[Secure-testing-commits] r36343 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Aug 27 16:49:38 UTC 2015 

Author: carnil
Date: 2015-08-27 16:49:38 +0000 (Thu, 27 Aug 2015)
New Revision: 36343

Modified:
   data/CVE/list
Log:
Add workaround items for DSA-3344-1/php5 for issues without CVE

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-08-27 15:12:32 UTC (rev 36342)
+++ data/CVE/list	2015-08-27 16:49:38 UTC (rev 36343)
@@ -374,27 +374,42 @@
 	RESERVED
 CVE-2015-XXXX [Files extracted from archive may be placed outside of destination directory]
 	- php5 5.6.12+dfsg-1
+	[jessie] - php5 5.6.12+dfsg-0+deb8u1
+	[wheezy] - php5 5.4.44-0+deb7u1
+	NOTE: Workaround entries added for DSA-3344-1 until CVEs assigned
 	NOTE: https://bugs.php.net/bug.php?id=70019
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/19/3
 	NOTE: Fixed upstream in 5.4.44 and 5.6.12
 CVE-2015-XXXX [Use After Free Vulnerability in unserialize() with SplDoublyLinkedList]
 	- php5 5.6.12+dfsg-1
+	[jessie] - php5 5.6.12+dfsg-0+deb8u1
+	[wheezy] - php5 5.4.44-0+deb7u1
+	NOTE: Workaround entries added for DSA-3344-1 until CVEs assigned
 	NOTE: https://bugs.php.net/bug.php?id=70169
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/19/3
 	NOTE: Fixed upstream in 5.4.44 and 5.6.12
 CVE-2015-XXXX [Use After Free Vulnerability in unserialize() with SplObjectStorage]
 	- php5 5.6.12+dfsg-1
+	[jessie] - php5 5.6.12+dfsg-0+deb8u1
+	[wheezy] - php5 5.4.44-0+deb7u1
+	NOTE: Workaround entries added for DSA-3344-1 until CVEs assigned
 	NOTE: https://bugs.php.net/bug.php?id=70168
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/19/3
 	NOTE: Fixed upstream in 5.4.44 and 5.6.12
 CVE-2015-XXXX [Use After Free Vulnerability in unserialize() with SPLArrayObject]
 	- php5 5.6.12+dfsg-1
+	[jessie] - php5 5.6.12+dfsg-0+deb8u1
+	[wheezy] - php5 5.4.44-0+deb7u1
+	NOTE: Workaround entries added for DSA-3344-1 until CVEs assigned
 	NOTE: https://bugs.php.net/bug.php?id=70166
 	NOTE: https://bugs.php.net/bug.php?id=70155
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/19/3
 	NOTE: Fixed upstream in 5.4.44 and 5.6.12
 CVE-2015-XXXX [Dangling pointer in the unserialization of ArrayObject items]
 	- php5 5.6.12+dfsg-1
+	[jessie] - php5 5.6.12+dfsg-0+deb8u1
+	[wheezy] - php5 5.4.44-0+deb7u1
+	NOTE: Workaround entries added for DSA-3344-1 until CVEs assigned
 	NOTE: https://bugs.php.net/bug.php?id=70068
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/19/3
 	NOTE: Fixed upstream in 5.4.44 and 5.6.12

More information about the Secure-testing-commits mailing list