[Git][security-tracker-team/security-tracker][master] record one more fix for php in sid

Fri, 27 Sep 2024 13:46:09 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c7709f79 by Moritz Muehlenhoff at 2024-09-27T16:46:11+02:00
record one more fix for php in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26379,13 +26379,15 @@ CVE-2024-8926 [Bypass of CVE-2024-4577, Parameter 
Injection Vulnerability]
        NOTE: 
https://github.com/php/php-src/security/advisories/GHSA-p99j-rfp4-xqvq
        NOTE: 
https://github.com/php/php-src/commit/abcfd980bfa03298792fd3aba051c78d52f10642 
(PHP-8.2.24)
 CVE-2024-2408 (The openssl_private_decrypt function in PHP, when using PKCS1 
padding  ...)
-       - php8.2 <unfixed>
-       [bookworm] - php8.2 <postponed> (Minor issue, revisit when fixed 
upstream)
+       - php8.2 8.2.18-1
+       [bookworm] - php8.2 <ignored> (OpenSSL in Bookworm lacks the necessary 
support in OpenSSL)
        - php7.4 <removed>
        [bullseye] - php7.4 <postponed> (Minor issue, revisit when fixed 
upstream)
        - php7.3 <removed>
        [buster] - php7.3 <postponed> (Minor issue, revisit when fixed upstream)
        NOTE: 
https://github.com/php/php-src/security/advisories/GHSA-hh26-4ppw-5864
+       NOTE: The fix requires support in openssl. Marking the first upload of 
php8.2 to unstable
+       NOTE: after openssl 3.2.1-3 was uploaded to unstable in 04 Apr 2024 as 
the fixed version (8.2.18-1)
 CVE-2024-25929 (Missing Authorization vulnerability in MultiVendorX Product 
Catalog En ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-25092 (Missing Authorization vulnerability in XLPlugins NextMove 
Lite.This is ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7709f7967805bcda646b9d4caef72b3c88129d5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7709f7967805bcda646b9d4caef72b3c88129d5
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to