[Git][security-tracker-team/security-tracker][master] Mark CVE-2017-7189 no-dsa for buster and stretch

Sat Jul 13 23:08:28 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
398e9b46 by Salvatore Bonaccorso at 2019-07-13T22:08:16Z
Mark CVE-2017-7189 no-dsa for buster and stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -121499,11 +121499,14 @@ CVE-2017-7190
 	RESERVED
 CVE-2017-7189 (main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsocko ...)
 	- php7.3 <unfixed>
+	[buster] - php7.3 <ignored> (Upstream patch breaks existing applications, was reverted again, revisit if a new approach has been identified)
 	- php7.0 <removed>
+	[stretch] - php7.0 <ignored> (Upstream patch breaks existing applications, was reverted again, revisit if a new approach has been identified)
 	- php5 <removed>
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74192
 	NOTE: https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a
 	NOTE: The commit was later on reverted again because of breaking some features.
+	NOTE: See as well the related CVE-2017-7272.
 CVE-2017-7188 (Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a b ...)
 	NOT-FOR-US: Zurmo
 CVE-2017-7187 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/398e9b461896c6ce4cc1a3bb88ed297284fb8a73

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/398e9b461896c6ce4cc1a3bb88ed297284fb8a73
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190713/68518684/attachment.html>
