[Secure-testing-commits] r31745 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Jan 27 16:46:23 UTC 2015 

Author: carnil
Date: 2015-01-27 16:46:23 +0000 (Tue, 27 Jan 2015)
New Revision: 31745

Modified:
   data/CVE/list
Log:
Add fixed version for php5 upload

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-27 16:38:11 UTC (rev 31744)
+++ data/CVE/list	2015-01-27 16:46:23 UTC (rev 31745)
@@ -2769,7 +2769,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2014/12/31/3
 CVE-2014-9427 (sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x ...)
 	{DSA-3117-1}
-	- php5 <unfixed>
+	- php5 5.6.5+dfsg-1
 	[squeeze] - php5 <not-affected> (Introduced in 5.4.1)
 	NOTE: https://bugs.php.net/bug.php?id=68618
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f9ad3086693fce680fbe246e4a45aa92edd2ac35
@@ -4785,16 +4785,15 @@
 	NOTE: Rendered unexploitable by /tmp hardening in Debian kernel
 CVE-2015-0232 [Free called on unitialized pointer in exif.c]
 	RESERVED
-	- php5 <unfixed>
+	- php5 5.6.5+dfsg-1
 	NOTE: https://bugs.php.net/patch-display.php?bug=68799&patch=bug68799fix&revision=1420966468
 	NOTE: https://bugs.php.net/bug.php?id=68799
 CVE-2015-0231 [use after free vulnerability in unserialize() (inclomplete fix of CVE-2014-8142)]
 	RESERVED
-	- php5 <unfixed>
+	- php5 5.6.5+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=68710
 	NOTE: Upstream fix: https://github.com/php/php-src/commit/b585a3aed7880a5fa5c18e2b838fc96f40e075bd
 	NOTE: in unstable actually incomplete fix was not yet applied, so n/a but wheezy is
-	TODO: check
 CVE-2015-0230
 	RESERVED
 CVE-2015-0229
@@ -7466,7 +7465,7 @@
 	NOTE: https://www.samba.org/samba/security/CVE-2014-8143
 CVE-2014-8142 (Use-after-free vulnerability in the process_nested_data function in ...)
 	{DSA-3117-1}
-	- php5 <unfixed> (unimportant)
+	- php5 5.6.5+dfsg-1 (unimportant)
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=630f9c33c23639de85c3fd306b209b538b73b4c9
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=53f129a44d3c4ec0fae57993b9ae2f6cb48973cc
 	NOTE: Only affects an inherently insecure use case

More information about the Secure-testing-commits mailing list