[Secure-testing-commits] r57812 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Nov 19 08:11:51 UTC 2017
Author: carnil
Date: 2017-11-19 08:11:51 +0000 (Sun, 19 Nov 2017)
New Revision: 57812
Modified:
data/CVE/list
Log:
php5 is removed, correct status
Since 5.4.4.-1 php5 used system libzip although the ext file might be
compiled. Mark issue as unimportant.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-19 04:42:54 UTC (rev 57811)
+++ data/CVE/list 2017-11-19 08:11:51 UTC (rev 57812)
@@ -8125,11 +8125,11 @@
[stretch] - libzip <no-dsa> (Minor issue)
[jessie] - libzip <no-dsa> (Minor issue)
[wheezy] - libzip <no-dsa> (Minor issue)
- - php5 <unfixed>
- [wheezy] - php5 <no-dsa> (Minor issue)
+ - php5 <removed> (unimportant)
NOTE: https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/
NOTE: https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5
- NOTE: https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567
+ NOTE: PHP commit: https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567
+ NOTE: Marked as unimportant, php5 uses system libzip since 5.4.5-1
CVE-2017-14105 (HiveManager Classic through 8.1r1 allows arbitrary JSP code execution ...)
NOT-FOR-US: HiveManager
CVE-2017-14104
More information about the Secure-testing-commits
mailing list