[Secure-testing-commits] r53221 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Jul 6 12:19:24 UTC 2017 

Author: carnil
Date: 2017-07-06 12:19:24 +0000 (Thu, 06 Jul 2017)
New Revision: 53221

Modified:
   data/CVE/list
Log:
Add new php issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-06 11:40:41 UTC (rev 53220)
+++ data/CVE/list	2017-07-06 12:19:24 UTC (rev 53221)
@@ -1,3 +1,33 @@
+CVE-2017-XXXX [wddx_deserialize() heap out-of-bound read via php_parse_date()]
+	- php7.1 <unfixed>
+	- php7.0 <unfixed>
+	- php5 <removed>
+	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74819
+	NOTE: Fixed in 7.0.21
+	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7 (5.6.x)
+	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=6b18d956de38ecd8913c3d82ce96eb0368a1f9e5 (7.0.x)
+CVE-2017-XXXX [negative-size-param (-1) in memcpy in zif_openssl_seal()]
+	- php7.1 <unfixed>
+	- php7.0 <unfixed>
+	- php5 <removed>
+	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74651
+	NOTE: Fixed in 7.0.21
+	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=89637c6b41b510c20d262c17483f582f115c66d6
+CVE-2017-XXXX [wddx parsing empty boolean tag leads to SIGSEGV]
+	- php7.1 <unfixed>
+	- php7.0 <unfixed>
+	- php5 <removed>
+	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74145
+	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7
+	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=f269cdcd4f76accbecd03884f327cffb9a7f1ca9
+	TODO: check, claimed to be fixed in 7.0.21 but not listed, needs double-check
+CVE-2017-XXXX [Performance problem with processing post request over 2000000 chars]
+	- php7.1 7.1.3+-1
+	- php7.0 7.0.17-1
+	- php5 <removed>
+	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73807
+	NOTE: Fixed in 7.1.3, 7.0.17
+	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0f8cf3b8497dc45c010c44ed9e96518e11e19fc3
 CVE-2017-10972
 	- xorg-server <unfixed>
 	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced

More information about the Secure-testing-commits mailing list