[Secure-testing-commits] r41047 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Apr 21 18:35:22 UTC 2016
Author: carnil
Date: 2016-04-21 18:35:22 +0000 (Thu, 21 Apr 2016)
New Revision: 41047
Modified:
data/CVE/list
Log:
Add two more temporary items for php issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-21 18:05:44 UTC (rev 41046)
+++ data/CVE/list 2016-04-21 18:35:22 UTC (rev 41047)
@@ -1,3 +1,21 @@
+CVE-2016-XXXX [libxml_disable_entity_loader setting is shared between threads]
+ - php5 5.6.6+dfsg-1
+ NOTE: https://bugs.php.net/bug.php?id=64938
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817
+ NOTE: http://framework.zend.com/security/advisory/ZF2015-06 -> Relation to CVE-2015-5161
+ NOTE: http://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9
+ NOTE: Fixed in 5.6.6, 5.5.22
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/21/8
+CVE-2016-XXXX [openssl_random_pseudo_bytes() is not cryptographically secure]
+ - php7.0 7.0.0-1
+ - php5 5.6.12+dfsg-1
+ [jessie] - php5 5.6.12+dfsg-0+deb8u1
+ [wheezy] - php5 5.4.44-0+deb7u1
+ NOTE: https://bugs.php.net/bug.php?id=70014
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1534203
+ NOTE: http://git.php.net/?p=php-src.git;a=commit;h=16023f3e3b9c06cf677c3c980e8d574e4c162827
+ NOTE: Fixed in 7.0.0, 5.6.12, 5.5.28, 5.5.44
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/21/8
CVE-2016-4056
- typo3-src <removed>
[wheezy] - typo3-src <end-of-life> (See DSA 3314)
More information about the Secure-testing-commits
mailing list