Author: carnil Date: 2016-09-18 11:59:19 +0000 (Sun, 18 Sep 2016) New Revision: 44707
Modified: data/CVE/list Log: PHP 5.6.26 uploaded to unstable fixing various CVEs (for both 5.6.25 and 5.6.26 fixed version upstream) Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-09-18 11:58:08 UTC (rev 44706) +++ data/CVE/list 2016-09-18 11:59:19 UTC (rev 44707) @@ -2238,7 +2238,7 @@ CVE-2016-7418 [Out-Of-Bounds Read in php_wddx_push_element] RESERVED - php7.0 <unfixed> - - php5 <unfixed> + - php5 5.6.26+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73065 NOTE: Fixed in 7.0.11, 5.6.26 NOTE: https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1 @@ -2247,14 +2247,14 @@ CVE-2016-7417 [Missing type check when unserializing SplArray] RESERVED - php7.0 <unfixed> - - php5 <unfixed> + - php5 5.6.26+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73029 NOTE: Fixed in 7.0.11, 5.6.26 NOTE: https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1 CVE-2016-7416 [add locale length check] RESERVED - php7.0 <unfixed> - - php5 <unfixed> + - php5 5.6.26+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73007 NOTE: Fixed in 7.0.11, 5.6.26 NOTE: https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1 @@ -2268,28 +2268,28 @@ CVE-2016-7414 [Out of bound when verify signature of zip phar in phar_parse_zipfile] RESERVED - php7.0 <unfixed> - - php5 <unfixed> + - php5 5.6.26+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72928 NOTE: Fixed in 7.0.11, 5.6.26 NOTE: https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1 CVE-2016-7413 [wddx_deserialize use-after-free] RESERVED - php7.0 <unfixed> - - php5 <unfixed> + - php5 5.6.26+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72860 NOTE: Fixed in 7.0.11, 5.6.26 NOTE: https://github.com/php/php-src/commit/b88393f08a558eec14964a55d3c680fe67407712?w=1 CVE-2016-7412 [Heap overflow in mysqlnd related to BIT fields] RESERVED - php7.0 <unfixed> - - php5 <unfixed> + - php5 5.6.26+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72293 NOTE: Fixed in 7.0.11, 5.6.26 NOTE: https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 CVE-2016-7411 [Memory Corruption in During Deserialized-object Destruction] RESERVED - php7.0 <not-affected> (Only affects 5.x) - - php5 <unfixed> + - php5 5.6.26+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73052 NOTE: Fixed in 5.6.26 NOTE: https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1 @@ -3071,7 +3071,7 @@ NOTE: https://github.com/php/php-src/commit/c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911?w=1 CVE-2016-7132 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows ...) - php7.0 7.0.10-1 - - php5 <unfixed> + - php5 5.6.26+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72799 NOTE: Fixed in 7.0.10, 5.6.25 NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5 @@ -3080,7 +3080,7 @@ NOTE: commit is about the pop issue in 72799. CVE-2016-7131 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows ...) - php7.0 7.0.10-1 - - php5 <unfixed> + - php5 5.6.26+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72790 NOTE: Fixed in 7.0.10, 5.6.25 NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5 @@ -3090,21 +3090,21 @@ NOTE: commit is about the pop issue in 72799. CVE-2016-7130 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before ...) - php7.0 7.0.10-1 - - php5 <unfixed> + - php5 5.6.26+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72750 NOTE: Fixed in 7.0.10, 5.6.25 NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5 NOTE: https://github.com/php/php-src/commit/698a691724c0a949295991e5df091ce16f899e02?w=1 CVE-2016-7129 (The php_wddx_process_data function in ext/wddx/wddx.c in PHP before ...) - php7.0 7.0.10-1 - - php5 <unfixed> + - php5 5.6.26+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72749 NOTE: Fixed in 7.0.10, 5.6.25 NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5 NOTE: https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1 CVE-2016-7128 (The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before ...) - php7.0 7.0.10-1 - - php5 <unfixed> + - php5 5.6.26+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72627 NOTE: Fixed in 7.0.10, 5.6.25 NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5 @@ -3112,7 +3112,7 @@ CVE-2016-7127 (The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and ...) - libgd2 <not-affected> (gamma correction is only implemented in PHP) - php7.0 7.0.10-1 (unimportant) - - php5 <unfixed> (unimportant) + - php5 5.6.26+dfsg-1 (unimportant) NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72730 NOTE: Fixed in 7.0.10, 5.6.25 NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5 @@ -3120,14 +3120,14 @@ CVE-2016-7126 (The imagetruecolortopalette function in ext/gd/gd.c in PHP before ...) - libgd2 <not-affected> (libgd upstream not affected, overflow2 function check prevents the issue) - php7.0 7.0.10-1 (unimportant) - - php5 <unfixed> (unimportant) + - php5 5.6.26+dfsg-1 (unimportant) NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72697 NOTE: Fixed in 7.0.10, 5.6.25 NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5 NOTE: https://github.com/php/php-src/commit/b6f13a5ef9d6280cf984826a5de012a32c396cd4?w=1 CVE-2016-7125 (ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips ...) - php7.0 7.0.10-1 - - php5 <unfixed> + - php5 5.6.26+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72681 NOTE: Fixed in 7.0.10, 5.6.25 NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5 @@ -3136,7 +3136,7 @@ NOTE: handler" part of 72681. CVE-2016-7124 (ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before ...) - php7.0 7.0.10-1 - - php5 <unfixed> + - php5 5.6.26+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72663 NOTE: Fixed in 7.0.10, 5.6.25 NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits