[Git][security-tracker-team/security-tracker][master] Add CVE-2017-7189/php

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
15a9801d by Salvatore Bonaccorso at 2019-07-10T20:59:42Z
Add CVE-2017-7189/php

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -121225,7 +121225,12 @@ CVE-2017-7192 (WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning
 CVE-2017-7190
 	RESERVED
 CVE-2017-7189 (main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsocko ...)
-	TODO: check
+	- php7.3 <unfixed>
+	- php7.0 <removed>
+	- php5 <removed>
+	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74192
+	NOTE: https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a
+	NOTE: The commit was later on reverted again because of breaking some features.
 CVE-2017-7188 (Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a b ...)
 	NOT-FOR-US: Zurmo
 CVE-2017-7187 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/15a9801d98a087053969d9738b53c7a58bd556f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/15a9801d98a087053969d9738b53c7a58bd556f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190710/29f42a89/attachment.html>