[Secure-testing-commits] r39924 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Feb 25 16:39:48 UTC 2016 

Author: carnil
Date: 2016-02-25 16:39:48 +0000 (Thu, 25 Feb 2016)
New Revision: 39924

Modified:
   data/CVE/list
Log:
Several issues without CVE fixed in php5 in unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-02-25 15:32:24 UTC (rev 39923)
+++ data/CVE/list	2016-02-25 16:39:48 UTC (rev 39924)
@@ -611,7 +611,7 @@
 	NOTE: Introduced by: https://git.kernel.org/linus/9bac3d6d548e5cc925570b263f35b70a00a00ffd (v4.1-rc1)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/02/14/1
 CVE-2016-XXXX [exec functions ignore length but look for NULL termination]
-	- php5 <unfixed>
+	- php5 5.6.18+dfsg-1
 	- php5.6 5.6.18+dfsg-1
 	- php7.0 7.0.3-1
 	NOTE: https://bugs.php.net/bug.php?id=71039
@@ -619,13 +619,13 @@
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c527549e899bf211aac7d8ab5ceb1bdfedf07f14
 	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
 CVE-2016-XXXX [No check to duplicate zend_extension]
-	- php5 <unfixed>
+	- php5 5.6.18+dfsg-1
 	- php5.6 5.6.18+dfsg-1
 	- php7.0 7.0.3-1
 	NOTE: https://bugs.php.net/bug.php?id=71089
 	NOTE: Fixed in 5.6.18, 7.0.3
 CVE-2016-XXXX [round() segfault on 64-bit builds]
-	- php5 <unfixed>
+	- php5 5.6.18+dfsg-1
 	- php5.6 5.6.18+dfsg-1
 	- php7.0 7.0.3-1
 	NOTE: https://bugs.php.net/bug.php?id=71201
@@ -634,7 +634,7 @@
 	NOTE: Fixed in 5.6.18, 7.0.3
 	NOTE: can be possibly considered a plain bug not a security issue
 CVE-2016-XXXX [Output of stream_get_meta_data can be falsified by its input]
-	- php5 <unfixed>
+	- php5 5.6.18+dfsg-1
 	- php5.6 5.6.18+dfsg-1
 	- php7.0 7.0.3-1
 	NOTE: https://bugs.php.net/bug.php?id=71323
@@ -642,7 +642,7 @@
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6297a117d77fa3a0df2e21ca926a92c231819cd5
 	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
 CVE-2016-XXXX [Integer overflow in iptcembed()]
-	- php5 <unfixed>
+	- php5 5.6.18+dfsg-1
 	- php5.6 5.6.18+dfsg-1
 	- php7.0 7.0.3-1
 	NOTE: https://bugs.php.net/bug.php?id=71459
@@ -650,7 +650,7 @@
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=54c210d2ea9b8539edcde1888b1104b96b38e886
 	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
 CVE-2016-XXXX [Heap corruption in tar/zip/phar parser]
-	- php5 <unfixed>
+	- php5 5.6.18+dfsg-1
 	- php5.6 5.6.18+dfsg-1
 	- php7.0 7.0.3-1
 	NOTE: https://bugs.php.net/bug.php?id=71354
@@ -658,7 +658,7 @@
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=13ad4d3e971807f9a58ab5933182907dc2958539
 	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
 CVE-2016-XXXX [NULL Pointer Dereference in phar_tar_setupmetadata()]
-	- php5 <unfixed>
+	- php5 5.6.18+dfsg-1
 	- php5.6 5.6.18+dfsg-1
 	- php7.0 7.0.3-1
 	NOTE: https://bugs.php.net/bug.php?id=71391
@@ -666,7 +666,7 @@
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1c1b8b69982375700d4b011eb89ea48b66dbd5aa
 	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
 CVE-2016-2554 [Stack overflow when decompressing tar archives]
-	- php5 <unfixed>
+	- php5 5.6.18+dfsg-1
 	- php5.6 5.6.18+dfsg-1
 	- php7.0 7.0.3-1
 	NOTE: https://bugs.php.net/bug.php?id=71488
@@ -675,7 +675,7 @@
 	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
 	NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/5
 CVE-2016-XXXX [Crash in SessionHandler::read()]
-	- php5 <unfixed>
+	- php5 5.6.18+dfsg-1
 	- php5.6 5.6.18+dfsg-1
 	- php7.0 <undetermined>
 	NOTE: https://bugs.php.net/bug.php?id=69111
@@ -684,7 +684,7 @@
 	NOTE: Fixed in 5.6.18
 	TODO: check, can possibly be considered not security
 CVE-2016-XXXX [Type confusion vulnerability in WDDX packet deserialization]
-	- php5 <unfixed>
+	- php5 5.6.18+dfsg-1
 	- php5.6 5.6.18+dfsg-1
 	- php7.0 7.0.3-1
 	NOTE: https://bugs.php.net/bug.php?id=71335
@@ -692,7 +692,7 @@
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=285cd3417fb61597345b829f5f573707bbdcd484
 	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
 CVE-2016-XXXX [Crash on bad SOAP request]
-	- php5 <unfixed>
+	- php5 5.6.18+dfsg-1
 	- php5.6 5.6.18+dfsg-1
 	- php7.0 7.0.3-1
 	NOTE: https://bugs.php.net/bug.php?id=70979
@@ -700,7 +700,7 @@
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=4308c868f94df1f2b99e80038ba5ea1076d919a7
 	NOTE: Fixed in 5.6.18, 7.0.3
 CVE-2016-XXXX [Segmentation fault in clean spl_autoload functions while autoloading]
-	- php5 <unfixed>
+	- php5 5.6.18+dfsg-1
 	- php5.6 5.6.18+dfsg-1
 	- php7.0 7.0.3-1
 	NOTE: https://bugs.php.net/bug.php?id=71204

More information about the Secure-testing-commits mailing list