[Secure-testing-commits] r42056 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu May 26 17:20:39 UTC 2016 

Author: carnil
Date: 2016-05-26 17:20:39 +0000 (Thu, 26 May 2016)
New Revision: 42056

Modified:
   data/CVE/list
Log:
CVEs assigned for php (and libgd2) issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-05-26 17:20:27 UTC (rev 42055)
+++ data/CVE/list	2016-05-26 17:20:39 UTC (rev 42056)
@@ -8,23 +8,29 @@
 	NOTE: https://github.com/roundcube/roundcubemail/issues/5240
 	NOTE: https://github.com/roundcube/roundcubemail/pull/5241
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/05/25/8
-CVE-2016-XXXX [int/size_t confusion in fread]
+CVE-2016-5096 [int/size_t confusion in fread]
 	- php5 5.6.22+dfsg-1
 	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72114
 	NOTE: Fixed in 5.6.22, 5.5.36
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/05/25/3
-CVE-2016-XXXX [don't create strings with lengths outside int range]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
+CVE-2016-5095 [don't create strings with lengths outside int range]
 	- php5 5.6.22+dfsg-1
 	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
 	NOTE: Fixed in 5.6.22, 5.5.36
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/05/25/3
-CVE-2016-XXXX [get_icu_value_internal out-of-bounds read]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
+	NOTE: For the additional issue reported in the "[2016-05-17 12:55 UTC]" comment
+CVE-2016-5094 [don't create strings with lengths outside int range]
+	- php5 5.6.22+dfsg-1
+	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
+	NOTE: Fixed in 5.6.22, 5.5.36
+	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
+CVE-2016-5093 [get_icu_value_internal out-of-bounds read]
 	- php7.0 7.0.7-1
 	- php5 5.6.22+dfsg-1
 	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72241
 	NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/05/25/3
-CVE-2013-XXXX [Fixed memory overrun bug in gdImageScaleTwoPass]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
+CVE-2013-7456 [Fixed memory overrun bug in gdImageScaleTwoPass]
 	- libgd2 2.1.1-1
 	NOTE: https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a (gd-2.1.1)
 	- php7.0 7.0.7-1 (unimportant)
@@ -32,7 +38,7 @@
 	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
 	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72227
 	NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/05/25/3
+	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
 CVE-2016-5091
 	- typo3-src <removed>
 CVE-2016-5044

More information about the Secure-testing-commits mailing list