[Secure-testing-commits] r41445 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu May 5 13:52:57 UTC 2016
Author: carnil
Date: 2016-05-05 13:52:57 +0000 (Thu, 05 May 2016)
New Revision: 41445
Modified:
data/CVE/list
Log:
CVE-2016-3074 fixed for php7.0 and php5 in unstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-05 13:09:43 UTC (rev 41444)
+++ data/CVE/list 2016-05-05 13:52:57 UTC (rev 41445)
@@ -3464,8 +3464,8 @@
CVE-2016-3074 (Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or ...)
{DSA-3556-1}
- libgd2 2.1.1-4.1 (bug #822242)
- - php5 <unfixed> (unimportant)
- - php7.0 <unfixed> (unimportant)
+ - php5 5.6.21+dfsg-1 (unimportant)
+ - php7.0 7.0.6-1 (unimportant)
- hhvm <not-affected> (Implements additional sanity checks)
NOTE: PoC: https://github.com/dyntopia/exploits/tree/master/CVE-2016-3074
NOTE: Upstream fix: https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19
More information about the Secure-testing-commits
mailing list