[Secure-testing-commits] r57812 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Nov 19 08:11:51 UTC 2017


Author: carnil
Date: 2017-11-19 08:11:51 +0000 (Sun, 19 Nov 2017)
New Revision: 57812

Modified:
   data/CVE/list
Log:
php5 is removed, correct status

Since 5.4.4.-1 php5 used system libzip although the ext file might be
compiled. Mark issue as unimportant.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-19 04:42:54 UTC (rev 57811)
+++ data/CVE/list	2017-11-19 08:11:51 UTC (rev 57812)
@@ -8125,11 +8125,11 @@
 	[stretch] - libzip <no-dsa> (Minor issue)
 	[jessie] - libzip <no-dsa> (Minor issue)
 	[wheezy] - libzip <no-dsa> (Minor issue)
-	- php5 <unfixed>
-	[wheezy] - php5 <no-dsa> (Minor issue)
+	- php5 <removed> (unimportant)
 	NOTE: https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/
 	NOTE: https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5
-	NOTE: https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567
+	NOTE: PHP commit: https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567
+	NOTE: Marked as unimportant, php5 uses system libzip since 5.4.5-1
 CVE-2017-14105 (HiveManager Classic through 8.1r1 allows arbitrary JSP code execution ...)
 	NOT-FOR-US: HiveManager
 CVE-2017-14104




More information about the Secure-testing-commits mailing list