[Secure-testing-commits] r53776 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jul 22 07:05:11 UTC 2017
Author: carnil
Date: 2017-07-22 07:05:11 +0000 (Sat, 22 Jul 2017)
New Revision: 53776
Modified:
data/CVE/list
Log:
Add new libgd2 issue, CVE-2017-7890
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-22 06:57:01 UTC (rev 53775)
+++ data/CVE/list 2017-07-22 07:05:11 UTC (rev 53776)
@@ -9989,8 +9989,14 @@
NOTE: So far only Apple's compiler has been shown to apply the problematic optimization, fixed in 0.5.3.1 upstream
CVE-2017-7891 (sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the ...)
NOT-FOR-US: SourceBans++
-CVE-2017-7890
+CVE-2017-7890 [Buffer over-read into uninitialized memory]
RESERVED
+ - php7.1 <unfixed> (unimportant)
+ - php7.0 <unfixed> (unimportant)
+ - php5 <removed> (unimportant)
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74435
+ NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31
+ - libgd2 <unfixed>
CVE-2017-7888 (Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which ...)
- dolibarr 5.0.4+dfsg3-1 (bug #863544)
[stretch] - dolibarr <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list