[Secure-testing-commits] r53362 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Jul 10 14:45:18 UTC 2017 

Author: jmm
Date: 2017-07-10 14:45:18 +0000 (Mon, 10 Jul 2017)
New Revision: 53362

Modified:
   data/CVE/list
Log:
new PHP CVE assignments
PHP non-issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-10 14:05:43 UTC (rev 53361)
+++ data/CVE/list	2017-07-10 14:45:18 UTC (rev 53362)
@@ -402,7 +402,7 @@
 	[wheezy] - cacti <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Cacti/cacti/issues/838
 	NOTE: https://github.com/Cacti/cacti/commit/3381cba6a9e36b01ed0ab0acfd41b00487966cb5
-CVE-2017-XXXX [Seg fault when loading hostile phar]
+CVE-2017-11147 [Seg fault when loading hostile phar]
 	- php7.1 7.1.1-1
 	- php7.0 7.0.15-1
 	- php5 <removed>
@@ -410,7 +410,8 @@
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73773
 	NOTE: Fixed in 7.1.1, 7.0.15, 5.6.30
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=e5246580a85f031e1a3b8064edbaa55c1643a451
-CVE-2017-XXXX [parse_url return wrong hostname]
+	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
+CVE-2016-10397 [parse_url return wrong hostname]
 	- php7.1 <not-affected> (Fixed with initial upload to unstable)
 	- php7.0 7.0.13-1
 	- php5 <removed>
@@ -418,6 +419,7 @@
 	NOTE: PHP bug: https://bugs.php.net/bug.php?id=73192
 	NOTE: Fixed in 7.1.0, 7.0.13, 5.6.28
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4
+	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
 CVE-2017-XXXX [wddx_deserialize() heap out-of-bound read via php_parse_date()]
 	- php7.1 <unfixed>
 	- php7.0 <unfixed>
@@ -5202,10 +5204,11 @@
 CVE-2017-9120
 	RESERVED
 CVE-2017-9119 (The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 ...)
-	- php7.1 <unfixed>
-	- php7.0 <undetermined>
-	- php5 <undetermined>
+	- php7.1 <unfixed> (unimportant)
+	- php7.0 <unfixed> (unimportant)
+	- php5 <unfixed> (unimportant)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74593
+	NOTE: Only triggerable by malicious script
 CVE-2017-9118
 	RESERVED
 CVE-2017-9117 (In LibTIFF 4.0.7, the program processes BMP images without verifying ...)

More information about the Secure-testing-commits mailing list