Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits:
52d782f4 by Brian May at 2019-07-30T07:26:49Z
Mark CVE-2017-7189/php5 ignore in Jessie
This security issue occurs because php ignores invalid trailing data in
the URL. However it is not possible to fix this because some
applications rely on the (broken) behaviour and will break if the API is
fixed.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -124644,6 +124644,7 @@ CVE-2017-7189 (main/streams/xp_socket.c in PHP 7.x
before 2017-03-07 misparses f
- php7.0 <removed>
[stretch] - php7.0 <ignored> (Upstream patch breaks existing
applications, was reverted again, revisit if a new approach has been identified)
- php5 <removed>
+ [jessie] - php5 <ignored> (Upstream patch breaks existing applications,
was reverted again, revisit if a new approach has been identified)
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74192
NOTE:
https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a
NOTE: The commit was later on reverted again because of breaking some
features.
=====================================
data/dla-needed.txt
=====================================
@@ -79,8 +79,6 @@ openjdk-7 (Markus Koschany)
--
otrs2 (Abhijith PA)
--
-php5
---
proftpd-dfsg (Markus Koschany)
--
python2.7 (Thorsten Alteholz)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/52d782f499f0eaaa6c085809b3ecd502a53871c2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/52d782f499f0eaaa6c085809b3ecd502a53871c2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
