Author: geissert Date: 2009-12-17 18:21:53 +0000 (Thu, 17 Dec 2009) New Revision: 13586 Modified: data/CVE/list Log: new round of php issues also start tracking some other issues that were not treated by upstream as risky and went unnoticed by almost everyone Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-17 18:19:44 UTC (rev 13585) +++ data/CVE/list 2009-12-17 18:21:53 UTC (rev 13586) @@ -1,3 +1,17 @@ +CVE-2009-XXXX [php5 uksort interruption memory corruption] + - php5 <unfixed> (low) + NOTE: fixed by upstream at a different moment, it''s probably + NOTE: going to get a separate CVE + TODO: request CVE +CVE-2009-XXXX [php5 usort interruption memory corruption] + - php5 5.2.11.dfsg.1-1 (low) + TODO: protection was weak in .11, re-check .12 changes + TODO: request CVE + NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser +CVE-2009-XXXX [php5 explode() information leak] + - php5 5.2.11.dfsg.1-1 (low) + TODO: request CVE + NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser CVE-2010-0065 RESERVED CVE-2010-0064 @@ -566,10 +580,13 @@ - network-manager-gnome <unfixed> TODO: check NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=546117 -CVE-2009-4143 +CVE-2009-4143 [$_SESSION interruption memory corruption] RESERVED -CVE-2009-4142 + - php5 <unfixed> (low) +CVE-2009-4142 [insufficient string validation in htmlspecialchars()] RESERVED + - php5 <unfixed> + TODO: determine real impact CVE-2009-4141 RESERVED CVE-2009-4140