[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] mark one php7.0 issue as ignored

Moritz Muehlenhoff jmm at debian.org
Wed Feb 28 21:36:30 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c4a7414c by Moritz Muehlenhoff at 2018-02-28T22:36:06+01:00
mark one php7.0 issue as ignored

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -50428,14 +50428,14 @@ CVE-2017-7273 (The cp_report_fixup function in drivers/hid/hid-cypress.c in the 
 	NOTE: Fixed by: https://git.kernel.org/linus/1ebb71143758f45dc0fa76e2f48429e13b16d110
 CVE-2017-7272 (PHP through 7.1.11 enables potential SSRF in applications that accept ...)
 	{DLA-875-1}
-	- php7.1 7.1.4-1
-	- php7.0 7.0.18-1
+	- php7.1 <unfixed>
+	- php7.0 <unfixed>
+	[stretch] - php7.0 <ignored> (Upstream patch breaks existing applications, revisit if a new approach has been identified)
 	- php5 <removed>
 	[jessie] - php5 <ignored> (Never applied to PHP 5 by upstream, breaks existing applications)
 	NOTE: https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a
 	NOTE: https://bugs.php.net/bug.php?id=74216
-	NOTE: Fixed in 7.1.4 and 7.0.18
-	TODO: Re-check php7.1, might not have been fixed up to 7.1.11 (completely)
+	NOTE: Fixed in 7.1.4 and 7.0.18, but were later reverted: https://bugzilla.redhat.com/show_bug.cgi?id=1437837#c3
 CVE-2017-7269 (Buffer overflow in the ScStoragePathFromUrl function in the WebDAV ...)
 	NOT-FOR-US: Windows
 CVE-2017-7268



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4a7414c8491484e02b96376626bd738b2b94352

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4a7414c8491484e02b96376626bd738b2b94352
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180228/721474c0/attachment.html>

More information about the Secure-testing-commits mailing list