[Secure-testing-commits] r44708 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Sep 18 12:01:18 UTC 2016 

Author: carnil
Date: 2016-09-18 12:01:18 +0000 (Sun, 18 Sep 2016)
New Revision: 44708

Modified:
   data/CVE/list
Log:
Three CVEs fixed for php7.0 with 7.0.11-1 upload to unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-09-18 11:59:19 UTC (rev 44707)
+++ data/CVE/list	2016-09-18 12:01:18 UTC (rev 44708)
@@ -2237,7 +2237,7 @@
 	RESERVED
 CVE-2016-7418 [Out-Of-Bounds Read in php_wddx_push_element]
 	RESERVED
-	- php7.0 <unfixed>
+	- php7.0 7.0.11-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73065
 	NOTE: Fixed in 7.0.11, 5.6.26
@@ -2246,14 +2246,14 @@
 	NOTE: in the "[2016-09-12 06:44 UTC]" comment.
 CVE-2016-7417 [Missing type check when unserializing SplArray]
 	RESERVED
-	- php7.0 <unfixed>
+	- php7.0 7.0.11-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73029
 	NOTE: Fixed in 7.0.11, 5.6.26
 	NOTE: https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1
 CVE-2016-7416 [add locale length check]
 	RESERVED
-	- php7.0 <unfixed>
+	- php7.0 7.0.11-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73007
 	NOTE: Fixed in 7.0.11, 5.6.26
@@ -2267,21 +2267,21 @@
 	NOTE: Unclear how this should be fixed for icu, if at all. Issue is mainly in PHP.
 CVE-2016-7414 [Out of bound when verify signature of zip phar in phar_parse_zipfile]
 	RESERVED
-	- php7.0 <unfixed>
+	- php7.0 7.0.11-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72928
 	NOTE: Fixed in 7.0.11, 5.6.26
 	NOTE: https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1
 CVE-2016-7413 [wddx_deserialize use-after-free]
 	RESERVED
-	- php7.0 <unfixed>
+	- php7.0 7.0.11-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72860
 	NOTE: Fixed in 7.0.11, 5.6.26
 	NOTE: https://github.com/php/php-src/commit/b88393f08a558eec14964a55d3c680fe67407712?w=1
 CVE-2016-7412 [Heap overflow in mysqlnd related to BIT fields]
 	RESERVED
-	- php7.0 <unfixed>
+	- php7.0 7.0.11-1
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72293
 	NOTE: Fixed in 7.0.11, 5.6.26

More information about the Secure-testing-commits mailing list