[Secure-testing-commits] r41044 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Apr 21 17:57:21 UTC 2016
Author: carnil
Date: 2016-04-21 17:57:21 +0000 (Thu, 21 Apr 2016)
New Revision: 41044
Modified:
data/CVE/list
Log:
Add note and expand TODO for CVE-2016-3074
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-21 17:50:58 UTC (rev 41043)
+++ data/CVE/list 2016-04-21 17:57:21 UTC (rev 41044)
@@ -2368,9 +2368,12 @@
CVE-2016-3074
RESERVED
- libgd2 <unfixed>
+ - php5 <unfixed> (unimportant)
+ - php7.0 <unfixed> (unimportant)
NOTE: PoC: https://github.com/dyntopia/exploits/tree/master/CVE-2016-3074
NOTE: Upstream fix: https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19
- TODO: check
+ NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
+ TODO: check (php5, php7.0, hhvm, texlive, libwmf)
CVE-2016-3073
RESERVED
CVE-2016-3072
More information about the Secure-testing-commits
mailing list