Author: geissert Date: 2011-03-12 19:23:05 +0000 (Sat, 12 Mar 2011) New Revision: 16370 Modified: data/CVE/list Log: php5: PEAR issue CVEified, 1 not-affected, 1 unimportant glibc: glob DoS Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-03-12 11:30:36 UTC (rev 16369) +++ data/CVE/list 2011-03-12 19:23:05 UTC (rev 16370) @@ -607,7 +607,7 @@ - unixodbc <unfixed> (low; bug #617655) NOTE: http://seclists.org/oss-sec/2011/q1/446 CVE-2011-1144 (The installer in PEAR 1.9.2 and earlier allows local users to ...) - TODO: apparenty not in Debian. Raphael, can you confirm? + - php5 <not-affected> (incomplete never used in Debian packages) CVE-2011-1143 (epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark ...) - wireshark 1.4.4-1 (unimportant) CVE-2011-1142 (Stack consumption vulnerability in the dissect_ber_choice function in ...) @@ -635,6 +635,8 @@ CVE-2011-1126 RESERVED CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or libc6) ...) + - glibc <removed> + - eglibc <unfixed> TODO: check CVE-2010-4755 (The (1) remote_glob function in sftp-glob.c and the (2) process_put ...) NOTE: That''s essentially shooting yourself in your own foot: @@ -804,9 +806,9 @@ RESERVED CVE-2011-1092 [PHP: shmop_read, missing sanity check] RESERVED - - php5 <unfixed> + - php5 <unfixed> (unimportant) + NOTE: only exploitable by malicious scripts NOTE: http://seclists.org/oss-sec/2011/q1/430 - TODO: determine severity. file a bts bug. CVE-2011-1091 RESERVED CVE-2011-1090 @@ -858,8 +860,6 @@ - cron <not-affected> (Debian''s cron not affected) CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users ...) - cron <not-affected> (Debian''s cron not affected) -CVE-2011-1072 (The installer in PEAR before 1.9.2 allows local users to overwrite ...) - TODO: apparenty not in Debian. Raphael, can you confirm? CVE-2011-1071 [eglibc: memory corruption] RESERVED - glibc <removed> @@ -20172,12 +20172,10 @@ [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported) CVE-2009-3526 RESERVED -CVE-2009-XXXX [php5''s pear is vulnerable to symlink attacks] +CVE-2011-1072 [php5''s pear is vulnerable to symlink attacks] - php5 <unfixed> (low; bug #546164) [squeeze] - php5 <no-dsa> (Minor issue) - NOTE: side-effect reported to upstream: http://bugs.php.net/44354 - NOTE: but they apparently only fixed the issue at build time - NOTE: needs re-testing, as I don''t remember the test conditions + NOTE: side-effect also reported at: http://bugs.php.net/44354 CVE-2009-XXXX [kfreebsd: Devfs / VFS NULL pointer race condition] - kfreebsd-6 <removed> [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)