[Secure-testing-commits] r45155 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sat Oct 8 21:10:19 UTC 2016


Author: sectracker
Date: 2016-10-08 21:10:19 +0000 (Sat, 08 Oct 2016)
New Revision: 45155

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-10-08 20:36:32 UTC (rev 45154)
+++ data/CVE/list	2016-10-08 21:10:19 UTC (rev 45155)
@@ -3093,6 +3093,7 @@
 	NOTE: https://github.com/owncloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc
 	NOTE: https://hackerone.com/reports/145355
 CVE-2016-7418 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP before ...)
+	{DSA-3689-1}
 	- php7.0 7.0.11-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73065
@@ -3101,12 +3102,14 @@
 	NOTE: The scope of this CVE also includes all of the "other four similar issues"
 	NOTE: in the "[2016-09-12 06:44 UTC]" comment.
 CVE-2016-7417 (ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 ...)
+	{DSA-3689-1}
 	- php7.0 7.0.11-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73029
 	NOTE: Fixed in 7.0.11, 5.6.26
 	NOTE: https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1
 CVE-2016-7416 (ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x ...)
+	{DSA-3689-1}
 	- php7.0 7.0.11-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73007
@@ -3119,24 +3122,28 @@
 	NOTE: PHP fix: https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1
 	NOTE: Unclear how this should be fixed for icu, if at all. Issue is mainly in PHP.
 CVE-2016-7414 (The ZIP signature-verification feature in PHP before 5.6.26 and 7.x ...)
+	{DSA-3689-1}
 	- php7.0 7.0.11-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72928
 	NOTE: Fixed in 7.0.11, 5.6.26
 	NOTE: https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1
 CVE-2016-7413 (Use-after-free vulnerability in the wddx_stack_destroy function in ...)
+	{DSA-3689-1}
 	- php7.0 7.0.11-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72860
 	NOTE: Fixed in 7.0.11, 5.6.26
 	NOTE: https://github.com/php/php-src/commit/b88393f08a558eec14964a55d3c680fe67407712?w=1
 CVE-2016-7412 (ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before ...)
+	{DSA-3689-1}
 	- php7.0 7.0.11-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72293
 	NOTE: Fixed in 7.0.11, 5.6.26
 	NOTE: https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1
 CVE-2016-7411 (ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles ...)
+	{DSA-3689-1}
 	- php7.0 <not-affected> (Only affects 5.x)
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73052
@@ -3934,6 +3941,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911?w=1
 CVE-2016-7132 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows ...)
+	{DSA-3689-1}
 	- php7.0 7.0.10-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72799
@@ -3943,6 +3951,7 @@
 	NOTE: 72790 and 72799 are associated with the same commit. Not all of the
 	NOTE: commit is about the pop issue in 72799.
 CVE-2016-7131 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows ...)
+	{DSA-3689-1}
 	- php7.0 7.0.10-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72790
@@ -3953,6 +3962,7 @@
 	NOTE: 72790 and 72799 are associated with the same commit. Not all of the
 	NOTE: commit is about the pop issue in 72799.
 CVE-2016-7130 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before ...)
+	{DSA-3689-1}
 	- php7.0 7.0.10-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72750
@@ -3960,6 +3970,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/698a691724c0a949295991e5df091ce16f899e02?w=1
 CVE-2016-7129 (The php_wddx_process_data function in ext/wddx/wddx.c in PHP before ...)
+	{DSA-3689-1}
 	- php7.0 7.0.10-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72749
@@ -3967,6 +3978,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1
 CVE-2016-7128 (The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before ...)
+	{DSA-3689-1}
 	- php7.0 7.0.10-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72627
@@ -3974,6 +3986,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/6dbb1ee46b5f4725cc6519abf91e512a2a10dfed?w=1
 CVE-2016-7127 (The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and ...)
+	{DSA-3689-1}
 	- libgd2 <not-affected> (gamma correction is only implemented in PHP)
 	- php7.0 7.0.10-1 (unimportant)
 	- php5 5.6.26+dfsg-1 (unimportant)
@@ -3982,6 +3995,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/1bd103df00f49cf4d4ade2cfe3f456ac058a4eae?w=1
 CVE-2016-7126 (The imagetruecolortopalette function in ext/gd/gd.c in PHP before ...)
+	{DSA-3689-1}
 	- libgd2 <not-affected> (libgd upstream not affected, overflow2 function check prevents the issue)
 	- php7.0 7.0.10-1 (unimportant)
 	- php5 5.6.26+dfsg-1 (unimportant)
@@ -3990,6 +4004,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/b6f13a5ef9d6280cf984826a5de012a32c396cd4?w=1
 CVE-2016-7125 (ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips ...)
+	{DSA-3689-1}
 	- php7.0 7.0.10-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72681
@@ -3999,6 +4014,7 @@
 	NOTE: Scope of CVE also includes the "The similar issue also exist in session php_binary
 	NOTE: handler" part of 72681.
 CVE-2016-7124 (ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before ...)
+	{DSA-3689-1}
 	- php7.0 7.0.10-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72663




More information about the Secure-testing-commits mailing list