[Secure-testing-commits] r47195 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Dec 18 10:33:03 UTC 2016 

Author: carnil
Date: 2016-12-18 10:33:02 +0000 (Sun, 18 Dec 2016)
New Revision: 47195

Modified:
   data/CVE/list
Log:
Record several hhvm fixes for unstable upload

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-12-18 10:23:08 UTC (rev 47194)
+++ data/CVE/list	2016-12-18 10:33:02 UTC (rev 47195)
@@ -16867,27 +16867,27 @@
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=47882fa4975bf0b58dd74474329fdd7154e8f04c
 CVE-2016-6875 [Fix infinite recursion in wddx]
 	RESERVED
-	- hhvm <unfixed> (bug #835032)
+	- hhvm 3.12.11+dfsg-1 (bug #835032)
 	NOTE: https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2
 CVE-2016-6874 [Fix recursion checks in array_*_recursive]
 	RESERVED
-	- hhvm <unfixed> (bug #835032)
+	- hhvm 3.12.11+dfsg-1 (bug #835032)
 	NOTE: https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69
 CVE-2016-6873 [Fix self recursion in compact]
 	RESERVED
-	- hhvm <unfixed> (bug #835032)
+	- hhvm 3.12.11+dfsg-1 (bug #835032)
 	NOTE: https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e
 CVE-2016-6872 [Fix integer overflow in StringUtil::implode]
 	RESERVED
-	- hhvm <unfixed> (bug #835032)
+	- hhvm 3.12.11+dfsg-1 (bug #835032)
 	NOTE: https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271
 CVE-2016-6871 [Fix buffer overrun due to integer overflow in bcmath]
 	RESERVED
-	- hhvm <unfixed> (bug #835032)
+	- hhvm 3.12.11+dfsg-1 (bug #835032)
 	NOTE: https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475
 CVE-2016-6870 [incorrect use of strndup]
 	RESERVED
-	- hhvm <unfixed> (bug #835032)
+	- hhvm 3.12.11+dfsg-1 (bug #835032)
 	NOTE: https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2
 CVE-2016-6866
 	RESERVED
@@ -19357,7 +19357,7 @@
 	NOTE: running as a CGI script
 CVE-2016-1000109
 	RESERVED
-	- hhvm <unfixed> (unimportant)
+	- hhvm 3.12.11+dfsg-1 (unimportant)
 CVE-2016-1000107
 	RESERVED
 	- erlang <unfixed> (unimportant)
@@ -19680,10 +19680,13 @@
 	RESERVED
 CVE-2016-1000006
 	RESERVED
+	- hhvm 3.12.11+dfsg-1
 CVE-2016-1000005
 	RESERVED
+	- hhvm 3.12.11+dfsg-1
 CVE-2016-1000004
 	RESERVED
+	- hhvm 3.12.11+dfsg-1
 CVE-2016-6173
 	RESERVED
 	- nsd <unfixed> (unimportant; bug #830806)
@@ -25584,7 +25587,7 @@
 	{DSA-3602-1 DLA-499-1}
 	- php7.0 7.0.6-1
 	- php5 5.6.21+dfsg-1
-	- hhvm <unfixed> (bug #835032)
+	- hhvm 3.12.11+dfsg-1 (bug #835032)
 	NOTE: https://bugs.php.net/bug.php?id=72099
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=dccda88f27a084bcbbb30198ace12b4e7ae961cc
 	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
@@ -27162,7 +27165,7 @@
 	{DSA-3560-1 DLA-499-1}
 	- php7.0 7.0.5-1
 	- php5 5.6.20+dfsg-1
-	- hhvm <unfixed> (bug #835032)
+	- hhvm 3.12.11+dfsg-1 (bug #835032)
 	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
 	NOTE: https://bugs.php.net/bug.php?id=71798
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c1661db6ba2c451
@@ -27320,7 +27323,7 @@
 	- php5 5.6.20+dfsg-1
 	- file 1:5.24-1 (bug #827377)
 	[jessie] - file 1:5.22+15-2+deb8u2
-	- hhvm <unfixed> (bug #835032)
+	- hhvm 3.12.11+dfsg-1 (bug #835032)
 	NOTE: http://bugs.gw.com/view.php?id=522
 	NOTE: https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36
 	NOTE: https://bugs.php.net/bug.php?id=71527
@@ -29507,7 +29510,7 @@
 	- libgd2 2.1.1-4.1 (bug #822242)
 	- php5 5.6.21+dfsg-1 (unimportant)
 	- php7.0 7.0.6-1 (unimportant)
-	- hhvm <unfixed> (unimportant)
+	- hhvm 3.12.11+dfsg-1 (unimportant)
 	NOTE: HHVM implements additional sanity checks, not directly epxloitable
 	NOTE: PoC: https://github.com/dyntopia/exploits/tree/master/CVE-2016-3074
 	NOTE: Upstream fix: https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19
@@ -34007,7 +34010,7 @@
 	[squeeze] - php5 <not-affected> (Vulnerable code not present, check in gdImageRotate() already available)
 	- php5.6 5.6.17+dfsg-1
 	- php7.0 7.0.2-1
-	- hhvm <unfixed> (bug #835032)
+	- hhvm 3.12.11+dfsg-1 (bug #835032)
 	NOTE: https://bugs.php.net/bug.php?id=70976
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=4b8394dd78571826ac66a69dc240c623f31d78f8
 	NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/f91abcc3b156823688c54158fc4fa36d87570afe
@@ -58372,7 +58375,7 @@
 	{DSA-3215-1 DLA-189-1}
 	- libgd2 2.1.0-5
 	- php5 5.6.5+dfsg-1 (unimportant)
-	- hhvm <unfixed> (bug #835032)
+	- hhvm 3.12.11+dfsg-1 (bug #835032)
 	NOTE: https://bugs.php.net/bug.php?id=68601
 	NOTE: Fix in libgd2: https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43
 	NOTE: Also related: https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467

More information about the Secure-testing-commits mailing list