[Secure-testing-commits] r37611 - data/CVE

Salvatore Bonaccorso Sat, 07 Nov 2015 22:38:25 -0800

Author: carnil
Date: 2015-11-08 06:37:49 +0000 (Sun, 08 Nov 2015)
New Revision: 37611


Modified:
   data/CVE/list
Log:
Update note for CVE-2014-5459

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-11-07 22:32:48 UTC (rev 37610)
+++ data/CVE/list       2015-11-08 06:37:49 UTC (rev 37611)
@@ -33949,10 +33949,12 @@
        - ntopng 1.2.1+dfsg1-1 (bug #760990)
        NOTE: http://seclists.org/fulldisclosure/2014/Aug/65
 CVE-2014-5459 (The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 
allows ...)
-       - php5 <unfixed> (low; bug #759282)
+       - php5 <unfixed> (low; bug #682157; bug #759282)
        [jessie] - php5 <no-dsa> (Minor issue)
        [wheezy] - php5 <no-dsa> (Minor issue)
        [squeeze] - php5 <no-dsa> (Minor issue)
+       NOTE: Although #682157 and #759282 got closed the issues with unsafe 
use of
+       NOTE: /tmp are not yet resolved, cf. https://bugs.debian.org/682157#36
 CVE-2014-5450
        RESERVED
        - zarafa <itp> (bug #658433)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r37611 - data/CVE

Reply via email to