[Secure-testing-commits] r37611 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2015-11-08 06:37:49 +0000 (Sun, 08 Nov 2015)
New Revision: 37611

Modified:
   data/CVE/list
Log:
Update note for CVE-2014-5459

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-11-07 22:32:48 UTC (rev 37610)
+++ data/CVE/list	2015-11-08 06:37:49 UTC (rev 37611)
@@ -33949,10 +33949,12 @@
 	- ntopng 1.2.1+dfsg1-1 (bug #760990)
 	NOTE: http://seclists.org/fulldisclosure/2014/Aug/65
 CVE-2014-5459 (The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows ...)
-	- php5 <unfixed> (low; bug #759282)
+	- php5 <unfixed> (low; bug #682157; bug #759282)
 	[jessie] - php5 <no-dsa> (Minor issue)
 	[wheezy] - php5 <no-dsa> (Minor issue)
 	[squeeze] - php5 <no-dsa> (Minor issue)
+	NOTE: Although #682157 and #759282 got closed the issues with unsafe use of
+	NOTE: /tmp are not yet resolved, cf. https://bugs.debian.org/682157#36
 CVE-2014-5450
 	RESERVED
 	- zarafa <itp> (bug #658433)