Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Linux kernel security hardening Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Tue, 11 May 2010 19:31:45 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: Month of PHP Security 2010 Issues


Here is the latest round of CVE assignments for MOPS advisories.

>MOPS-2010-021: PHP fnmatch() Stack Exhaustion Vulnerability

CVE-2010-1917


>MOPS-2010-020: Xinha WYSIWYG Plugin Configuration Injection Vulnerability
>MOPS-2010-019: Serendipity WYSIWYG Editor Plugin Configuration Injection

These two are combined into a single CVE:

CVE-2010-1916


>MOPS-2010-018: EFront ask_chat chatrooms_ID SQL Injection Vulnerability

CVE-2010-1918


>MOPS-2010-017: PHP preg_quote() Interruption Information Leak

CVE-2010-1915


>MOPS-2010-016: PHP ZEND_SR Opcode Interruption Address Information Leak 
>MOPS-2010-015: PHP ZEND_SL Opcode Interruption Address Information Leak 
>MOPS-2010-014: PHP ZEND_BW_XOR Opcode Interruption Address Information

These three are combined into a single CVE:

CVE-2010-1914


- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ