Author: carnil Date: 2017-11-19 08:11:51 +0000 (Sun, 19 Nov 2017) New Revision: 57812
Modified: data/CVE/list Log: php5 is removed, correct status Since 5.4.4.-1 php5 used system libzip although the ext file might be compiled. Mark issue as unimportant. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-19 04:42:54 UTC (rev 57811) +++ data/CVE/list 2017-11-19 08:11:51 UTC (rev 57812) @@ -8125,11 +8125,11 @@ [stretch] - libzip <no-dsa> (Minor issue) [jessie] - libzip <no-dsa> (Minor issue) [wheezy] - libzip <no-dsa> (Minor issue) - - php5 <unfixed> - [wheezy] - php5 <no-dsa> (Minor issue) + - php5 <removed> (unimportant) NOTE: https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/ NOTE: https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5 - NOTE: https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567 + NOTE: PHP commit: https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567 + NOTE: Marked as unimportant, php5 uses system libzip since 5.4.5-1 CVE-2017-14105 (HiveManager Classic through 8.1r1 allows arbitrary JSP code execution ...) NOT-FOR-US: HiveManager CVE-2017-14104 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits