[Secure-testing-commits] r39663 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Feb 14 07:41:03 UTC 2016
Author: carnil
Date: 2016-02-14 07:41:03 +0000 (Sun, 14 Feb 2016)
New Revision: 39663
Modified:
data/CVE/list
Log:
More references for php issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-14 07:38:45 UTC (rev 39662)
+++ data/CVE/list 2016-02-14 07:41:03 UTC (rev 39663)
@@ -17,6 +17,8 @@
- php5.6 5.6.18+dfsg-1
- php7.0 7.0.3-1
NOTE: https://bugs.php.net/bug.php?id=71201
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305504
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0d822f6df946764f3f0348b82efae2e1eaa83aa0
NOTE: Fixed in 5.6.18, 7.0.3
NOTE: can be possibly considered a plain bug not a security issue
CVE-2016-XXXX [Output of stream_get_meta_data can be falsified by its input]
@@ -62,8 +64,10 @@
- php5.6 5.6.18+dfsg-1
- php7.0 <undetermined>
NOTE: https://bugs.php.net/bug.php?id=69111
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305548
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=a793b709086eed655bc98f933d838b8679b28920
NOTE: Fixed in 5.6.18
- TODO: check
+ TODO: check, can possibly be considered not security
CVE-2016-XXXX [Type confusion vulnerability in WDDX packet deserialization]
- php5 <unfixed>
- php5.6 5.6.18+dfsg-1
More information about the Secure-testing-commits
mailing list