Attachment #157908 for bug #200926

View | Details | Raw Unified | Return to bug 200926 | Differences between
Collapse All | Expand All





-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="cdff0af2-1492-11e5-a1cf-002590263bf5">
    <topic>php5 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>php5</name>
	<name>php5-ftp</name>
	<name>php5-pgsql</name>
	<range><lt>5.4.42</lt></range>
      </package>
      <package>
	<name>php55</name>
	<name>php55-ftp</name>
	<name>php55-pgsql</name>
	<range><lt>5.5.26</lt></range>
      </package>
      <package>
	<name>php56</name>
	<name>php56-ftp</name>
	<name>php56-psql</name>
	<range><lt>5.6.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The PHP project reports:</p>
	<blockquote cite="http://www.php.net/ChangeLog-5.php">
	  <p>Core:</p>
	  <ul>
	    <li>Fixed bug #69719 (Incorrect handling of paths with NULs).</li>
	  </ul>
	  <p>FTP:</p>
	  <ul>
	    <li>Improved fix for bug #69545 (Integer overflow in ftp_genlist()
	       resulting in heap overflow). (CVE-2015-4643)</li>
	  </ul>
	  <p>Postgres:</p>
	  <ul>
	    <li>Fixed bug #69667 (segfault in php_pgsql_meta_data).
	      (CVE-2015-4644)</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2015-4643</cvename>
      <cvename>CVE-2015-4644</cvename>
      <url>http://www.php.net/ChangeLog-5.php#5.4.42</url>
      <url>http://www.php.net/ChangeLog-5.php#5.5.26</url>
      <url>http://www.php.net/ChangeLog-5.php#5.6.10</url>
      <mlist>http://openwall.com/lists/oss-security/2015/06/18/3</mlist>
    </references>
    <dates>
      <discovery>2015-06-11</discovery>
      <entry>2015-06-20</entry>
    </dates>
  </vuln>

  <vuln vid="968d1e74-1740-11e5-a643-40a8f0757fb4">
    <topic>p5-Dancer -- possible to abuse session cookie values</topic>
    <affects>

Return to bug 200926

Lines 57-62 Link Here

(-)vuln.xml (+57 lines)
57		57
58	-->	58	-->
59	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	59	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		60	<vuln vid="cdff0af2-1492-11e5-a1cf-002590263bf5">
		61	<topic>php5 -- multiple vulnerabilities</topic>
		62	<affects>
		63	<package>
		64	<name>php5</name>
		65	<name>php5-ftp</name>
		66	<name>php5-pgsql</name>
		67	<range><lt>5.4.42</lt></range>
		68	</package>
		69	<package>
		70	<name>php55</name>
		71	<name>php55-ftp</name>
		72	<name>php55-pgsql</name>
		73	<range><lt>5.5.26</lt></range>
		74	</package>
		75	<package>
		76	<name>php56</name>
		77	<name>php56-ftp</name>
		78	<name>php56-psql</name>
		79	<range><lt>5.6.10</lt></range>
		80	</package>
		81	</affects>
		82	<description>
		83	<body xmlns="http://www.w3.org/1999/xhtml">
		84	<p>The PHP project reports:</p>
		85	<blockquote cite="http://www.php.net/ChangeLog-5.php">
		86	<p>Core:</p>
		87	<ul>
		88	<li>Fixed bug #69719 (Incorrect handling of paths with NULs).</li>
		89	</ul>
		90	<p>FTP:</p>
		91	<ul>
		92	<li>Improved fix for bug #69545 (Integer overflow in ftp_genlist()
		93	resulting in heap overflow). (CVE-2015-4643)</li>
		94	</ul>
		95	<p>Postgres:</p>
		96	<ul>
		97	<li>Fixed bug #69667 (segfault in php_pgsql_meta_data).
		98	(CVE-2015-4644)</li>
		99	</ul>
		100	</blockquote>
		101	</body>
		102	</description>
		103	<references>
		104	<cvename>CVE-2015-4643</cvename>
		105	<cvename>CVE-2015-4644</cvename>
		106	<url>http://www.php.net/ChangeLog-5.php#5.4.42</url>
		107	<url>http://www.php.net/ChangeLog-5.php#5.5.26</url>
		108	<url>http://www.php.net/ChangeLog-5.php#5.6.10</url>
		109	<mlist>http://openwall.com/lists/oss-security/2015/06/18/3</mlist>
		110	</references>
		111	<dates>
		112	<discovery>2015-06-11</discovery>
		113	<entry>2015-06-20</entry>
		114	</dates>
		115	</vuln>
		116
60	<vuln vid="968d1e74-1740-11e5-a643-40a8f0757fb4">	117	<vuln vid="968d1e74-1740-11e5-a643-40a8f0757fb4">
61	<topic>p5-Dancer -- possible to abuse session cookie values</topic>	118	<topic>p5-Dancer -- possible to abuse session cookie values</topic>
62	<affects>	119	<affects>