[Secure-testing-commits] r45842 - in data: CVE DSA

Tue, 01 Nov 2016 09:58:13 -0700 

Author: carnil
Date: 2016-11-01 16:57:17 +0000 (Tue, 01 Nov 2016)
New Revision: 45842

Modified:
   data/CVE/list
   data/DSA/list
Log:
CVE-2016-913{7,8} assigned for php

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-11-01 16:20:39 UTC (rev 45841)
+++ data/CVE/list       2016-11-01 16:57:17 UTC (rev 45842)
@@ -1036,15 +1036,19 @@
        NOTE: https://blog.torproject.org/blog/tor-0289-released-important-fixes
        NOTE: 
https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce
        NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/11
-CVE-2016-XXXX [Use After Free in unserialize()]
+CVE-2016-9138 [Issues from Upstream bug #73147 still unfixed in 5.6.27 and 
7.0.12]
+       - php7.0 <unfixed>
+       - php5 <unfixed>
+       NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
+       NOTE: http://www.openwall.com/lists/oss-security/2016/11/01/7
+CVE-2016-9137 [Use After Free in unserialize()]
        - php7.0 7.0.12-1
        - php5 <unfixed>
-       [jessie] - php5 5.6.27+dfsg-0+deb8u1
        NOTE: Workaround entry for DSA-3698-1 until CVE assigned
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
        NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f
        NOTE: NOTE: Fixed in 7.0.12, 5.6.27
-       NOTE: CVE Request: www.openwall.com/lists/oss-security/2016/10/18/1
+       NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/1
 CVE-2016-8673
        RESERVED
 CVE-2016-8672

Modified: data/DSA/list
===================================================================
--- data/DSA/list       2016-11-01 16:20:39 UTC (rev 45841)
+++ data/DSA/list       2016-11-01 16:57:17 UTC (rev 45842)
@@ -11,6 +11,7 @@
 [25 Oct 2016] DSA-3699-1 virtualbox - end of life
        [jessie] - virtualbox <end-of-life>
 [24 Oct 2016] DSA-3698-1 php5 - security update
+       {CVE-2016-9137}
        [jessie] - php5 5.6.27+dfsg-0+deb8u1
 [21 Oct 2016] DSA-3697-1 kdepimlibs - security update
        {CVE-2016-7966}


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to