[Secure-testing-commits] r57807 - data/CVE
Roberto C. Sanchez
roberto at moszumanska.debian.org
Sun Nov 19 03:56:43 UTC 2017
Author: roberto
Date: 2017-11-19 03:56:43 +0000 (Sun, 19 Nov 2017)
New Revision: 57807
Modified:
data/CVE/list
Log:
Note that CVE-2017-14107 also affects php5 and mark no-DSA in wheezy, not sure about jessie
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-19 03:55:53 UTC (rev 57806)
+++ data/CVE/list 2017-11-19 03:56:43 UTC (rev 57807)
@@ -8124,8 +8124,11 @@
[stretch] - libzip <no-dsa> (Minor issue)
[jessie] - libzip <no-dsa> (Minor issue)
[wheezy] - libzip <no-dsa> (Minor issue)
+ - php5 <unfixed>
+ [wheezy] - php5 <no-dsa> (Minor issue)
NOTE: https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/
NOTE: https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5
+ NOTE: https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567
CVE-2017-14105 (HiveManager Classic through 8.1r1 allows arbitrary JSP code execution ...)
NOT-FOR-US: HiveManager
CVE-2017-14104
More information about the Secure-testing-commits
mailing list