[Secure-testing-commits] r44707 - data/CVE

Salvatore Bonaccorso Sun, 18 Sep 2016 04:59:45 -0700

Author: carnil
Date: 2016-09-18 11:59:19 +0000 (Sun, 18 Sep 2016)
New Revision: 44707


Modified:
   data/CVE/list
Log:
PHP 5.6.26 uploaded to unstable fixing various CVEs (for both 5.6.25 and 5.6.26 
fixed version upstream)

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-09-18 11:58:08 UTC (rev 44706)
+++ data/CVE/list       2016-09-18 11:59:19 UTC (rev 44707)
@@ -2238,7 +2238,7 @@
 CVE-2016-7418 [Out-Of-Bounds Read in php_wddx_push_element]
        RESERVED
        - php7.0 <unfixed>
-       - php5 <unfixed>
+       - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73065
        NOTE: Fixed in 7.0.11, 5.6.26
        NOTE: 
https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1
@@ -2247,14 +2247,14 @@
 CVE-2016-7417 [Missing type check when unserializing SplArray]
        RESERVED
        - php7.0 <unfixed>
-       - php5 <unfixed>
+       - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73029
        NOTE: Fixed in 7.0.11, 5.6.26
        NOTE: 
https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1
 CVE-2016-7416 [add locale length check]
        RESERVED
        - php7.0 <unfixed>
-       - php5 <unfixed>
+       - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73007
        NOTE: Fixed in 7.0.11, 5.6.26
        NOTE: 
https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1
@@ -2268,28 +2268,28 @@
 CVE-2016-7414 [Out of bound when verify signature of zip phar in 
phar_parse_zipfile]
        RESERVED
        - php7.0 <unfixed>
-       - php5 <unfixed>
+       - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72928
        NOTE: Fixed in 7.0.11, 5.6.26
        NOTE: 
https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1
 CVE-2016-7413 [wddx_deserialize use-after-free]
        RESERVED
        - php7.0 <unfixed>
-       - php5 <unfixed>
+       - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72860
        NOTE: Fixed in 7.0.11, 5.6.26
        NOTE: 
https://github.com/php/php-src/commit/b88393f08a558eec14964a55d3c680fe67407712?w=1
 CVE-2016-7412 [Heap overflow in mysqlnd related to BIT fields]
        RESERVED
        - php7.0 <unfixed>
-       - php5 <unfixed>
+       - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72293
        NOTE: Fixed in 7.0.11, 5.6.26
        NOTE: 
https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1
 CVE-2016-7411 [Memory Corruption in During Deserialized-object Destruction]
        RESERVED
        - php7.0 <not-affected> (Only affects 5.x)
-       - php5 <unfixed>
+       - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73052
        NOTE: Fixed in 5.6.26
        NOTE: 
https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1
@@ -3071,7 +3071,7 @@
        NOTE: 
https://github.com/php/php-src/commit/c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911?w=1
 CVE-2016-7132 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 
allows ...)
        - php7.0 7.0.10-1
-       - php5 <unfixed>
+       - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72799
        NOTE: Fixed in 7.0.10, 5.6.25
        NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
@@ -3080,7 +3080,7 @@
        NOTE: commit is about the pop issue in 72799.
 CVE-2016-7131 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 
allows ...)
        - php7.0 7.0.10-1
-       - php5 <unfixed>
+       - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72790
        NOTE: Fixed in 7.0.10, 5.6.25
        NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
@@ -3090,21 +3090,21 @@
        NOTE: commit is about the pop issue in 72799.
 CVE-2016-7130 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 
before ...)
        - php7.0 7.0.10-1
-       - php5 <unfixed>
+       - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72750
        NOTE: Fixed in 7.0.10, 5.6.25
        NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
        NOTE: 
https://github.com/php/php-src/commit/698a691724c0a949295991e5df091ce16f899e02?w=1
 CVE-2016-7129 (The php_wddx_process_data function in ext/wddx/wddx.c in PHP 
before ...)
        - php7.0 7.0.10-1
-       - php5 <unfixed>
+       - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72749
        NOTE: Fixed in 7.0.10, 5.6.25
        NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
        NOTE: 
https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1
 CVE-2016-7128 (The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP 
before ...)
        - php7.0 7.0.10-1
-       - php5 <unfixed>
+       - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72627
        NOTE: Fixed in 7.0.10, 5.6.25
        NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
@@ -3112,7 +3112,7 @@
 CVE-2016-7127 (The imagegammacorrect function in ext/gd/gd.c in PHP before 
5.6.25 and ...)
        - libgd2 <not-affected> (gamma correction is only implemented in PHP)
        - php7.0 7.0.10-1 (unimportant)
-       - php5 <unfixed> (unimportant)
+       - php5 5.6.26+dfsg-1 (unimportant)
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72730
        NOTE: Fixed in 7.0.10, 5.6.25
        NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
@@ -3120,14 +3120,14 @@
 CVE-2016-7126 (The imagetruecolortopalette function in ext/gd/gd.c in PHP 
before ...)
        - libgd2 <not-affected> (libgd upstream not affected, overflow2 
function check prevents the issue)
        - php7.0 7.0.10-1 (unimportant)
-       - php5 <unfixed> (unimportant)
+       - php5 5.6.26+dfsg-1 (unimportant)
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72697
        NOTE: Fixed in 7.0.10, 5.6.25
        NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
        NOTE: 
https://github.com/php/php-src/commit/b6f13a5ef9d6280cf984826a5de012a32c396cd4?w=1
 CVE-2016-7125 (ext/session/session.c in PHP before 5.6.25 and 7.x before 
7.0.10 skips ...)
        - php7.0 7.0.10-1
-       - php5 <unfixed>
+       - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72681
        NOTE: Fixed in 7.0.10, 5.6.25
        NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
@@ -3136,7 +3136,7 @@
        NOTE: handler" part of 72681.
 CVE-2016-7124 (ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x 
before ...)
        - php7.0 7.0.10-1
-       - php5 <unfixed>
+       - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72663
        NOTE: Fixed in 7.0.10, 5.6.25
        NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44707 - data/CVE

Reply via email to