[Secure-testing-commits] r48606 - data/CVE

Roberto C. Sanchez Tue, 31 Jan 2017 04:47:07 -0800

Author: roberto
Date: 2017-01-31 12:46:11 +0000 (Tue, 31 Jan 2017)
New Revision: 48606


Modified:
   data/CVE/list
Log:
Annotate DLA 628-1 as addressing CVE-2016-7125

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-01-31 11:42:16 UTC (rev 48605)
+++ data/CVE/list       2017-01-31 12:46:11 UTC (rev 48606)
@@ -21595,7 +21595,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
        NOTE: 
https://github.com/php/php-src/commit/b6f13a5ef9d6280cf984826a5de012a32c396cd4?w=1
 CVE-2016-7125 (ext/session/session.c in PHP before 5.6.25 and 7.x before 
7.0.10 skips ...)
-       {DSA-3689-1}
+       {DSA-3689-1 DLA-628-1}
        - php7.0 7.0.10-1
        - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72681
@@ -21604,6 +21604,7 @@
        NOTE: 
https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1
        NOTE: Scope of CVE also includes the "The similar issue also exist in 
session php_binary
        NOTE: handler" part of 72681.
+       NOTE: This was addressed in DLA-628-1 while the CVE ID was still 
temporary.
 CVE-2016-7124 (ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x 
before ...)
        {DSA-3689-1 DLA-749-1}
        - php7.0 7.0.10-1


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48606 - data/CVE

Reply via email to