Author: roberto Date: 2017-11-19 03:56:43 +0000 (Sun, 19 Nov 2017) New Revision: 57807
Modified: data/CVE/list Log: Note that CVE-2017-14107 also affects php5 and mark no-DSA in wheezy, not sure about jessie Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-19 03:55:53 UTC (rev 57806) +++ data/CVE/list 2017-11-19 03:56:43 UTC (rev 57807) @@ -8124,8 +8124,11 @@ [stretch] - libzip <no-dsa> (Minor issue) [jessie] - libzip <no-dsa> (Minor issue) [wheezy] - libzip <no-dsa> (Minor issue) + - php5 <unfixed> + [wheezy] - php5 <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/ NOTE: https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5 + NOTE: https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567 CVE-2017-14105 (HiveManager Classic through 8.1r1 allows arbitrary JSP code execution ...) NOT-FOR-US: HiveManager CVE-2017-14104 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits