[Secure-testing-commits] r31623 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jan 24 06:35:20 UTC 2015
Author: carnil
Date: 2015-01-24 06:35:19 +0000 (Sat, 24 Jan 2015)
New Revision: 31623
Modified:
data/CVE/list
Log:
Add CVE-2015-0231 for php5, incomplete fix for CVE-2014-8142
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-24 06:33:03 UTC (rev 31622)
+++ data/CVE/list 2015-01-24 06:35:19 UTC (rev 31623)
@@ -4614,8 +4614,13 @@
NOTE: Rendered unexploitable by /tmp hardening in Debian kernel
CVE-2015-0232
RESERVED
-CVE-2015-0231
+CVE-2015-0231 [use after free vulnerability in unserialize() (inclomplete fix of CVE-2014-8142)]
RESERVED
+ - php5 <unfixed>
+ NOTE: https://bugs.php.net/bug.php?id=68710
+ NOTE: Upstream fix: https://github.com/php/php-src/commit/b585a3aed7880a5fa5c18e2b838fc96f40e075bd
+ NOTE: in unstable actually incomplete fix was not yet applied, so n/a but wheezy is
+ TODO: check
CVE-2015-0230
RESERVED
CVE-2015-0229
More information about the Secure-testing-commits
mailing list