[Secure-testing-commits] r29742 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Oct 30 16:58:42 UTC 2014
Author: carnil
Date: 2014-10-30 16:58:42 +0000 (Thu, 30 Oct 2014)
New Revision: 29742
Modified:
data/CVE/list
Log:
Update CVE-2014-5120/php5
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-30 10:29:13 UTC (rev 29741)
+++ data/CVE/list 2014-10-30 16:58:42 UTC (rev 29742)
@@ -7634,12 +7634,13 @@
CVE-2014-5121 (Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for ...)
NOT-FOR-US: ArcGIS
CVE-2014-5120 (gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x ...)
- - php5 5.6.0+dfsg-1
+ - php5 5.4.0-1
[squeeze] - php5 <not-affected> (Introduced in 5.4)
- libgd2 <not-affected> (Specific to integration of gd in PHP)
NOTE: https://bugs.php.net/bug.php?id=67730
NOTE: https://bugs.php.net/patch-display.php?bug_id=67730&patch=gd-null-injection&revision=latest
NOTE: For the PHP5 5.4 branch this issue is fixed in version 5.4.32
+ NOTE: fixed in Debian with the gdIOCtx.patch patch
CVE-2014-5115 (Absolute path traversal vulnerability in DirPHP 1.0 allows remote ...)
NOT-FOR-US: DirPHP
CVE-2014-5114 (WeBid 1.1.1 allows remote attackers to conduct an LDAP injection ...)
More information about the Secure-testing-commits
mailing list