summaryrefslogtreecommitdiff
path: root/security/vuxml
diff options
context:
space:
mode:
authorSimon L. B. Nielsen <simon@FreeBSD.org>2007-02-17 11:51:27 +0000
committerSimon L. B. Nielsen <simon@FreeBSD.org>2007-02-17 11:51:27 +0000
commite3788f1bb904ffa76b6a924b8ed9a57600ce1e90 (patch)
tree8c211fbd9bc2c614efdf8bdc5f7de3d2c428e7ec /security/vuxml
parent- Update to 0.3.2 (diff)
Document php -- multiple vulnerabilities.
Notes
Notes: svn path=/head/; revision=185366
Diffstat (limited to 'security/vuxml')
-rw-r--r--security/vuxml/vuln.xml70
1 files changed, 70 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 5fc1a8aaa3ed..72826dca83a0 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,76 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="7fcf1727-be71-11db-b2ec-000c6ec775d9">
+ <topic>php -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php5-imap</name>
+ <name>php5-odbc</name>
+ <name>php5-session</name>
+ <name>php5-shmop</name>
+ <name>php5-sqlite</name>
+ <name>php5-wddx</name>
+ <name>php5</name>
+ <range><lt>5.2.1</lt></range>
+ </package>
+ <package>
+ <name>php4-odbc</name>
+ <name>php4-session</name>
+ <name>php4-shmop</name>
+ <name>php4-wddx</name>
+ <name>php4</name>
+ <range><lt>4.4.5</lt></range>
+ </package>
+ <package>
+ <name>mod_php4-twig</name>
+ <name>mod_php4</name>
+ <name>mod_php5</name>
+ <name>mod_php</name>
+ <name>php4-cgi</name>
+ <name>php4-cli</name>
+ <name>php4-dtc</name>
+ <name>php4-horde</name>
+ <name>php4-nms</name>
+ <name>php5-cgi</name>
+ <name>php5-cli</name>
+ <name>php5-dtc</name>
+ <name>php5-horde</name>
+ <name>php5-nms</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Multiple vulnerabilities has been found in PHP, including:
+ buffer overflows, stack overflows, format string, and
+ information disclosure vulnerabilities.</p>
+ <p>The session extension contained <code>safe_mode</code> and
+ <code>open_basedir</code> bypasses, but the FreeBSD Security
+ Officer does not consider these real security
+ vulnerabilities, since <code>safe_mode</code> and
+ <code>open_basedir</code> are insecure by design and should
+ not be relied upon.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2007-0905</cvename>
+ <cvename>CVE-2007-0906</cvename>
+ <cvename>CVE-2007-0907</cvename>
+ <cvename>CVE-2007-0908</cvename>
+ <cvename>CVE-2007-0909</cvename>
+ <cvename>CVE-2007-0910</cvename>
+ <cvename>CVE-2007-0988</cvename>
+ <url>http://secunia.com/advisories/24089/</url>
+ <url>http://www.php.net/releases/4_4_5.php</url>
+ <url>http://www.php.net/releases/5_2_1.php</url>
+ </references>
+ <dates>
+ <discovery>2007-02-09</discovery>
+ <entry>2007-02-17</entry>
+ </dates>
+ </vuln>
+
<vuln vid="7bb127c1-a5aa-11db-9ddc-0011098b2f36">
<topic>joomla -- multiple remote vulnerabilities</topic>
<affects>
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-21 19:00:25 +0000