[Secure-testing-commits] r39924 - data/CVE

Salvatore Bonaccorso Thu, 25 Feb 2016 08:42:03 -0800

Author: carnil
Date: 2016-02-25 16:39:48 +0000 (Thu, 25 Feb 2016)
New Revision: 39924


Modified:
   data/CVE/list
Log:
Several issues without CVE fixed in php5 in unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-02-25 15:32:24 UTC (rev 39923)
+++ data/CVE/list       2016-02-25 16:39:48 UTC (rev 39924)
@@ -611,7 +611,7 @@
        NOTE: Introduced by: 
https://git.kernel.org/linus/9bac3d6d548e5cc925570b263f35b70a00a00ffd (v4.1-rc1)
        NOTE: http://www.openwall.com/lists/oss-security/2016/02/14/1
 CVE-2016-XXXX [exec functions ignore length but look for NULL termination]
-       - php5 <unfixed>
+       - php5 5.6.18+dfsg-1
        - php5.6 5.6.18+dfsg-1
        - php7.0 7.0.3-1
        NOTE: https://bugs.php.net/bug.php?id=71039
@@ -619,13 +619,13 @@
        NOTE: 
https://git.php.net/?p=php-src.git;a=commit;h=c527549e899bf211aac7d8ab5ceb1bdfedf07f14
        NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
 CVE-2016-XXXX [No check to duplicate zend_extension]
-       - php5 <unfixed>
+       - php5 5.6.18+dfsg-1
        - php5.6 5.6.18+dfsg-1
        - php7.0 7.0.3-1
        NOTE: https://bugs.php.net/bug.php?id=71089
        NOTE: Fixed in 5.6.18, 7.0.3
 CVE-2016-XXXX [round() segfault on 64-bit builds]
-       - php5 <unfixed>
+       - php5 5.6.18+dfsg-1
        - php5.6 5.6.18+dfsg-1
        - php7.0 7.0.3-1
        NOTE: https://bugs.php.net/bug.php?id=71201
@@ -634,7 +634,7 @@
        NOTE: Fixed in 5.6.18, 7.0.3
        NOTE: can be possibly considered a plain bug not a security issue
 CVE-2016-XXXX [Output of stream_get_meta_data can be falsified by its input]
-       - php5 <unfixed>
+       - php5 5.6.18+dfsg-1
        - php5.6 5.6.18+dfsg-1
        - php7.0 7.0.3-1
        NOTE: https://bugs.php.net/bug.php?id=71323
@@ -642,7 +642,7 @@
        NOTE: 
https://git.php.net/?p=php-src.git;a=commit;h=6297a117d77fa3a0df2e21ca926a92c231819cd5
        NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
 CVE-2016-XXXX [Integer overflow in iptcembed()]
-       - php5 <unfixed>
+       - php5 5.6.18+dfsg-1
        - php5.6 5.6.18+dfsg-1
        - php7.0 7.0.3-1
        NOTE: https://bugs.php.net/bug.php?id=71459
@@ -650,7 +650,7 @@
        NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=54c210d2ea9b8539edcde1888b1104b96b38e886
        NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
 CVE-2016-XXXX [Heap corruption in tar/zip/phar parser]
-       - php5 <unfixed>
+       - php5 5.6.18+dfsg-1
        - php5.6 5.6.18+dfsg-1
        - php7.0 7.0.3-1
        NOTE: https://bugs.php.net/bug.php?id=71354
@@ -658,7 +658,7 @@
        NOTE: 
https://git.php.net/?p=php-src.git;a=commit;h=13ad4d3e971807f9a58ab5933182907dc2958539
        NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
 CVE-2016-XXXX [NULL Pointer Dereference in phar_tar_setupmetadata()]
-       - php5 <unfixed>
+       - php5 5.6.18+dfsg-1
        - php5.6 5.6.18+dfsg-1
        - php7.0 7.0.3-1
        NOTE: https://bugs.php.net/bug.php?id=71391
@@ -666,7 +666,7 @@
        NOTE: 
https://git.php.net/?p=php-src.git;a=commit;h=1c1b8b69982375700d4b011eb89ea48b66dbd5aa
        NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
 CVE-2016-2554 [Stack overflow when decompressing tar archives]
-       - php5 <unfixed>
+       - php5 5.6.18+dfsg-1
        - php5.6 5.6.18+dfsg-1
        - php7.0 7.0.3-1
        NOTE: https://bugs.php.net/bug.php?id=71488
@@ -675,7 +675,7 @@
        NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
        NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/5
 CVE-2016-XXXX [Crash in SessionHandler::read()]
-       - php5 <unfixed>
+       - php5 5.6.18+dfsg-1
        - php5.6 5.6.18+dfsg-1
        - php7.0 <undetermined>
        NOTE: https://bugs.php.net/bug.php?id=69111
@@ -684,7 +684,7 @@
        NOTE: Fixed in 5.6.18
        TODO: check, can possibly be considered not security
 CVE-2016-XXXX [Type confusion vulnerability in WDDX packet deserialization]
-       - php5 <unfixed>
+       - php5 5.6.18+dfsg-1
        - php5.6 5.6.18+dfsg-1
        - php7.0 7.0.3-1
        NOTE: https://bugs.php.net/bug.php?id=71335
@@ -692,7 +692,7 @@
        NOTE: 
https://git.php.net/?p=php-src.git;a=commit;h=285cd3417fb61597345b829f5f573707bbdcd484
        NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
 CVE-2016-XXXX [Crash on bad SOAP request]
-       - php5 <unfixed>
+       - php5 5.6.18+dfsg-1
        - php5.6 5.6.18+dfsg-1
        - php7.0 7.0.3-1
        NOTE: https://bugs.php.net/bug.php?id=70979
@@ -700,7 +700,7 @@
        NOTE: 
https://git.php.net/?p=php-src.git;a=commit;h=4308c868f94df1f2b99e80038ba5ea1076d919a7
        NOTE: Fixed in 5.6.18, 7.0.3
 CVE-2016-XXXX [Segmentation fault in clean spl_autoload functions while 
autoloading]
-       - php5 <unfixed>
+       - php5 5.6.18+dfsg-1
        - php5.6 5.6.18+dfsg-1
        - php7.0 7.0.3-1
        NOTE: https://bugs.php.net/bug.php?id=71204


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39924 - data/CVE

Reply via email to