[Secure-testing-commits] r49705 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Mar 15 16:12:37 UTC 2017
Author: carnil
Date: 2017-03-15 16:12:37 +0000 (Wed, 15 Mar 2017)
New Revision: 49705
Modified:
data/CVE/list
Log:
Update notes for PHP issue CVE-2016-7479
This makes it most likely actually PHP 7.x only, but needs to be
reconfirmed. It is confirmed that Ubuntu applied the commit on basis of
applicability of the commit.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-15 14:44:02 UTC (rev 49704)
+++ data/CVE/list 2017-03-15 16:12:37 UTC (rev 49705)
@@ -24179,11 +24179,14 @@
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72610
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73092
NOTE: Fixed in 7.0.15
- NOTE: PHP 7.x: http://git.php.net/?p=php-src.git;a=commit;h=0426b916df396a23e5c34514e4f2f0627efdcdf0
+ NOTE: PHP 5.x/7.x: http://git.php.net/?p=php-src.git;a=commit;h=0426b916df396a23e5c34514e4f2f0627efdcdf0
NOTE: PHP 7.x: http://git.php.net/?p=php-src.git;a=commit;h=b47c49d7a00bc34d7e0f3d72732f66e904da6fa7
- NOTE: according to Ubuntu, php5 is affected as well
+ NOTE: The change is in 5.6+, even though the property table issue only affects
+ NOTE: PHP 7, because this also prevents a wide range of other __wakeup() based
+ NOTE: attacks.
CVE-2016-7478 (Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x ...)
{DSA-3732-1}
- php7.1 <not-affected> (Fixed before initial upload to Debian)
More information about the Secure-testing-commits
mailing list