[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Some PHP triage done for PHP DSAs

Moritz Muehlenhoff jmm at debian.org
Wed Jan 10 22:01:04 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b338fe1a by Moritz Muehlenhoff at 2018-01-10T23:00:32+01:00
Some PHP triage done for PHP DSAs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -37992,6 +37992,7 @@ CVE-2017-8924 (The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c 
 CVE-2017-8923 (The zend_string_extend function in Zend/zend_string.h in PHP through ...)
 	- php7.1 <unfixed> (bug #881539)
 	- php7.0 <unfixed> (bug #881538)
+	[stretch] - php7.0 <ignored> (Minor issue)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74577
 	NOTE: (Duplicate of) PHP Bug: https://bugs.php.net/bug.php?id=73122
 CVE-2017-8922
@@ -43473,6 +43474,7 @@ CVE-2017-7272 (PHP through 7.1.3 enables potential SSRF in applications that acc
 	- php7.1 7.1.4-1
 	- php7.0 7.0.18-1
 	- php5 <removed>
+	[jessie] - php5 <ignored> (Never applied to PHP 5 by upstream, breaks existing applications)
 	NOTE: https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a
 	NOTE: https://bugs.php.net/bug.php?id=74216
 	NOTE: Fixed in 7.1.4 and 7.0.18
@@ -131041,12 +131043,10 @@ CVE-2014-5464 (Cross-site scripting (XSS) vulnerability in the nDPI traffic ...)
 	- ntopng 1.2.1+dfsg1-1 (bug #760990)
 	NOTE: http://seclists.org/fulldisclosure/2014/Aug/65
 CVE-2014-5459 (The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows ...)
-	- php5 <removed> (low; bug #682157; bug #759282)
-	[jessie] - php5 <no-dsa> (Minor issue)
-	[wheezy] - php5 <no-dsa> (Minor issue)
-	[squeeze] - php5 <no-dsa> (Minor issue)
+	- php5 <removed> (unimportant; bug #682157; bug #759282)
 	NOTE: Although #682157 and #759282 got closed the issues with unsafe use of
 	NOTE: /tmp are not yet resolved, cf. https://bugs.debian.org/682157#36
+	NOTE: Neutralised by kernel hardening
 CVE-2014-5450
 	RESERVED
 	- zarafa <itp> (bug #658433)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b338fe1ac75ada5d77b1645389d4bca41fb7c965

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b338fe1ac75ada5d77b1645389d4bca41fb7c965
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180110/c9622b16/attachment.html>

More information about the Secure-testing-commits mailing list