[Secure-testing-commits] r53222 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Jul 6 12:24:42 UTC 2017


Author: carnil
Date: 2017-07-06 12:24:42 +0000 (Thu, 06 Jul 2017)
New Revision: 53222

Modified:
   data/CVE/list
Log:
Add one older php issue without CVE, but requested  and addressed in 5.6.28

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-06 12:19:24 UTC (rev 53221)
+++ data/CVE/list	2017-07-06 12:24:42 UTC (rev 53222)
@@ -1,3 +1,11 @@
+CVE-2017-XXXX [parse_url return wrong hostname]
+	- php7.1 <not-affected> (Fixed with initial upload to unstable)
+	- php7.0 7.0.13-1
+	- php5 <removed>
+	[jessie] - php5 5.6.28+dfsg-0+deb8u1
+	NOTE: PHP bug: https://bugs.php.net/bug.php?id=73192
+	NOTE: Fixed in 7.1.0, 7.0.13, 5.6.28
+	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4
 CVE-2017-XXXX [wddx_deserialize() heap out-of-bound read via php_parse_date()]
 	- php7.1 <unfixed>
 	- php7.0 <unfixed>




More information about the Secure-testing-commits mailing list