[Secure-testing-commits] r30019 - data/CVE
Yves-Alexis Perez
corsac at moszumanska.debian.org
Thu Nov 13 09:03:46 UTC 2014
Author: corsac
Date: 2014-11-13 09:02:16 +0000 (Thu, 13 Nov 2014)
New Revision: 30019
Modified:
data/CVE/list
Log:
add fixed version for CVE-2013-7345
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-13 08:51:09 UTC (rev 30018)
+++ data/CVE/list 2014-11-13 09:02:16 UTC (rev 30019)
@@ -16023,6 +16023,7 @@
NOTE: fixed in commit ef2329cf71acb59204dd981e2c6cce6c81fe467c
- php5 5.6.0+dfsg-1
[squeeze] - php5 <not-affected>
+ [wheezy] - 5.4.34-0+deb7u1
NOTE: Wheezy's php5 is vulnerable in 5.4.4-14+deb7u14. Verified by rebuilding
NOTE: magic.mgc out of ext/fileinfo/data_info.c and "strings magic.mgc |grep BEGIN"
NOTE: returns "^\s*BEGIN\s*[{]". Same test in squeeze does not
@@ -16030,6 +16031,7 @@
NOTE: Good fix is to regenerate the file with "php5
NOTE: create_data_file.php /usr/share/file/magic.mgc > data_info.c" once
NOTE: you have a fixed libmagic1 installed.
+ NOTE: fixed by php5 5.4.27 so DSA 3064-1 also fixed it in Wheezy
CVE-2014-5795
REJECTED
CVE-2014-2245 (SQL injection vulnerability in the News module in CMS Made Simple ...)
More information about the Secure-testing-commits
mailing list