[Secure-testing-commits] r44676 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Sat Sep 17 12:07:41 UTC 2016
Author: apo
Date: 2016-09-17 12:07:41 +0000 (Sat, 17 Sep 2016)
New Revision: 44676
Modified:
data/CVE/list
Log:
bash: CVE-2016-0634: Mark as no-dsa because /etc/hosts and /etc/hostname are
controlled by root.
icu: CVE-2016-7415: Disputed if this is a bug in icu. Mainly an issue in PHP.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-17 11:15:13 UTC (rev 44675)
+++ data/CVE/list 2016-09-17 12:07:41 UTC (rev 44676)
@@ -2264,6 +2264,7 @@
NOTE: Related code in http://source.icu-project.org/repos/icu/icu/trunk/source/common/locid.cpp file
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73007
NOTE: PHP fix: https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1
+ NOTE: Unclear how this should be fixed for icu, if at all. Issue is mainly in PHP.
CVE-2016-7414 [Out of bound when verify signature of zip phar in phar_parse_zipfile]
RESERVED
- php7.0 <unfixed>
@@ -24852,6 +24853,7 @@
RESERVED
- bash <unfixed>
[jessie] - bash <no-dsa> (Minor issue)
+ [wheezy] - bash <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/8
NOTE: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025
NOTE: Fixed bin Bash upstream bash-4.4
More information about the Secure-testing-commits
mailing list