Author: geissert Date: 2010-05-12 02:52:48 +0000 (Wed, 12 May 2010) New Revision: 14684 Modified: data/CVE/list data/mops.txt Log: MOPS update Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-05-12 00:55:43 UTC (rev 14683) +++ data/CVE/list 2010-05-12 02:52:48 UTC (rev 14684) @@ -1,18 +1,14 @@ -CVE-2010-1918 [MOPS-2010-018] - - php5 <undetermined> - TODO: check -CVE-2010-1917 [MOPS-2010-021] - - php5 <undetermined> - TODO: check -CVE-2010-1916 [MOPS-2010-019] - - php5 <undetermined> - TODO: check -CVE-2010-1915 [MOPS-2010-017] - - php5 <undetermined> - TODO: check +CVE-2010-1918 [MOPS-2010-018 EFront ask_chat] + NOT-FOR-US: EFront ask_chat +CVE-2010-1917 [MOPS-2010-021 fnmatch stack exhaustion] + - php5 <unfixed> (low) + [lenny] - php5 <no-dsa> (low) +CVE-2010-1916 [MOPS-2010-019 xinha config injection] + TODO: check the embedded copies +CVE-2010-1915 [MOPS-2010-017 preg_quote] + - php5 <unfixed> (unimportant) CVE-2010-1914 [MOPS-2010-014,15,16] - - php5 <undetermined> - TODO: check + - php5 <unfixed> (unimportant) CVE-2010-1871 RESERVED CVE-2010-1870 @@ -23,29 +19,24 @@ NOTE: http://www.openwall.com/lists/oss-security/2010/05/11/3 TODO: check CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ...) - - php5 <undetermined> - TODO: check + - php5 <unfixed> (unimportant) CVE-2010-1867 (SQL injection vulnerability in the ...) NOT-FOR-US: Campsite CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP ...) - - php5 <undetermined> - TODO: check + - php5 <unfixed> (low) + [lenny] - php5 <not-affected> (dechunk filter introduced in 5.3) CVE-2010-1865 (Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and ...) NOT-FOR-US: ClanSphere CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through ...) - - php5 <undetermined> - TODO: check + - php5 <unfixed> (unimportant) CVE-2010-1863 (SQL injection vulnerability in the shoutbox module ...) NOT-FOR-US: ClanTiger CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...) - - php5 <undetermined> - TODO: check + - php5 <unfixed> (unimportant) CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...) - - php5 <undetermined> - TODO: check + - php5 <unfixed> (unimportant) CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 ...) - - php5 <undetermined> - TODO: check + - php5 <unfixed> (unimportant) CVE-2010-1859 (SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and ...) NOT-FOR-US: DeluxeBB CVE-2010-1858 (Directory traversal vulnerability in the SMEStorage (com_smestorage) ...) Modified: data/mops.txt ==================================================================--- data/mops.txt 2010-05-12 00:55:43 UTC (rev 14683) +++ data/mops.txt 2010-05-12 02:52:48 UTC (rev 14684) @@ -17,7 +17,7 @@ 015: CVE-2010-1914; Only triggerable by malicious script 016: CVE-2010-1914; Only triggerable by malicious script 017: CVE-2010-1915; Only triggerable by malicious script -018: External app not in Debian: MeFront +018: External app not in Debian: EFront 019: CVE-2010-1916; Serendipity, doesn''t affect Lenny (1.4 onwards), pinged Thijs -020: External app; xinha, Just an ITP: #479708, there might be embedders according to the bug +020: CVE-2010-1916; External app; xinha, Just an ITP: #479708, there are embedders 021: CVE-2010-1917; PHP fnmatch() Stack Exhaustion Vulnerability