Author: geissert
Date: 2011-03-12 19:23:05 +0000 (Sat, 12 Mar 2011)
New Revision: 16370
Modified:
data/CVE/list
Log:
php5: PEAR issue CVEified, 1 not-affected, 1 unimportant
glibc: glob DoS
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-03-12 11:30:36 UTC (rev 16369)
+++ data/CVE/list 2011-03-12 19:23:05 UTC (rev 16370)
@@ -607,7 +607,7 @@
- unixodbc <unfixed> (low; bug #617655)
NOTE: http://seclists.org/oss-sec/2011/q1/446
CVE-2011-1144 (The installer in PEAR 1.9.2 and earlier allows local users to
...)
- TODO: apparenty not in Debian. Raphael, can you confirm?
+ - php5 <not-affected> (incomplete never used in Debian packages)
CVE-2011-1143 (epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in
Wireshark ...)
- wireshark 1.4.4-1 (unimportant)
CVE-2011-1142 (Stack consumption vulnerability in the dissect_ber_choice
function in ...)
@@ -635,6 +635,8 @@
CVE-2011-1126
RESERVED
CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or
libc6) ...)
+ - glibc <removed>
+ - eglibc <unfixed>
TODO: check
CVE-2010-4755 (The (1) remote_glob function in sftp-glob.c and the (2)
process_put ...)
NOTE: That's essentially shooting yourself in your own foot:
@@ -804,9 +806,9 @@
RESERVED
CVE-2011-1092 [PHP: shmop_read, missing sanity check]
RESERVED
- - php5 <unfixed>
+ - php5 <unfixed> (unimportant)
+ NOTE: only exploitable by malicious scripts
NOTE: http://seclists.org/oss-sec/2011/q1/430
- TODO: determine severity. file a bts bug.
CVE-2011-1091
RESERVED
CVE-2011-1090
@@ -858,8 +860,6 @@
- cron <not-affected> (Debian's cron not affected)
CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local
users ...)
- cron <not-affected> (Debian's cron not affected)
-CVE-2011-1072 (The installer in PEAR before 1.9.2 allows local users to
overwrite ...)
- TODO: apparenty not in Debian. Raphael, can you confirm?
CVE-2011-1071 [eglibc: memory corruption]
RESERVED
- glibc <removed>
@@ -20172,12 +20172,10 @@
[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
CVE-2009-3526
RESERVED
-CVE-2009-XXXX [php5's pear is vulnerable to symlink attacks]
+CVE-2011-1072 [php5's pear is vulnerable to symlink attacks]
- php5 <unfixed> (low; bug #546164)
[squeeze] - php5 <no-dsa> (Minor issue)
- NOTE: side-effect reported to upstream: http://bugs.php.net/44354
- NOTE: but they apparently only fixed the issue at build time
- NOTE: needs re-testing, as I don't remember the test conditions
+ NOTE: side-effect also reported at: http://bugs.php.net/44354
CVE-2009-XXXX [kfreebsd: Devfs / VFS NULL pointer race condition]
- kfreebsd-6 <removed>
[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
