Author: gilbert-guest
Date: 2009-04-07 23:13:19 +0000 (Tue, 07 Apr 2009)
New Revision: 11581
Modified:
data/CVE/list
Log:
sumbitted bug reports for mapserver and php issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-04-07 22:45:11 UTC (rev 11580)
+++ data/CVE/list 2009-04-07 23:13:19 UTC (rev 11581)
@@ -345,9 +345,9 @@
CVE-2009-1178 (Unspecified vulnerability in the server in IBM Tivoli Storage
Manager ...)
NOT-FOR-US: Tivoli
CVE-2009-1177 (Multiple stack-based buffer overflows in maptemplate.c in
mapserv in ...)
- - mapserver 5.2.2-1 (medium)
+ - mapserver 5.2.2-1 (medium; bug #523027)
CVE-2009-1176 (mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x
before ...)
- - mapserver 5.2.2-1 (low)
+ - mapserver 5.2.2-1 (low; bug #523027)
CVE-2008-6572 (SQL injection vulnerability in search_results.php in ABK-Soft
...)
NOT-FOR-US: ABK-Soft AbleDating
CVE-2008-6571 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA
before ...)
@@ -1365,17 +1365,17 @@
CVE-2009-0844
RESERVED
CVE-2009-0843 (The msLoadQuery function in mapserv in MapServer 4.x before
4.10.4 and ...)
- - mapserver 5.2.2-1 (unimportant)
+ - mapserver 5.2.2-1 (unimportant; bug #523027)
NOTE: this can only probe for files that are not present, useless when not
NOTE: in combination with another attack
CVE-2009-0842 (mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2
allows ...)
- - mapserver 5.2.2-1 (low)
+ - mapserver 5.2.2-1 (low; bug #523027)
CVE-2009-0841 (Directory traversal vulnerability in mapserv.c in mapserv in
MapServer ...)
- - mapserver 5.2.2-1 (low)
+ - mapserver 5.2.2-1 (low; bug #523027)
CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in
cgiutil.c ...)
- - mapserver 5.2.2-1 (medium)
+ - mapserver 5.2.2-1 (medium; bug #523027)
CVE-2009-0839 (Stack-based buffer overflow in mapserv.c in mapserv in MapServer
4.x ...)
- - mapserver 5.2.2-1 (medium)
+ - mapserver 5.2.2-1 (medium; bug #523027)
CVE-2009-0838 (The crypto pseudo device driver in Sun Solaris 10, and
OpenSolaris ...)
NOT-FOR-US: Solaris
CVE-2009-0837 (Stack-based buffer overflow in Foxit Reader 3.0 before Build
1506, ...)
@@ -1693,7 +1693,7 @@
[etch] - poppler <no-dsa> (Application crash only, could be fixed with
further issues)
CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache,
allows ...)
- php4 <removed> (low)
- - php5 <unfixed> (low)
+ - php5 <unfixed> (low; bug #523028)
TODO: File bug
CVE-2008-6398 (sng_regress in SNG 1.0.2 allows local users to overwrite
arbitrary ...)
- sng 1.0.2-6 (bug #496407; unimportant)
@@ -4599,7 +4599,7 @@
CVE-2008-5815 (SQL injection vulnerability in Acomment.php in phpAlumni allows
remote ...)
NOT-FOR-US: phpAlumni
CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7
and ...)
- - php5 <unfixed> (low)
+ - php5 <unfixed> (low; bug #523028)
TODO: check php4
NOTE: there''s not enough information available, no known bug, no
known fix
CVE-2008-5813 (SQL injection vulnerability in inc/rubriques.php in SPIP 1.8
before ...)
@@ -5247,6 +5247,8 @@
CVE-2008-5557 (Heap-based buffer overflow in ...)
{DTSA-188-1}
- php5 5.2.6.dfsg.1-1 (bug #511493)
+ [lenny] - php5 5.2.6.dfsg.1-1+lenny1
+ NOTE: according to bug report, this was fixed in lenny prior to the
release, but was not marked as such at the time
CVE-2008-6506 (Unspecified vulnerability in phpBB before 3.0.4 allows attackers
to ...)
- phpbb3 3.0.2-4 (low; bug #508872)
CVE-2008-5556 (** DISPUTED ** ...)