[Secure-testing-commits] r42904 - data/CVE
Chris Lamb
lamby at moszumanska.debian.org
Thu Jun 30 07:13:37 UTC 2016
Author: lamby
Date: 2016-06-30 07:13:36 +0000 (Thu, 30 Jun 2016)
New Revision: 42904
Modified:
data/CVE/list
Log:
CVE-2016-6128 is not vulnerable in LTS in libgd2 or php5
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-30 07:03:38 UTC (rev 42903)
+++ data/CVE/list 2016-06-30 07:13:36 UTC (rev 42904)
@@ -1,7 +1,9 @@
CVE-2016-6128 [Invalid color index is not properly handled leading to denial of service]
- libgd2 <unfixed>
+ [wheezy] - libgd2 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/libgd/libgd/compare/3fe0a71...6ff72ae
- php5 <unfixed> (unimportant)
+ [wheezy] - php5 <not-affected> (Vulnerable code not present)
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72494
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
CVE-2016-5876
More information about the Secure-testing-commits
mailing list