[Secure-testing-commits] r47195 - data/CVE

Salvatore Bonaccorso Sun, 18 Dec 2016 02:33:53 -0800

Author: carnil
Date: 2016-12-18 10:33:02 +0000 (Sun, 18 Dec 2016)
New Revision: 47195


Modified:
   data/CVE/list
Log:
Record several hhvm fixes for unstable upload

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-12-18 10:23:08 UTC (rev 47194)
+++ data/CVE/list       2016-12-18 10:33:02 UTC (rev 47195)
@@ -16867,27 +16867,27 @@
        NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=47882fa4975bf0b58dd74474329fdd7154e8f04c
 CVE-2016-6875 [Fix infinite recursion in wddx]
        RESERVED
-       - hhvm <unfixed> (bug #835032)
+       - hhvm 3.12.11+dfsg-1 (bug #835032)
        NOTE: 
https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2
 CVE-2016-6874 [Fix recursion checks in array_*_recursive]
        RESERVED
-       - hhvm <unfixed> (bug #835032)
+       - hhvm 3.12.11+dfsg-1 (bug #835032)
        NOTE: 
https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69
 CVE-2016-6873 [Fix self recursion in compact]
        RESERVED
-       - hhvm <unfixed> (bug #835032)
+       - hhvm 3.12.11+dfsg-1 (bug #835032)
        NOTE: 
https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e
 CVE-2016-6872 [Fix integer overflow in StringUtil::implode]
        RESERVED
-       - hhvm <unfixed> (bug #835032)
+       - hhvm 3.12.11+dfsg-1 (bug #835032)
        NOTE: 
https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271
 CVE-2016-6871 [Fix buffer overrun due to integer overflow in bcmath]
        RESERVED
-       - hhvm <unfixed> (bug #835032)
+       - hhvm 3.12.11+dfsg-1 (bug #835032)
        NOTE: 
https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475
 CVE-2016-6870 [incorrect use of strndup]
        RESERVED
-       - hhvm <unfixed> (bug #835032)
+       - hhvm 3.12.11+dfsg-1 (bug #835032)
        NOTE: 
https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2
 CVE-2016-6866
        RESERVED
@@ -19357,7 +19357,7 @@
        NOTE: running as a CGI script
 CVE-2016-1000109
        RESERVED
-       - hhvm <unfixed> (unimportant)
+       - hhvm 3.12.11+dfsg-1 (unimportant)
 CVE-2016-1000107
        RESERVED
        - erlang <unfixed> (unimportant)
@@ -19680,10 +19680,13 @@
        RESERVED
 CVE-2016-1000006
        RESERVED
+       - hhvm 3.12.11+dfsg-1
 CVE-2016-1000005
        RESERVED
+       - hhvm 3.12.11+dfsg-1
 CVE-2016-1000004
        RESERVED
+       - hhvm 3.12.11+dfsg-1
 CVE-2016-6173
        RESERVED
        - nsd <unfixed> (unimportant; bug #830806)
@@ -25584,7 +25587,7 @@
        {DSA-3602-1 DLA-499-1}
        - php7.0 7.0.6-1
        - php5 5.6.21+dfsg-1
-       - hhvm <unfixed> (bug #835032)
+       - hhvm 3.12.11+dfsg-1 (bug #835032)
        NOTE: https://bugs.php.net/bug.php?id=72099
        NOTE: 
https://git.php.net/?p=php-src.git;a=commit;h=dccda88f27a084bcbbb30198ace12b4e7ae961cc
        NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
@@ -27162,7 +27165,7 @@
        {DSA-3560-1 DLA-499-1}
        - php7.0 7.0.5-1
        - php5 5.6.20+dfsg-1
-       - hhvm <unfixed> (bug #835032)
+       - hhvm 3.12.11+dfsg-1 (bug #835032)
        NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
        NOTE: https://bugs.php.net/bug.php?id=71798
        NOTE: 
https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c1661db6ba2c451
@@ -27320,7 +27323,7 @@
        - php5 5.6.20+dfsg-1
        - file 1:5.24-1 (bug #827377)
        [jessie] - file 1:5.22+15-2+deb8u2
-       - hhvm <unfixed> (bug #835032)
+       - hhvm 3.12.11+dfsg-1 (bug #835032)
        NOTE: http://bugs.gw.com/view.php?id=522
        NOTE: 
https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36
        NOTE: https://bugs.php.net/bug.php?id=71527
@@ -29507,7 +29510,7 @@
        - libgd2 2.1.1-4.1 (bug #822242)
        - php5 5.6.21+dfsg-1 (unimportant)
        - php7.0 7.0.6-1 (unimportant)
-       - hhvm <unfixed> (unimportant)
+       - hhvm 3.12.11+dfsg-1 (unimportant)
        NOTE: HHVM implements additional sanity checks, not directly epxloitable
        NOTE: PoC: 
https://github.com/dyntopia/exploits/tree/master/CVE-2016-3074
        NOTE: Upstream fix: 
https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19
@@ -34007,7 +34010,7 @@
        [squeeze] - php5 <not-affected> (Vulnerable code not present, check in 
gdImageRotate() already available)
        - php5.6 5.6.17+dfsg-1
        - php7.0 7.0.2-1
-       - hhvm <unfixed> (bug #835032)
+       - hhvm 3.12.11+dfsg-1 (bug #835032)
        NOTE: https://bugs.php.net/bug.php?id=70976
        NOTE: 
https://git.php.net/?p=php-src.git;a=commit;h=4b8394dd78571826ac66a69dc240c623f31d78f8
        NOTE: Fix in HHVM: 
https://github.com/facebook/hhvm/commit/f91abcc3b156823688c54158fc4fa36d87570afe
@@ -58372,7 +58375,7 @@
        {DSA-3215-1 DLA-189-1}
        - libgd2 2.1.0-5
        - php5 5.6.5+dfsg-1 (unimportant)
-       - hhvm <unfixed> (bug #835032)
+       - hhvm 3.12.11+dfsg-1 (bug #835032)
        NOTE: https://bugs.php.net/bug.php?id=68601
        NOTE: Fix in libgd2: 
https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43
        NOTE: Also related: 
https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47195 - data/CVE

Reply via email to