[Secure-testing-commits] r9716 - data/CVE

fw Sun, 31 Aug 2008 09:12:56 -0700

Author: fw
Date: 2008-08-31 16:12:50 +0000 (Sun, 31 Aug 2008)
New Revision: 9716


Modified:
   data/CVE/list
Log:
CVE-2008-3659: php5

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2008-08-31 15:58:49 UTC (rev 9715)
+++ data/CVE/list       2008-08-31 16:12:50 UTC (rev 9716)
@@ -527,7 +527,10 @@
 CVE-2008-3660 (PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as 
a ...)
        TODO: check
 CVE-2008-3659 (Buffer overflow in the memnstr function in PHP 4.4.x before 
4.4.9 and ...)
-       TODO: check
+       - php4 <removed>
+       - php5 <unfixed> (medium)
+       NOTE: php5 -d memory_limit=256M -r '$res = 
explode(str_repeat("A",145999999),1);'
+       NOTE: (From upstream's ext/standard/tests/strings/explode_bug.phpt)
 CVE-2008-3658 (Buffer overflow in the imageloadfont function in ext/gd/gd.c in 
PHP ...)
        TODO: check
 CVE-2008-3657 (The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 
1.8.6-p286, ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r9716 - data/CVE

Reply via email to