Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d8e26a87 by Salvatore Bonaccorso at 2019-03-08T13:34:27Z Add new PHP issues (fixed in 7.3.3, 7.2.16 and 7.1.27) with needed CVE - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,51 @@ +CVE-2019-XXXX [rename() across the device may allow unwanted access during processing] + - php7.3 7.3.3-1 + - php7.0 <removed> + - php5 <removed> + NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77630 +CVE-2019-XXXX [Uninitialized read in exif_process_IFD_in_TIFF] + - php7.3 7.3.3-1 + - php7.0 <removed> + - php5 <removed> + NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77509 +CVE-2019-XXXX [Invalid Read on exif_process_SOFn] + - php7.3 7.3.3-1 + - php7.0 <removed> + - php5 <removed> + NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77540 +CVE-2019-XXXX [Uninitialized read in exif_process_IFD_in_MAKERNOTE / 77563] + - php7.3 7.3.3-1 + - php7.0 <removed> + - php5 <removed> + NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77563 +CVE-2019-XXXX [Uninitialized read in exif_process_IFD_in_MAKERNOTE / 77659] + - php7.3 7.3.3-1 + - php7.0 <removed> + - php5 <removed> + NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77659 +CVE-2019-XXXX [Null Pointer Dereference in phar_create_or_parse_filename] + - php7.3 7.3.3-1 + - php7.0 <removed> + - php5 <removed> + NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77396 +CVE-2019-XXXX [phar_tar_writeheaders_int() buffer overflow] + - php7.3 7.3.3-1 + - php7.0 <removed> + - php5 <removed> + NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77586 +CVE-2019-XXXX [openFile() silently truncates after a null byte] + - php7.3 7.3.3-1 + - php7.0 <removed> + - php5 <removed> + NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77431 CVE-2019-9633 (gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent ...) TODO: check CVE-2019-9632 (ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8e26a879e728f668a2a02a68622fc34f36207b7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8e26a879e728f668a2a02a68622fc34f36207b7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
