[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Some PHP triage done for PHP DSAs

Wed, 10 Jan 2018 14:01:41 -0800 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b338fe1a by Moritz Muehlenhoff at 2018-01-10T23:00:32+01:00
Some PHP triage done for PHP DSAs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -37992,6 +37992,7 @@ CVE-2017-8924 (The edge_bulk_in_callback function in 
drivers/usb/serial/io_ti.c 
 CVE-2017-8923 (The zend_string_extend function in Zend/zend_string.h in PHP 
through ...)
        - php7.1 <unfixed> (bug #881539)
        - php7.0 <unfixed> (bug #881538)
+       [stretch] - php7.0 <ignored> (Minor issue)
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74577
        NOTE: (Duplicate of) PHP Bug: https://bugs.php.net/bug.php?id=73122
 CVE-2017-8922
@@ -43473,6 +43474,7 @@ CVE-2017-7272 (PHP through 7.1.3 enables potential SSRF 
in applications that acc
        - php7.1 7.1.4-1
        - php7.0 7.0.18-1
        - php5 <removed>
+       [jessie] - php5 <ignored> (Never applied to PHP 5 by upstream, breaks 
existing applications)
        NOTE: 
https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a
        NOTE: https://bugs.php.net/bug.php?id=74216
        NOTE: Fixed in 7.1.4 and 7.0.18
@@ -131041,12 +131043,10 @@ CVE-2014-5464 (Cross-site scripting (XSS) 
vulnerability in the nDPI traffic ...)
        - ntopng 1.2.1+dfsg1-1 (bug #760990)
        NOTE: http://seclists.org/fulldisclosure/2014/Aug/65
 CVE-2014-5459 (The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 
allows ...)
-       - php5 <removed> (low; bug #682157; bug #759282)
-       [jessie] - php5 <no-dsa> (Minor issue)
-       [wheezy] - php5 <no-dsa> (Minor issue)
-       [squeeze] - php5 <no-dsa> (Minor issue)
+       - php5 <removed> (unimportant; bug #682157; bug #759282)
        NOTE: Although #682157 and #759282 got closed the issues with unsafe 
use of
        NOTE: /tmp are not yet resolved, cf. https://bugs.debian.org/682157#36
+       NOTE: Neutralised by kernel hardening
 CVE-2014-5450
        RESERVED
        - zarafa <itp> (bug #658433)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b338fe1ac75ada5d77b1645389d4bca41fb7c965

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b338fe1ac75ada5d77b1645389d4bca41fb7c965
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to