[Secure-testing-commits] r48610 - in data: CVE DLA

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Jan 31 13:10:24 UTC 2017 

Author: carnil
Date: 2017-01-31 13:10:24 +0000 (Tue, 31 Jan 2017)
New Revision: 48610

Modified:
   data/CVE/list
   data/DLA/list
Log:
php5: Add CVE-2016-7125 to DLA-628-1 list since apparently fixed there

This quraantees the cross references are built correctly. Otherwise the
explicitly added DLA-628-1 will be removed on next autoupdate.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-01-31 13:10:09 UTC (rev 48609)
+++ data/CVE/list	2017-01-31 13:10:24 UTC (rev 48610)
@@ -21597,14 +21597,12 @@
 	{DSA-3689-1 DLA-628-1}
 	- php7.0 7.0.10-1
 	- php5 5.6.26+dfsg-1
-	[wheezy] - php5 5.4.45-0+deb7u5
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72681
 	NOTE: Fixed in 7.0.10, 5.6.25
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1
 	NOTE: Scope of CVE also includes the "The similar issue also exist in session php_binary
 	NOTE: handler" part of 72681.
-	NOTE: This was addressed in DLA-628-1 while the CVE ID was still temporary.
 CVE-2016-7124 (ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before ...)
 	{DSA-3689-1 DLA-749-1}
 	- php7.0 7.0.10-1

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2017-01-31 13:10:09 UTC (rev 48609)
+++ data/DLA/list	2017-01-31 13:10:24 UTC (rev 48610)
@@ -563,7 +563,7 @@
 	{CVE-2016-6801}
 	[wheezy] - jackrabbit 2.3.6-1+deb7u2
 [18 Sep 2016] DLA-628-1 php5 - security update
-	{CVE-2016-4473 CVE-2016-4538 CVE-2016-5114 CVE-2016-5399 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297}
+	{CVE-2016-4473 CVE-2016-4538 CVE-2016-5114 CVE-2016-5399 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-7125}
 	[wheezy] - php5 5.4.45-0+deb7u5
 [18 Sep 2016] DLA-627-1 pdns - security update
 	{CVE-2016-5426 CVE-2016-5427 CVE-2016-6172}

More information about the Secure-testing-commits mailing list