[Secure-testing-commits] r30019 - data/CVE

Yves-Alexis Perez corsac at moszumanska.debian.org
Thu Nov 13 09:03:46 UTC 2014


Author: corsac
Date: 2014-11-13 09:02:16 +0000 (Thu, 13 Nov 2014)
New Revision: 30019

Modified:
   data/CVE/list
Log:
add fixed version for CVE-2013-7345


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-13 08:51:09 UTC (rev 30018)
+++ data/CVE/list	2014-11-13 09:02:16 UTC (rev 30019)
@@ -16023,6 +16023,7 @@
 	NOTE: fixed in commit ef2329cf71acb59204dd981e2c6cce6c81fe467c
 	- php5 5.6.0+dfsg-1
 	[squeeze] - php5 <not-affected>
+	[wheezy] - 5.4.34-0+deb7u1
 	NOTE: Wheezy's php5 is vulnerable in 5.4.4-14+deb7u14. Verified by rebuilding
 	NOTE: magic.mgc out of ext/fileinfo/data_info.c and "strings magic.mgc |grep BEGIN"
 	NOTE: returns "^\s*BEGIN\s*[{]". Same test in squeeze does not
@@ -16030,6 +16031,7 @@
 	NOTE: Good fix is to regenerate the file with "php5
 	NOTE: create_data_file.php /usr/share/file/magic.mgc > data_info.c" once
 	NOTE: you have a fixed libmagic1 installed.
+	NOTE: fixed by php5 5.4.27 so DSA 3064-1 also fixed it in Wheezy
 CVE-2014-5795
 	REJECTED
 CVE-2014-2245 (SQL injection vulnerability in the News module in CMS Made Simple ...)




More information about the Secure-testing-commits mailing list