Author: carnil
Date: 2017-03-15 16:12:37 +0000 (Wed, 15 Mar 2017)
New Revision: 49705
Modified:
data/CVE/list
Log:
Update notes for PHP issue CVE-2016-7479
This makes it most likely actually PHP 7.x only, but needs to be
reconfirmed. It is confirmed that Ubuntu applied the commit on basis of
applicability of the commit.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-15 14:44:02 UTC (rev 49704)
+++ data/CVE/list 2017-03-15 16:12:37 UTC (rev 49705)
@@ -24179,11 +24179,14 @@
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72610
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73092
NOTE: Fixed in 7.0.15
- NOTE: PHP 7.x:
http://git.php.net/?p=php-src.git;a=commit;h=0426b916df396a23e5c34514e4f2f0627efdcdf0
+ NOTE: PHP 5.x/7.x:
http://git.php.net/?p=php-src.git;a=commit;h=0426b916df396a23e5c34514e4f2f0627efdcdf0
NOTE: PHP 7.x:
http://git.php.net/?p=php-src.git;a=commit;h=b47c49d7a00bc34d7e0f3d72732f66e904da6fa7
- NOTE: according to Ubuntu, php5 is affected as well
+ NOTE: The change is in 5.6+, even though the property table issue only
affects
+ NOTE: PHP 7, because this also prevents a wide range of other
__wakeup() based
+ NOTE: attacks.
CVE-2016-7478 (Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and
7.x ...)
{DSA-3732-1}
- php7.1 <not-affected> (Fixed before initial upload to Debian)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
