[Secure-testing-commits] r44271 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Sep 2 10:37:43 UTC 2016
Author: carnil
Date: 2016-09-02 10:37:42 +0000 (Fri, 02 Sep 2016)
New Revision: 44271
Modified:
data/CVE/list
Log:
Add some requested CVEs for php5/php7.0
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-02 09:10:16 UTC (rev 44270)
+++ data/CVE/list 2016-09-02 10:37:42 UTC (rev 44271)
@@ -1,3 +1,29 @@
+CVE-2016-XXXX [imagegammacorrect allows arbitrary write access]
+ - libgd2 <unfixed>
+ - php7.0 7.0.10-1 (unimportant)
+ - php5 <unfixed> (unimportant)
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72730
+ NOTE: Fixed in 7.0.10, 5.6.25
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
+CVE-2016-XXXX [select_colors write out-of-bounds]
+ - libgd2 <unfixed>
+ - php7.0 7.0.10-1 (unimportant)
+ - php5 <unfixed> (unimportant)
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72697
+ NOTE: NOTE: Fixed in 7.0.10, 5.6.25
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
+CVE-2016-XXXX [PHP Session Data Injection Vulnerability]
+ - php7.0 7.0.10-1
+ - php5 <unfixed>
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72681
+ NOTE: Fixed in 7.0.10, 5.6.25
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
+CVE-2016-XXXX [Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization]
+ - php7.0 7.0.10-1
+ - php5 <unfixed>
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72663
+ NOTE: Fixed in 7.0.10, 5.6.25
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
CVE-2016-7119 (Cross-site scripting (XSS) vulnerability in the user-profile biography ...)
TODO: check
CVE-2016-7117
More information about the Secure-testing-commits
mailing list