[Secure-testing-commits] r57812 - data/CVE

Salvatore Bonaccorso Sun, 19 Nov 2017 00:12:08 -0800

Author: carnil
Date: 2017-11-19 08:11:51 +0000 (Sun, 19 Nov 2017)
New Revision: 57812


Modified:
   data/CVE/list
Log:
php5 is removed, correct status

Since 5.4.4.-1 php5 used system libzip although the ext file might be
compiled. Mark issue as unimportant.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-11-19 04:42:54 UTC (rev 57811)
+++ data/CVE/list       2017-11-19 08:11:51 UTC (rev 57812)
@@ -8125,11 +8125,11 @@
        [stretch] - libzip <no-dsa> (Minor issue)
        [jessie] - libzip <no-dsa> (Minor issue)
        [wheezy] - libzip <no-dsa> (Minor issue)
-       - php5 <unfixed>
-       [wheezy] - php5 <no-dsa> (Minor issue)
+       - php5 <removed> (unimportant)
        NOTE: 
https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/
        NOTE: 
https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5
-       NOTE: 
https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567
+       NOTE: PHP commit: 
https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567
+       NOTE: Marked as unimportant, php5 uses system libzip since 5.4.5-1
 CVE-2017-14105 (HiveManager Classic through 8.1r1 allows arbitrary JSP code 
execution ...)
        NOT-FOR-US: HiveManager
 CVE-2017-14104


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57812 - data/CVE

Reply via email to