Author: geissert Date: 2009-10-27 06:27:46 +0000 (Tue, 27 Oct 2009) New Revision: 13103 Modified: data/CVE/list Log: updates regarding the php5 issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-27 06:12:49 UTC (rev 13102) +++ data/CVE/list 2009-10-27 06:27:46 UTC (rev 13103) @@ -1145,12 +1145,16 @@ - php5 5.2.11.dfsg.1-1 (low) NOTE: unknown impact, it is related to missing sanity checks NOTE: when determining the length of sections of jpg headers - NOTE: and a missing limit on the nesting level of TIFF files + NOTE: a missing limit on the nesting level of TIFF files, and + NOTE: missing EOF checks, possibly leading to NULL dereferences NOTE: experimental is likely to be affected (as of 5.3.0) TODO: check php4 CVE-2009-3291 (The php_openssl_apply_verification_policy function in PHP before ...) - - php5 5.2.11.dfsg.1-1 (medium) - NOTE: seems to be related to handling of \0 on CN, might worth a dsa + - php5 5.2.11.dfsg.1-1 (low) + [lenny] - php5 <no-dsa> (rather unimportant) + [etch] - php5 <no-dsa> (rather unimportant) + NOTE: seems to be related to handling of \0 on CN + NOTE: not worth a dsa on its own, php doesn''t verify certificates by default NOTE: experimental is likely to be affected (as of 5.3.0) TODO: check php4 CVE-2009-3289 (The g_file_copy function in glib 2.0 sets the permissions of a target ...)