[Secure-testing-commits] r42765 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Jun 24 10:35:39 UTC 2016 

Author: carnil
Date: 2016-06-24 10:35:39 +0000 (Fri, 24 Jun 2016)
New Revision: 42765

Modified:
   data/CVE/list
Log:
php5 5.6.23 fixing some recent CVEs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-06-24 09:10:15 UTC (rev 42764)
+++ data/CVE/list	2016-06-24 10:35:39 UTC (rev 42765)
@@ -28,44 +28,44 @@
 	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
 CVE-2016-5773 [ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize]
 	- php7.0 <unfixed>
-	- php5 <unfixed>
+	- php5 5.6.23+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72434
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6
 	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
 CVE-2016-5772 [Double Free Courruption in wddx_deserialize]
 	- php7.0 <unfixed>
-	- php5 <unfixed>
+	- php5 5.6.23+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72340
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
 	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
 CVE-2016-5771 [Use After Free Vulnerability in PHP's GC algorithm and unserialize]
 	- php7.0 <undetermined>
-	- php5 <unfixed>
+	- php5 5.6.23+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72433
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
 	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
 	TODO: check if really affects 7.x, CVE assignment claims not
 CVE-2016-5770 [int/size_t confusion in SplFileObject::fread]
 	- php7.0 <unfixed>
-	- php5 <unfixed>
+	- php5 5.6.23+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72262
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba
 	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
 CVE-2016-5769 [Heap Overflow due to integer overflows]
 	- php7.0 <unfixed>
-	- php5 <unfixed>
+	- php5 5.6.23+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72455
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=6c5211a0cef0cc2854eaa387e0eb036e012904d0
 	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
 CVE-2016-5768 [_php_mb_regex_ereg_replace_exec - double free]
 	- php7 <unfixed>
-	- php5 <unfixed>
+	- php5 5.6.23+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72402
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=5b597a2e5b28e2d5a52fc1be13f425f08f47cb62
 	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
 CVE-2016-5767 [Integer Overflow in gdImagePaletteToTrueColor() resulting heap overflow]
 	- php7.0 <unfixed> (unimportant)
-	- php5 <unfixed> (unimportant)
+	- php5 5.6.23+dfsg-1 (unimportant)
 	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72446
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6
@@ -74,7 +74,7 @@
 	NOTE: Fixed by: https://github.com/libgd/libgd/commit/cfee163a5e848fc3e3fb1d05a30d7557cdd36457 (GD_2_0_34RC1)
 CVE-2016-5766 [Integer Overflow in _gd2GetHeader() resulting in heap overflow]
 	- php7.0 <unfixed> (unimportant)
-	- php5 <unfixed> (unimportant)
+	- php5 5.6.23+dfsg-1 (unimportant)
 	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72339
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7722455726bec8c53458a32851d2a87982cf0eac

More information about the Secure-testing-commits mailing list