[Secure-testing-commits] r44349 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Sep 5 20:04:59 UTC 2016
Author: carnil
Date: 2016-09-05 20:04:59 +0000 (Mon, 05 Sep 2016)
New Revision: 44349
Modified:
data/CVE/list
Log:
Mark CVE-2016-7126 as not-affected
Note for reviewers: Please double check, I checked the code for
2.0.36~rc1~dfsg-6.1+deb7u2, 2.1.0-5+deb8u6, 2.2.3-3 but double-checking
that the claim is correct is more than welcome.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-05 19:56:34 UTC (rev 44348)
+++ data/CVE/list 2016-09-05 20:04:59 UTC (rev 44349)
@@ -71,7 +71,7 @@
NOTE: https://github.com/php/php-src/commit/1bd103df00f49cf4d4ade2cfe3f456ac058a4eae?w=1
TODO: check
CVE-2016-7126 [select_colors write out-of-bounds]
- - libgd2 <unfixed>
+ - libgd2 <not-affected> (libgd upstream not affected, overflow2 function check prevents the issue)
- php7.0 7.0.10-1 (unimportant)
- php5 <unfixed> (unimportant)
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72697
More information about the Secure-testing-commits
mailing list