[Secure-testing-commits] r44597 - in data: . CVE DLA

Salvatore Bonaccorso Wed, 14 Sep 2016 22:51:36 -0700

Author: carnil
Date: 2016-09-15 05:18:13 +0000 (Thu, 15 Sep 2016)
New Revision: 44597


Modified:
   data/CVE/list
   data/DLA/list
   data/next-point-update.txt
Log:
CVE-2016-7405 assigned for libphp-adodb issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-09-15 04:41:01 UTC (rev 44596)
+++ data/CVE/list       2016-09-15 05:18:13 UTC (rev 44597)
@@ -2227,8 +2227,6 @@
        RESERVED
 CVE-2016-7406
        RESERVED
-CVE-2016-7405
-       RESERVED
 CVE-2016-7404
        RESERVED
 CVE-2016-7403
@@ -2820,16 +2818,14 @@
        RESERVED
 CVE-2016-XXXX [SGI security bug]
        - imagemagick <unfixed> (bug #836776)
-CVE-2016-XXXX [incorrect quoting may allow SQL injection]
+CVE-2016-7405 [incorrect quoting may allow SQL injection]
        - libphp-adodb 5.20.6-1 (bug #837211)
        [jessie] - libphp-adodb <no-dsa> (Minor issue, can be fixed via point 
release)
-       [wheezy] - libphp-adodb 5.15-1+deb7u1
-       NOTE: Added workaround entry for DLA-620-1 until CVE is assigned
        NOTE: https://github.com/ADOdb/ADOdb/issues/226
        NOTE: https://github.com/ADOdb/ADOdb/commit/bd9eca9
        NOTE: Issue only with the PDO driver and only if queries built by 
inlining
        NOTE: the quoted string (not recommended).
-       NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/09/07/8
+       NOTE: http://www.openwall.com/lists/oss-security/2016/09/07/8
 CVE-2016-7154 [use after free in FIFO event channel code]
        RESERVED
        {DSA-3663-1}

Modified: data/DLA/list
===================================================================
--- data/DLA/list       2016-09-15 04:41:01 UTC (rev 44596)
+++ data/DLA/list       2016-09-15 05:18:13 UTC (rev 44597)
@@ -1,5 +1,5 @@
 [13 Sep 2016] DLA-620-1 libphp-adodb - security update
-       {CVE-2016-4855}
+       {CVE-2016-4855 CVE-2016-7405}
        [wheezy] - libphp-adodb 5.15-1+deb7u1
 [11 Sep 2016] DLA-619-1 qemu-kvm - security update
        {CVE-2016-7116}

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt  2016-09-15 04:41:01 UTC (rev 44596)
+++ data/next-point-update.txt  2016-09-15 05:18:13 UTC (rev 44597)
@@ -107,6 +107,5 @@
        [jessie] - elog 2.9.2+2014.05.11git44800a7-3
 CVE-2016-4855
        [jessie] - libphp-adodb 5.15-1+deb8u1
-CVE-2016-XXXX [incorrect quoting may allow SQL injection]
+CVE-2016-7405 [incorrect quoting may allow SQL injection]
        [jessie] - libphp-adodb 5.15-1+deb8u1
-       NOTE: for #837211 which has not yet a CVE


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44597 - in data: . CVE DLA

Reply via email to