[Git][security-tracker-team/security-tracker][master] 2 commits: Mark php7.1 removed from unstable

Salvatore Bonaccorso carnil at debian.org
Mon Oct 8 20:06:47 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3ed9376 by Salvatore Bonaccorso at 2018-10-08T19:06:28Z
Mark php7.1 removed from unstable

- - - - -
0aa2ccbf by Salvatore Bonaccorso at 2018-10-08T19:06:29Z
Mark php7.0 removed from unstable in the archive

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2180,7 +2180,7 @@ CVE-2018-17082 (The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32,
 	{DLA-1509-1}
 	- php7.3 7.3.0~rc2-1
 	- php7.2 <unfixed>
-	- php7.1 <unfixed>
+	- php7.1 <removed>
 	- php7.0 7.0.32-1
 	- php5 <removed>
 	NOTE: Fixed in 5.6.38, 7.0.32, 7.1.22, 7.2.10, 7.3.0RC1
@@ -27927,7 +27927,7 @@ CVE-2015-9253 (An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x be
 	- php7.3 <not-affected> (Fixed with initial upload to unstable)
 	- php7.2 7.2.8-1 (unimportant)
 	- php7.1 7.1.20-1 (unimportant)
-	- php7.0 <unfixed> (unimportant)
+	- php7.0 <removed> (unimportant)
 	- php5 <removed> (unimportant)
 	NOTE: https://bugs.php.net/bug.php?id=73342
 	NOTE: https://bugs.php.net/bug.php?id=70185
@@ -73526,20 +73526,20 @@ CVE-2017-9121
 	RESERVED
 CVE-2017-9120 (PHP 7.x through 7.1.5 allows remote attackers to cause a denial of ...)
 	- php7.2 <unfixed>
-	- php7.1 <unfixed>
-	- php7.0 <unfixed>
+	- php7.1 <removed>
+	- php7.0 <removed>
 	- php5 <not-affected> (Not reproducible, vulnerable code not present.)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74544
 CVE-2017-9119 (The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 ...)
-	- php7.1 <unfixed> (unimportant)
-	- php7.0 <unfixed> (unimportant)
+	- php7.1 <removed> (unimportant)
+	- php7.0 <removed> (unimportant)
 	- php5 <unfixed> (unimportant)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74593
 	NOTE: Only triggerable by malicious script
 CVE-2017-9118 (PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a ...)
 	- php7.2 <unfixed>
-	- php7.1 <unfixed>
-	- php7.0 <unfixed>
+	- php7.1 <removed>
+	- php7.0 <removed>
 	- php5 <removed>
 	[jessie] - php5 <postponed> (not reproducible, most likely not affected)
 	NOTE: Check for Jessie again as soon as more information are available.
@@ -74132,8 +74132,8 @@ CVE-2017-8924 (The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c
 	- linux 4.9.16-1 (low)
 	NOTE: Fixed by: https://git.kernel.org/linus/654b404f2a222f918af9b0cd18ad469d0c941a8e
 CVE-2017-8923 (The zend_string_extend function in Zend/zend_string.h in PHP through ...)
-	- php7.1 <unfixed> (bug #881539)
-	- php7.0 <unfixed> (bug #881538)
+	- php7.1 <removed> (bug #881539)
+	- php7.0 <removed> (bug #881538)
 	[stretch] - php7.0 <ignored> (Minor issue)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74577
 	NOTE: (Duplicate of) PHP Bug: https://bugs.php.net/bug.php?id=73122
@@ -79556,8 +79556,8 @@ CVE-2017-7273 (The cp_report_fixup function in drivers/hid/hid-cypress.c in the
 	NOTE: Fixed by: https://git.kernel.org/linus/1ebb71143758f45dc0fa76e2f48429e13b16d110
 CVE-2017-7272 (PHP through 7.1.11 enables potential SSRF in applications that accept ...)
 	{DLA-875-1}
-	- php7.1 <unfixed>
-	- php7.0 <unfixed>
+	- php7.1 <removed>
+	- php7.0 <removed>
 	[stretch] - php7.0 <ignored> (Upstream patch breaks existing applications, revisit if a new approach has been identified)
 	- php5 <removed>
 	[jessie] - php5 <ignored> (Never applied to PHP 5 by upstream, breaks existing applications)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/bba0d76e47d1036da9db63741c0ac13aee6d2d53...0aa2ccbf9f58b94a8d84b4b575c4c744b9db06b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/bba0d76e47d1036da9db63741c0ac13aee6d2d53...0aa2ccbf9f58b94a8d84b4b575c4c744b9db06b3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181008/5fa18f87/attachment.html>

More information about the debian-security-tracker-commits mailing list