[Secure-testing-commits] r41255 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Apr 28 09:32:55 UTC 2016
Author: jmm
Date: 2016-04-28 09:32:55 +0000 (Thu, 28 Apr 2016)
New Revision: 41255
Modified:
data/CVE/list
Log:
hhvm n/a for libgd issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-28 08:36:58 UTC (rev 41254)
+++ data/CVE/list 2016-04-28 09:32:55 UTC (rev 41255)
@@ -2622,7 +2622,7 @@
- libgd2 2.1.1-4.1 (bug #822242)
- php5 <unfixed> (unimportant)
- php7.0 <unfixed> (unimportant)
- - hhvm <unfixed>
+ - hhvm <not-affected> (Implements additional sanity checks)
NOTE: PoC: https://github.com/dyntopia/exploits/tree/master/CVE-2016-3074
NOTE: Upstream fix: https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
More information about the Secure-testing-commits
mailing list