[Secure-testing-commits] r48606 - data/CVE
Roberto C. Sanchez
roberto at moszumanska.debian.org
Tue Jan 31 12:46:11 UTC 2017
Author: roberto
Date: 2017-01-31 12:46:11 +0000 (Tue, 31 Jan 2017)
New Revision: 48606
Modified:
data/CVE/list
Log:
Annotate DLA 628-1 as addressing CVE-2016-7125
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-31 11:42:16 UTC (rev 48605)
+++ data/CVE/list 2017-01-31 12:46:11 UTC (rev 48606)
@@ -21595,7 +21595,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
NOTE: https://github.com/php/php-src/commit/b6f13a5ef9d6280cf984826a5de012a32c396cd4?w=1
CVE-2016-7125 (ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips ...)
- {DSA-3689-1}
+ {DSA-3689-1 DLA-628-1}
- php7.0 7.0.10-1
- php5 5.6.26+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72681
@@ -21604,6 +21604,7 @@
NOTE: https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1
NOTE: Scope of CVE also includes the "The similar issue also exist in session php_binary
NOTE: handler" part of 72681.
+ NOTE: This was addressed in DLA-628-1 while the CVE ID was still temporary.
CVE-2016-7124 (ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before ...)
{DSA-3689-1 DLA-749-1}
- php7.0 7.0.10-1
More information about the Secure-testing-commits
mailing list