)
 	- php5 5.2.3-1 (unimportant)
@@ -6681,7 +6681,7 @@
 	NOTE: fixed in php5/etch svn
 	NOTE: fix is at
http://cvs.php.net/viewcvs.cgi/php-src/ext/openssl/openssl.c?r1=1.146&r2=1.147
 CVE-2007-4661 (The chunk_split function in string.c in PHP 5.2.3 does not
properly ...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.4-1 (unimportant)
 	NOTE: This CVE refers to an incomplete fix for CVE-2007-2872, an issue only
 	NOTE: triggerable by malicious script
 CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP
before ...)
@@ -6715,7 +6715,7 @@
 CVE-2007-4653 (SQL injection vulnerability in links.php in the Links MOD 1.2.2
and ...)
 	NOT-FOR-US: Cisco Content Services Switch
 CVE-2007-4652 (The session extension in PHP before 5.2.4 might allow local
users to ...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.4-1 (unimportant)
 CVE-2007-4651 (Unspecified vulnerability in Adobe Connect Enterprise Server 6
allows ...)
 	NOT-FOR-US: Adobe Connect Enterprise Server
 CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3
allow ...)
@@ -8235,7 +8235,7 @@
 	NOTE: fixed in php5/etch svn
 	NOTE:
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.63&r2=1.445.2.14.2.64
 CVE-2007-3997 (The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8,
and PHP ...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.4-1 (unimportant)
 	- php4 <unfixed> (unimportant)
 	NOTE: only exploitable by malicious script
 CVE-2007-3996 (Multiple integer overflows in libgd in PHP before 5.2.4 allow
remote ...)
@@ -9739,7 +9739,7 @@
 	- linux-2.6 <not-affected> (Red Hat-specific vulnerability)
 CVE-2007-3378 (The (1) session_save_path, (2) ini_set, and (3) error_log
functions in ...)
 	- php4 <unfixed> (unimportant)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.4-1 (unimportant)
 CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates
...)
 	- libnet-dns-perl 0.60-1 (low)
 CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows
...)
@@ -10952,7 +10952,7 @@
 	[sarge] - spamassassin <no-dsa> (Only obscure setups affected, only
locally exploitable)
 	[etch] - spamassassin <no-dsa> (Only obscure setups affected, only
locally exploitable)
 CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5
before ...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.3-1 (unimportant)
 	NOTE: Only triggerable by malicious script
 	NOTE: Fix from 5.2.3 was ineffective
 CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4,
and ...)
@@ -13671,7 +13671,7 @@
 	- php5 5.2.0-11 (medium)
 CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through
5.2.1 ...)
 	- php4 6:4.4.6-2 (unimportant)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.2-1 (unimportant)
 	NOTE: This is a regular bug, not a security problem
 CVE-2007-1716 (pam_console does not properly restore ownership for certain
console ...)
 	NOT-FOR-US: pam_console
@@ -14257,7 +14257,7 @@
 	NOT-FOR-US: LIBFtp
 CVE-2007-1484 (The array_user_key_compare function in PHP 4.4.6 and earlier,
and 5.x ...)
 	- php4 <unfixed> (unimportant)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.2-1 (unimportant)
 	NOTE: local malicious scripts only
 CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in
WebCalendar ...)
 	- webcalendar 1.0.5-1 (high)
@@ -14315,10 +14315,10 @@
 CVE-2007-1462 (The luci server component in conga preserves the password
between page ...)
 	NOT-FOR-US: conga
 CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension
in PHP ...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.2-1 (unimportant)
 	NOTE: Safemode and open_basedir bypasses not supported
 CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP
...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.2-1 (unimportant)
 	NOTE: Safemode and open_basedir bypasses not supported
 CVE-2007-1459 (Multiple PHP remote file inclusion vulnerabilities in WebCreator
...)
 	NOT-FOR-US: WebCreator
@@ -14492,7 +14492,7 @@
 CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick
and (2) ...)
 	NOT-FOR-US: FiSH IRC Encryption
 CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through
4.4.6, and ...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.2-1 (unimportant)
 	NOTE: Non-issue
 CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin
2.8.0 ...)
 	{DSA-1370-2 DSA-1370-1}
@@ -14830,7 +14830,7 @@
 	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
 	- php4 6:4.4.6-1 (low)
 CVE-2007-1285 (The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2,
allows ...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.2-1 (unimportant)
 	- php4 <unfixed> (unimportant)
 	NOTE: Needs to be sanisited within apps, only crashes the current instance
anyway
 CVE-2007-1284
@@ -34020,7 +34020,7 @@
 	[sarge] - php4 <no-dsa> (html_errors shouldn''t be used)
 CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1
allow ...)
 	{DSA-1331-1}
-	- php5 5.1.2-1
+	- php5 5.1.2-1 (bug #347894)
 	- php4 4:4.4.2-1 (bug #354683)
 CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0
...)
 	NOT-FOR-US: Light Weight Calendar
@@ -34035,7 +34035,8 @@
 CVE-2006-0201 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka
PHP ...)
 	NOT-FOR-US: PayPal Web Services
 CVE-2006-0200 (Format string vulnerability in the error-reporting feature in
the ...)
-	- php5 5.1.2-1 (unimportant)
+	- php5 5.1.2-1 (bug #347894; unimportant)
+	- php4 <not-affected> (vulnerable code was introduced in PHP5)
 	NOTE: Not built into the binary packages
 CVE-2006-0199 (SQL injection vulnerability in news.asp in Mini-Nuke CMS System
1.8.2 ...)
 	NOT-FOR-US: Mini-Nuke
@@ -34102,12 +34103,6 @@
 	NOT-FOR-US: BEA WebLogic Server
 CVE-2006-2443 (The Debian package of knowledgetree 2.0.7 creates
environment.php with ...)
 	- knowledgetree 2.0.7-2 (bug #348306; medium)
-CVE-2006-XXXX [php5 response splitting]
-	- php5 5.1.2-1 (bug #347894)
-	- php4 <not-affected> (vulnerable code was introduced in PHP5)
-CVE-2006-XXXX [php5 mysqli format string issue]
-	- php5 5.1.2-1 (bug #347894)
-	- php4 <not-affected> (vulnerable code was introduced in PHP5)
 CVE-2006-0187 (By design, Microsoft Visual Studio 2005 automatically executes
code in ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-0186
Secure testing commits - Jan 2008 - r8046 - data/CVE

[Secure-testing-commits] r8046 - data/CVE
