[Secure-testing-commits] r37611 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Nov 8 06:37:49 UTC 2015
Author: carnil
Date: 2015-11-08 06:37:49 +0000 (Sun, 08 Nov 2015)
New Revision: 37611
Modified:
data/CVE/list
Log:
Update note for CVE-2014-5459
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-07 22:32:48 UTC (rev 37610)
+++ data/CVE/list 2015-11-08 06:37:49 UTC (rev 37611)
@@ -33949,10 +33949,12 @@
- ntopng 1.2.1+dfsg1-1 (bug #760990)
NOTE: http://seclists.org/fulldisclosure/2014/Aug/65
CVE-2014-5459 (The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows ...)
- - php5 <unfixed> (low; bug #759282)
+ - php5 <unfixed> (low; bug #682157; bug #759282)
[jessie] - php5 <no-dsa> (Minor issue)
[wheezy] - php5 <no-dsa> (Minor issue)
[squeeze] - php5 <no-dsa> (Minor issue)
+ NOTE: Although #682157 and #759282 got closed the issues with unsafe use of
+ NOTE: /tmp are not yet resolved, cf. https://bugs.debian.org/682157#36
CVE-2014-5450
RESERVED
- zarafa <itp> (bug #658433)
More information about the Secure-testing-commits
mailing list