[Git][security-tracker-team/security-tracker][master] new HHVM issue

Sun May 6 12:16:44 BST 2018

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a7a46e9 by Moritz Muehlenhoff at 2018-05-06T13:16:17+02:00
new HHVM issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11747,6 +11747,9 @@ CVE-2018-6336
 	RESERVED
 CVE-2018-6335
 	RESERVED
+	- hhvm <unfixed>
+	NOTE: https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56
+	NOTE: https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html
 CVE-2018-6334 [ability to override global variables and members of $GLOBALS via file uploads]
 	RESERVED
 	- hhvm <unfixed> (bug #895194)
@@ -13721,8 +13724,10 @@ CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PH
 	- php7.1 7.1.13-1 (unimportant)
 	- php7.0 7.0.27-1 (unimportant)
 	- php5 <removed> (unimportant)
+	- hhvm <unfixed>
 	NOTE: Fixed in 5.6.33, 7.0.27, 7.1.13, 7.2.1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75571
+	NOTE: https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html (has a typo, pinged them for correction)
 	- libgd2 <unfixed> (bug #887485)
 	[stretch] - libgd2 <postponed> (Minor issue, can be fixed along in a future update)
 	[jessie] - libgd2 <postponed> (Minor issue, can be fixed along in a future update)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a7a46e989b95773fb95b8e3dab17a16d1e9fff6

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a7a46e989b95773fb95b8e3dab17a16d1e9fff6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180506/72acfff2/attachment.html>
