[Secure-testing-commits] r53221 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jul 6 12:19:24 UTC 2017
Author: carnil
Date: 2017-07-06 12:19:24 +0000 (Thu, 06 Jul 2017)
New Revision: 53221
Modified:
data/CVE/list
Log:
Add new php issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-06 11:40:41 UTC (rev 53220)
+++ data/CVE/list 2017-07-06 12:19:24 UTC (rev 53221)
@@ -1,3 +1,33 @@
+CVE-2017-XXXX [wddx_deserialize() heap out-of-bound read via php_parse_date()]
+ - php7.1 <unfixed>
+ - php7.0 <unfixed>
+ - php5 <removed>
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74819
+ NOTE: Fixed in 7.0.21
+ NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7 (5.6.x)
+ NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=6b18d956de38ecd8913c3d82ce96eb0368a1f9e5 (7.0.x)
+CVE-2017-XXXX [negative-size-param (-1) in memcpy in zif_openssl_seal()]
+ - php7.1 <unfixed>
+ - php7.0 <unfixed>
+ - php5 <removed>
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74651
+ NOTE: Fixed in 7.0.21
+ NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=89637c6b41b510c20d262c17483f582f115c66d6
+CVE-2017-XXXX [wddx parsing empty boolean tag leads to SIGSEGV]
+ - php7.1 <unfixed>
+ - php7.0 <unfixed>
+ - php5 <removed>
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74145
+ NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7
+ NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=f269cdcd4f76accbecd03884f327cffb9a7f1ca9
+ TODO: check, claimed to be fixed in 7.0.21 but not listed, needs double-check
+CVE-2017-XXXX [Performance problem with processing post request over 2000000 chars]
+ - php7.1 7.1.3+-1
+ - php7.0 7.0.17-1
+ - php5 <removed>
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73807
+ NOTE: Fixed in 7.1.3, 7.0.17
+ NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0f8cf3b8497dc45c010c44ed9e96518e11e19fc3
CVE-2017-10972
- xorg-server <unfixed>
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced
More information about the Secure-testing-commits
mailing list