Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d2d4e77d by Salvatore Bonaccorso at 2020-08-23T19:40:36+02:00
Reference bugs.php.net URLs with HTTPS transport
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41251,7 +41251,7 @@ CVE-2020-7063 (In PHP versions 7.2.x below 7.2.28,
7.3.x below 7.3.15 and 7.4.x
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28
- NOTE: PHP Bug: http://bugs.php.net/79082
+ NOTE: PHP Bug: https://bugs.php.net/79082
CVE-2020-7062 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and
7.4.x below ...)
{DSA-4719-1 DSA-4717-1 DLA-2160-1}
- php7.4 7.4.3-1
@@ -41259,14 +41259,14 @@ CVE-2020-7062 (In PHP versions 7.2.x below 7.2.28,
7.3.x below 7.3.15 and 7.4.x
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28
- NOTE: PHP Bug: http://bugs.php.net/79221
+ NOTE: PHP Bug: https://bugs.php.net/79221
CVE-2020-7061 (In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while
extrac ...)
- php7.4 <not-affected> (Windows specific issue)
- php7.3 <not-affected> (Windows specific issue)
- php7.0 <not-affected> (Windows specific issue)
- php5 <not-affected> (Windows specific issue)
NOTE: Fixed in PHP 7.4.3, 7.3.15
- NOTE: PHP Bug: http://bugs.php.net/79171
+ NOTE: PHP Bug: https://bugs.php.net/79171
CVE-2020-7060 (When using certain mbstring functions to convert multibyte
encodings, ...)
{DSA-4628-1 DSA-4626-1 DLA-2124-1}
- php7.4 7.4.2-7
@@ -41274,7 +41274,7 @@ CVE-2020-7060 (When using certain mbstring functions to
convert multibyte encodi
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27
- NOTE: PHP Bug: http://bugs.php.net/79037
+ NOTE: PHP Bug: https://bugs.php.net/79037
CVE-2020-7059 (When using fgetss() function to read data with stripping tags,
in PHP ...)
{DSA-4628-1 DSA-4626-1 DLA-2124-1}
- php7.4 7.4.2-7
@@ -84876,13 +84876,13 @@ CVE-2019-11050 (When PHP EXIF extension is parsing
EXIF information from an imag
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.1, 7.3.13
- NOTE: PHP Bug: http://bugs.php.net/78793
+ NOTE: PHP Bug: https://bugs.php.net/78793
CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when
supplyin ...)
- php7.3 <not-affected> (Windows specific issue)
- php7.0 <not-affected> (Windows specific issue)
- php5 <not-affected> (Windows specific issue)
NOTE: Fixed in PHP 7.4.1, 7.3.13
- NOTE: PHP Bug: http://bugs.php.net/78943
+ NOTE: PHP Bug: https://bugs.php.net/78943
CVE-2019-11048 (In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and
7.4.x below ...)
{DSA-4719-1 DSA-4717-1 DLA-2261-1}
- php7.4 7.4.9-1
@@ -84904,14 +84904,14 @@ CVE-2019-11047 (When PHP EXIF extension is parsing
EXIF information from an imag
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.1, 7.3.13
- NOTE: PHP Bug: http://bugs.php.net/78910
+ NOTE: PHP Bug: https://bugs.php.net/78910
CVE-2019-11046 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and
7.4.0, PHP ...)
{DSA-4628-1 DSA-4626-1 DLA-2050-1}
- php7.3 7.3.15-1
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.1, 7.3.13
- NOTE: PHP Bug: http://bugs.php.net/78878
+ NOTE: PHP Bug: https://bugs.php.net/78878
NOTE:
https://git.php.net/?p=php-src.git;a=patch;h=2d07f00b73d8f94099850e0f5983e1cc5817c196
CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and
7.4.0, PHP ...)
{DSA-4628-1 DSA-4626-1 DLA-2050-1}
@@ -84919,14 +84919,14 @@ CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26,
7.3.x below 7.3.13 and 7.4.0
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.1, 7.3.13
- NOTE: PHP Bug: http://bugs.php.net/78863
+ NOTE: PHP Bug: https://bugs.php.net/78863
NOTE:
https://git.php.net/?p=php-src.git;a=patch;h=d74907b8575e6edb83b728c2a94df434c23e1f79
CVE-2019-11044 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and
7.4.0 on Wi ...)
- php7.3 <not-affected> (Windows specific issue)
- php7.0 <not-affected> (Windows specific issue)
- php5 <not-affected> (Windows specific issue)
NOTE: Fixed in PHP 7.4.1, 7.3.13
- NOTE: PHP Bug: http://bugs.php.net/78862
+ NOTE: PHP Bug: https://bugs.php.net/78862
CVE-2019-11043 (In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and
7.3.x below ...)
{DSA-4553-1 DSA-4552-1 DLA-1970-1}
- php7.3 7.3.11-1~deb10u1 (bug #943468; bug #943764)
@@ -206969,35 +206969,35 @@ CVE-2017-5527 (TIBCO Spotfire Server 7.0.X before
7.0.2, 7.5.x before 7.5.1, 7.6
CVE-2016-10162 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP
7.0.x befo ...)
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- NOTE: PHP Bug: http://bugs.php.net/73831
+ NOTE: PHP Bug: https://bugs.php.net/73831
NOTE: Fixed in 7.0.15, 7.1.1
CVE-2016-10161 (The object_common1 function in ext/standard/var_unserializer.c
in PHP ...)
{DSA-3783-1 DLA-818-1}
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
- NOTE: PHP Bug: http://bugs.php.net/73825
+ NOTE: PHP Bug: https://bugs.php.net/73825
NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10160 (Off-by-one error in the phar_parse_pharfile function in
ext/phar/phar. ...)
{DSA-3783-1 DLA-818-1}
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
- NOTE: PHP Bug: http://bugs.php.net/73768
+ NOTE: PHP Bug: https://bugs.php.net/73768
NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10159 (Integer overflow in the phar_parse_pharfile function in
ext/phar/phar. ...)
{DSA-3783-1 DLA-818-1}
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
- NOTE: PHP Bug: http://bugs.php.net/73764
+ NOTE: PHP Bug: https://bugs.php.net/73764
NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10158 (The exif_convert_any_to_int function in ext/exif/exif.c in PHP
before ...)
{DSA-3783-1 DLA-818-1}
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
- NOTE: PHP Bug: http://bugs.php.net/73737
+ NOTE: PHP Bug: https://bugs.php.net/73737
NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10157 (Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it
tries to ...)
NOT-FOR-US: Akamai NetSession
@@ -293811,7 +293811,7 @@ CVE-2014-3480 (The cdf_count_chain function in cdf.c
in file before 5.19, as use
NOTE:
https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382
- php5 5.6.0~rc1+dfsg-1
[squeeze] - php5 5.3.3-7+squeeze21
- NOTE: http://bugs.php.net/bug.php?id=67412
+ NOTE: https://bugs.php.net/bug.php?id=67412
CVE-2014-3479 (The cdf_check_stream_offset function in cdf.c in file before
5.19, as ...)
{DSA-3021-1 DSA-2974-1 DLA-27-1}
- file 1:5.19-1
@@ -293827,7 +293827,7 @@ CVE-2014-3478 (Buffer overflow in the mconvert
function in softmagic.c in file b
NOTE:
https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08
- php5 5.6.0~rc1+dfsg-1
[squeeze] - php5 <not-affected> (Vulnerable code was introduced later)
- NOTE: http://bugs.php.net/bug.php?id=67410
+ NOTE: https://bugs.php.net/bug.php?id=67410
CVE-2014-3477 (The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before
1.6.20, and ...)
{DSA-2971-1 DLA-87-1}
- dbus 1.8.4-1 (low)
@@ -399564,7 +399564,7 @@ CVE-2007-5901 (Use-after-free vulnerability in the
gss_indicate_mechs function i
CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection
mechanisms co ...)
NOTE: Apparently a dupe of CVE-2007-4659 due to temporary revoke of the
patch
NOTE: from CVS and later re-introduction
- NOTE: http://bugs.php.net/bug.php?id=41561
+ NOTE: https://bugs.php.net/bug.php?id=41561
CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5
rewrites local ...)
{DSA-1444-1}
- php5 5.2.5-1 (bug #453295)
@@ -439852,7 +439852,7 @@ CVE-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed
with world writable permissi
CVE-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when
mounting CI ...)
NOT-FOR-US: Iomega hardware issue
CVE-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo
function in PH ...)
- NOTE: According to http://bugs.php.net/bug.php?id=19881 this only
affects a
+ NOTE: According to https://bugs.php.net/bug.php?id=19881 this only
affects a
NOTE: php function that displays the PHP logo and version information.
In the bug
NOTE: log the developers seem unwilling to fix this, as it only affects
a debug
NOTE: function.
@@ -445164,7 +445164,7 @@ CVE-2005-0598 (The RealServer RealSubscriber on Cisco
devices running Applicatio
CVE-2005-0597 (Cisco devices running Application and Content Networking System
(ACNS) ...)
NOT-FOR-US: Cisco
CVE-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service
(daemon cra ...)
- NOTE: Fixed in CVS after 4.3.4 release; see
http://bugs.php.net/bug.php?id=27037
+ NOTE: Fixed in CVS after 4.3.4 release; see
https://bugs.php.net/bug.php?id=27037
- php4 4:4.3.8-1
CVE-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote
attackers to ...)
NOT-FOR-US: BadBlue
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2d4e77d4a471c6342d9ea341ae3c173096487f4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2d4e77d4a471c6342d9ea341ae3c173096487f4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
