[Secure-testing-commits] r44597 - in data: . CVE DLA
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Sep 15 05:18:13 UTC 2016
Author: carnil
Date: 2016-09-15 05:18:13 +0000 (Thu, 15 Sep 2016)
New Revision: 44597
Modified:
data/CVE/list
data/DLA/list
data/next-point-update.txt
Log:
CVE-2016-7405 assigned for libphp-adodb issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-15 04:41:01 UTC (rev 44596)
+++ data/CVE/list 2016-09-15 05:18:13 UTC (rev 44597)
@@ -2227,8 +2227,6 @@
RESERVED
CVE-2016-7406
RESERVED
-CVE-2016-7405
- RESERVED
CVE-2016-7404
RESERVED
CVE-2016-7403
@@ -2820,16 +2818,14 @@
RESERVED
CVE-2016-XXXX [SGI security bug]
- imagemagick <unfixed> (bug #836776)
-CVE-2016-XXXX [incorrect quoting may allow SQL injection]
+CVE-2016-7405 [incorrect quoting may allow SQL injection]
- libphp-adodb 5.20.6-1 (bug #837211)
[jessie] - libphp-adodb <no-dsa> (Minor issue, can be fixed via point release)
- [wheezy] - libphp-adodb 5.15-1+deb7u1
- NOTE: Added workaround entry for DLA-620-1 until CVE is assigned
NOTE: https://github.com/ADOdb/ADOdb/issues/226
NOTE: https://github.com/ADOdb/ADOdb/commit/bd9eca9
NOTE: Issue only with the PDO driver and only if queries built by inlining
NOTE: the quoted string (not recommended).
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/07/8
+ NOTE: http://www.openwall.com/lists/oss-security/2016/09/07/8
CVE-2016-7154 [use after free in FIFO event channel code]
RESERVED
{DSA-3663-1}
Modified: data/DLA/list
===================================================================
--- data/DLA/list 2016-09-15 04:41:01 UTC (rev 44596)
+++ data/DLA/list 2016-09-15 05:18:13 UTC (rev 44597)
@@ -1,5 +1,5 @@
[13 Sep 2016] DLA-620-1 libphp-adodb - security update
- {CVE-2016-4855}
+ {CVE-2016-4855 CVE-2016-7405}
[wheezy] - libphp-adodb 5.15-1+deb7u1
[11 Sep 2016] DLA-619-1 qemu-kvm - security update
{CVE-2016-7116}
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2016-09-15 04:41:01 UTC (rev 44596)
+++ data/next-point-update.txt 2016-09-15 05:18:13 UTC (rev 44597)
@@ -107,6 +107,5 @@
[jessie] - elog 2.9.2+2014.05.11git44800a7-3
CVE-2016-4855
[jessie] - libphp-adodb 5.15-1+deb8u1
-CVE-2016-XXXX [incorrect quoting may allow SQL injection]
+CVE-2016-7405 [incorrect quoting may allow SQL injection]
[jessie] - libphp-adodb 5.15-1+deb8u1
- NOTE: for #837211 which has not yet a CVE
More information about the Secure-testing-commits
mailing list