[Secure-testing-commits] r49411 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Mar 4 16:38:25 UTC 2017
Author: carnil
Date: 2017-03-04 16:38:24 +0000 (Sat, 04 Mar 2017)
New Revision: 49411
Modified:
data/CVE/list
Log:
Add reference for CVE-2017-5630
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-04 13:44:10 UTC (rev 49410)
+++ data/CVE/list 2017-03-04 16:38:24 UTC (rev 49411)
@@ -2405,6 +2405,7 @@
CVE-2017-5630 (PECL in the download utility class in the Installer in PEAR Base System ...)
- php5 <unfixed> (unimportant)
- php-pear <unfixed> (unimportant)
+ NOTE: https://pear.php.net/bugs/bug.php?id=21171
NOTE: pear performs no kind of authentication/integrity checks for downloads, so an attacker can MITM freely anyway
CVE-2017-5629
RESERVED
More information about the Secure-testing-commits
mailing list