[Secure-testing-commits] r35973 - data/CVE
David Prévot
taffit at moszumanska.debian.org
Tue Aug 11 07:11:15 UTC 2015
Author: taffit
Date: 2015-08-11 07:11:15 +0000 (Tue, 11 Aug 2015)
New Revision: 35973
Modified:
data/CVE/list
Log:
Add CVE-2015-5161 for zendframework and php-zend-xml
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-11 06:25:49 UTC (rev 35972)
+++ data/CVE/list 2015-08-11 07:11:15 UTC (rev 35973)
@@ -1987,8 +1987,12 @@
RESERVED
CVE-2015-5162
RESERVED
-CVE-2015-5161
+CVE-2015-5161 [XXE/XEE vector when using ZendXml on multibyte payloads]
RESERVED
+ - zendframework <unfixed>
+ - php-zend-xml <unfixed>
+ NOTE: http://framework.zend.com/security/advisory/ZF2015-06
+ NOTE: Root issue already fixed in PHP 5.6.6, so this one is not relevant starting with Jessie
CVE-2015-5160 [Ceph id/key leaked in the process list]
RESERVED
- libvirt <unfixed>
More information about the Secure-testing-commits
mailing list