diff options
| author | Andrew Pantyukhin <sat@FreeBSD.org> | 2006-10-06 05:12:29 +0000 |
|---|---|---|
| committer | Andrew Pantyukhin <sat@FreeBSD.org> | 2006-10-06 05:12:29 +0000 |
| commit | 0aceca32b69902e24cbbaf0c84f1aa05ab5fa4d2 (patch) | |
| tree | cb0e3e0d5b4a01ae6550fbd0a85b3579d321d3c7 /security | |
| parent | Add p5-Crypt-GCrypt 1.15, perl interface to the GNU Cryptographic (diff) | |
- Document _ecalloc Integer Overflow Vulnerability in php5
Notes
Notes:
svn path=/head/; revision=174632
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 20ead4df288d..5adc73ff1267 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,41 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="e329550b-54f7-11db-a5ae-00508d6a62df"> + <topic>php -- _ecalloc Integer Overflow Vulnerability</topic> + <affects> + <package> + <name>php5</name> + <range><lt>5.1.6_1</lt></range> + </package> + <package> + <name>php5-cli</name> + <name>php5-cgi</name> + <name>php5-dtc</name> + <name>php5-horde</name> + <name>php5-nms</name> + <name>mod_php5</name> + <range><ge>0</ge></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <blockquote cite="http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?view=log#rev1.162"> + <p>Ilia Alshanetsky reports lack of safety checks against + integer overflow in Zend Engine II.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2006-4812</cvename> + <url>http://secunia.com/advisories/22280/</url> + </references> + <dates> + <discovery>2006-09-30</discovery> + <entry>2006-10-06</entry> + </dates> + </vuln> + <vuln vid="8a5770b4-54b5-11db-a5ae-00508d6a62df"> <topic>mambo -- multiple SQL injection vulnerabilities</topic> <affects> |